Solved Trojans, Trojans, and more Trojans. . . Please Help!

T

thisguy

Posts: 33   +0
Hi all,

I found your site while trying to rescue my ,achines from rampant infection. I discovered the hardway that when Norton tells you that your subscription ends in 5 days they also aparently disable your antivirus. My compute and my wife's were both rapidly attacked and infected by different viruses.

I have always been a computer guy and a software engineer and have saved machines before but I am in over my head here and after several days of fighting am begging your help and expertise in salvaging my systems if possible.

I have disk images so I can always revert to the original compromised state if need be. I am doing this with my wifes machine now to see if system restore was still availabale because while I think successfully cleane some 15+ viruses and trojans they aparenetly deleted almost all of the contents of the program files directory, leaving the now working machine less useful than a clean install. If I cannot use system restore on the backup I will wipe it and move on.

On my machine though I am not finished fighting and this is where I beg your help. a couple days ago I was browsing the internet and saw the sun java splash screen pop up. I knew this was bad because I try to keep it disabled and I had not tried to launch anything. I imediately pulled the ethernet cable and one of those fake anti-malware programs came up and started reporting errors. It disabled all drive access and when I flipped to norton it was locked telling me my subscription was about to expire and that my system was unprotected. (Is there a law suit here? Why owuld it be unprotected before my subscription expires?)

I tried killing off some processes and then shut down the machine pulling the sata plus on my data drives and the mirror to my OS drive. I then used acronis to image my os drive and negan trying to repair it. I am only able to really do anything on it in safe mode. Though it will boot into normal mode I can't run anything successfully and bad things seem to keep happening. I can't get it on the internet without all hell breaking loose. I cannot update java (I have 6.16) to prevent the hole because I cannot install or uninstall in safe mode and I cannot execute the update in normal mode. Even after renaming the offline installer. I have been running SuperAntiSpyware, MalwareBytes MBAM, McAfee Stinger and others and they claim to have already removed multiple trojan.generic, trojan.agent fakealert, pigax.gen!a, spyware.online games, trojan.dropper and trojan.tdss.

I still have issues.

I tried to follow your 8 steps and will submit logs below though I have several showing the previous scan outputs I will post the latest and if older ones are needed where those viruses were removed I can post them. I was not able to run the temp file cleaner so I emptied the temp directories manually.

Thank you soooo much in advance for any help you can lend. It iwll be greatly appreciated.
 
gmer log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-24 19:53:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 Intel___ rev.1.0.
Running: 0ccdhhb1.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\kxlyypow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- System - GMER 1.0.15 ----

SSDT spru.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spru.sys ZwEnumerateValueKey [0xF74F6030]

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [F7B4E0B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\mv91xx \Device\Scsi\mv91xx1Port1Path0Target0Lun0 8B8521F8
Device \Driver\mv91xx \Device\Scsi\mv91xx1 8B8521F8
Device \Driver\mv91xx \Device\Scsi\mv91xx1Port1Path0Target1Lun0 8B8521F8
Device \FileSystem\Ntfs \Ntfs 8B8511F8

AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \FileSystem\Fastfat \Fat 894E61F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFAILSAFE_III1.0.00__#4&76ab309&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
 
MBAM Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5550

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/24/2011 3:20:07 PM
mbam-log-2011-01-24 (15-20-07).txt

Scan type: Full scan (C:\|)
Objects scanned: 369180
Time elapsed: 1 hour(s), 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL
Run by Chris at 19:55:21.25 on Mon 01/24/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2658 [GMT -5:00]

AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\SUPERAntiSpyware\560fad75-677e-4ba9-ac80-fa8026fa037e.com
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\explorer.exe
J:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8992
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\560fad75-677e-4ba9-ac80-fa8026fa037e.com
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [Ai Quicker Help] "c:\program files\asus\asus dh remote\AsRc.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Turn on nView Desktop Manager] rundll32.exe "c:\program files\nvidia corporation\nview\nview.dll,nViewInitialize"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\resizer.lnk - c:\program files\resizer\resizer.exe
uPolicies-explorer: NoNetworkConnections = 01000000
uPolicies-explorer: <NO NAME> = 01000000
IE: &Highlight - c:\windows\web\highlight.htm
IE: &Links List - c:\windows\web\urllist.htm
IE: &Web Search - c:\windows\web\selsearch.htm
IE: + &Download Express: download this file - c:\program files\download express\Add_Url.htm
IE: Clear Fields - file://c:\program files\siber systems\ai roboform\RoboFormComClearFields.html
IE: Download using LeechGet - file://c:\program files\leechget 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\leechget 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: I&mages List - c:\windows\web\imglist.htm
IE: Open Frame in &New Window - c:\windows\web\frm2new.htm
IE: Parse with LeechGet - file://c:\program files\leechget 2009\\Parser.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Zoom &In - c:\windows\web\zoomin.htm
IE: Zoom O&ut - c:\windows\web\zoomout.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: ebahn - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-ebahn - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - c:\program files\ebahn\eztoolslib2.dll
Handler: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Handler: zip - {8D32BA61-D15B-11d4-894B-000000000000} - c:\program files\ebahn\hsppp.dll
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\downlo~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\downlo~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\downlo~1\mdpph.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\an9gbagc.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\chris\application data\mozilla\firefox\profiles\an9gbagc.default\extensions\{d249fd00-4df9-11d9-9fdc-0080481ada61}\components\mpint.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\chris\application data\mozilla\firefox\profiles\an9gbagc.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\chris\application data\mozilla\plugins\NPShipRush_FedEx.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\kohler\view22\version 3.10.50\NPView22.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: MetaProducts Integration: {D249FD00-4DF9-11D9-9FDC-0080481ADA61} - %profile%\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coFFPlgn
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox

============= SERVICES / DRIVERS ===============

R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-3-17 261672]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-2-25 138118]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-9-21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-9-21 173104]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [2009-12-30 43456]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-1-22 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-1-22 139648]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-18 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-9-21 501888]
S1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-2-25 46773]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2008-8-5 95592]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-9-21 116784]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\virtualcd\VCdRom.sys [2001-12-19 8576]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [2005-1-27 508304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2009-11-23 10448]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-21 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2010-12-12 19072]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S3 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2002-12-30 12160]
S3 EraserUtilDrv10621;EraserUtilDrv10621;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10621.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10621.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-30 102448]
S3 esihdrv;esihdrv;\??\c:\docume~1\admini~1\locals~1\temp\esihdrv.sys --> c:\docume~1\admini~1\locals~1\temp\esihdrv.sys [?]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\msi\live update 4\lu4\flashsys.sys --> c:\program files\msi\live update 4\lu4\FLASHSYS.sys [?]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2009-2-18 434176]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20110120.001\IDSXpx86.sys [2011-1-21 341944]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2005-1-20 15271]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20110121.019\NAVENG.SYS [2011-1-21 86008]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20110121.019\NAVEX15.SYS [2011-1-21 1360760]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-2-20 91496]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-12-12 724736]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys --> c:\windows\system32\drivers\RTL8187.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 APCPBEAgent;APC PBE Agent;c:\progra~1\apc\powerc~1\agent\pbeagent.exe [2009-10-10 34104]
S4 EZ-Backup Manager;EZ-Backup Manager;c:\program files\ezbackup\ez-backup manager\EzBackup.exe [2006-11-9 1123840]
S4 GJService;Game Jackal Server;c:\program files\slysoft\game jackal v4\Server.exe [2009-12-30 1570752]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-30 136176]
S4 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\rosewill\common\RaRegistry.exe [2010-12-12 185632]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-5 1087680]

=============== Created Last 30 ================

2011-01-24 21:54:04 -------- d-----w- C:\Tools
2011-01-24 07:49:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-24 03:15:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-24 02:14:41 -------- d-----w- c:\docume~1\chris\applic~1\SUPERAntiSpyware.com
2011-01-23 23:06:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-23 21:49:34 -------- d-----w- c:\docume~1\chris\applic~1\Malwarebytes
2011-01-23 15:52:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-23 15:52:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-23 15:52:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-23 15:52:53 -------- d-----w- c:\program files\1Malwarebytes' Anti-Malware
2011-01-23 06:22:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-22 06:24:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\jHnMb06504
2011-01-15 06:48:29 53248 ----a-r- c:\docume~1\chris\applic~1\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2011-01-15 06:48:26 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-01-15 06:48:12 -------- d-----w- c:\docume~1\chris\locals~1\applic~1\Logishrd
2011-01-15 06:48:10 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-01-15 06:36:58 -------- d-----w- c:\docume~1\chris\applic~1\Logishrd
2011-01-14 06:25:17 34 ----a-w- c:\windows\rsui2.bin
2011-01-14 05:17:42 -------- d-----w- c:\docume~1\chris\applic~1\Realtime Soft
2011-01-14 05:17:40 -------- d-----w- c:\program files\UltraMon
2011-01-14 05:17:40 -------- d-----w- c:\program files\common files\Realtime Soft
2011-01-14 05:17:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Realtime Soft
2011-01-14 03:54:22 -------- d-----w- C:\spy++
2011-01-12 02:38:27 -------- d-----w- c:\program files\iTunes
2011-01-12 02:22:11 -------- d-----w- c:\program files\LeechGet 2009
2011-01-10 02:15:14 12096 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2011-01-10 02:15:14 10304 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2011-01-09 09:21:51 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys
2011-01-09 06:41:01 -------- d-----w- c:\docume~1\chris\applic~1\MetaProducts
2011-01-09 06:40:57 -------- d-----w- c:\program files\Download Express
2011-01-05 02:31:49 -------- d-----w- c:\docume~1\chris\applic~1\Barnes & Noble
2011-01-05 02:31:44 -------- d-----w- c:\program files\Barnes & Noble
2011-01-04 00:39:28 374048 ----a-w- c:\windows\system32\yk51x86.dll
2011-01-03 16:44:05 -------- d-----w- c:\program files\Comcast
2011-01-03 16:43:03 -------- d-----w- c:\docume~1\chris\locals~1\applic~1\SupportSoft
2011-01-03 16:42:53 -------- d-----w- c:\program files\common files\SupportSoft
2011-01-03 16:42:52 -------- d-----w- c:\program files\ComcastUI
2011-01-02 21:25:14 -------- d-----w- c:\program files\Kohler

==================== Find3M ====================

2011-01-14 06:33:20 87608 ----a-w- c:\docume~1\chris\applic~1\inst.exe
2011-01-14 06:33:20 47360 ----a-w- c:\docume~1\chris\applic~1\pcouffin.sys
2011-01-14 03:23:51 241144 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-01-14 03:23:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-01-13 08:04:51 241144 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-20 23:08:46 245248 ----a-w- c:\windows\UltraMon.scr
2010-12-20 23:05:36 222208 ----a-w- c:\windows\system32\UltraMonIndDisp.exe
2010-12-20 23:05:24 360448 ----a-w- c:\windows\system32\UltraMon.dll
2010-12-20 23:05:08 81920 ----a-w- c:\windows\system32\UltraMonIndDispHook.dll
2010-12-20 23:05:02 89600 ----a-w- c:\windows\system32\UltraMonHook.dll
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-25 18:29:05 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89EFA555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89f007b0]; MOV EAX, [0x89f0082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8B78A5F0]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x89E8C578]
\Driver\iaStor[0x8B7FC3B0] -> IRP_MJ_CREATE -> 0x89EFA555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFAILSAFE_III1.0.00__#4&76ab309&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 19:56:20.87 ===============
 
Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/2/2008 11:40:40 AM
System Uptime: 1/24/2011 4:47:56 PM (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | Rampage Formula
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | LGA775 | 3293/368mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 140 GiB total, 58.257 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&1862046E&0&00E2
Manufacturer: Marvell
Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&1862046E&0&00E2
Service: yukonwxp

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


3D Canvas
3D Home Architect Home Design Deluxe 6
Ad-Aware 2007
AdminManager(OkiLAN 8100e Softnic Setup Utility)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop Elements 2.0
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 8.0
Adobe Reader 9.4.1
AI RoboForm (All Users)
Alt-Tab Task Switcher Powertoy for Windows XP
Amazon MP3 Downloader 1.0.10
Amazon Unbox Video
AnyDVD
APC PowerChute Business Edition Agent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS DH Remote
Avanquest update
AviSynth 2.5
AVStoDVD 2.3.3
Bonjour
Brother MFL-Pro Suite
Brother P-touch Editor 5.0
Buildalot
CadStd
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
Carbonite
CCleaner (remove only)
ClearType Tuning Control Panel Applet
CloneDVD2
CloneDVDmobile
Comcast Desktop Software (v1.2.0.9)
Corel WinDVD 9
Corel WinDVD Advisor
Coupon Printer for Windows
Crayon Physics Deluxe - release 53
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.8
CyberLink BD Advisor 2.0
Definition update for Microsoft Office 2010 (KB982726)
Desktop Doctor
DH Driver Cleaner Professional Edition
Digimarc MyPictureMarc Watermarking Plugin
DiskState v3.30 Licensed
Disney Flix 2.0
Duplicate Cleaner 1.4.3
DVArchive V3.1
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2
DVDFab 8.0.2.2 (01/10/2010)
DVDx
Easy CD & DVD Creator 6
eBahn® Reader
eReg
erLT
Exact Audio Copy 0.99pb5
eXPert PDF 6
Extension Renamer
Extract Version 1.6
EZ-Backup Manager
FEAR
FocusFixer
Freedom Force
Galactic Civilizations II
Game Jackal v4.0.1.5 (32 bit)
Geiss2 for Winamp 2x (remove only)
GMATPrep(TM)
GoodSync
Google Chrome Frame
Google Update Helper
Half-Life(R) 2
Hauppauge English Help Files and Resources
Hauppauge Signal Monitor Utility
Hauppauge WinTV
Hauppauge WinTV 7
Hauppauge WinTV Soft PVR
HD Tach version 3
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Home Plan Pro for Windows 95/98/00/ME/NT/XP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Rescue
Image Resizer Powertoy for Windows XP
ImgBurn
Impulse
Intel® Matrix Storage Manager
InterVideo FilterSDK for Hauppauge
iPod for Windows
iPod for Windows 2005-10-12
ISO Recorder
IsoBuster 1.8
iTunes
Java(TM) 6 Update 16
JD Secure 3.1
LeapFrog Connect
LeapFrog Leapster2 Plugin
LeechFTP
LeechGet 2009 Version 2.2
Lizardtech DjVu Control
Logitech Harmony Remote Software 7
Logitech iTouch Software
Logitech MouseWare 9.79.1
Logitech QuickCam
Logitech SetPoint 6.20
Logitech Unifying Software 2.00
LyricsFetcher v0.7
Magic ISO Maker v5.0 (build 0166)
Malwarebytes' Anti-Malware
marvell 91xx driver
Marvell Miniport Driver
MetaProducts Download Express
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Color Control Panel Applet for Windows XP
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internet Explorer 5 Web Accessories
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft RAW Image Thumbnailer and Viewer for Windows XP
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MioMap v3 Updater for Mio C320 C520
MobileMe Control Panel
MovieEdit Task
Mozilla Firefox (3.6.13)
mp3-2-wav 1.07
MSI Afterburner 1.2.0
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NEC Electronics USB 3.0 Host Controller Driver
NOOK for PC
Norton Internet Security
NVIDIA Control Panel 260.99
NVIDIA Drivers
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OKI LPR Utility
Online Manuals for WinTV (English)
PaperPort
PC Probe II
PerfectDisk
PhotoStitch
Picasa 2
Port Royale 2
PowerDVD
PowerQuest Drive Image 7.0
Quicken WillMaker Plus 2006
Quicken WillMaker Plus 2009
QuickTime
RAW Image Task
Realtime Landscaping Pro DEMO
RemoteCapture Task 1.1
reSizer v0.78
Rome: Total War Gold
Rosewill Wireless Network 11N USB adapter RNX-N1
Security Task Manager 1.7h
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Send to SmugMug
ShellExView
Sid Meier's Pirates!
SiSoftware Sandra Lite XIb (Win64/32/CE)
SketchUp 5
Slideshow Generator Powertoy for Windows XP
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
SmartSound Quicktracks for Premiere Elements 8.0
SoundMAX
Spybot - Search & Destroy
StarBurn(GiveAwayOfTheDay) Version 11 (Build 0x20081230)
Steam(TM)
Stellarium 0.10.0
SUPERAntiSpyware
SyncToy 2.0 (x86)
Tales of Monkey Island - Launch of the Screaming Narwhal
The Scruffs
Times Reader
TMPGEnc DVD Author 1.5
TuneXP 1.5
Turbo Lister
Turbo Lister 2
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax Deluxe 2007
TurboTax Premier 2005
Tweak UI
UltraMon
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Videora iPod Converter 5.04
Videora Trial Version 2.15
View22
Virtual Cable Tester
WebFldrs XP
Winamp (remove only)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
XviD 1.1 final uninstall

==== Event Viewer Messages From Past Week ========

1/22/2011 2:43:14 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
1/22/2011 2:42:41 AM, error: Service Control Manager [7000] - The regi service failed to start due to the following error: Cannot create a file when that file already exists.
1/22/2011 2:42:41 AM, error: Service Control Manager [7000] - The Digital Blue DMC2 Video Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/22/2011 2:06:30 AM, error: WMPNetworkSvc [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
1/22/2011 2:02:59 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
1/22/2011 11:09:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
1/22/2011 11:08:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/22/2011 11:07:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/22/2011 11:07:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/22/2011 1:34:38 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/22/2011 1:32:02 AM, error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).
1/19/2011 2:33:41 AM, error: VolSnap [20] - The shadow copy of volume X: was aborted because of a failed free space computation.
1/19/2011 12:43:55 PM, error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2011 1:05:00 PM, error: NetBT [4321] - The name "KALBHOMELAN :1d" could not be registered on the Interface with IP address 192.168.111.151. The machine with the IP address 192.168.111.100 did not allow the name to be claimed by this machine.
1/18/2011 12:34:48 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
1/18/2011 12:33:48 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================
 
SAS Log (In case it helps - because I have already run it)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/24/2011 at 06:10 PM

Application Version : 4.48.1000

Core Rules Database Version : 6263
Trace Rules Database Version: 4075

Scan type : Custom Scan
Total Scan Time : 01:13:08

Memory items scanned : 301
Memory threats detected : 0
Registry items scanned : 9879
Registry threats detected : 0
File items scanned : 191501
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\Chris\Cookies\chris@cdn1.trafficmp[2].txt
C:\Documents and Settings\Chris\Cookies\chris@casalemedia[2].txt
C:\Documents and Settings\Chris\Cookies\chris@www.burstnet[2].txt
C:\Documents and Settings\Chris\Cookies\chris@ads.biglots[2].txt
C:\Documents and Settings\Chris\Cookies\chris@www.googleadservices[5].txt
C:\Documents and Settings\Chris\Cookies\chris@pointroll[1].txt
C:\Documents and Settings\Chris\Cookies\chris@interclick[2].txt
C:\Documents and Settings\Chris\Cookies\chris@burstnet[1].txt
C:\Documents and Settings\Chris\Cookies\chris@interclick[1].txt
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

You're infected with a rootkit.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Thank YOU!

Your rules are my rules. Thank you for picking this up so quickly. I will run the utility and post the log back very soon.

By the way. I assume that it is ok to run these in safe mode. That is the only place I seem to be having any luck with executing much.


Thanks again,
Thisguy
 
Safe Mode will be fine.
Things should get better for you after running the above tool.
 
TDSS Killer Log File after rootkit tdss.tdl4 detected and "cured"

2011/01/24 22:41:35.0109 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/24 22:41:35.0109 ================================================================================
2011/01/24 22:41:35.0109 SystemInfo:
2011/01/24 22:41:35.0109
2011/01/24 22:41:35.0109 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/24 22:41:35.0109 Product type: Workstation
2011/01/24 22:41:35.0109 ComputerName: BATTLEAXE
2011/01/24 22:41:35.0109 UserName: Chris
2011/01/24 22:41:35.0109 Windows directory: C:\WINDOWS
2011/01/24 22:41:35.0109 System windows directory: C:\WINDOWS
2011/01/24 22:41:35.0109 Processor architecture: Intel x86
2011/01/24 22:41:35.0109 Number of processors: 2
2011/01/24 22:41:35.0109 Page size: 0x1000
2011/01/24 22:41:35.0109 Boot type: Safe boot
2011/01/24 22:41:35.0109 ================================================================================
2011/01/24 22:41:35.0281 Initialize success
2011/01/24 22:41:39.0484 ================================================================================
2011/01/24 22:41:39.0484 Scan started
2011/01/24 22:41:39.0484 Mode: Manual;
2011/01/24 22:41:39.0484 ================================================================================
2011/01/24 22:41:39.0875 6077757b (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
2011/01/24 22:41:39.0906 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/01/24 22:41:40.0000 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/24 22:41:40.0015 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/24 22:41:40.0046 ADIHdAudAddService (651168b452da256fa9e1aa172ef5bac5) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/01/24 22:41:40.0109 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/01/24 22:41:40.0140 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/24 22:41:40.0187 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/24 22:41:40.0312 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/01/24 22:41:40.0359 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/24 22:41:40.0437 AsIO (19a1dac5bc607c212e8a94c05886ed52) C:\WINDOWS\system32\drivers\AsIO.sys
2011/01/24 22:41:40.0484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/24 22:41:40.0500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/24 22:41:40.0546 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/24 22:41:40.0578 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/24 22:41:40.0609 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/01/24 22:41:40.0656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/24 22:41:40.0781 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20110114.001\BHDrvx86.sys
2011/01/24 22:41:40.0828 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/01/24 22:41:40.0843 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/01/24 22:41:40.0875 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/01/24 22:41:40.0906 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/01/24 22:41:40.0937 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/01/24 22:41:40.0968 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/01/24 22:41:41.0015 Ca50xav (6a9a0dcaeef488bb872b7fca33aed3c2) C:\WINDOWS\system32\Drivers\Ca50xav.sys
2011/01/24 22:41:41.0031 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/24 22:41:41.0062 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/24 22:41:41.0125 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys
2011/01/24 22:41:41.0171 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/24 22:41:41.0187 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/24 22:41:41.0218 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/01/24 22:41:41.0234 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/01/24 22:41:41.0265 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/24 22:41:41.0343 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/24 22:41:41.0421 ctac32k (fb06bb39860340c6fa84867f0288d1dd) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/01/24 22:41:41.0453 ctaud2k (b810fa12cf726b200e057834eaebb1ac) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/01/24 22:41:41.0484 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/01/24 22:41:41.0500 ctgame (bfc40092329cf4ab838cc4a6f2fad659) C:\WINDOWS\system32\DRIVERS\ctgame.sys
2011/01/24 22:41:41.0515 ctprxy2k (1fa95c8cf34b9911e352a07ea7a200fc) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/01/24 22:41:41.0546 ctsfm2k (400cb754b91f73bee2655686a57269d2) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/01/24 22:41:41.0609 DefragFS (d38c27df7b3e8840b4b92ed5c5c06c2c) C:\WINDOWS\system32\drivers\DefragFS.sys
2011/01/24 22:41:41.0625 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/24 22:41:41.0687 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/24 22:41:41.0703 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/01/24 22:41:41.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/24 22:41:41.0765 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/24 22:41:41.0812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/24 22:41:41.0843 DVDVRRdr_xp (31aa44888070a76961a8a392bde142dc) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
2011/01/24 22:41:41.0921 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/24 22:41:41.0953 ElbyCDIO (fba15c1dd6d7c106a3ac519d97778b7b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/01/24 22:41:41.0968 emupia (7bb488ec082d40645936d9e583f560dc) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/01/24 22:41:42.0000 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2011/01/24 22:41:42.0046 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/24 22:41:42.0140 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/24 22:41:42.0171 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/24 22:41:42.0234 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/01/24 22:41:42.0250 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/24 22:41:42.0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/24 22:41:42.0359 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/24 22:41:42.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/24 22:41:42.0390 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/24 22:41:42.0421 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/01/24 22:41:42.0484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/24 22:41:42.0531 ha10kx2k (9bb84b1dff8bce7fdddea746f6819fcf) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/01/24 22:41:42.0546 hap16v2k (1418833169b29780fbdab127623b8767) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/01/24 22:41:42.0578 hap17v2k (8b3148391dc121d96d513785d588e75b) C:\WINDOWS\system32\drivers\hap17v2k.sys
2011/01/24 22:41:42.0609 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/24 22:41:42.0640 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/01/24 22:41:42.0671 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/24 22:41:42.0734 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/24 22:41:42.0796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/24 22:41:42.0843 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/01/24 22:41:42.0875 IdeBusDr (4ec233ef7c2a2c36fa962de2ae5d982a) C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
2011/01/24 22:41:42.0890 IdeChnDr (e1b24e6478ab2e5e09c21d2028e2f208) C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
2011/01/24 22:41:43.0015 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20110120.001\IDSxpx86.sys
2011/01/24 22:41:43.0046 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/24 22:41:43.0140 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/24 22:41:43.0171 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/24 22:41:43.0187 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/24 22:41:43.0218 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/24 22:41:43.0234 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/24 22:41:43.0265 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/24 22:41:43.0281 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/24 22:41:43.0312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/24 22:41:43.0343 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
2011/01/24 22:41:43.0375 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/01/24 22:41:43.0406 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/24 22:41:43.0421 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/24 22:41:43.0453 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/24 22:41:43.0468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/24 22:41:43.0500 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/01/24 22:41:43.0546 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/01/24 22:41:43.0593 LCcfltr (8d26e30c111288f6f12e1903adddd3fb) C:\WINDOWS\system32\Drivers\LCcFltr.Sys
2011/01/24 22:41:43.0640 LEqdUsb (eee5a87ec378c9ad7ce91073fbd63465) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
2011/01/24 22:41:43.0671 LHidEqd (62663b385087f5977d8ebd1fdc67b639) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
2011/01/24 22:41:43.0703 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/01/24 22:41:43.0718 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
2011/01/24 22:41:43.0765 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2011/01/24 22:41:43.0781 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/01/24 22:41:43.0812 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
2011/01/24 22:41:43.0890 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/01/24 22:41:43.0968 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/01/24 22:41:44.0015 lvpopflt (6d994fa3d541b63eaccf4f2b3f42b2e1) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/01/24 22:41:44.0031 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/01/24 22:41:44.0078 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/01/24 22:41:44.0125 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/01/24 22:41:44.0250 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/01/24 22:41:44.0312 Maplom (f735597a7bc3b252a63129a4b2a1e469) C:\WINDOWS\system32\drivers\Maplom.sys
2011/01/24 22:41:44.0328 MaplomL (7213d968b5f85da2ec7a6b8700060b12) C:\WINDOWS\system32\drivers\MaplomL.sys
2011/01/24 22:41:44.0375 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/24 22:41:44.0406 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/24 22:41:44.0437 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/24 22:41:44.0453 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/24 22:41:44.0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/24 22:41:44.0500 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/01/24 22:41:44.0531 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/24 22:41:44.0578 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/24 22:41:44.0640 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/01/24 22:41:44.0656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/24 22:41:44.0687 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/24 22:41:44.0703 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/24 22:41:44.0703 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/24 22:41:44.0734 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/24 22:41:44.0765 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/24 22:41:44.0796 MTK (7ba76ed9c7ef33b4c8c6041ce6c91a6e) C:\WINDOWS\system32\Drivers\fide.sys
2011/01/24 22:41:44.0812 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/01/24 22:41:44.0843 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/24 22:41:44.0875 mv91xx (8b624247f917cb4a124fe1481fa19bbc) C:\WINDOWS\system32\DRIVERS\mv91xx.sys
2011/01/24 22:41:44.0906 MXOPSWD (e3dec7ca28a9870e24fff4e467af7328) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/01/24 22:41:44.0937 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/24 22:41:45.0046 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110121.019\NAVENG.SYS
2011/01/24 22:41:45.0093 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110121.019\NAVEX15.SYS
2011/01/24 22:41:45.0187 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/24 22:41:45.0218 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/24 22:41:45.0234 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/24 22:41:45.0265 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/24 22:41:45.0281 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/24 22:41:45.0312 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/24 22:41:45.0328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/24 22:41:45.0359 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/24 22:41:45.0406 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/24 22:41:45.0453 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/24 22:41:45.0484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/24 22:41:45.0515 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/24 22:41:45.0546 nusb3hub (9a3879b890f395ef8007a69543b56e8d) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
2011/01/24 22:41:45.0578 nusb3xhc (61c3a3c6b35f596831358d954d20712f) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
2011/01/24 22:41:45.0796 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/24 22:41:45.0859 NVHDA (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys
2011/01/24 22:41:45.0890 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/24 22:41:45.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/24 22:41:45.0937 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/24 22:41:45.0968 ossrv (01e1ab8249f9dde5978c6b4af18eda7c) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/01/24 22:41:46.0000 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/24 22:41:46.0015 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/24 22:41:46.0046 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/24 22:41:46.0078 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/24 22:41:46.0109 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/24 22:41:46.0140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/24 22:41:46.0171 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/01/24 22:41:46.0328 PfModNT (fda352035c58a5c0ca6de13e66c0bf80) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/01/24 22:41:46.0359 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/24 22:41:46.0390 PQIMount (6c5c4dc6b2de5f6bdf76ac9a819ea995) C:\WINDOWS\system32\drivers\PQIMount.sys
2011/01/24 22:41:46.0406 PQV2i (a1eb44deb34a39e780101f397bd1377e) C:\WINDOWS\system32\drivers\PQV2i.sys
2011/01/24 22:41:46.0437 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/24 22:41:46.0453 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/24 22:41:46.0500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/24 22:41:46.0531 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/01/24 22:41:46.0625 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/24 22:41:46.0656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/24 22:41:46.0687 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/24 22:41:46.0687 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/24 22:41:46.0718 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/24 22:41:46.0750 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/24 22:41:46.0781 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/24 22:41:46.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/24 22:41:46.0859 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/24 22:41:46.0890 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
2011/01/24 22:41:46.0921 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/01/24 22:41:46.0968 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/01/24 22:41:47.0000 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/01/24 22:41:47.0062 rt2870 (84beaf4a13a36cb9bb0663df9089cea2) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/01/24 22:41:47.0156 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/24 22:41:47.0171 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/01/24 22:41:47.0203 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/01/24 22:41:47.0250 Scutum50 (f34c06d1c706a6d9433570b087a18b02) C:\WINDOWS\system32\Drivers\Scutum50.sys
2011/01/24 22:41:47.0281 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/24 22:41:47.0312 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/01/24 22:41:47.0343 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/24 22:41:47.0375 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/24 22:41:47.0421 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/24 22:41:47.0500 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/24 22:41:47.0546 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/24 22:41:47.0609 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/01/24 22:41:47.0609 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/01/24 22:41:47.0609 sptd - detected Locked file (1)
2011/01/24 22:41:47.0625 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
2011/01/24 22:41:47.0687 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS
2011/01/24 22:41:47.0718 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS
2011/01/24 22:41:47.0750 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/24 22:41:47.0781 StarPortLite (15bdef17b0afa0b1955903db576bd7d0) C:\WINDOWS\system32\DRIVERS\StarPortLite.sys
2011/01/24 22:41:47.0812 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/01/24 22:41:47.0843 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/24 22:41:47.0875 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/24 22:41:47.0906 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/24 22:41:47.0984 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS
2011/01/24 22:41:48.0000 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS
2011/01/24 22:41:48.0031 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/01/24 22:41:48.0062 SymIM (fcde811209f6e05720676effa36e9a38) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/01/24 22:41:48.0078 SymIMMP (fcde811209f6e05720676effa36e9a38) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/01/24 22:41:48.0109 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS
2011/01/24 22:41:48.0140 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/01/24 22:41:48.0171 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS
2011/01/24 22:41:48.0218 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/24 22:41:48.0265 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/24 22:41:48.0296 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/01/24 22:41:48.0328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/24 22:41:48.0343 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/24 22:41:48.0375 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/24 22:41:48.0578 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/01/24 22:41:48.0593 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/01/24 22:41:48.0625 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/24 22:41:48.0687 UltraMonUtility (5a5bd0f66e84eb039cb227520d49908c) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
2011/01/24 22:41:48.0718 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/24 22:41:48.0781 USB28xxBGA (9477298f1acc08292ebd3869193de489) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2011/01/24 22:41:48.0796 USB28xxOEM (408a7bf7752a7b559ea80a3a6337878d) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2011/01/24 22:41:48.0828 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/24 22:41:48.0859 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/24 22:41:48.0890 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/24 22:41:48.0906 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/24 22:41:48.0937 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/24 22:41:48.0953 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/24 22:41:48.0984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/24 22:41:49.0015 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/24 22:41:49.0046 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/24 22:41:49.0078 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\VirtualCD\VCdRom.sys
2011/01/24 22:41:49.0093 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/24 22:41:49.0109 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/24 22:41:49.0125 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/24 22:41:49.0171 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/24 22:41:49.0203 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/01/24 22:41:49.0234 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/01/24 22:41:49.0281 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/24 22:41:49.0390 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/24 22:41:49.0421 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/24 22:41:49.0453 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/24 22:41:49.0500 yukonwxp (96f714b7431c297373038f5df8b53685) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/01/24 22:41:49.0546 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/24 22:41:49.0625 ================================================================================
2011/01/24 22:41:49.0625 Scan finished
2011/01/24 22:41:49.0625 ================================================================================
2011/01/24 22:41:49.0640 Detected object count: 2
2011/01/24 22:42:10.0937 Locked file(sptd) - User select action: Skip
2011/01/24 22:42:11.0171 \HardDisk0 - will be cured after reboot
2011/01/24 22:42:11.0171 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/24 22:42:18.0062 Deinitialize success
 
See, if you can operate your computer in normal mode now.
If so, attempt to update MBAM and run "Quick scan".
 
OK will do. Just out of curiosity. Can you posit how I could get this just from going to a web page? Also wondering when we get around to reconnecting my other drives. Will I need to rerun this to clean them? Since I have a mirror pair for this boot disk I assume that the restoration of the raid array will eliminate any issue on the other drive?

Thanks,
Thisguy
 
It's simply impossible to say how you get infected.
As for other drivers...are those internal, or external drives?
 
Internal drives. I have 3 mirrored pairs. I am currently running with only one drive. I unplugged my 2nd and 3rd mirror pairs and I broke the primary mirror. I assume that rebuilding the primary boot mirror will rewrite the mbr on the second drive (currently disconnected)

The other pairs are not bootable so they should only have been susceptable to file level infection right?

thanks again!
Thisguy
 
Things are looking better. Booted into normal mode. Carbonite was hanging so I killed the process and the machine finished loading. Was able to update malware bytes and scan. It didn't turn up anything. ANyDVD popped up and reported that it might be compromised by a virus and would not load it said to run virus scan and reinstall. Norton appears to be operational again but is now expired and not functioning. I have a new version. I can uninstall the old and replace with the new. Anything else I should do right now? I am anxious to update my jre as well since I understand that my old java jre may have been compromised. As I reported I saw the java splash screen right before my machine went out of control.

What's next please?

Thanks again!!!
Thisguy
 
Good news :)

For now, you can install new Norton since you don't want to be without any protection.

When done....that's your homework, because it's a bedtime here :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
win some lose some. . .

I was able to uninstall the old version of norton and uninstall the new. however when it ran live update it required a restart and upon restart declared that an error ocurred and it must be uninstalled and reinstalled. Since I have to disable for combo fix coming up anyway I am not worrying about it. I will post the results of the mbrcheck scan immediately following this reply and then do the combofix process.

Thanks again!
Thisguy
 
MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 174):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EA7000 spli.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E8F000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E61000 ACPI.sys
0xB7E50000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB84BC000 compbatt.sys
0xB84C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB85AC000 viaide.sys
0xB80D8000 MountMgr.sys
0xB7E31000 ftdisk.sys
0xB85AE000 dmload.sys
0xB7E0B000 dmio.sys
0xB84C4000 IdeBusDr.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7DF3000 atapi.sys
0xB7D18000 iaStor.sys
0xB7D02000 IdeChnDr.sys
0xB7C80000 mv91xx.sys
0xB8338000 \WINDOWS\system32\DRIVERS\mvxxmm.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB7C60000 fltmgr.sys
0xB7C09000 SYMDS.SYS
0xB7B65000 SYMEFA.SYS
0xB8118000 PxHelp20.sys
0xB7B4F000 PQV2i.sys
0xB7B38000 KSecDD.sys
0xB7B25000 DefragFS.sys
0xB7A98000 Ntfs.sys
0xB7A6B000 NDIS.sys
0xB8128000 uagp35.sys
0xB8138000 sbp2port.sys
0xB7A51000 Mup.sys
0xB7A0D000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xB82C8000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB494C000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB4938000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB4910000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB48ED000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0xB85F0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB82D8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB48D4000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xB79CD000 \SystemRoot\system32\drivers\iviaspi.sys
0xB82E8000 \SystemRoot\System32\Drivers\MaplomL.SYS
0xB82F8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB8308000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB48B1000 \SystemRoot\System32\DRIVERS\ks.sys
0xB8490000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB8318000 \SystemRoot\System32\Drivers\Maplom.SYS
0xB84A0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB488D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB84A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB4845000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xB85F2000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB79AD000 \SystemRoot\system32\DRIVERS\itchfltr.sys
0xB8350000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB85F4000 \SystemRoot\system32\DRIVERS\serscan.sys
0xB86DD000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB6206000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB6F07000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB3ADD000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB61F6000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB61E6000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB83F8000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB3ACC000 \SystemRoot\System32\DRIVERS\psched.sys
0xB8288000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB8410000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xB8418000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB3A9C000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xB82A8000 \SystemRoot\System32\DRIVERS\termdd.sys
0xB8430000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xB8600000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB3A3E000 \SystemRoot\System32\DRIVERS\update.sys
0xB7999000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB73E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAF50D000 \SystemRoot\system32\drivers\nvhda32.sys
0xAF4E9000 \SystemRoot\system32\drivers\portcls.sys
0xB6DC2000 \SystemRoot\system32\drivers\drmk.sys
0xB6246000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB6236000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0xABA46000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAB013000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAAC92000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAAC8A000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xAB003000 \SystemRoot\System32\Drivers\LEqdUsb.Sys
0xAA81B000 \SystemRoot\System32\Drivers\WDFLDR.SYS
0xA9CEB000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xAB1B6000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xAB1B2000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xAA29C000 \SystemRoot\System32\Drivers\LHidEqd.Sys
0xA9C9B000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA9C81000 \SystemRoot\system32\drivers\AEAudio.sys
0xA9C21000 \SystemRoot\system32\drivers\Senfilt.sys
0xB863A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xAF081000 \SystemRoot\System32\Drivers\Null.SYS
0xB863C000 \SystemRoot\System32\Drivers\Beep.SYS
0xAAC7A000 \SystemRoot\System32\drivers\vga.sys
0xB85E2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA9BDD000 \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS
0xAAC72000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAAC6A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAA68F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA9BB8000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA9B5F000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA9B37000 \SystemRoot\System32\DRIVERS\netbt.sys
0xAA7EB000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA9AFF000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xA9ADD000 \SystemRoot\System32\drivers\afd.sys
0xAA7DB000 \SystemRoot\System32\DRIVERS\netbios.sys
0xAA677000 \??\C:\VirtualCD\VCdRom.sys
0xA9AB9000 \SystemRoot\system32\drivers\NAV\1205000.07D\Ironx86.SYS
0xAA7AB000 \SystemRoot\system32\drivers\NAV\1205000.07D\SRTSPX.SYS
0xA9A97000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xAA4E7000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA9A6C000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xAA79B000 \SystemRoot\System32\Drivers\PQIMount.SYS
0xA99FC000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xAA78B000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA200000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xA9950000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx86.sys
0xA992A000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB862A000 \SystemRoot\system32\drivers\AsIO.sys
0xAEDF1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9909000 \SystemRoot\system32\DRIVERS\emOEM.sys
0xB73C8000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xA987F000 \SystemRoot\system32\DRIVERS\emBDA.sys
0xAEAEE000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xB8428000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8438000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB6D32000 \SystemRoot\System32\Drivers\LHidUsb.Sys
0xAEAEA000 \SystemRoot\System32\Drivers\LCcFltr.Sys
0xA9675000 \SystemRoot\system32\DRIVERS\LVMVDrv.sys
0xA9205000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xA91EF000 \SystemRoot\system32\DRIVERS\lvpopflt.sys
0xB81D8000 \SystemRoot\system32\drivers\usbaudio.sys
0xA9157000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xA8F55000 \SystemRoot\system32\DRIVERS\LVcKap.sys
0xB8440000 \SystemRoot\system32\DRIVERS\LHidFlt2.Sys
0xB81E8000 \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
0xA8E2C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB5292000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8488000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB872D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8380000 \SystemRoot\System32\Drivers\Scutum50.sys
0xA816A000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xA811E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB8650000 \??\C:\WINDOWS\system32\drivers\regi.sys
0xA8065000 \SystemRoot\System32\Drivers\HTTP.sys
0xB872C000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xA7FBD000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7F56000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
0xB83E8000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0xA8035000 \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
0xA7B59000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7CDE000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3142000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA7A6E000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
960 C:\WINDOWS\system32\smss.exe
1084 csrss.exe
1108 C:\WINDOWS\system32\winlogon.exe
1152 C:\WINDOWS\system32\services.exe
1192 C:\WINDOWS\system32\lsass.exe
1336 C:\WINDOWS\system32\nvsvc32.exe
1372 C:\WINDOWS\system32\svchost.exe
1480 svchost.exe
1520 C:\WINDOWS\system32\svchost.exe
1584 svchost.exe
1684 C:\WINDOWS\system32\spoolsv.exe
1768 svchost.exe
1800 msdtc.exe
1864 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
1908 svchost.exe
1920 alg.exe
1944 C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
1988 C:\WINDOWS\system32\dllhost.exe
360 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
496 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.5.0.125\ccsvchst.exe
656 C:\WINDOWS\system32\svchost.exe
696 C:\WINDOWS\system32\dllhost.exe
784 C:\WINDOWS\system32\vssvc.exe
1728 C:\WINDOWS\system32\wuauclt.exe
2532 C:\Program Files\Google\Update\GoogleUpdate.exe
2572 C:\WINDOWS\explorer.exe
2624 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2876 C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\18.5.0.125\inststub.exe
3172 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3180 C:\WINDOWS\system32\TaskSwitch.exe
3216 C:\Program Files\Logitech\iTouch\iTouch.exe
3256 C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
3280 C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
3316 C:\Program Files\ASUS\ASUS DH Remote\AsDHRemote.exe
3384 C:\Program Files\Logitech\SetPointP\SetPoint.exe
3448 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
3576 C:\Program Files\reSizer\resizer.exe
3584 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
3608 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
3852 C:\WINDOWS\system32\wscntfy.exe
4068 C:\WINDOWS\system32\notepad.exe
264 C:\Documents and Settings\Chris\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ˆ1ˆˆS

Size Device Name MBR Status
--------------------------------------------
139 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!
 
ugh . . .

Well I tried to disable norton and could not because it did not appear to be running. I tried to uninstall but could not because the uninstall could not verify the file. I thought that since it said it was not functioning and I could not uninstall that I would just run combofix. Combo fix then identified that norton was running and asked me to stop it before continuing but there was only an ok button. Since I could still not stop it I went in and killed the nav process in task manager. I chose to close the combofix message box rather than click ok but it proceeded anyway telling me that I was now using it at my own risk. again I clicked the x instead of ok and it proceeded. So now it is running. I will report the results when it completes. I have my fingers crossed.

Thanks,
Thisguy
 
Combofix Log

ComboFix 11-01-24.01 - Chris 01/25/2011 3:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2411 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Chris\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\Chris\Application Data\Adobe\plugs
c:\documents and settings\Chris\Application Data\EurekaLog
c:\documents and settings\Chris\Application Data\inst.exe
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\index.dat
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000017_.tmp.dll
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\_000022_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll

----- BITS: Possible infected sites -----

hxxp://buy-download.norton.com
.
((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
.

2011-01-25 07:31 . 2011-01-25 07:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-25 07:31 . 2011-01-25 07:31 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-25 07:31 . 2011-01-25 07:31 -------- d-----w- c:\program files\Symantec
2011-01-25 07:31 . 2011-01-25 07:34 -------- d-----w- c:\windows\system32\drivers\NAV
2011-01-24 21:54 . 2011-01-25 07:10 -------- d-----w- C:\Tools
2011-01-24 07:49 . 2011-01-24 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-24 03:15 . 2011-01-24 21:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-24 02:14 . 2011-01-24 02:14 -------- d-----w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com
2011-01-23 23:06 . 2011-01-24 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-23 21:49 . 2011-01-23 21:49 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2011-01-23 15:53 . 2011-01-23 15:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-23 15:52 . 2011-01-23 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-23 15:52 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-23 15:52 . 2011-01-23 21:53 -------- d-----w- c:\program files\1Malwarebytes' Anti-Malware
2011-01-23 15:52 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-23 15:47 . 2011-01-23 15:47 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-01-23 06:22 . 2011-01-23 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-23 06:22 . 2011-01-23 06:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-01-23 06:11 . 2011-01-23 06:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2011-01-23 04:11 . 2011-01-23 04:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-01-22 07:51 . 2011-01-22 07:51 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\Google
2011-01-22 07:48 . 2011-01-22 07:48 -------- d-sh--w- c:\documents and settings\Sarah\PrivacIE
2011-01-22 07:43 . 2011-01-22 07:43 -------- d-----w- c:\documents and settings\Sarah\Application Data\Logitech
2011-01-22 07:42 . 2011-01-22 07:42 -------- d-sh--w- c:\documents and settings\Sarah\IETldCache
2011-01-22 06:24 . 2011-01-23 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\jHnMb06504
2011-01-22 06:24 . 2009-03-08 08:31 45568 ----a-w- c:\documents and settings\_Suspect_Chrisupdate001.exe
2011-01-15 06:48 . 2011-01-15 06:48 53248 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-01-15 06:48 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-01-15 06:48 . 2011-01-15 06:48 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Logishrd
2011-01-15 06:48 . 2011-01-19 17:51 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-01-15 06:47 . 2011-01-15 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2011-01-15 06:36 . 2011-01-15 06:37 -------- d-----w- c:\documents and settings\Chris\Application Data\Logishrd
2011-01-14 22:46 . 2011-01-14 22:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-01-14 14:20 . 2011-01-14 14:20 -------- d-sh--w- c:\documents and settings\Ben and Ryan\IETldCache
2011-01-14 06:25 . 2011-01-14 06:25 34 ----a-w- c:\windows\rsui2.bin
2011-01-14 05:17 . 2011-01-14 05:17 -------- d-----w- c:\documents and settings\Chris\Application Data\Realtime Soft
2011-01-14 05:17 . 2011-01-14 05:17 -------- d-----w- c:\program files\UltraMon
2011-01-14 05:17 . 2011-01-14 05:17 -------- d-----w- c:\program files\Common Files\Realtime Soft
2011-01-14 05:17 . 2011-01-14 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2011-01-14 03:54 . 2011-01-14 06:07 -------- d-----w- C:\spy++
2011-01-14 03:17 . 2011-01-14 03:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2011-01-14 03:17 . 2011-01-14 03:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-12 02:38 . 2011-01-12 02:39 -------- d-----w- c:\program files\iTunes
2011-01-12 02:22 . 2011-01-12 02:22 -------- d-----w- c:\program files\LeechGet 2009
2011-01-10 02:15 . 2006-10-19 08:11 12096 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2011-01-10 02:15 . 2006-10-19 08:11 10304 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2011-01-09 06:43 . 2011-01-09 06:43 -------- d-----w- c:\documents and settings\Default User\Application Data\MetaProducts
2011-01-09 06:41 . 2011-01-09 06:41 -------- d-----w- c:\documents and settings\Sarah\Application Data\MetaProducts
2011-01-09 06:41 . 2011-01-09 06:41 -------- d-----w- c:\documents and settings\Chris\Application Data\MetaProducts
2011-01-09 06:41 . 2011-01-09 06:41 -------- d-----w- c:\documents and settings\Ben and Ryan\Application Data\MetaProducts
2011-01-09 06:40 . 2011-01-09 06:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\MetaProducts
2011-01-09 06:40 . 2011-01-09 06:40 -------- d-----w- c:\program files\Download Express
2011-01-05 02:31 . 2011-01-05 02:31 -------- d-----w- c:\documents and settings\Chris\Application Data\Barnes & Noble
2011-01-05 02:31 . 2011-01-05 02:31 -------- d-----w- c:\program files\Barnes & Noble
2011-01-04 00:39 . 2010-09-23 09:11 374048 ----a-w- c:\windows\system32\yk51x86.dll
2011-01-03 16:44 . 2011-01-03 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2011-01-03 16:44 . 2011-01-03 16:44 -------- d-----w- c:\program files\Comcast
2011-01-03 16:43 . 2011-01-04 04:14 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\SupportSoft
2011-01-03 16:42 . 2011-01-03 16:44 -------- d-----w- c:\program files\Common Files\SupportSoft
2011-01-02 21:25 . 2011-01-02 21:25 -------- d-----w- c:\program files\Kohler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-14 06:33 . 2008-12-16 05:14 47360 ----a-w- c:\documents and settings\Chris\Application Data\pcouffin.sys
2010-12-20 23:08 . 2010-12-20 23:08 245248 ----a-w- c:\windows\UltraMon.scr
2010-12-20 23:05 . 2010-12-20 23:05 222208 ----a-w- c:\windows\system32\UltraMonIndDisp.exe
2010-12-20 23:05 . 2010-12-20 23:05 360448 ----a-w- c:\windows\system32\UltraMon.dll
2010-12-20 23:05 . 2010-12-20 23:05 81920 ----a-w- c:\windows\system32\UltraMonIndDispHook.dll
2010-12-20 23:05 . 2010-12-20 23:05 89600 ----a-w- c:\windows\system32\UltraMonHook.dll
2010-12-01 19:06 . 2010-12-01 19:06 108104 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-11-30 20:43 . 2010-11-30 20:43 30888 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-11-18 18:12 . 2005-01-17 04:54 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-04-14 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
.

------- Sigcheck -------

[-] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe
[-] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe

[-] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-12-04 4721224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"CoolSwitch"="c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2010-12-15 917648]
"Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-10 3165696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]

c:\documents and settings\Chris\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
reSizer.lnk - c:\program files\reSizer\resizer.exe [2010-3-7 188416]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 01000000
"<NO NAME>"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OKI LPR Utility.lnk]
backup=c:\windows\pss\OKI LPR Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rosewill Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Rosewill Wireless Utility.lnk
backup=c:\windows\pss\Rosewill Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless]
2009-09-06 09:40 615808 ----a-w- c:\program files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2004-07-20 14:34 851968 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 18:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet]
2010-06-11 19:19 2067968 ----a-w- c:\program files\LeechGet 2009\LeechGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-11-19 18:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
2010-01-22 17:29 106496 ----a-w- c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 06:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
2010-01-06 12:09 1237504 ----a-w- c:\program files\Visagesoft\eXPert PDF 6\vspdfprsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
2009-10-12 16:00 208896 ----a-r- c:\windows\system32\WinSys2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LxrJD31s"=2 (0x2)
"EZ-Backup Manager"=2 (0x2)
"Brother XP spl Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ADVService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIb\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIb\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [3/17/2010 3:13 AM 261672]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2/25/2004 12:19 PM 138118]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/5/2008 8:59 PM 717296]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\symds.sys [1/25/2011 2:34 AM 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\symefa.sys [1/25/2011 2:34 AM 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [11/22/2010 9:20 PM 691248]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2/25/2004 12:19 PM 46773]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\ironx86.sys [1/25/2011 2:34 AM 136312]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\virtualcd\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [4/17/2007 7:09 PM 11032]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 6:06 AM 169312]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/23/2009 2:18 AM 10448]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\18.5.0.125\ccsvchst.exe [1/25/2011 2:34 AM 130000]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [12/12/2010 11:36 PM 19072]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 2:11 AM 17184]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 11:55 AM 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 12:30 PM 10448]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [12/30/2009 10:18 AM 43456]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2/20/2010 12:20 PM 91496]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [8/5/2008 8:58 PM 95592]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [1/27/2005 6:06 PM 508304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 7:09 PM 11032]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [12/30/2002 10:53 AM 12160]
S3 EraserUtilDrv10621;EraserUtilDrv10621;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10621.sys [?]
S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys --> c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [?]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\program files\WinTV\TVServer\HauppaugeTVServer.exe [2/18/2009 1:03 AM 434176]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110120.001\IDSXpx86.sys [1/25/2011 2:35 AM 341944]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25 AM 30969208]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [1/20/2005 1:52 AM 15271]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 APCPBEAgent;APC PBE Agent;c:\progra~1\APC\POWERC~1\agent\pbeagent.exe [10/10/2009 11:48 PM 34104]
S4 EZ-Backup Manager;EZ-Backup Manager;c:\program files\EzBackup\EZ-Backup Manager\EzBackup.exe [11/9/2006 12:54 AM 1123840]
S4 GJService;Game Jackal Server;c:\program files\SlySoft\Game Jackal v4\Server.exe [12/30/2009 10:18 AM 1570752]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/30/2010 11:44 PM 136176]
.
Contents of the 'Scheduled Tasks' folder

2011-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 04:44]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Highlight - c:\windows\WEB\highlight.htm
IE: &Links List - c:\windows\WEB\urllist.htm
IE: + &Download Express: download this file - c:\program files\Download Express\Add_Url.htm
IE: Clear Fields - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
IE: Download using LeechGet - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: I&mages List - c:\windows\Web\imglist.htm
IE: Open Frame in &New Window - c:\windows\WEB\frm2new.htm
IE: Parse with LeechGet - file://c:\program files\LeechGet 2009\\Parser.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Zoom &In - c:\windows\WEB\zoomin.htm
IE: Zoom O&ut - c:\windows\WEB\zoomout.htm
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\an9gbagc.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Turn on nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nview.dll
Notify-AtiExtEvent - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Chris\Application Data\Macromedia\Flash Player\



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-25 03:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1801674531-1897051121-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1801674531-1897051121-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:75,e7,a7,1d,c5,91,5b,02,65,5c,2d,74,11,0d,74,fd,44,cf,8f,b6,a7,
37,2c,20,59,68,64,12,2d,10,89,ee,25,03,3f,cb,1e,f6,b0,68,8b,58,58,55,4a,be,\
"rkeysecu"=hex:e2,2d,cb,a0,84,66,02,94,20,66,c6,3d,87,4a,0f,c3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1108)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2011-01-25 03:24:24
ComboFix-quarantined-files.txt 2011-01-25 08:24

Pre-Run: 58,439,331,840 bytes free
Post-Run: 58,459,430,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 495F3A9FC15BF6227259286D4EBA0A40
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\rsui2.bin
c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys


FCopy::
c:\windows\ServicePackFiles\i386\wuauclt.exe | c:\windows\system32\wuauclt.exe
c:\windows\ServicePackFiles\i386\wuauclt.exe | c:\windows\system32\dllcache\wuauclt.exe

Driver::
esihdrv

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<NO NAME>"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

DDS::
uInternet Settings,ProxyOverride = <local>


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
How can I get the broken norton off

Any ideas how I can remove the broken norton since I cannot disable it through the UI and the uninstall fails? Do they have a full removal tool or something that removes all traces that I should run before I continue?

Thank you!
Thisguy
 
Norton removal worked - Here is the new combofix log

ComboFix 11-01-24.01 - Chris 01/25/2011 13:28:14.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2491 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt

FILE ::
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys"
"c:\windows\rsui2.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\rsui2.bin

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\wuauclt.exe --> c:\windows\system32\wuauclt.exe
c:\windows\ServicePackFiles\i386\wuauclt.exe --> c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESIHDRV
-------\Service_esihdrv


((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
.

2011-01-25 07:31 . 2011-01-25 07:34 -------- d-----w- c:\windows\system32\drivers\NAV
2011-01-24 21:54 . 2011-01-25 07:10 -------- d-----w- C:\Tools
2011-01-24 07:49 . 2011-01-24 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-24 03:15 . 2011-01-24 21:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-24 02:14 . 2011-01-24 02:14 -------- d-----w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com
2011-01-23 23:06 . 2011-01-24 02:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-23 21:49 . 2011-01-23 21:49 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2011-01-23 15:53 . 2011-01-23 15:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-23 15:52 . 2011-01-23 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-23 15:52 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-23 15:52 . 2011-01-23 21:53 -------- d-----w- c:\program files\1Malwarebytes' Anti-Malware
2011-01-23 15:52 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-23 15:47 . 2011-01-23 15:47 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-01-23 06:22 . 2011-01-23 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-23 06:22 . 2011-01-23 06:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-01-23 06:11 . 2011-01-23 06:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2011-01-23 04:11 . 2011-01-23 04:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-01-22 07:51 . 2011-01-22 07:51 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\Google
2011-01-22 07:48 . 2011-01-22 07:48 -------- d-sh--w- c:\documents and settings\Sarah\PrivacIE
2011-01-22 07:43 . 2011-01-22 07:43 -------- d-----w- c:\documents and settings\Sarah\Application Data\Logitech
2011-01-22 07:42 . 2011-01-22 07:42 -------- d-sh--w- c:\documents and settings\Sarah\IETldCache
2011-01-22 06:24 . 2011-01-23 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\jHnMb06504
2011-01-22 06:24 . 2009-03-08 08:31 45568 ----a-w- c:\documents and settings\_Suspect_Chrisupdate001.exe
2011-01-15 06:48 . 2011-01-15 06:48 53248 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-01-15 06:48 . 2008-04-14 10:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-01-15 06:48 . 2011-01-15 06:48 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Logishrd
2011-01-15 06:48 . 2011-01-19 17:51 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-01-15 06:47 . 2011-01-15 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2011-01-15 06:36 . 2011-01-15 06:37 -------- d-----w- c:\documents and settings\Chris\Application Data\Logishrd
2011-01-14 22:46 . 2011-01-14 22:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-01-14 14:20 . 2011-01-14 14:20 -------- d-sh--w- c:\documents and settings\Ben and Ryan\IETldCache
2011-01-14 05:17 . 2011-01-14 05:17 -------- d-----w- c:\documents and settings\Chris\Application Data\Realtime Soft
2011-01-14 05:17 . 2011-01-14 05:17 -------- d-----w- c:\program files\UltraMon
2011-01-14 05:17 . 2011-01-14 05:17 -------- d-----w- c:\program files\Common Files\Realtime Soft
2011-01-14 05:17 . 2011-01-14 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2011-01-14 03:54 . 2011-01-14 06:07 -------- d-----w- C:\spy++
2011-01-14 03:17 . 2011-01-14 03:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2011-01-14 03:17 . 2011-01-14 03:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-12 02:38 . 2011-01-12 02:39 -------- d-----w- c:\program files\iTunes
2011-01-12 02:22 . 2011-01-12 02:22 -------- d-----w- c:\program files\LeechGet 2009
2011-01-10 02:15 . 2006-10-19 08:11 12096 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2011-01-10 02:15 . 2006-10-19 08:11 10304 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2011-01-09 06:43 . 2011-01-09 06:43 -------- d-----w- c:\documents and settings\Default User\Application Data\MetaProducts
2011-01-09 06:41 . 2011-01-09 06:41 -------- d-----w- c:\documents and settings\Sarah\Application Data\MetaProducts
2011-01-09 06:41 . 2011-01-09 06:41 -------- d-----w- c:\documents and settings\Chris\Application Data\MetaProducts
2011-01-09 06:41 . 2011-01-09 06:41 -------- d-----w- c:\documents and settings\Ben and Ryan\Application Data\MetaProducts
2011-01-09 06:40 . 2011-01-09 06:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\MetaProducts
2011-01-09 06:40 . 2011-01-09 06:40 -------- d-----w- c:\program files\Download Express
2011-01-05 02:31 . 2011-01-05 02:31 -------- d-----w- c:\documents and settings\Chris\Application Data\Barnes & Noble
2011-01-05 02:31 . 2011-01-05 02:31 -------- d-----w- c:\program files\Barnes & Noble
2011-01-04 00:39 . 2010-09-23 09:11 374048 ----a-w- c:\windows\system32\yk51x86.dll
2011-01-03 16:44 . 2011-01-03 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2011-01-03 16:44 . 2011-01-03 16:44 -------- d-----w- c:\program files\Comcast
2011-01-03 16:43 . 2011-01-04 04:14 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\SupportSoft
2011-01-03 16:42 . 2011-01-03 16:44 -------- d-----w- c:\program files\Common Files\SupportSoft
2011-01-02 21:25 . 2011-01-02 21:25 -------- d-----w- c:\program files\Kohler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-14 06:33 . 2008-12-16 05:14 47360 ----a-w- c:\documents and settings\Chris\Application Data\pcouffin.sys
2010-12-20 23:08 . 2010-12-20 23:08 245248 ----a-w- c:\windows\UltraMon.scr
2010-12-20 23:05 . 2010-12-20 23:05 222208 ----a-w- c:\windows\system32\UltraMonIndDisp.exe
2010-12-20 23:05 . 2010-12-20 23:05 360448 ----a-w- c:\windows\system32\UltraMon.dll
2010-12-20 23:05 . 2010-12-20 23:05 81920 ----a-w- c:\windows\system32\UltraMonIndDispHook.dll
2010-12-20 23:05 . 2010-12-20 23:05 89600 ----a-w- c:\windows\system32\UltraMonHook.dll
2010-12-01 19:06 . 2010-12-01 19:06 108104 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-11-30 20:43 . 2010-11-30 20:43 30888 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-11-18 18:12 . 2005-01-17 04:54 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-04-14 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
.

------- Sigcheck -------

[-] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

.
((((((((((((((((((((((((((((( SnapShot@2011-01-25_08.23.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-25 18:35 . 2011-01-25 18:35 16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-12-15 22:07 736400 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-12-04 4721224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"CoolSwitch"="c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2010-12-15 917648]
"Ai Quicker Help"="c:\program files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-10 3165696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]

c:\documents and settings\Chris\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
reSizer.lnk - c:\program files\reSizer\resizer.exe [2010-3-7 188416]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 01000000
"<NO NAME>"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OKI LPR Utility.lnk]
backup=c:\windows\pss\OKI LPR Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rosewill Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Rosewill Wireless Utility.lnk
backup=c:\windows\pss\Rosewill Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless]
2009-09-06 09:40 615808 ----a-w- c:\program files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2004-07-20 14:34 851968 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 18:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet]
2010-06-11 19:19 2067968 ----a-w- c:\program files\LeechGet 2009\LeechGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-11-19 18:38 193880 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
2010-01-22 17:29 106496 ----a-w- c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 06:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
2010-01-06 12:09 1237504 ----a-w- c:\program files\Visagesoft\eXPert PDF 6\vspdfprsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
2009-10-12 16:00 208896 ----a-r- c:\windows\system32\WinSys2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LxrJD31s"=2 (0x2)
"EZ-Backup Manager"=2 (0x2)
"Brother XP spl Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ADVService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIb\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIb\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [3/17/2010 3:13 AM 261672]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/5/2008 8:59 PM 717296]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\virtualcd\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [4/17/2007 7:09 PM 11032]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [9/6/2009 6:06 AM 169312]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/23/2009 2:18 AM 10448]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [12/12/2010 11:36 PM 19072]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [11/14/2008 2:11 AM 17184]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 11:55 AM 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 12:30 PM 10448]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [12/30/2009 10:18 AM 43456]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2/20/2010 12:20 PM 91496]
S0 PQV2i;PQV2i; [x]
S1 PQIMount;PQIMount; [x]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [8/5/2008 8:58 PM 95592]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [1/27/2005 6:06 PM 508304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 7:09 PM 11032]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [12/30/2002 10:53 AM 12160]
S3 FLASHSYS;FLASHSYS;\??\c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys --> c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [?]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\program files\WinTV\TVServer\HauppaugeTVServer.exe [2/18/2009 1:03 AM 434176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25 AM 30969208]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [1/20/2005 1:52 AM 15271]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 APCPBEAgent;APC PBE Agent;c:\progra~1\APC\POWERC~1\agent\pbeagent.exe [10/10/2009 11:48 PM 34104]
S4 EZ-Backup Manager;EZ-Backup Manager;c:\program files\EzBackup\EZ-Backup Manager\EzBackup.exe [11/9/2006 12:54 AM 1123840]
S4 GJService;Game Jackal Server;c:\program files\SlySoft\Game Jackal v4\Server.exe [12/30/2009 10:18 AM 1570752]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/30/2010 11:44 PM 136176]
.
Contents of the 'Scheduled Tasks' folder

2011-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 04:44]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Highlight - c:\windows\WEB\highlight.htm
IE: &Links List - c:\windows\WEB\urllist.htm
IE: + &Download Express: download this file - c:\program files\Download Express\Add_Url.htm
IE: Clear Fields - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
IE: Download using LeechGet - file://c:\program files\LeechGet 2009\\AddUrl.html
IE: Download using LeechGet Wizard - file://c:\program files\LeechGet 2009\\Wizard.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: I&mages List - c:\windows\Web\imglist.htm
IE: Open Frame in &New Window - c:\windows\WEB\frm2new.htm
IE: Parse with LeechGet - file://c:\program files\LeechGet 2009\\Parser.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Zoom &In - c:\windows\WEB\zoomin.htm
IE: Zoom O&ut - c:\windows\WEB\zoomout.htm
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\an9gbagc.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-25 13:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1801674531-1897051121-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1801674531-1897051121-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:75,e7,a7,1d,c5,91,5b,02,65,5c,2d,74,11,0d,74,fd,44,cf,8f,b6,a7,
37,2c,20,59,68,64,12,2d,10,89,ee,25,03,3f,cb,1e,f6,b0,68,8b,58,58,55,4a,be,\
"rkeysecu"=hex:e2,2d,cb,a0,84,66,02,94,20,66,c6,3d,87,4a,0f,c3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(4088)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\msdtc.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\system32\dllhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\ASUS\ASUS DH Remote\AsDhRemote.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2011-01-25 13:39:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-25 18:39
ComboFix2.txt 2011-01-25 08:24

Pre-Run: 58,907,615,232 bytes free
Post-Run: 58,730,037,248 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - B2DA7EF07C9568DBD22C236CF8CEF0B1
 

Similar threads

TS Dealmaster
  • Locked
This $39 tool gives you access to ChatGPT, Midjourney, Gemini AI, and more for life
Replies
0
Views
641
TS Dealmaster
TS Dealmaster
S
Problem with computer installation
Replies
0
Views
152
Smilady
S
heisenberg123
Discord 2FA lockout, locked out of my account for over 2 months now with sensitive and vital information inside my discord account. please help.
Replies
1
Views
185
heisenberg123
heisenberg123

Latest posts

Back