TechSpot

Search links redirect to unknown search engines

By Bobbiejoh
Feb 27, 2011
  1. I have been battling this problem for about a week or so. Every thing I have read about this issue seems to say that the first step is to check for virus. Norton didn't find anything, but Malwarebytes found 21 issues that needed removal. I thought that had fixed the problem, but within a day it was back. So now I am going in a circle. I run Malwarebytes, things work fine for a while, then it starts up again and almost every link in Bing, Yahoo or Google searches are redirected.

    My last search, about this very problem, the only link that was not redirected was the one to this site! So I decided that must mean something, just go with it.

    So anyone that can offer help, it would be very much appreciated!!

    Thanks!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Bobbiejoh

    Bobbiejoh TS Rookie Topic Starter

    Requested logs

    Hello Broni -

    I am sorry to have taken so long after you got back to me so quickly. I have followed the instructions you sent. As before, Norton didn't find anything, and this time Malwarebytes didn't find anything either. Here are the logs you requested and thank you so much for your help!

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5910

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    3/2/2011 11:26:23 AM
    mbam-log-2011-03-02 (11-26-23).txt

    Scan type: Quick scan
    Objects scanned: 145215
    Time elapsed: 10 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)




    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-02 12:17:10
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120022A rev.3.04
    Running: gwwiwx2z.exe; Driver: C:\DOCUME~1\JANETH~1\LOCALS~1\Temp\uwtdypoc.sys


    ---- Devices - GMER 1.0.15 ----

    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----





    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Janet Hess at 12:20:44.68 on Wed 03/02/2011
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.112 [GMT -8:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k eapsvcs
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k dot3svc
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    C:\WINDOWS\System32\ATMsrvc.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Hide My IP\HideMyIpSrv.exe
    C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
    C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    Q:\140062.enu\Office14\OUTLOOK.EXE
    C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchHost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Janet Hess\Desktop\gwwiwx2z.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Janet Hess\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.lady-birds.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://www.comcast.net/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: AutorunsDisabled - No File
    BHO: JQSIEStartDetectorImpl - No File
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
    BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - Comcast Toolbar
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
    BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} -
    TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
    TB: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No File
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
    mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
    IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: c:\windows\system32\HMIPCore.dll
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126641668578
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
    DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ============= SERVICES / DRIVERS ===============

    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-1-29 14776]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2011-2-26 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2011-2-26 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20110225.002\BHDrvx86.sys [2011-2-25 800376]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2011-2-26 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2011-2-26 116784]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
    R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2011-2-26 126392]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-25 102448]
    R3 HideMyIpSRV;HideMyIpSRV;c:\program files\hide my ip\HideMyIpSrv.exe [2011-2-23 3039536]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20110302.001\IDSXpx86.sys [2011-3-2 341944]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110302.002\NAVENG.SYS [2011-3-2 86008]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110302.002\NAVEX15.SYS [2011-3-2 1360760]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
    S2 Abm8osrv;Abm8osrv; [x]
    S2 Abp4ks;Abp4ks; [x]
    S2 Aicdispn;Aicdispn; [x]
    S2 E100aldi;E100aldi;c:\windows\system32\actmovie.exe [2003-12-1 4096]
    S2 Raqarcakwm;Raqarcakwm; [x]
    S2 Sabtsanaqa_;Sabtsanaqa_; [x]
    S2 Vaiomver;Vaiomver; [x]
    S2 Vrmkrc0p;Vrmkrc0p; [x]
    S2 Wzcssr;Wzcssr; [x]
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2004-9-10 20160]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-2 27064]
    S3 Spreamipn-0c;Spreamipn-0c;c:\windows\system32\drivers\gagp30kx.sys [2004-8-3 46464]
    S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\comcastantispyservice.exe --> c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [?]
    S4 gupdate1c9b254536faa16;Google Update Service (gupdate1c9b254536faa16);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S4 Srp.g50pvw;Srp.g50pvw; [x]
    S4 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

    =============== Created Last 30 ================

    2011-03-02 20:19:34 -------- d-----w- c:\program files\Microsoft Analysis Services
    2011-03-02 20:19:27 -------- d-----w- c:\windows\SHELLNEW
    2011-02-27 21:08:16 -------- d-----w- c:\program files\ieSpell
    2011-02-27 05:45:55 -------- d-----w- c:\docume~1\janeth~1\applic~1\Malwarebytes
    2011-02-27 05:45:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-27 05:45:41 -------- dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-02-27 05:45:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-27 05:45:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-27 01:45:01 -------- d-----w- c:\docume~1\janeth~1\applic~1\Windows Search
    2011-02-26 20:35:29 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys
    2011-02-26 20:35:29 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
    2011-02-26 20:35:29 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
    2011-02-26 20:35:29 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
    2011-02-26 20:35:28 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
    2011-02-26 20:35:28 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
    2011-02-26 20:35:28 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
    2011-02-26 20:35:28 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
    2011-02-26 20:34:49 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
    2011-02-26 18:42:48 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-02-26 18:42:06 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-02-26 18:38:35 -------- dc----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
    2011-02-26 07:14:48 -------- dc----w- c:\docume~1\alluse~1\applic~1\RealHideIP
    2011-02-26 07:14:48 -------- d-----w- c:\docume~1\janeth~1\applic~1\RealHideIP
    2011-02-26 07:09:17 -------- d-----w- c:\program files\Anonymous Web Surfing
    2011-02-26 07:08:23 -------- d-----w- c:\docume~1\janeth~1\locals~1\applic~1\PackageAware
    2011-02-26 06:48:28 8704 ----a-w- c:\windows\system32\SpOrder.dll
    2011-02-26 06:26:47 -------- d-----w- c:\program files\Quick Web Player
    2011-02-26 01:25:41 -------- dc----w- c:\docume~1\alluse~1\applic~1\VirtualizedApplications
    2011-02-26 01:17:32 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2011-02-26 01:16:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-02-26 01:16:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-02-26 01:16:49 -------- d-----w- c:\program files\Symantec
    2011-02-26 01:15:14 -------- d-----w- c:\windows\system32\drivers\N360
    2011-02-26 01:15:10 -------- d-----w- c:\program files\Norton 360
    2011-02-25 23:21:10 -------- d-----w- c:\docume~1\janeth~1\locals~1\applic~1\NPE
    2011-02-24 11:14:21 904192 ----a-w- c:\docume~1\janeth~1\applic~1\microsoft\windows internet explorer\install\Internet Explorer 8 Setup.msi
    2011-02-23 20:17:06 -------- d-----w- c:\program files\Hide My IP
    2011-02-23 19:13:02 -------- d-----w- c:\program files\CCleaner
    2011-02-22 04:04:12 -------- d-----w- c:\program files\Hide Your IP Address
    2011-02-22 01:37:35 -------- d-----w- c:\program files\NSW2006
    2011-02-17 03:17:52 202048 ----a-w- c:\windows\system32\AVLibrary.dll
    2011-02-17 03:17:35 -------- d-----w- c:\program files\Hide The IP 2010
    2011-02-17 02:58:56 -------- d-----w- c:\docume~1\janeth~1\applic~1\Windows Desktop Search
    2011-02-17 01:55:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
    2011-02-16 22:56:54 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
    2011-02-16 22:56:54 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
    2011-02-16 22:56:39 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
    2011-02-16 22:56:39 324608 ----a-w- c:\windows\system32\hpojwia.dll
    2011-02-16 22:56:38 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
    2011-02-16 22:56:38 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
    2011-02-16 22:56:32 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
    2011-02-16 22:56:32 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
    2011-02-16 22:56:31 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
    2011-02-16 22:56:31 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
    2011-02-16 06:39:30 -------- d-----w- c:\windows\SxsCaPendDel
    2011-02-16 06:33:05 -------- d-----w- c:\docume~1\janeth~1\locals~1\applic~1\SoftGrid Client
    2011-02-16 06:32:37 -------- d-----w- c:\docume~1\janeth~1\applic~1\SoftGrid Client
    2011-02-16 06:19:18 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
    2011-02-15 21:46:02 -------- d-----w- c:\windows\system32\NtmsData
    2011-02-15 20:46:36 -------- d-----w- c:\windows\system32\URTTEMP
    2011-02-15 20:39:35 -------- d-----w- c:\windows\system32\XPSViewer
    2011-02-15 20:38:50 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-02-15 20:37:25 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-02-15 20:37:25 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-02-15 20:37:24 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-02-15 20:37:24 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-02-15 20:37:24 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-02-15 20:37:24 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-02-15 20:37:24 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-02-15 20:37:24 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-02-12 00:30:55 -------- dcsh--w- c:\docume~1\alluse~1\applic~1\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2011-02-10 13:59:51 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-02-10 13:59:51 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-02-10 13:56:29 -------- d--h--w- c:\windows\ie8
    2011-02-10 01:15:57 -------- dc----w- c:\windows\ie8(2)
    2011-02-06 19:53:42 -------- d-----w- c:\program files\File Type Assistant
    2011-02-06 12:05:18 -------- d-----w- c:\windows\Performance
    2011-02-06 12:04:59 -------- d-----w- c:\docume~1\janeth~1\locals~1\applic~1\Microsoft Corporation
    2011-02-06 11:58:51 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-02-06 07:53:55 -------- d-----w- c:\program files\Windows Desktop Search
    2011-02-06 07:53:54 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-02-06 07:52:07 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2011-02-06 07:52:07 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2011-02-06 07:52:06 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2011-02-05 19:12:24 -------- d-----w- c:\program files\NetSpy Protector
    2011-02-05 13:04:51 -------- d-----w- c:\docume~1\janeth~1\applic~1\IsolatedStorage
    2011-02-05 13:04:46 -------- d-----w- c:\docume~1\janeth~1\applic~1\FreeFileOpener
    2011-02-05 10:45:14 -------- dc----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
    2011-02-05 10:06:07 -------- d-----w- c:\program files\Free File Opener
    2011-02-05 02:41:46 3584 ----a-r- c:\docume~1\janeth~1\applic~1\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
    2011-02-05 02:41:45 -------- d-----w- c:\program files\Windows Installer Clean Up
    2011-02-04 10:59:57 -------- d-----w- c:\docume~1\janeth~1\locals~1\applic~1\{C82FE1BB-5140-4F7D-8DBF-56A85573BD49}
    2011-02-04 08:54:37 -------- d-----w- c:\docume~1\janeth~1\applic~1\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
    2011-02-04 02:51:37 -------- dc-h--w- C:\Program Settings
    2011-02-04 02:50:38 616960 ----a-w- c:\docume~1\janeth~1\applic~1\Adobe CS Licensing Solution.exe
    2011-02-04 02:40:21 -------- d-----w- c:\program files\common files\Akamai
    2011-02-03 09:20:39 142336 --sha-r- c:\windows\system32\vidcapl.dll
    2011-02-03 08:15:40 -------- d-----w- c:\program files\Gem Shop
    2011-02-03 07:33:19 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

    ==================== Find3M ====================

    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-14 01:03:50 28496 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

    ============= FINISH: 12:22:24.59 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/24/2004 10:51:39 AM
    System Uptime: 3/2/2011 11:09:05 AM (1 hours ago)

    Motherboard: ASUSTek Computer Inc. | | P4SD-VL
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 63 GiB total, 22.99 GiB free.
    D: is FIXED (NTFS) - 43 GiB total, 27.938 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/100 VE Network Connection
    Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_815C104D&REV_02\4&2E98101C&0&40F0
    Manufacturer: Intel
    Name: Intel(R) PRO/100 VE Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_815C104D&REV_02\4&2E98101C&0&40F0
    Service: E100B

    ==== System Restore Points ===================

    RP110: 2/14/2011 11:57:50 AM - Software Distribution Service 3.0
    RP111: 2/14/2011 12:36:45 PM - Software Distribution Service 3.0
    RP112: 2/14/2011 1:10:58 PM - Software Distribution Service 3.0
    RP113: 2/14/2011 5:59:08 PM - Installed Windows XP KB915800-v4.
    RP114: 2/14/2011 5:59:37 PM - Installed Windows XP Windows Search 4.0.
    RP115: 2/14/2011 6:42:24 PM - Revo Uninstaller Pro's restore point - Akamai NetSession Interface
    RP116: 2/15/2011 12:37:59 PM - Installed Windows KB954550-v5.
    RP117: 2/15/2011 12:38:25 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP118: 2/15/2011 12:46:01 PM - Installed Microsoft .NET Framework 1.1
    RP119: 2/15/2011 1:47:16 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP120: 2/15/2011 2:36:44 PM - Software Distribution Service 3.0
    RP121: 2/15/2011 3:16:50 PM - Software Distribution Service 3.0
    RP122: 2/15/2011 4:56:12 PM - Software Distribution Service 3.0
    RP123: 2/15/2011 8:20:30 PM - Software Distribution Service 3.0
    RP124: 2/15/2011 10:02:21 PM - Software Distribution Service 3.0
    RP125: 2/16/2011 7:10:07 AM - Installed Windows XP KB915800-v4.
    RP126: 2/16/2011 7:11:43 AM - Installed Windows XP Windows Search 4.0.
    RP127: 2/16/2011 10:54:14 AM - Software Distribution Service 3.0
    RP128: 2/16/2011 11:11:05 AM - Revo Uninstaller Pro's restore point - Service Controller XP
    RP129: 2/16/2011 11:13:27 AM - Installed Windows XP KB915800-v4.
    RP130: 2/16/2011 11:14:31 AM - Installed Windows XP Windows Search 4.0.
    RP131: 2/16/2011 11:29:06 AM - Revo Uninstaller Pro's restore point - iKnowPS
    RP132: 2/16/2011 5:53:32 PM - Installed Microsoft Bootvis
    RP133: 2/16/2011 6:41:30 PM - Revo Uninstaller Pro's restore point - Microsoft Fix it Center
    RP134: 2/16/2011 6:42:26 PM - Removed Microsoft Fix it Center
    RP135: 2/16/2011 6:44:52 PM - Revo Uninstaller Pro's restore point - Microsoft Bootvis
    RP136: 2/18/2011 6:57:04 AM - System Checkpoint
    RP137: 2/18/2011 8:39:50 AM - Revo Uninstaller Pro's restore point - Microsoft Bootvis
    RP138: 2/18/2011 8:40:50 AM - Removed Microsoft Bootvis
    RP139: 2/19/2011 10:04:07 AM - System Checkpoint
    RP140: 2/20/2011 2:19:41 AM - Installed Windows XP KB915800-v4.
    RP141: 2/20/2011 2:20:39 AM - Installed Windows XP Windows Search 4.0.
    RP142: 2/21/2011 6:24:52 PM - System Checkpoint
    RP143: 2/21/2011 8:31:34 PM - Revo Uninstaller Pro's restore point - Free Hide IP
    RP144: 2/23/2011 11:05:34 AM - Revo Uninstaller Pro's restore point - Search Toolbar
    RP145: 2/23/2011 11:15:39 AM - Revo Uninstaller Pro's restore point - Wise Registry Cleaner Professional V5.12
    RP146: 2/23/2011 12:26:18 PM - Revo Uninstaller Pro's restore point - DriverMax 5
    RP147: 2/23/2011 12:28:38 PM - Revo Uninstaller Pro's restore point - Windows Media Player 9 Hotfix [See KB885492 for more information]
    RP148: 2/23/2011 12:31:07 PM - Revo Uninstaller Pro's restore point - Security Update for Windows Search 4 - KB963093
    RP149: 2/23/2011 12:32:07 PM - Revo Uninstaller Pro's restore point - Security Update for Windows Search 4 - KB963093
    RP150: 2/24/2011 4:56:55 PM - Revo Uninstaller Pro's restore point - What's Running 3.0
    RP151: 2/24/2011 5:48:23 PM - Revo Uninstaller Pro's restore point - UseNeXT
    RP152: 2/25/2011 3:42:51 PM - Norton_Power_Eraser_20110225154159937
    RP153: 2/26/2011 1:23:57 AM - Software Distribution Service 3.0
    RP154: 2/26/2011 12:36:33 PM - Norton 360 Registry Clean
    RP155: 2/26/2011 12:41:11 PM - Norton 360 Registry Clean
    RP156: 2/26/2011 2:04:21 PM - Installed Windows XP KB915800-v4.
    RP157: 2/26/2011 2:05:14 PM - Installed Windows XP Windows Search 4.0.
    RP158: 2/26/2011 2:47:55 PM - Software Distribution Service 3.0
    RP159: 2/26/2011 8:52:55 PM - Removed Microsoft Fix it Center
    RP160: 2/26/2011 9:34:15 PM - Restore Operation
    RP161: 2/28/2011 3:04:34 AM - System Checkpoint
    RP162: 3/1/2011 10:52:00 AM - System Checkpoint
    RP163: 3/2/2011 11:46:46 AM - System Checkpoint

    ==== Hosts File Hijack ======================

    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com
    Hosts: 127.0.0.1 www.virustotal.com

    ==== Installed Programs ======================


    32 Bit HP CIO Components Installer
    Adobe Acrobat X Pro - English, Fran├žais, Deutsch
    Adobe AIR
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Community Help
    Adobe Creative Suite
    Adobe Creative Suite 5 Design Premium
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe SVG Viewer 3.0
    Adobe Type Manager 4.1
    Advanced SystemCare 3
    Agere Systems AC'97 Modem
    ATI Control Panel
    CCleaner
    CDBurnerXP
    Device Data Communication Components
    Drag'n Drop CD+DVD
    Events Communication Components
    File Type Assistant
    Free File Opener version 2011.6.0
    Gem Shop
    Hide My IP 5.2
    Hitman Pro 3.5
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB954550-v5)
    HP LaserJet 2100 Software
    ieSpell
    Intel(R) Extreme Graphics Driver
    Intel(R) PRO Network Adapters and Drivers
    Internet Explorer (Enable DEP)
    IomegaWare 4.0.3
    Java 2 Runtime Environment, SE v1.4.2_01
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Macromedia Dreamweaver 4
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia Flash 5
    Macromedia FreeHand MXa
    Macromedia Generator 2
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Click-to-Run 2010
    Microsoft Office Home and Business 2010 - English
    Microsoft Silverlight
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Move Networks Media Player for Internet Explorer
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Music Visualizer Library 1.4.00
    MyDataBase
    MySoftware Fonts
    Norton 360
    NVIDIA Windows 2000/XP Display Drivers
    OpenMG Secure Module 3.3.01
    Operating System Communication Components
    Palm VersaMail(tm)
    PDF Settings CS5
    Revo Uninstaller Pro 2.4.3
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Segoe UI
    ShareIns
    Smart Defrag 2
    Smart Menus (Windows Live Toolbar)
    Sony Certificate PCH
    Sony Video Shared Library
    SpeederXP v2.63
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    VAIO Help and Support
    VAIO Registration
    VAIO System Information
    VLC media player 1.1.5
    WebFldrs XP
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WinSetupFromUSB
    WinZip 15.0

    ==== Event Viewer Messages From Past Week ========

    3/2/2011 11:59:41 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    3/2/2011 11:06:46 AM, error: Service Control Manager [7034] - The HideMyIpSRV service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 11:06:45 AM, error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 11:06:39 AM, error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 11:06:36 AM, error: Service Control Manager [7034] - The TCP/IP Print Server service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 11:06:36 AM, error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 11:06:36 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 11:06:36 AM, error: Service Control Manager [7034] - The ATM Service service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 11:06:36 AM, error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
    3/2/2011 11:06:36 AM, error: Service Control Manager [7034] - The Adobe LM Service service terminated unexpectedly. It has done this 1 time(s).
    3/1/2011 4:06:50 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.
    3/1/2011 12:05:46 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2/28/2011 11:53:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    2/28/2011 11:53:56 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
    2/28/2011 11:52:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows User Mode Driver Framework service to connect.
    2/28/2011 11:52:25 PM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/28/2011 11:52:25 PM, error: Service Control Manager [7001] - The Iomega Active Disk service depends on the Iomega App Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The Vrmkrc0p service failed to start due to the following error: The system cannot find the path specified.
    2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The Vaiomver service failed to start due to the following error: The system cannot find the path specified.
    2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The SupportSoft Sprocket Service (ddoctorv2) service failed to start due to the following error: The system cannot find the path specified.
    2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The Spreamipn-0c service failed to start due to the following error: The filename, directory name, or volume label syntax is incorrect.
    2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The Raqarcakwm service failed to start due to the following error: The system cannot find the path specified.
    2/28/2011 11:52:25 PM, error: Service Control Manager [7000] - The Iomega Activity Disk2 service failed to start due to the following error: The system cannot find the file specified.
    2/28/2011 11:52:24 PM, error: Service Control Manager [7023] - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: A device attached to the system is not functioning.
    2/28/2011 11:52:24 PM, error: Service Control Manager [7000] - The E100aldi service failed to start due to the following error: The system cannot find the file specified.
    2/28/2011 11:51:28 PM, error: sptd [4] - Driver detected an internal error in its data structures for .

    ==== End Of File ===========================


    Thanks again and I look forward to your reply.
    Bobbiejoh
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =========================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. Bobbiejoh

    Bobbiejoh TS Rookie Topic Starter

    Requested logs 2

    Here are the 2nd set of logs you requested. I did have to run Combofix from safe mode and it also gave me an error that windows system restore was not installed. I know it is, but it didn't work the last time I tried it, and that is when I posted here.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0001007d

    Kernel Drivers (total 144):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x80700000 \WINDOWS\system32\hal.dll
    0xF89C2000 \WINDOWS\system32\KDCOM.DLL
    0xF88D2000 \WINDOWS\system32\BOOTVID.dll
    0xF8473000 ACPI.sys
    0xF89C4000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
    0xF8462000 pci.sys
    0xF84C2000 isapnp.sys
    0xF84D2000 ohci1394.sys
    0xF84E2000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
    0xF8357000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xF8A8A000 pciide.sys
    0xF8742000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF84F2000 MountMgr.sys
    0xF8338000 ftdisk.sys
    0xF874A000 PartMgr.sys
    0xF8502000 VolSnap.sys
    0xF8320000 atapi.sys
    0xF8512000 disk.sys
    0xF8522000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF8300000 fltmgr.sys
    0xF82AA000 SYMDS.SYS
    0xF8298000 sr.sys
    0xF826B000 SYMEFA.SYS
    0xF8254000 KSecDD.sys
    0xF81C7000 Ntfs.sys
    0xF819A000 NDIS.sys
    0xF89C6000 SmartDefragDriver.sys
    0xF8180000 Mup.sys
    0xF8532000 agp440.sys
    0xF8752000 iomdisk.sys
    0xF86E2000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xF7A5B000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
    0xF7A47000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xF883A000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xF7A23000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xF8842000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xF86F2000 \SystemRoot\System32\DRIVERS\nic1394.sys
    0xF8702000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xF884A000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF8852000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF885A000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xF79EB000 \SystemRoot\System32\DRIVERS\parport.sys
    0xF8712000 \SystemRoot\System32\DRIVERS\imapi.sys
    0xF8722000 \SystemRoot\System32\Drivers\AFS2K.SYS
    0xF8732000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xF8562000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF79C8000 \SystemRoot\System32\DRIVERS\ks.sys
    0xF8862000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF7936000 \SystemRoot\system32\drivers\smwdm.sys
    0xF7912000 \SystemRoot\system32\drivers\portcls.sys
    0xF8572000 \SystemRoot\system32\drivers\drmk.sys
    0xF89FE000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF77DC000 \SystemRoot\System32\DRIVERS\AGRSM.sys
    0xF886A000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF8AE9000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xF8582000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xF89AA000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xF77C5000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF8592000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xF85A2000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF8872000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xF7714000 \SystemRoot\System32\DRIVERS\psched.sys
    0xF85B2000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF887A000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF8882000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xF85C2000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF8A00000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xF76B6000 \SystemRoot\System32\DRIVERS\update.sys
    0xF89BE000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF85F2000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xEF5FA000 \SystemRoot\system32\drivers\ialmkchw.sys
    0xEF5DE000 \SystemRoot\system32\drivers\ialmsbw.sys
    0xF8612000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF8A08000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xF8892000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xEE807000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
    0xEE7E8000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
    0xF88A2000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
    0xF88AA000 \SystemRoot\System32\DRIVERS\usbccgp.sys
    0xF897A000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF8632000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF88BA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7A96000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xF8692000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
    0xEE463000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xF8A5E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8C06000 \SystemRoot\System32\Drivers\Null.SYS
    0xF8A60000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF87CA000 \SystemRoot\System32\drivers\vga.sys
    0xF8A62000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF8A64000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF87D2000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF87DA000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF76AA000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xEE41C000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xEE3C3000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xEE36C000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDI.SYS
    0xEE346000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xF86D2000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xF77B5000 \SystemRoot\System32\DRIVERS\arp1394.sys
    0xEE2EE000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110302.001\IDSxpx86.sys
    0xEE2C6000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xF768E000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xEE2A4000 \SystemRoot\System32\drivers\afd.sys
    0xF77A5000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xEE279000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xF8AC8000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
    0xEE209000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xF7785000 \SystemRoot\System32\Drivers\Fips.SYS
    0xEE1AB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xEE18E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xF8ACA000 \SystemRoot\System32\DRIVERS\DMICall.sys
    0xEE10F000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
    0xEE048000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110225.002\BHDrvx86.sys
    0xEDFFC000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF7765000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF7A8E000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF881A000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8AAC000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF01F000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF041000 \SystemRoot\System32\ialmdev5.DLL
    0xBF06F000 \SystemRoot\System32\ialmdd5.DLL
    0xF7A7A000 \SystemRoot\system32\DRIVERS\Sftvolxp.sys
    0xEDEAC000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0xF8A2A000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xBF0E5000 \SystemRoot\System32\ATMFD.DLL
    0xEDB0B000 \SystemRoot\System32\Drivers\HTTP.sys
    0xED99B000 \SystemRoot\System32\DRIVERS\srv.sys
    0xED825000 \SystemRoot\system32\DRIVERS\Sftfsxp.sys
    0xED702000 \SystemRoot\system32\DRIVERS\Sftplayxp.sys
    0xF87A2000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
    0xED445000 \SystemRoot\system32\drivers\wdmaud.sys
    0xED8FB000 \SystemRoot\system32\drivers\sysaudio.sys
    0xED31F000 \SystemRoot\system32\DRIVERS\Sftredirxp.sys
    0xEC665000 \??\C:\DOCUME~1\JANETH~1\LOCALS~1\Temp\uwtdypoc.sys
    0xEC1DD000 \??\C:\DOCUME~1\JANETH~1\LOCALS~1\Temp\mbr.sys
    0xEC079000 \SystemRoot\System32\DRIVERS\e100b325.sys
    0xEBE2C000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110302.019\NAVEX15.SYS
    0xEBE18000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110302.019\NAVENG.SYS
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 48):
    0 System Idle Process
    4 System
    648 C:\WINDOWS\system32\smss.exe
    708 csrss.exe
    736 C:\WINDOWS\system32\winlogon.exe
    788 C:\WINDOWS\system32\services.exe
    804 C:\WINDOWS\system32\lsass.exe
    976 C:\WINDOWS\system32\svchost.exe
    1088 svchost.exe
    1192 C:\WINDOWS\system32\svchost.exe
    1332 svchost.exe
    1344 C:\WINDOWS\system32\svchost.exe
    1552 svchost.exe
    1568 C:\WINDOWS\system32\svchost.exe
    1764 C:\WINDOWS\system32\spoolsv.exe
    1836 C:\WINDOWS\system32\rundll32.exe
    292 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    432 aspnet_state.exe
    444 C:\WINDOWS\system32\ATMsrvc.exe
    480 PresentationFontCache.exe
    580 C:\WINDOWS\system32\svchost.exe
    596 C:\WINDOWS\system32\tcpsvcs.exe
    644 C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    1216 C:\WINDOWS\system32\svchost.exe
    1328 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2016 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    200 C:\WINDOWS\system32\snmp.exe
    252 snmptrap.exe
    1380 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    2456 C:\WINDOWS\explorer.exe
    2836 C:\WINDOWS\system32\searchindexer.exe
    2864 C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
    3204 C:\WINDOWS\system32\ctfmon.exe
    3284 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    3420 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    1444 alg.exe
    2448 C:\Program Files\Hide My IP\HideMyIpSrv.exe
    2320 C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    3488 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
    3716 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
    3676 Q:\140062.enu\Office14\OUTLOOK.EXE
    4168 OSPPSVC.EXE
    4556 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\VirtualSearchHost.exe
    3600 C:\Program Files\Internet Explorer\iexplore.exe
    5444 C:\Program Files\Internet Explorer\iexplore.exe
    4224 C:\DOCUME~1\JANETH~1\LOCALS~1\Temp\RoboForm\robotaskbaricon.exe
    5968 C:\WINDOWS\system32\wuauclt.exe
    3408 C:\Documents and Settings\Janet Hess\Local Settings\Temporary Internet Files\Content.IE5\Y98IKWBC\MBRCheck[1].exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`805e2000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000011`338faa00 (NTFS)
    \\.\Q: --> error 1

    PhysicalDrive0 Model Number: ST3120022A, Rev: 3.04

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
    SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


    Done!





    ComboFix 11-03-01.03 - Janet Hess 03/02/2011 16:53:35.1.2 - x86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.215 [GMT -8:00]
    Running from: c:\documents and settings\Janet Hess\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Janet Hess\Application Data\WinDef.exe
    C:\Install.exe
    c:\program files\Shared

    .
    ((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
    .

    2011-03-02 20:19 . 2011-03-02 20:19 -------- d-----w- c:\program files\Microsoft Analysis Services
    2011-03-02 20:19 . 2011-03-02 20:19 -------- d-----w- c:\windows\SHELLNEW
    2011-02-27 21:08 . 2011-02-27 21:08 -------- d-----w- c:\program files\ieSpell
    2011-02-27 05:45 . 2011-02-27 05:45 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\Malwarebytes
    2011-02-27 05:45 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-27 05:45 . 2011-02-27 05:45 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-02-27 05:45 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-27 05:45 . 2011-02-27 05:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-27 01:45 . 2011-02-27 01:45 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\Windows Search
    2011-02-26 18:42 . 2011-02-28 20:39 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-02-26 18:42 . 2011-02-26 18:42 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-02-26 18:38 . 2011-02-26 18:38 -------- dc----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2011-02-26 07:14 . 2011-02-26 07:14 -------- dc----w- c:\documents and settings\All Users\Application Data\RealHideIP
    2011-02-26 07:14 . 2011-02-26 07:14 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\RealHideIP
    2011-02-26 07:09 . 2011-02-26 07:11 -------- d-----w- c:\program files\Anonymous Web Surfing
    2011-02-26 07:08 . 2011-02-26 07:08 -------- d-----w- c:\documents and settings\Janet Hess\Local Settings\Application Data\PackageAware
    2011-02-26 06:48 . 2011-02-26 06:48 8704 ----a-w- c:\windows\system32\SpOrder.dll
    2011-02-26 06:26 . 2011-02-26 06:33 -------- d-----w- c:\program files\Quick Web Player
    2011-02-26 01:25 . 2011-02-26 01:25 -------- dc----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
    2011-02-26 01:17 . 2008-04-17 20:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2011-02-26 01:16 . 2011-02-26 01:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-02-26 01:16 . 2011-02-26 01:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-02-26 01:16 . 2011-02-26 01:16 -------- d-----w- c:\program files\Symantec
    2011-02-26 01:15 . 2011-02-26 22:37 -------- d-----w- c:\windows\system32\drivers\N360
    2011-02-26 01:15 . 2011-02-26 01:15 -------- d-----w- c:\program files\Norton 360
    2011-02-25 23:21 . 2011-02-25 23:49 -------- d-----w- c:\documents and settings\Janet Hess\Local Settings\Application Data\NPE
    2011-02-24 11:14 . 2011-02-24 11:14 904192 ----a-w- c:\documents and settings\Janet Hess\Application Data\Microsoft\Windows Internet Explorer\install\Internet Explorer 8 Setup.msi
    2011-02-23 20:17 . 2011-02-27 04:36 -------- d-----w- c:\program files\Hide My IP
    2011-02-23 19:13 . 2011-02-23 19:18 -------- d-----w- c:\program files\CCleaner
    2011-02-22 04:04 . 2011-02-22 04:27 -------- d-----w- c:\program files\Hide Your IP Address
    2011-02-22 01:37 . 2011-02-22 01:37 -------- d-----w- c:\program files\NSW2006
    2011-02-17 03:17 . 2009-11-28 16:58 202048 ----a-w- c:\windows\system32\AVLibrary.dll
    2011-02-17 03:17 . 2011-02-18 16:31 -------- d-----w- c:\program files\Hide The IP 2010
    2011-02-17 02:58 . 2011-02-26 22:05 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\Windows Desktop Search
    2011-02-17 01:55 . 2009-11-12 21:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
    2011-02-17 01:55 . 2011-02-17 01:55 -------- d-----w- c:\program files\CDBurnerXP
    2011-02-16 23:15 . 2011-02-16 23:15 -------- d-----w- c:\program files\Adobe Media Player
    2011-02-16 22:56 . 2001-08-17 21:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
    2011-02-16 22:56 . 2001-08-17 21:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
    2011-02-16 22:56 . 2001-08-18 06:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
    2011-02-16 22:56 . 2001-08-18 06:36 324608 ----a-w- c:\windows\system32\hpojwia.dll
    2011-02-16 22:56 . 2001-08-17 21:47 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
    2011-02-16 22:56 . 2001-08-17 21:47 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
    2011-02-16 22:56 . 2001-08-17 21:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
    2011-02-16 22:56 . 2001-08-17 21:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
    2011-02-16 22:56 . 2008-04-13 19:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
    2011-02-16 22:56 . 2008-04-13 19:39 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
    2011-02-16 06:39 . 2011-02-16 07:02 -------- d-----w- c:\windows\SxsCaPendDel
    2011-02-16 06:33 . 2011-02-16 06:33 -------- d-----w- c:\documents and settings\Janet Hess\Local Settings\Application Data\SoftGrid Client
    2011-02-16 06:32 . 2011-03-03 00:35 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\SoftGrid Client
    2011-02-16 06:30 . 2011-02-16 06:30 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\{90140011-0062-0409-0000-0000000FF1CE}
    2011-02-16 06:27 . 2011-03-03 00:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
    2011-02-16 06:22 . 2011-03-03 00:38 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\SoftGrid Client
    2011-02-16 06:19 . 2011-02-16 18:57 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
    2011-02-16 04:09 . 2011-02-16 04:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-02-16 02:31 . 2011-02-16 02:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-02-15 21:46 . 2011-03-03 00:38 -------- d-----w- c:\windows\system32\NtmsData
    2011-02-15 20:46 . 2011-02-15 20:46 -------- d-----w- c:\windows\system32\URTTEMP
    2011-02-15 20:39 . 2011-02-15 20:39 -------- d-----w- c:\windows\system32\XPSViewer
    2011-02-15 20:39 . 2011-02-15 20:39 -------- d-----w- c:\program files\MSBuild
    2011-02-15 20:39 . 2011-02-15 20:39 -------- d-----w- c:\program files\Reference Assemblies
    2011-02-15 20:38 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-02-15 20:37 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-02-15 20:37 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-02-15 20:37 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-02-15 20:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-02-15 20:37 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-02-15 20:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-02-15 20:37 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-02-15 20:37 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-02-12 00:30 . 2011-02-12 00:30 -------- dcsh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2011-02-10 13:59 . 2011-02-10 13:59 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-02-10 13:56 . 2011-02-10 13:57 -------- d--h--w- c:\windows\ie8
    2011-02-06 19:53 . 2011-02-06 19:53 -------- d-----w- c:\program files\File Type Assistant
    2011-02-06 12:05 . 2011-02-06 12:05 -------- d-----w- c:\windows\Performance
    2011-02-06 12:04 . 2011-02-06 12:04 -------- d-----w- c:\documents and settings\Janet Hess\Local Settings\Application Data\Microsoft Corporation
    2011-02-06 11:58 . 2011-02-06 11:58 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-02-06 07:53 . 2011-02-06 13:59 -------- d-----w- c:\program files\Windows Desktop Search
    2011-02-06 07:53 . 2011-02-06 07:53 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-02-06 07:52 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2011-02-06 07:52 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2011-02-06 07:52 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2011-02-05 19:12 . 2011-02-05 23:19 -------- d-----w- c:\program files\NetSpy Protector
    2011-02-05 19:04 . 2011-02-05 19:13 -------- d-----w- c:\program files\Common Files\Apple
    2011-02-05 13:04 . 2011-02-05 13:04 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\IsolatedStorage
    2011-02-05 13:04 . 2011-02-05 13:06 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\FreeFileOpener
    2011-02-05 10:45 . 2011-02-16 04:32 -------- dc----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
    2011-02-05 10:06 . 2011-02-05 10:06 -------- d-----w- c:\program files\Free File Opener
    2011-02-05 02:41 . 2011-02-05 02:41 3584 ----a-r- c:\documents and settings\Janet Hess\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2011-02-05 02:41 . 2011-02-05 02:41 -------- d-----w- c:\program files\Windows Installer Clean Up
    2011-02-04 10:59 . 2011-02-04 10:59 -------- d-----w- c:\documents and settings\Janet Hess\Local Settings\Application Data\{C82FE1BB-5140-4F7D-8DBF-56A85573BD49}
    2011-02-04 08:54 . 2011-02-12 02:38 -------- d-----w- c:\documents and settings\Janet Hess\Application Data\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
    2011-02-04 08:53 . 2011-02-04 08:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-02-04 02:51 . 2011-02-04 05:57 -------- dc----w- C:\Program Settings
    2011-02-04 02:50 . 2011-02-05 23:50 616960 ----a-w- c:\documents and settings\Janet Hess\Application Data\Adobe CS Licensing Solution.exe
    2011-02-04 02:40 . 2011-02-26 06:07 -------- d-----w- c:\program files\Common Files\Akamai
    2011-02-03 09:20 . 2011-02-03 09:20 142336 --sha-r- c:\windows\system32\vidcapl.dll
    2011-02-03 08:15 . 2011-02-03 09:49 -------- d-----w- c:\program files\Gem Shop
    2011-02-03 07:33 . 2009-12-30 19:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-23 04:59 . 2011-01-23 04:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-01-21 14:44 . 2003-12-02 00:28 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2003-12-02 00:28 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2003-12-02 00:28 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2005-06-18 06:49 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2003-12-02 00:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2003-12-02 00:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2003-12-02 00:28 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-14 01:03 . 2011-01-29 16:17 28496 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2010-12-09 15:15 . 2003-12-02 00:28 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30 . 2003-12-02 00:28 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:42 . 2003-12-02 00:28 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07 . 2002-08-29 01:04 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .

    ------- Sigcheck -------

    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
    [-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
    [-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
    [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-17 2402512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsNetHood"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2011-01-30 15:45 821144 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2011-01-30 15:45 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-10-25 23:13 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-09-16 23:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-02-22 12:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
    2002-08-20 18:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 21:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
    2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2009-01-31 01:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Downloads\\software\\BitTorrent-7.2.exe"=
    "c:\\Program Files\\Bobbie's Maintenance programs for Mom\\BitTorrent\\BitTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "1266:TCP"= 1266:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundTimestampRequest"= 1 (0x1)
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    "AllowOutboundSourceQuench"= 1 (0x1)
    "AllowOutboundParameterProblem"= 1 (0x1)
    "AllowOutboundTimeExceeded"= 1 (0x1)
    "AllowRedirect"= 1 (0x1)
    "AllowOutboundPacketTooBig"= 1 (0x1)

    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/29/2011 8:17 AM 14776]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [2/26/2011 12:35 PM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [2/26/2011 12:35 PM 173104]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/22/2011 8:59 PM 691696]
    S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110225.002\BHDrvx86.sys [2/25/2011 1:59 PM 800376]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [2/26/2011 12:35 PM 501888]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [2/26/2011 12:35 PM 116784]
    S2 Abm8osrv;Abm8osrv; [x]
    S2 Abp4ks;Abp4ks; [x]
    S2 Aicdispn;Aicdispn; [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]
    S2 E100aldi;E100aldi;c:\windows\system32\actmovie.exe [12/1/2003 4:28 PM 4096]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2/26/2011 12:35 PM 126392]
    S2 Raqarcakwm;Raqarcakwm; [x]
    S2 Sabtsanaqa_;Sabtsanaqa_; [x]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688]
    S2 Vaiomver;Vaiomver; [x]
    S2 Vrmkrc0p;Vrmkrc0p; [x]
    S2 Wzcssr;Wzcssr; [x]
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [9/10/2004 8:33 AM 20160]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2011 7:10 PM 102448]
    S3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2/23/2011 12:17 PM 3039536]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110302.001\IDSXpx86.sys [3/2/2011 2:24 AM 341944]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/2/2011 11:33 PM 27064]
    S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]
    S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432]
    S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
    S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768]
    S3 Spreamipn-0c;Spreamipn-0c;c:\windows\system32\drivers\gagp30kx.sys [8/3/2004 10:07 PM 46464]
    S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe --> c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [?]
    S4 gupdate1c9b254536faa16;Google Update Service (gupdate1c9b254536faa16);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S4 Srp.g50pvw;Srp.g50pvw; [x]
    S4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-JANSPC-Janet Hess.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 23:04]

    2011-03-03 c:\windows\Tasks\AWC AutoSweep.job
    - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2011-01-29 22:11]

    2011-03-03 c:\windows\Tasks\SmartDefrag_Startup.job
    - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-01-29 01:14]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.lady-birds.com/
    mStart Page = hxxp://www.comcast.net/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    LSP: c:\windows\system32\HMIPCore.dll
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-Adobe Type Manager 4.1 - c:\program files\Adobe Type Manager\DeIsL1.isu



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-02 17:04
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2011-03-02 17:11:24
    ComboFix-quarantined-files.txt 2011-03-03 01:11

    Pre-Run: 25,011,822,592 bytes free
    Post-Run: 25,015,922,688 bytes free

    Current=2 Default=2 Failed=1 LastKnownGood=7 Sets=1,2,3,4,5,6,7
    - - End Of File - - 32C1F730CA9F3B8A9F169F5829646329
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...