Inactive Search links redirect to unknown search engines

Status
Not open for further replies.
B

Bobbiejoh

I have been battling this problem for about a week or so. Every thing I have read about this issue seems to say that the first step is to check for virus. Norton didn't find anything, but Malwarebytes found 21 issues that needed removal. I thought that had fixed the problem, but within a day it was back. So now I am going in a circle. I run Malwarebytes, things work fine for a while, then it starts up again and almost every link in Bing, Yahoo or Google searches are redirected.

My last search, about this very problem, the only link that was not redirected was the one to this site! So I decided that must mean something, just go with it.

So anyone that can offer help, it would be very much appreciated!!

Thanks!
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Requested logs

Hello Broni -

I am sorry to have taken so long after you got back to me so quickly. I have followed the instructions you sent. As before, Norton didn't find anything, and this time Malwarebytes didn't find anything either. Here are the logs you requested and thank you so much for your help!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5910

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/2/2011 11:26:23 AM
mbam-log-2011-03-02 (11-26-23).txt

Scan type: Quick scan
Objects scanned: 145215
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-02 12:17:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120022A rev.3.04
Running: gwwiwx2z.exe; Driver: C:\DOCUME~1\JANETH~1\LOCALS~1\Temp\uwtdypoc.sys


---- Devices - GMER 1.0.15 ----

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----





DDS (Ver_10-12-12.02) - NTFSx86
Run by Janet Hess at 12:20:44.68 on Wed 03/02/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.112 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINDOWS\System32\ATMsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hide My IP\HideMyIpSrv.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
Q:\140062.enu\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Janet Hess\Desktop\gwwiwx2z.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Janet Hess\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lady-birds.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AutorunsDisabled - No File
BHO: JQSIEStartDetectorImpl - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - Comcast Toolbar
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} -
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\HMIPCore.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126641668578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-1-29 14776]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2011-2-26 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2011-2-26 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20110225.002\BHDrvx86.sys [2011-2-25 800376]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2011-2-26 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2011-2-26 116784]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2011-2-26 126392]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-25 102448]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\hide my ip\HideMyIpSrv.exe [2011-2-23 3039536]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20110302.001\IDSXpx86.sys [2011-3-2 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110302.002\NAVENG.SYS [2011-3-2 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110302.002\NAVEX15.SYS [2011-3-2 1360760]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
S2 Abm8osrv;Abm8osrv; [x]
S2 Abp4ks;Abp4ks; [x]
S2 Aicdispn;Aicdispn; [x]
S2 E100aldi;E100aldi;c:\windows\system32\actmovie.exe [2003-12-1 4096]
S2 Raqarcakwm;Raqarcakwm; [x]
S2 Sabtsanaqa_;Sabtsanaqa_; [x]
S2 Vaiomver;Vaiomver; [x]
S2 Vrmkrc0p;Vrmkrc0p; [x]
S2 Wzcssr;Wzcssr; [x]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2004-9-10 20160]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-2 27064]
S3 Spreamipn-0c;Spreamipn-0c;c:\windows\system32\drivers\gagp30kx.sys [2004-8-3 46464]
S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\comcastantispyservice.exe --> c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [?]
S4 gupdate1c9b254536faa16;Google Update Service (gupdate1c9b254536faa16);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S4 Srp.g50pvw;Srp.g50pvw; [x]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2011-03-02 20:19:34 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-03-02 20:19:27 -------- d-----w- c:\windows\SHELLNEW
2011-02-27 21:08:16 -------- d-----w- c:\program files\ieSpell
2011-02-27 05:45:55 -------- d-----w- c:\docume~1\janeth~1\applic~1\Malwarebytes
2011-02-27 05:45:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 05:45:41 -------- dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-27 05:45:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 05:45:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-27 01:45:01 -------- d-----w- c:\docume~1\janeth~1\applic~1\Windows Search
2011-02-26 20:35:29 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys
2011-02-26 20:35:29 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
2011-02-26 20:35:29 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
2011-02-26 20:35:29 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
2011-02-26 20:35:28 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
2011-02-26 20:35:28 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
2011-02-26 20:35:28 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
2011-02-26 20:35:28 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
2011-02-26 20:34:49 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
2011-02-26 18:42:48 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-26 18:42:06 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-02-26 18:38:35 -------- dc----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-02-26 07:14:48 -------- dc----w- c:\docume~1\alluse~1\applic~1\RealHideIP
2011-02-26 07:14:48 -------- d-----w- c:\docume~1\janeth~1\applic~1\RealHideIP
2011-02-26 07:09:17 -------- d-----w- c:\program files\Anonymous Web Surfing
2011-02-26 07:08:23 -------- d-----w- c:\docume~1\janeth~1\locals~1\applic~1\PackageAware
2011-02-26 06:48:28 8704 ----a-w- c:\windows\system32\SpOrder.dll
2011-02-26 06:26:47 -------- d-----w- c:\program files\Quick Web Player
2011-02-26 01:25:41 -------- dc----w- c:\docume~1\alluse~1\applic~1\VirtualizedApplications
2011-02-26 01:17:32 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-02-26 01:16:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-02-26 01:16:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-02-26 01:16:49 -------- d-----w- c:\program files\Symantec
2011-02-26 01:15:14 -------- d-----w- c:\windows\system32\drivers\N360
2011-02-26 01:15:10 -------- d-----w- c:\program files\Norton 360
2011-02-25 23:21:10 -------- d-----w- c:\docume~1\janeth~1\locals~1\applic~1\NPE
2011-02-24 11:14:21 904192 ----a-w- c:\docume~1\janeth~1\applic~1\microsoft\windows internet explorer\install\Internet Explorer 8 Setup.msi
2011-02-23 20:17:06 -------- d-----w- c:\program files\Hide My IP
2011-02-23 19:13:02 -------- d-----w- c:\program files\CCleaner
2011-02-22 04:04:12 -------- d-----w- c:\program files\Hide Your IP Address
2011-02-22 01:37:35 -------- d-----w- c:\program files\NSW2006
2011-02-17 03:17:52 202048 ----a-w- c:\windows\system32\AVLibrary.dll
2011-02-17 03:17:35 -------- d-----w- c:\program files\Hide The IP 2010
2011-02-17 02:58:56 -------- d-----w- c:\docume~1\janeth~1\applic~1\Windows Desktop Search
2011-02-17 01:55:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-02-16 22:56:54 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2011-02-16 22:56:54 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2011-02-16 22:56:39 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2011-02-16 22:56:39 324608 ----a-w- c:\windows\system32\hpojwia.dll
2011-02-16 22:56:38 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2011-02-16 22:56:38 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
2011-02-16 22:56:32 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2011-02-16 22:56:32 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2011-02-16 22:56:31 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2011-02-16 22:56:31 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2011-02-16 06:39:30 -------- d-----w- c:\windows\SxsCaPendDel
2011-02-16 06:33:05 -------- d-----w- c:\docume~1\janeth~1\locals~1\applic~1\SoftGrid Client
2011-02-16 06:32:37 -------- d-----w- c:\docume~1\janeth~1\applic~1\SoftGrid Client
2011-02-16 06:19:18 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2011-02-15 21:46:02 -------- d-----w- c:\windows\system32\NtmsData
2011-02-15 20:46:36 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-15 20:39:35 -------- d-----w- c:\windows\system32\XPSViewer
2011-02-15 20:38:50 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-02-15 20:37:25 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-02-15 20:37:25 117760 ------w- c:\windows\system32\prntvpt.dll
2011-02-15 20:37:24 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-02-15 20:37:24 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-02-15 20:37:24 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-02-15 20:37:24 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-02-15 20:37:24 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-02-15 20:37:24 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-02-12 00:30:55 -------- dcsh--w- c:\docume~1\alluse~1\applic~1\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-02-10 13:59:51 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-10 13:59:51 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-10 13:56:29 -------- d--h--w- c:\windows\ie8
2011-02-10 01:15:57 -------- dc----w- c:\windows\ie8(2)
2011-02-06 19:53:42 -------- d-----w- c:\program files\File Type Assistant
2011-02-06 12:05:18 -------- d-----w- c:\windows\Performance
2011-02-06 12:04:59 -------- d-----w- c:\docume~1\janeth~1\locals~1\applic~1\Microsoft Corporation
2011-02-06 11:58:51 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-02-06 07:53:55 -------- d-----w- c:\program files\Windows Desktop Search
2011-02-06 07:53:54 -------- d-----w- c:\windows\system32\GroupPolicy
2011-02-06 07:52:07 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-02-06 07:52:07 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-02-06 07:52:06 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-02-05 19:12:24 -------- d-----w- c:\program files\NetSpy Protector
2011-02-05 13:04:51 -------- d-----w- c:\docume~1\janeth~1\applic~1\IsolatedStorage
2011-02-05 13:04:46 -------- d-----w- c:\docume~1\janeth~1\applic~1\FreeFileOpener
2011-02-05 10:45:14 -------- dc----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2011-02-05 10:06:07 -------- d-----w- c:\program files\Free File Opener
2011-02-05 02:41:46 3584 ----a-r- c:\docume~1\janeth~1\applic~1\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2011-02-05 02:41:45 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-02-04 10:59:57 -------- d-----w- c:\docume~1\janeth~1\locals~1\applic~1\{C82FE1BB-5140-4F7D-8DBF-56A85573BD49}
2011-02-04 08:54:37 -------- d-----w- c:\docume~1\janeth~1\applic~1\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-02-04 02:51:37 -------- dc-h--w- C:\Program Settings
2011-02-04 02:50:38 616960 ----a-w- c:\docume~1\janeth~1\applic~1\Adobe CS Licensing Solution.exe
2011-02-04 02:40:21 -------- d-----w- c:\program files\common files\Akamai
2011-02-03 09:20:39 142336 --sha-r- c:\windows\system32\vidcapl.dll
2011-02-03 08:15:40 -------- d-----w- c:\program files\Gem Shop
2011-02-03 07:33:19 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-14 01:03:50 28496 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 12:22:24.59 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/24/2004 10:51:39 AM
System Uptime: 3/2/2011 11:09:05 AM (1 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 63 GiB total, 22.99 GiB free.
D: is FIXED (NTFS) - 43 GiB total, 27.938 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_815C104D&REV_02\4&2E98101C&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_815C104D&REV_02\4&2E98101C&0&40F0
Service: E100B

==== System Restore Points ===================

RP110: 2/14/2011 11:57:50 AM - Software Distribution Service 3.0
RP111: 2/14/2011 12:36:45 PM - Software Distribution Service 3.0
RP112: 2/14/2011 1:10:58 PM - Software Distribution Service 3.0
RP113: 2/14/2011 5:59:08 PM - Installed Windows XP KB915800-v4.
RP114: 2/14/2011 5:59:37 PM - Installed Windows XP Windows Search 4.0.
RP115: 2/14/2011 6:42:24 PM - Revo Uninstaller Pro's restore point - Akamai NetSession Interface
RP116: 2/15/2011 12:37:59 PM - Installed Windows KB954550-v5.
RP117: 2/15/2011 12:38:25 PM - Printer Driver Microsoft XPS Document Writer Installed
RP118: 2/15/2011 12:46:01 PM - Installed Microsoft .NET Framework 1.1
RP119: 2/15/2011 1:47:16 PM - Printer Driver Microsoft XPS Document Writer Installed
RP120: 2/15/2011 2:36:44 PM - Software Distribution Service 3.0
RP121: 2/15/2011 3:16:50 PM - Software Distribution Service 3.0
RP122: 2/15/2011 4:56:12 PM - Software Distribution Service 3.0
RP123: 2/15/2011 8:20:30 PM - Software Distribution Service 3.0
RP124: 2/15/2011 10:02:21 PM - Software Distribution Service 3.0
RP125: 2/16/2011 7:10:07 AM - Installed Windows XP KB915800-v4.
RP126: 2/16/2011 7:11:43 AM - Installed Windows XP Windows Search 4.0.
RP127: 2/16/2011 10:54:14 AM - Software Distribution Service 3.0
RP128: 2/16/2011 11:11:05 AM - Revo Uninstaller Pro's restore point - Service Controller XP
RP129: 2/16/2011 11:13:27 AM - Installed Windows XP KB915800-v4.
RP130: 2/16/2011 11:14:31 AM - Installed Windows XP Windows Search 4.0.
RP131: 2/16/2011 11:29:06 AM - Revo Uninstaller Pro's restore point - iKnowPS
RP132: 2/16/2011 5:53:32 PM - Installed Microsoft Bootvis
RP133: 2/16/2011 6:41:30 PM - Revo Uninstaller Pro's restore point - Microsoft Fix it Center
RP134: 2/16/2011 6:42:26 PM - Removed Microsoft Fix it Center
RP135: 2/16/2011 6:44:52 PM - Revo Uninstaller Pro's restore point - Microsoft Bootvis
RP136: 2/18/2011 6:57:04 AM - System Checkpoint
RP137: 2/18/2011 8:39:50 AM - Revo Uninstaller Pro's restore point - Microsoft Bootvis
RP138: 2/18/2011 8:40:50 AM - Removed Microsoft Bootvis
RP139: 2/19/2011 10:04:07 AM - System Checkpoint
RP140: 2/20/2011 2:19:41 AM - Installed Windows XP KB915800-v4.
RP141: 2/20/2011 2:20:39 AM - Installed Windows XP Windows Search 4.0.
RP142: 2/21/2011 6:24:52 PM - System Checkpoint
RP143: 2/21/2011 8:31:34 PM - Revo Uninstaller Pro's restore point - Free Hide IP
RP144: 2/23/2011 11:05:34 AM - Revo Uninstaller Pro's restore point - Search Toolbar
RP145: 2/23/2011 11:15:39 AM - Revo Uninstaller Pro's restore point - Wise Registry Cleaner Professional V5.12
RP146: 2/23/2011 12:26:18 PM - Revo Uninstaller Pro's restore point - DriverMax 5
RP147: 2/23/2011 12:28:38 PM - Revo Uninstaller Pro's restore point - Windows Media Player 9 Hotfix [See KB885492 for more information]
RP148: 2/23/2011 12:31:07 PM - Revo Uninstaller Pro's restore point - Security Update for Windows Search 4 - KB963093
RP149: 2/23/2011 12:32:07 PM - Revo Uninstaller Pro's restore point - Security Update for Windows Search 4 - KB963093
RP150: 2/24/2011 4:56:55 PM - Revo Uninstaller Pro's restore point - What's Running 3.0
RP151: 2/24/2011 5:48:23 PM - Revo Uninstaller Pro's restore point - UseNeXT
RP152: 2/25/2011 3:42:51 PM - Norton_Power_Eraser_20110225154159937
RP153: 2/26/2011 1:23:57 AM - Software Distribution Service 3.0
RP154: 2/26/2011 12:36:33 PM - Norton 360 Registry Clean
RP155: 2/26/2011 12:41:11 PM - Norton 360 Registry Clean
RP156: 2/26/2011 2:04:21 PM - Installed Windows XP KB915800-v4.
RP157: 2/26/2011 2:05:14 PM - Installed Windows XP Windows Search 4.0.
RP158: 2/26/2011 2:47:55 PM - Software Distribution Service 3.0
RP159: 2/26/2011 8:52:55 PM - Removed Microsoft Fix it Center
RP160: 2/26/2011 9:34:15 PM - Restore Operation
RP161: 2/28/2011 3:04:34 AM - System Checkpoint
RP162: 3/1/2011 10:52:00 AM - System Checkpoint
RP163: 3/2/2011 11:46:46 AM - System Checkpoint

==== Hosts File Hijack ======================

Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com
Hosts: 127.0.0.1 www.virustotal.com

==== Installed Programs ======================


32 Bit HP CIO Components Installer
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Community Help
Adobe Creative Suite
Adobe Creative Suite 5 Design Premium
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe SVG Viewer 3.0
Adobe Type Manager 4.1
Advanced SystemCare 3
Agere Systems AC'97 Modem
ATI Control Panel
CCleaner
CDBurnerXP
Device Data Communication Components
Drag'n Drop CD+DVD
Events Communication Components
File Type Assistant
Free File Opener version 2011.6.0
Gem Shop
Hide My IP 5.2
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP LaserJet 2100 Software
ieSpell
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Internet Explorer (Enable DEP)
IomegaWare 4.0.3
Java 2 Runtime Environment, SE v1.4.2_01
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Macromedia Dreamweaver 4
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 5
Macromedia FreeHand MXa
Macromedia Generator 2
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Move Networks Media Player for Internet Explorer
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Visualizer Library 1.4.00
MyDataBase
MySoftware Fonts
Norton 360
NVIDIA Windows 2000/XP Display Drivers
OpenMG Secure Module 3.3.01
Operating System Communication Components
Palm VersaMail(tm)
PDF Settings CS5
Revo Uninstaller Pro 2.4.3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Segoe UI
ShareIns
Smart Defrag 2
Smart Menus (Windows Live Toolbar)
Sony Certificate PCH
Sony Video Shared Library
SpeederXP v2.63
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
VAIO Help and Support
VAIO Registration
VAIO System Information
VLC media player 1.1.5
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinSetupFromUSB
WinZip 15.0

==== Event Viewer Messages From Past Week ========

3/2/2011 11:59:41 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/2/2011 11:06:46 AM, error: Service Control Manager [7034] - The HideMyIpSRV service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 11:06:45 AM, error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 11:06:39 AM, error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 11:06:36 AM, error: Service Control Manager [7034] - The TCP/IP Print Server service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 11:06:36 AM, error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 11:06:36 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 11:06:36 AM, error: Service Control Manager [7034] - The ATM Service service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 11:06:36 AM, error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
3/2/2011 11:06:36 AM, error: Service Control Manager [7034] - The Adobe LM Service service terminated unexpectedly. It has done this 1 time(s).
3/1/2011 4:06:50 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.
3/1/2011 12:05:46 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/28/2011 11:53:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
2/28/2011 11:53:56 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
2/28/2011 11:52:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows User Mode Driver Framework service to connect.
2/28/2011 11:52:25 PM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/28/2011 11:52:25 PM, error: Service Control Manager [7001] - The Iomega Active Disk service depends on the Iomega App Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The Vrmkrc0p service failed to start due to the following error: The system cannot find the path specified.
2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The Vaiomver service failed to start due to the following error: The system cannot find the path specified.
2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The SupportSoft Sprocket Service (ddoctorv2) service failed to start due to the following error: The system cannot find the path specified.
2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The Spreamipn-0c service failed to start due to the following error: The filename, directory name, or volume label syntax is incorrect.
2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The Raqarcakwm service failed to start due to the following error: The system cannot find the path specified.
2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The Iomega Activity Disk2 service failed to start due to the following error: The system cannot find the file specified.
2/28/2011 11:52:24 PM, error: Service Control Manager [7023] - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: A device attached to the system is not functioning.
2/28/2011 11:52:24 PM, error: Service Control Manager [7000] - The E100aldi service failed to start due to the following error: The system cannot find the file specified.
2/28/2011 11:51:28 PM, error: sptd [4] - Driver detected an internal error in its data structures for .

==== End Of File ===========================


Thanks again and I look forward to your reply.
Bobbiejoh
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Requested logs 2

Here are the 2nd set of logs you requested. I did have to run Combofix from safe mode and it also gave me an error that windows system restore was not installed. I know it is, but it didn't work the last time I tried it, and that is when I posted here.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0001007d

Kernel Drivers (total 144):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF89C2000 \WINDOWS\system32\KDCOM.DLL
0xF88D2000 \WINDOWS\system32\BOOTVID.dll
0xF8473000 ACPI.sys
0xF89C4000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8462000 pci.sys
0xF84C2000 isapnp.sys
0xF84D2000 ohci1394.sys
0xF84E2000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF8357000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF8A8A000 pciide.sys
0xF8742000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF84F2000 MountMgr.sys
0xF8338000 ftdisk.sys
0xF874A000 PartMgr.sys
0xF8502000 VolSnap.sys
0xF8320000 atapi.sys
0xF8512000 disk.sys
0xF8522000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF8300000 fltmgr.sys
0xF82AA000 SYMDS.SYS
0xF8298000 sr.sys
0xF826B000 SYMEFA.SYS
0xF8254000 KSecDD.sys
0xF81C7000 Ntfs.sys
0xF819A000 NDIS.sys
0xF89C6000 SmartDefragDriver.sys
0xF8180000 Mup.sys
0xF8532000 agp440.sys
0xF8752000 iomdisk.sys
0xF86E2000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7A5B000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF7A47000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF883A000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7A23000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8842000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF86F2000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF8702000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF884A000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8852000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF885A000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF79EB000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8712000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8722000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF8732000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8562000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF79C8000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8862000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7936000 \SystemRoot\system32\drivers\smwdm.sys
0xF7912000 \SystemRoot\system32\drivers\portcls.sys
0xF8572000 \SystemRoot\system32\drivers\drmk.sys
0xF89FE000 \SystemRoot\system32\drivers\aeaudio.sys
0xF77DC000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF886A000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8AE9000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8582000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF89AA000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF77C5000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8592000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF85A2000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8872000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7714000 \SystemRoot\System32\DRIVERS\psched.sys
0xF85B2000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF887A000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8882000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF85C2000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8A00000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF76B6000 \SystemRoot\System32\DRIVERS\update.sys
0xF89BE000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF85F2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEF5FA000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEF5DE000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF8612000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8A08000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8892000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xEE807000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
0xEE7E8000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
0xF88A2000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF88AA000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF897A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8632000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF88BA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A96000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF8692000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
0xEE463000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF8A5E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8C06000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A60000 \SystemRoot\System32\Drivers\Beep.SYS
0xF87CA000 \SystemRoot\System32\drivers\vga.sys
0xF8A62000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A64000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF87D2000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF87DA000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF76AA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEE41C000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEE3C3000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEE36C000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDI.SYS
0xEE346000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF86D2000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF77B5000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xEE2EE000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110302.001\IDSxpx86.sys
0xEE2C6000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF768E000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEE2A4000 \SystemRoot\System32\drivers\afd.sys
0xF77A5000 \SystemRoot\System32\DRIVERS\netbios.sys
0xEE279000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF8AC8000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xEE209000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7785000 \SystemRoot\System32\Drivers\Fips.SYS
0xEE1AB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEE18E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF8ACA000 \SystemRoot\System32\DRIVERS\DMICall.sys
0xEE10F000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
0xEE048000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110225.002\BHDrvx86.sys
0xEDFFC000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7765000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7A8E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF881A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8AAC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF06F000 \SystemRoot\System32\ialmdd5.DLL
0xF7A7A000 \SystemRoot\system32\DRIVERS\Sftvolxp.sys
0xEDEAC000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF8A2A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBF0E5000 \SystemRoot\System32\ATMFD.DLL
0xEDB0B000 \SystemRoot\System32\Drivers\HTTP.sys
0xED99B000 \SystemRoot\System32\DRIVERS\srv.sys
0xED825000 \SystemRoot\system32\DRIVERS\Sftfsxp.sys
0xED702000 \SystemRoot\system32\DRIVERS\Sftplayxp.sys
0xF87A2000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0xED445000 \SystemRoot\system32\drivers\wdmaud.sys
0xED8FB000 \SystemRoot\system32\drivers\sysaudio.sys
0xED31F000 \SystemRoot\system32\DRIVERS\Sftredirxp.sys
0xEC665000 \??\C:\DOCUME~1\JANETH~1\LOCALS~1\Temp\uwtdypoc.sys
0xEC1DD000 \??\C:\DOCUME~1\JANETH~1\LOCALS~1\Temp\mbr.sys
0xEC079000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xEBE2C000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110302.019\NAVEX15.SYS
0xEBE18000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110302.019\NAVENG.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
648 C:\WINDOWS\system32\smss.exe
708 csrss.exe
736 C:\WINDOWS\system32\winlogon.exe
788 C:\WINDOWS\system32\services.exe
804 C:\WINDOWS\system32\lsass.exe
976 C:\WINDOWS\system32\svchost.exe
1088 svchost.exe
1192 C:\WINDOWS\system32\svchost.exe
1332 svchost.exe
1344 C:\WINDOWS\system32\svchost.exe
1552 svchost.exe
1568 C:\WINDOWS\system32\svchost.exe
1764 C:\WINDOWS\system32\spoolsv.exe
1836 C:\WINDOWS\system32\rundll32.exe
292 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
432 aspnet_state.exe
444 C:\WINDOWS\system32\ATMsrvc.exe
480 PresentationFontCache.exe
580 C:\WINDOWS\system32\svchost.exe
596 C:\WINDOWS\system32\tcpsvcs.exe
644 C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
1216 C:\WINDOWS\system32\svchost.exe
1328 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2016 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
200 C:\WINDOWS\system32\snmp.exe
252 snmptrap.exe
1380 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
2456 C:\WINDOWS\explorer.exe
2836 C:\WINDOWS\system32\searchindexer.exe
2864 C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
3204 C:\WINDOWS\system32\ctfmon.exe
3284 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
3420 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
1444 alg.exe
2448 C:\Program Files\Hide My IP\HideMyIpSrv.exe
2320 C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
3488 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
3716 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
3676 Q:\140062.enu\Office14\OUTLOOK.EXE
4168 OSPPSVC.EXE
4556 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\VirtualSearchHost.exe
3600 C:\Program Files\Internet Explorer\iexplore.exe
5444 C:\Program Files\Internet Explorer\iexplore.exe
4224 C:\DOCUME~1\JANETH~1\LOCALS~1\Temp\RoboForm\robotaskbaricon.exe
5968 C:\WINDOWS\system32\wuauclt.exe
3408 C:\Documents and Settings\Janet Hess\Local Settings\Temporary Internet Files\Content.IE5\Y98IKWBC\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`805e2000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000011`338faa00 (NTFS)
\\.\Q: --> error 1

PhysicalDrive0 Model Number: ST3120022A, Rev: 3.04

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!





ComboFix 11-03-01.03 - Janet Hess 03/02/2011 16:53:35.1.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.215 [GMT -8:00]
Running from: c:\documents and settings\Janet Hess\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Janet Hess\Application Data\WinDef.exe
C:\Install.exe
c:\program files\Shared

.
((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
.

2011-03-02 20:19 . 2011-03-02 20:19 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-03-02 20:19 . 2011-03-02 20:19 -------- d-----w- c:\windows\SHELLNEW
2011-02-27 21:08 . 2011-02-27 21:08 -------- d-----w- c:\program files\ieSpell
2011-02-27 05:45 . 2011-02-27 05:45 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\Malwarebytes
2011-02-27 05:45 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 05:45 . 2011-02-27 05:45 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-27 05:45 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 05:45 . 2011-02-27 05:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-27 01:45 . 2011-02-27 01:45 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\Windows Search
2011-02-26 18:42 . 2011-02-28 20:39 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-26 18:42 . 2011-02-26 18:42 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-02-26 18:38 . 2011-02-26 18:38 -------- dc----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-02-26 07:14 . 2011-02-26 07:14 -------- dc----w- c:\documents and settings\All Users\Application Data\RealHideIP
2011-02-26 07:14 . 2011-02-26 07:14 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\RealHideIP
2011-02-26 07:09 . 2011-02-26 07:11 -------- d-----w- c:\program files\Anonymous Web Surfing
2011-02-26 07:08 . 2011-02-26 07:08 -------- d-----w- c:\documents and settings\Janet Hess\Local Settings\Application Data\PackageAware
2011-02-26 06:48 . 2011-02-26 06:48 8704 ----a-w- c:\windows\system32\SpOrder.dll
2011-02-26 06:26 . 2011-02-26 06:33 -------- d-----w- c:\program files\Quick Web Player
2011-02-26 01:25 . 2011-02-26 01:25 -------- dc----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
2011-02-26 01:17 . 2008-04-17 20:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-02-26 01:16 . 2011-02-26 01:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-02-26 01:16 . 2011-02-26 01:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-02-26 01:16 . 2011-02-26 01:16 -------- d-----w- c:\program files\Symantec
2011-02-26 01:15 . 2011-02-26 22:37 -------- d-----w- c:\windows\system32\drivers\N360
2011-02-26 01:15 . 2011-02-26 01:15 -------- d-----w- c:\program files\Norton 360
2011-02-25 23:21 . 2011-02-25 23:49 -------- d-----w- c:\documents and settings\Janet Hess\Local Settings\Application Data\NPE
2011-02-24 11:14 . 2011-02-24 11:14 904192 ----a-w- c:\documents and settings\Janet Hess\Application Data\Microsoft\Windows Internet Explorer\install\Internet Explorer 8 Setup.msi
2011-02-23 20:17 . 2011-02-27 04:36 -------- d-----w- c:\program files\Hide My IP
2011-02-23 19:13 . 2011-02-23 19:18 -------- d-----w- c:\program files\CCleaner
2011-02-22 04:04 . 2011-02-22 04:27 -------- d-----w- c:\program files\Hide Your IP Address
2011-02-22 01:37 . 2011-02-22 01:37 -------- d-----w- c:\program files\NSW2006
2011-02-17 03:17 . 2009-11-28 16:58 202048 ----a-w- c:\windows\system32\AVLibrary.dll
2011-02-17 03:17 . 2011-02-18 16:31 -------- d-----w- c:\program files\Hide The IP 2010
2011-02-17 02:58 . 2011-02-26 22:05 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\Windows Desktop Search
2011-02-17 01:55 . 2009-11-12 21:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-02-17 01:55 . 2011-02-17 01:55 -------- d-----w- c:\program files\CDBurnerXP
2011-02-16 23:15 . 2011-02-16 23:15 -------- d-----w- c:\program files\Adobe Media Player
2011-02-16 22:56 . 2001-08-17 21:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2011-02-16 22:56 . 2001-08-17 21:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2011-02-16 22:56 . 2001-08-18 06:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2011-02-16 22:56 . 2001-08-18 06:36 324608 ----a-w- c:\windows\system32\hpojwia.dll
2011-02-16 22:56 . 2001-08-17 21:47 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2011-02-16 22:56 . 2001-08-17 21:47 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
2011-02-16 22:56 . 2001-08-17 21:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2011-02-16 22:56 . 2001-08-17 21:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2011-02-16 22:56 . 2008-04-13 19:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2011-02-16 22:56 . 2008-04-13 19:39 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2011-02-16 06:39 . 2011-02-16 07:02 -------- d-----w- c:\windows\SxsCaPendDel
2011-02-16 06:33 . 2011-02-16 06:33 -------- d-----w- c:\documents and settings\Janet Hess\Local Settings\Application Data\SoftGrid Client
2011-02-16 06:32 . 2011-03-03 00:35 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\SoftGrid Client
2011-02-16 06:30 . 2011-02-16 06:30 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\{90140011-0062-0409-0000-0000000FF1CE}
2011-02-16 06:27 . 2011-03-03 00:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
2011-02-16 06:22 . 2011-03-03 00:38 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\SoftGrid Client
2011-02-16 06:19 . 2011-02-16 18:57 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2011-02-16 04:09 . 2011-02-16 04:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-16 02:31 . 2011-02-16 02:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-15 21:46 . 2011-03-03 00:38 -------- d-----w- c:\windows\system32\NtmsData
2011-02-15 20:46 . 2011-02-15 20:46 -------- d-----w- c:\windows\system32\URTTEMP
2011-02-15 20:39 . 2011-02-15 20:39 -------- d-----w- c:\windows\system32\XPSViewer
2011-02-15 20:39 . 2011-02-15 20:39 -------- d-----w- c:\program files\MSBuild
2011-02-15 20:39 . 2011-02-15 20:39 -------- d-----w- c:\program files\Reference Assemblies
2011-02-15 20:38 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-02-15 20:37 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-02-15 20:37 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-02-15 20:37 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-02-15 20:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-02-15 20:37 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-02-15 20:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-02-15 20:37 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-02-15 20:37 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-02-12 00:30 . 2011-02-12 00:30 -------- dcsh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-02-10 13:59 . 2011-02-10 13:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-10 13:56 . 2011-02-10 13:57 -------- d--h--w- c:\windows\ie8
2011-02-06 19:53 . 2011-02-06 19:53 -------- d-----w- c:\program files\File Type Assistant
2011-02-06 12:05 . 2011-02-06 12:05 -------- d-----w- c:\windows\Performance
2011-02-06 12:04 . 2011-02-06 12:04 -------- d-----w- c:\documents and settings\Janet Hess\Local Settings\Application Data\Microsoft Corporation
2011-02-06 11:58 . 2011-02-06 11:58 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-02-06 07:53 . 2011-02-06 13:59 -------- d-----w- c:\program files\Windows Desktop Search
2011-02-06 07:53 . 2011-02-06 07:53 -------- d-----w- c:\windows\system32\GroupPolicy
2011-02-06 07:52 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-02-06 07:52 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-02-06 07:52 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-02-05 19:12 . 2011-02-05 23:19 -------- d-----w- c:\program files\NetSpy Protector
2011-02-05 19:04 . 2011-02-05 19:13 -------- d-----w- c:\program files\Common Files\Apple
2011-02-05 13:04 . 2011-02-05 13:04 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\IsolatedStorage
2011-02-05 13:04 . 2011-02-05 13:06 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\FreeFileOpener
2011-02-05 10:45 . 2011-02-16 04:32 -------- dc----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-02-05 10:06 . 2011-02-05 10:06 -------- d-----w- c:\program files\Free File Opener
2011-02-05 02:41 . 2011-02-05 02:41 3584 ----a-r- c:\documents and settings\Janet Hess\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-02-05 02:41 . 2011-02-05 02:41 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-02-04 10:59 . 2011-02-04 10:59 -------- d-----w- c:\documents and settings\Janet Hess\Local Settings\Application Data\{C82FE1BB-5140-4F7D-8DBF-56A85573BD49}
2011-02-04 08:54 . 2011-02-12 02:38 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-02-04 08:53 . 2011-02-04 08:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-02-04 02:51 . 2011-02-04 05:57 -------- dc----w- C:\Program Settings
2011-02-04 02:50 . 2011-02-05 23:50 616960 ----a-w- c:\documents and settings\Janet Hess\Application Data\Adobe CS Licensing Solution.exe
2011-02-04 02:40 . 2011-02-26 06:07 -------- d-----w- c:\program files\Common Files\Akamai
2011-02-03 09:20 . 2011-02-03 09:20 142336 --sha-r- c:\windows\system32\vidcapl.dll
2011-02-03 08:15 . 2011-02-03 09:49 -------- d-----w- c:\program files\Gem Shop
2011-02-03 07:33 . 2009-12-30 19:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-23 04:59 . 2011-01-23 04:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-21 14:44 . 2003-12-02 00:28 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-12-02 00:28 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2003-12-02 00:28 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2005-06-18 06:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2003-12-02 00:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2003-12-02 00:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2003-12-02 00:28 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-12-14 01:03 . 2011-01-29 16:17 28496 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2010-12-09 15:15 . 2003-12-02 00:28 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2003-12-02 00:28 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2003-12-02 00:28 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2002-08-29 01:04 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-17 2402512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-01-30 15:45 821144 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-01-30 15:45 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-10-25 23:13 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-09-16 23:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 12:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 21:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-31 01:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Downloads\\software\\BitTorrent-7.2.exe"=
"c:\\Program Files\\Bobbie's Maintenance programs for Mom\\BitTorrent\\BitTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"1266:TCP"= 1266:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/29/2011 8:17 AM 14776]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [2/26/2011 12:35 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [2/26/2011 12:35 PM 173104]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/22/2011 8:59 PM 691696]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110225.002\BHDrvx86.sys [2/25/2011 1:59 PM 800376]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [2/26/2011 12:35 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [2/26/2011 12:35 PM 116784]
S2 Abm8osrv;Abm8osrv; [x]
S2 Abp4ks;Abp4ks; [x]
S2 Aicdispn;Aicdispn; [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]
S2 E100aldi;E100aldi;c:\windows\system32\actmovie.exe [12/1/2003 4:28 PM 4096]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2/26/2011 12:35 PM 126392]
S2 Raqarcakwm;Raqarcakwm; [x]
S2 Sabtsanaqa_;Sabtsanaqa_; [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688]
S2 Vaiomver;Vaiomver; [x]
S2 Vrmkrc0p;Vrmkrc0p; [x]
S2 Wzcssr;Wzcssr; [x]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [9/10/2004 8:33 AM 20160]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2011 7:10 PM 102448]
S3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2/23/2011 12:17 PM 3039536]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110302.001\IDSXpx86.sys [3/2/2011 2:24 AM 341944]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/2/2011 11:33 PM 27064]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768]
S3 Spreamipn-0c;Spreamipn-0c;c:\windows\system32\drivers\gagp30kx.sys [8/3/2004 10:07 PM 46464]
S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe --> c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [?]
S4 gupdate1c9b254536faa16;Google Update Service (gupdate1c9b254536faa16);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 Srp.g50pvw;Srp.g50pvw; [x]
S4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2011-02-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-JANSPC-Janet Hess.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 23:04]

2011-03-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2011-01-29 22:11]

2011-03-03 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-01-29 01:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lady-birds.com/
mStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
LSP: c:\windows\system32\HMIPCore.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Type Manager 4.1 - c:\program files\Adobe Type Manager\DeIsL1.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-02 17:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-03-02 17:11:24
ComboFix-quarantined-files.txt 2011-03-03 01:11

Pre-Run: 25,011,822,592 bytes free
Post-Run: 25,015,922,688 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 32C1F730CA9F3B8A9F169F5829646329
 
Status
Not open for further replies.

Similar threads

Shawn Knight
Google fully discontinues cache links in Search
Replies
9
Views
520
Tinderbox
Tinderbox
A
New study confirms the obvious, search results are only getting worse
2
Replies
25
Views
473
hahahanoobs
hahahanoobs
D
OpenAI could be developing a search product to rival Google
Replies
7
Views
386
SilverCider
S

Latest posts

Back