Thanks for the response! I ran ComboFix and DDS again. The logs are below: ComboFix 11-08-02.03 - Da Chief 08/02/2011 19:23:07.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.692 [GMT -5:00] Running from: c:\documents and settings\Da Chief\Desktop\ComboFix.exe AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Start Menu\Programs\System Security c:\documents and settings\All Users\Start Menu\Programs\System Security\Lavasoft Ad-Aware SE Personal\Ad-Aware SE Manual.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Lavasoft Ad-Aware SE Personal\Ad-Aware SE Personal.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Lavasoft Ad-Aware SE Personal\Uninstall Ad-Aware SE Personal.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\RegSupreme Pro.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\SBC Yahoo! DSL\SBC Yahoo! Online Protection.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\SBC Yahoo! DSL\Uninstall SBC Yahoo! Applications.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Spybot - Search & Destroy\Uninstall Spybot - Search & Destroy.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Zone Labs\Readme.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Zone Labs\Uninstall Zone Labs Security.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Zone Labs\Zone Labs Security Tutorial.lnk c:\documents and settings\All Users\Start Menu\Programs\System Security\Zone Labs\Zone Labs Security.lnk c:\documents and settings\Da Chief\WINDOWS c:\documents and settings\Default User\WINDOWS c:\program files\Dynamic Toolbar c:\program files\Dynamic Toolbar\DivX\DivX Bundle.log c:\program files\Dynamic Toolbar\DivX\DivX Codec\config.exe c:\program files\Dynamic Toolbar\DivX\DivX Codec\DivX help guide.url c:\program files\Dynamic Toolbar\DivX\DivX Codec\DivX.com.url c:\program files\Dynamic Toolbar\DivX\DivX Codec\LICENSE.TXT c:\program files\Dynamic Toolbar\DivX\DivX Codec\mm.ico c:\program files\Dynamic Toolbar\DivX\DivX Codec\README.txt c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\DivX Player 2.1.exe c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\DivX.com.url c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\DivXPlayer.dbf c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\LICENSE.TXT c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\README.txt c:\program files\Dynamic Toolbar\DivX\DivX Player 2.1\Skins\Default.dps c:\program files\INSTALL.LOG c:\program files\messenger\msmsgsin.exe c:\program files\MyWay c:\windows\$NtUninstallKB44347$ c:\windows\$NtUninstallKB44347$\1623077498\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} c:\windows\$NtUninstallKB44347$\1623077498\L\asobptkf c:\windows\$NtUninstallKB44347$\1623077498\loader.tlb c:\windows\$NtUninstallKB44347$\1623077498\U\$000000cf c:\windows\$NtUninstallKB44347$\1623077498\U\@00000001 c:\windows\$NtUninstallKB44347$\1623077498\U\@000000c0 c:\windows\$NtUninstallKB44347$\1623077498\U\@000000cb c:\windows\$NtUninstallKB44347$\1623077498\U\@000000cf c:\windows\$NtUninstallKB44347$\1623077498\U\@80000000 c:\windows\$NtUninstallKB44347$\1623077498\U\@800000c0 c:\windows\$NtUninstallKB44347$\1623077498\U\@800000cb c:\windows\$NtUninstallKB44347$\1623077498\U\@800000cf c:\windows\$NtUninstallKB44347$\3096786832 c:\windows\btc_client_iplist.txt c:\windows\ddh_iplist.txt c:\windows\Fonts\acrsec.fon c:\windows\Fonts\acrsecB.fon c:\windows\Fonts\acrsecI.fon c:\windows\front_ip_list.txt c:\windows\geoiplist c:\windows\geoiplist.rar c:\windows\iecheck_iplist.txt c:\windows\info1 c:\windows\iplist.txt c:\windows\l1rezerv.exe c:\windows\loader2.exe_ok c:\windows\phoenix c:\windows\phoenix.rar c:\windows\phoenix\kernels\phatk\__init__.py c:\windows\phoenix\kernels\phatk\BFIPatcher.py c:\windows\phoenix\kernels\phatk\kernel.cl c:\windows\phoenix\kernels\poclbm\__init__.py c:\windows\phoenix\kernels\poclbm\BFIPatcher.py c:\windows\phoenix\kernels\poclbm\kernel.cl c:\windows\phoenix\phoenix.exe c:\windows\proc_list1.log c:\windows\rpcminer c:\windows\rpcminer.rar c:\windows\rpcminer\bitcoinminercuda_10.cubin c:\windows\rpcminer\bitcoinminercuda_11.cubin c:\windows\rpcminer\bitcoinminercuda_20.cubin c:\windows\rpcminer\bitcoinmineropencl.cl c:\windows\rpcminer\cudart32_32_16.dll c:\windows\rpcminer\curllib.dll c:\windows\rpcminer\libeay32.dll c:\windows\rpcminer\libsasl.dll c:\windows\rpcminer\openldap.dll c:\windows\rpcminer\rpcminer-4way.exe c:\windows\rpcminer\rpcminer-cpu.exe c:\windows\rpcminer\rpcminer-cuda.exe c:\windows\rpcminer\rpcminer-opencl.exe c:\windows\rpcminer\ssleay32.dll c:\windows\services32.exe c:\windows\sysdriver32.exe c:\windows\sysdriver32.exe100000 c:\windows\sysdriver32_.exe c:\windows\system32\c_06904.nls c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\drivers\etc\HSTS~1 c:\windows\system32\rnaph.dll c:\windows\systemup.exe c:\windows\TEMP\7614684.exe c:\windows\ufa.rar c:\windows\update.1 c:\windows\update.1\svchost.exe c:\windows\update.2 c:\windows\update.3 c:\windows\update.3\svchost.exe c:\windows\update.5.0 c:\windows\w_distrib_iplist.txt c:\windows\winlog-dirs.txt c:\windows\winlog-ids.txt . Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected Restored copy from - The cat found it Infected copy of c:\windows\SYSTEM32\wuauclt.exe was found and disinfected Restored copy from - c:\windows\system32\dllcache\wuauclt.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Legacy_SRVBTCCLIENT -------\Legacy_SRVIECHECK -------\Legacy_SRVSYSDRIVER32 -------\Legacy_WXPDRIVERS -------\Service_srvbtcclient -------\Service_srviecheck -------\Service_srvsysdriver32 -------\Service_wxpdrivers . . ((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 ))))))))))))))))))))))))))))))) . . 2011-08-03 00:12 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-08-03 00:12 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys 2011-07-28 04:08 . 2011-07-28 04:08 -------- d-----w- c:\program files\CCleaner 2011-07-28 03:48 . 2011-07-28 03:48 388096 ----a-r- c:\documents and settings\Da Chief\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-27 01:23 . 2011-07-27 01:23 -------- d-----w- c:\documents and settings\Da Chief\Application Data\Malwarebytes 2011-07-27 01:23 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-27 01:23 . 2011-07-27 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-07-27 01:23 . 2011-07-27 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-27 01:23 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-27 01:07 . 2011-07-27 01:07 -------- d-----w- c:\windows\ufa 2011-07-25 02:22 . 2011-07-25 02:22 -------- d-----w- C:\_OTM 2011-07-25 01:24 . 2011-07-25 01:24 -------- d-----w- c:\documents and settings\Da Chief\Application Data\CheckPoint 2011-07-25 01:24 . 2011-07-25 01:24 -------- d-----w- c:\program files\Conduit 2011-07-25 01:23 . 2011-07-25 01:23 -------- d-----w- c:\documents and settings\Da Chief\Local Settings\Application Data\ZoneAlarm_Security 2011-07-25 01:23 . 2011-07-25 01:24 -------- d-----w- c:\documents and settings\Da Chief\Local Settings\Application Data\Conduit 2011-07-25 01:23 . 2011-07-25 01:23 -------- d-----w- c:\program files\ZoneAlarm_Security 2011-07-25 01:23 . 2011-07-25 01:23 -------- d-----w- c:\program files\CheckPoint 2011-07-25 01:22 . 2011-03-18 06:24 69120 ----a-w- c:\windows\system32\zlcomm.dll 2011-07-25 01:22 . 2011-03-18 06:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll 2011-07-25 01:22 . 2011-07-25 01:24 -------- d-----w- c:\windows\system32\ZoneLabs 2011-07-25 01:22 . 2011-03-18 06:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-07-25 01:22 . 2011-07-25 01:22 -------- d-----w- c:\program files\Zone Labs 2011-07-24 20:17 . 2011-07-24 20:17 -------- d-----w- c:\documents and settings\Da Chief\Application Data\WinPatrol 2011-07-24 20:17 . 2011-07-24 20:17 -------- d-----w- c:\program files\BillP Studios 2011-07-24 20:17 . 2011-07-24 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate 2011-07-24 19:36 . 2011-07-28 03:47 -------- d-----w- c:\program files\Program 2011-07-24 19:14 . 2011-07-25 00:59 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys 2011-07-24 19:14 . 2011-07-24 19:14 -------- d-----w- c:\documents and settings\Da Chief\log 2011-07-24 19:13 . 2011-07-24 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro 2011-07-24 19:04 . 2011-07-24 19:10 -------- d-----w- c:\program files\Trend Micro 2011-07-24 18:37 . 2011-05-16 01:04 200464 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-07-24 18:34 . 2011-07-24 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-07-24 18:29 . 2011-07-27 01:06 246272 ----a-w- c:\windows\unrar.exe 2011-07-24 17:48 . 2011-07-24 17:48 -------- d-----w- c:\windows\av_ico 2011-07-24 17:38 . 2011-07-24 17:38 -------- d--h--w- c:\windows\update.tray-10-0 2011-07-24 17:38 . 2011-07-24 17:38 -------- d--h--w- c:\windows\update.tray-10-0-lnk . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-02 14:02 . 2010-10-09 18:38 1858944 ----a-w- c:\windows\system32\win32k.sys 2005-05-21 15:16 . 2005-10-26 02:25 125855 -c----w- c:\program files\SBC Self Support Tool . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] 2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZone.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-01 39408] "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320] "NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560] "basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-04 202256] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-08-04 136744] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableSecureUIAPaths"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet Startup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP OfficeJet Startup.lnk backup=c:\windows\pss\HP OfficeJet Startup.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 1 [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2002-12-17 18:28 684032 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-05-27 19:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2007-11-16 19:20 91432 ----a-w- c:\program files\CyberLink\Shared files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] 2002-04-03 06:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] 2002-08-15 00:22 28672 -c--a-r- c:\windows\SYSTEM32\DSentry.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-10-11 17:06 62760 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] 2006-01-19 15:06 11776 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] 2001-07-25 15:00 241714 -c--a-w- c:\program files\Microsoft Money\System\Activation.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2003-10-06 20:16 49152 ----a-w- c:\windows\SYSTEM32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2003-10-06 20:16 741376 ----a-w- c:\windows\SYSTEM32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-10-28 14:35 72736 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] 2011-03-18 06:24 1043968 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "DisableThumbnailCache"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= . R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symds.sys [11/8/2010 1:13 AM 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symefa.sys [11/8/2010 1:13 AM 173104] R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\cchpx86.sys [11/8/2010 1:13 AM 501888] R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/15/2011 10:25 AM 26872] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/26/2011 8:23 PM 366640] R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [7/26/2011 8:23 PM 22712] S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [?] S1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\ironx86.sys [11/8/2010 1:13 AM 116784] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:55 AM 135664] S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2/15/2011 10:25 AM 488952] S2 N360;Norton Security Suite;"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe" /s "N360" /m "c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll" /prefetch:1 --> c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [?] S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [7/24/2011 2:10 PM 439632] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/15/2011 10:27 AM 105592] S3 FlyUsb;FLY Fusion;c:\windows\SYSTEM32\DRIVERS\FlyUsb.sys [12/25/2010 4:38 PM 18560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:55 AM 135664] S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110722.031\IDSxpx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110722.031\IDSxpx86.sys [?] S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\SYSTEM32\DRIVERS\btblan.sys [12/25/2010 4:37 PM 33792] S3 RioS35;RioS35S driver;c:\windows\SYSTEM32\DRIVERS\RioS35.sys [11/24/2003 7:52 PM 12661] S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00;c:\windows\system32\Drivers\Bulk504.sys --> c:\windows\system32\Drivers\Bulk504.sys [?] S3 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2/11/2008 1:59 PM 388936] S4 252AC355;252AC355;c:\windows\system32\503B02B6.EXE -k --> c:\windows\system32\503B02B6.EXE -k [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . 2011-08-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-01 23:49] . 2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 15:55] . 2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 15:55] . 2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537126677-2292340186-2005485673-1006Core.job - c:\documents and settings\Da Chief\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 06:15] . 2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537126677-2292340186-2005485673-1006UA.job - c:\documents and settings\Da Chief\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 06:15] . 2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2537126677-2292340186-2005485673-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02] . 2011-08-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2537126677-2292340186-2005485673-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238 mSearch Bar = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 208.67.222.222 DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java . - - - - ORPHANS REMOVED - - - - . HKLM-Run-tray_ico - (no file) HKLM-Run-tray_ico1 - (no file) HKLM-Run-tray_ico2 - (no file) HKLM-Run-tray_ico3 - (no file) HKLM-Run-tray_ico4 - (no file) MSConfigStartUp-7614684 - c:\windows\TEMP\7614684.exe MSConfigStartUp-DIGServices - c:\program files\ESPNRunTime\DIGServices.exe MSConfigStartUp-DIGStream - c:\program files\DIGStream\digstream.exe MSConfigStartUp-netoe - c:\windows\system32\netoe.exe MSConfigStartUp-SemanticInsight - c:\program files\RXToolBar\Semantic Insight\SemanticInsight.exe MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AddRemove-N360 - c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\4.3.0.5\InstStub.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-02 19:43 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\l3codeca.acm . - - - - - - - > 'explorer.exe'(1424) c:\windows\system32\WININET.dll c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\windows\system32\nvsvc32.exe c:\windows\System32\ScsiAccess.EXE c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2011-08-02 19:55:06 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-03 00:55 . Pre-Run: 3,061,145,600 bytes free Post-Run: 3,271,102,464 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /SOS /noexecute=AlwaysOff . - - End Of File - - CE33AF61DAF86E5E619A6E50D352EF11 DDS: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Da Chief at 20:09:13 on 2011-08-02 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.466 [GMT -5:00] . AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\ScsiAccess.EXE C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\SupportSoft\bin\bcont.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Da Chief\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Da Chief\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238 mSearch Bar = uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:\program files\microsoft money\system\mnyviewer.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2 mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-explorer: <NO NAME> = mPolicies-system: EnableSecureUIAPaths = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289663415859 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 208.67.222.222 TCP: Interfaces\{5CF3BE51-6AF6-44CB-BE3E-716AEACF4B28} : DhcpNameServer = 68.87.64.140 TCP: Interfaces\{A65E9A57-E5C3-406C-A1BF-D7848D03A58C} : DhcpNameServer = 68.87.64.196 68.87.66.196 68.42.44.6 TCP: Interfaces\{FACA92BF-8C92-4468-8385-3FC3AB1A456B} : DhcpNameServer = 208.67.222.222 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-11-8 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-11-8 173104] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-11-8 501888] R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-2-15 26872] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-26 366640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-26 22712] S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110701.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110701.001\BHDrvx86.sys [?] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-11-8 116784] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664] S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-2-15 488952] S2 N360;Norton Security Suite;"c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe" /s "n360" /m "c:\program files\norton security suite\engine\4.3.0.5\dimaster.dll" /prefetch:1 --> c:\program files\norton security suite\engine\4.3.0.5\ccSvcHst.exe [?] S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-7-24 439632] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-15 105592] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-25 18560] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-25 135664] S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110722.031\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110722.031\IDSxpx86.sys [?] S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-12-25 33792] S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\NAVENG.SYS [?] S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110723.002\NAVEX15.SYS [?] S3 RioS35;RioS35S driver;c:\windows\system32\drivers\RioS35.sys [2003-11-24 12661] S3 Sunplus;Mega Camera Still Image Capture, Sunplus Version 1.00;c:\windows\system32\drivers\bulk504.sys --> c:\windows\system32\drivers\Bulk504.sys [?] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-7-24 532224] S3 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-2-11 388936] S4 252AC355;252AC355;c:\windows\system32\503b02b6.exe -k --> c:\windows\system32\503B02B6.EXE -k [?] . =============== Created Last 30 ================ . 2011-08-03 00:12:55 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2011-08-03 00:12:55 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys 2011-08-03 00:09:17 -------- d-sha-r- C:\cmdcons 2011-08-03 00:06:59 98816 ----a-w- c:\windows\sed.exe 2011-08-03 00:06:59 518144 ----a-w- c:\windows\SWREG.exe 2011-08-03 00:06:59 256000 ----a-w- c:\windows\PEV.exe 2011-08-03 00:06:59 208896 ----a-w- c:\windows\MBR.exe 2011-07-28 04:08:48 -------- d-----w- c:\program files\CCleaner 2011-07-28 03:48:00 388096 ----a-r- c:\documents and settings\da chief\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-07-27 01:23:26 -------- d-----w- c:\documents and settings\da chief\application data\Malwarebytes 2011-07-27 01:23:15 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-27 01:23:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-07-27 01:23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-27 01:23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-27 01:07:00 -------- d-----w- c:\windows\ufa 2011-07-25 02:22:30 -------- d-----w- C:\_OTM 2011-07-25 01:24:39 -------- d-----w- c:\documents and settings\da chief\application data\CheckPoint 2011-07-25 01:24:04 -------- d-----w- c:\program files\Conduit 2011-07-25 01:23:59 -------- d-----w- c:\documents and settings\da chief\local settings\application data\ZoneAlarm_Security 2011-07-25 01:23:58 -------- d-----w- c:\documents and settings\da chief\local settings\application data\Conduit 2011-07-25 01:23:56 -------- d-----w- c:\program files\ZoneAlarm_Security 2011-07-25 01:23:01 -------- d-----w- c:\program files\CheckPoint 2011-07-25 01:22:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-07-25 01:22:45 -------- d-----w- c:\windows\system32\ZoneLabs 2011-07-25 01:22:42 -------- d-----w- c:\program files\Zone Labs 2011-07-24 20:17:20 -------- d-----w- c:\documents and settings\da chief\application data\WinPatrol 2011-07-24 20:17:03 -------- d-----w- c:\program files\BillP Studios 2011-07-24 20:17:02 -------- d-----w- c:\documents and settings\all users\application data\InstallMate 2011-07-24 19:36:38 -------- d-----w- c:\program files\Program 2011-07-24 19:14:36 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys 2011-07-24 19:14:36 -------- d-----w- c:\documents and settings\da chief\log 2011-07-24 19:13:02 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro 2011-07-24 19:04:04 -------- d-----w- c:\program files\Trend Micro 2011-07-24 18:37:05 200464 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2011-07-24 18:29:39 246272 ----a-w- c:\windows\unrar.exe 2011-07-24 17:48:47 -------- d-----w- c:\windows\av_ico 2011-07-24 17:38:00 -------- d--h--w- c:\windows\update.tray-10-0-lnk 2011-07-24 17:38:00 -------- d--h--w- c:\windows\update.tray-10-0 . ==================== Find3M ==================== . 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2005-05-21 15:16:00 125855 -c----w- c:\program files\SBC Self Support Tool . ============= FINISH: 20:09:44.92 ===============