graddy

It asked me if I meant to install a combofix script and said the script was improperly spelt. I was able to re-enable internet connection and install recovery console that way. Combofix did not reboot the computer (meaning it didn't find anything to fix?) and just scanned and gave me a log. The log is below. Also there is a new DDS log included/attached and a scan with MBAM (up to date) showed no malicious items. ComboFix log ComboFix 11-09-27.01 - Emily 09/27/2011 9:42.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2329 [GMT -5:00] Running from: c:\documents and settings\Emily\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\Emily\Application Data\cacaoweb\replicatingF8BAE633D2452D325EC096B06A043A5D.cacao . . ((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 ))))))))))))))))))))))))))))))) . . 2011-09-12 04:56 . 2009-06-18 18:54 6144 ------w- c:\windows\system32\2.tmp 2011-09-12 03:23 . 2009-06-18 18:54 6144 ------w- c:\windows\system32\12.tmp 2011-09-12 02:18 . 2011-09-12 02:18 -------- d-----w- c:\program files\kohmtgiw 2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-23 20:25 . 2010-05-24 17:35 71880 ----a-w- c:\windows\system32\PxSecure.dll 2011-09-23 20:25 . 2010-05-24 17:35 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys 2011-09-23 20:25 . 2010-05-24 17:35 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys 2011-09-03 10:17 . 2004-08-04 05:56 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-08-31 22:00 . 2010-01-11 18:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-24 15:57 . 2010-06-17 20:18 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-08-13 06:36 . 2011-08-13 06:36 53248 ----a-r- c:\documents and settings\Emily\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-08-11 23:45 . 2011-05-20 17:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2004-08-04 04:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-05 07:09 . 2010-11-16 19:28 7221248 ----a-w- c:\program files\praat.exe 2010-05-26 23:16 . 2010-05-26 23:16 9194224 ----a-w- c:\program files\IconWorkshop.exe 2010-05-25 15:19 . 2010-05-25 15:19 1124864 ----a-w- c:\program files\ResGer.dll 2010-05-25 15:18 . 2010-05-25 15:18 1127936 ----a-w- c:\program files\ResFra.dll 2009-09-02 15:02 . 2009-09-02 15:02 110080 ----a-w- c:\program files\IconWorkshopAddin.dll 2008-08-08 20:25 . 2008-08-08 20:25 81920 ----a-w- c:\program files\IconWorkshopAddin2005.dll 2008-03-25 03:50 . 2008-03-25 03:50 554008 ----a-w- c:\program files\Common Files\dao360.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] 2011-04-06 20:49 232696 ----a-w- c:\program files\Expat Shield\HssIE\ExpatIE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "cacaoweb"="c:\program files\cacaoweb\cacaoweb.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "RTHDCPL"="RTHDCPL.EXE" [2007-10-17 16855552] "SkyTel"="SkyTel.EXE" [2007-10-11 1826816] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-16 122940] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "vptray"="c:\program files\NavNT\vptray.exe" [2001-09-24 73728] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "Logicool Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-9 113664] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-8-14 805392] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NovaBACKUP Tray Control.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk backup=c:\windows\pss\NovaBACKUP Tray Control.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BIBLauncher] 2011-03-15 19:02 901600 ----a-w- c:\program files\Business-in-a-Box\BIBLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2004-03-04 15:46 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2006-09-11 10:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-08-19 06:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-09-18 05:55 1657376 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCCloneEX] 2010-05-21 15:29 5668864 ----a-w- c:\program files\PCCloneEX\PCCloneEX.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Documents and Settings\\Emily\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [5/24/2010 12:35 PM 32008] R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [1/12/2010 2:54 PM 4064] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/9/2010 10:06 AM 13696] R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [5/24/2010 12:35 PM 6416120] R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\Expat Shield\bin\hsswd.exe -product Expat --> c:\program files\Expat Shield\bin\hsswd.exe -product Expat [?] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/13/2011 3:40 AM 3712] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/11/2010 1:30 PM 366152] R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\NovaStor\NovaStor NovaBACKUP\nsService.exe [4/14/2010 9:23 PM 261256] R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [5/24/2010 12:35 PM 76696] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 11:55 AM 42648] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 12:30 PM 12184] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/11/2010 1:30 PM 22216] R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [5/24/2010 12:35 PM 26096] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Emily\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Emily\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Emily\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Emily\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5/21/2010 7:37 AM 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5/21/2010 7:37 AM 8456] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [8/11/2011 7:00 PM 27064] S3 ZWDAGMLowerFilter;ZWDA General Mouse Filter Driver;c:\windows\system32\drivers\zwda_gm_lowerfilter.sys [8/13/2011 2:45 AM 21248] . Contents of the 'Scheduled Tasks' folder . 2011-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2011-09-27 c:\windows\Tasks\Defrag.job - c:\documents and settings\Emily\Desktop\Security Suite\defrag_all2.vbs [2010-01-13 17:51] . 2011-09-27 c:\windows\Tasks\Malwarebytes Scan .job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-11 22:00] . 2011-09-27 c:\windows\Tasks\Malwarebytes Update .job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-11 22:00] . 2010-05-05 c:\windows\Tasks\Reboot.job - c:\windows\system32\shutdown.exe [2004-08-04 00:12] . 2011-09-27 c:\windows\Tasks\Spybot Scan.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-01-09 21:31] . 2011-09-27 c:\windows\Tasks\Spybot Updater.job - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-01-09 21:31] . 2011-09-27 c:\windows\Tasks\System Restore Point.job - c:\documents and settings\Emily\Desktop\Security Suite\make_restore_point2.vbs [2010-01-13 02:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Semagic - c:\program files\Semagic\link.htm Trusted Zone: cleverreach.com\novastor Trusted Zone: google-analytics.com Trusted Zone: novastor.com TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 TCP: Interfaces\{95FD4FBC-FE00-4841-8934-F54CDC3596B1}: NameServer = 208.67.222.222,208.67.220.220 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\Emily\Application Data\Mozilla\Firefox\Profiles\lfmweh3o.default\ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org FF - Ext: Cache Status: cache@status.org - %profile%\extensions\cache@status.org FF - Ext: eSnipe.com SnipeIt!: esnipesnipeit@esnipe.com - %profile%\extensions\esnipesnipeit@esnipe.com FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent FF - Ext: Clear History: nadir.kadem@gmail.com - %profile%\extensions\nadir.kadem@gmail.com FF - Ext: TACO with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net FF - Ext: RightBar: rightbar@realmtech.net - %profile%\extensions\rightbar@realmtech.net FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - %profile%\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Steep and Cheap Watcher: {fa038e8f-d1d1-11db-9705-005056c00008} - %profile%\extensions\{fa038e8f-d1d1-11db-9705-005056c00008} FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} FF - Ext: ScribeFire: {F807FACD-E46A-4793-B345-D58CB177673C} - %profile%\extensions\{F807FACD-E46A-4793-B345-D58CB177673C} FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org FF - Ext: AddonFox: {ad48108d-92a6-4eb9-87e4-978aca1dbae4} - %profile%\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4} FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . AddRemove-IconWorkshop - c:\program files\UnInstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-27 09:50 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run cacaoweb = "c:\program files\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?es??????????????????R???????????????R???R???????????R?P?R???H???????H?????????????( ??????Service Pack 3????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\13.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(676) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll c:\windows\system32\NavLogon.dll . - - - - - - - > 'explorer.exe'(3012) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\dfshim.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL . Completion time: 2011-09-27 09:52:42 ComboFix-quarantined-files.txt 2011-09-27 14:52 . Pre-Run: 22,185,132,032 bytes free Post-Run: 22,170,226,688 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 20382C48715C994B251ED14243E6EF67 DDS log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Emily at 10:14:16 on 2011-09-27 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2272 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Prevx\prevx.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\Expat Shield\bin\hsswd.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NavNT\rtvscan.exe C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\Prevx\prevx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\NavNT\vptray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - c:\program files\expat shield\hssie\ExpatIE.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [cacaoweb] "c:\program files\cacaoweb\cacaoweb.exe" -noplayer mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [vptray] c:\program files\navnt\vptray.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Logicool Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: Semagic - c:\program files\semagic\link.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: cleverreach.com\novastor Trusted Zone: google-analytics.com Trusted Zone: novastor.com DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263066431796 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: Interfaces\{95FD4FBC-FE00-4841-8934-F54CDC3596B1} : NameServer = 208.67.222.222,208.67.220.220 Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q= FF - component: c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll FF - plugin: c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org FF - Ext: Cache Status: cache@status.org - %profile%\extensions\cache@status.org FF - Ext: eSnipe.com SnipeIt!: esnipesnipeit@esnipe.com - %profile%\extensions\esnipesnipeit@esnipe.com FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent FF - Ext: Clear History: nadir.kadem@gmail.com - %profile%\extensions\nadir.kadem@gmail.com FF - Ext: TACO with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net FF - Ext: RightBar: rightbar@realmtech.net - %profile%\extensions\rightbar@realmtech.net FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - %profile%\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Steep and Cheap Watcher: {fa038e8f-d1d1-11db-9705-005056c00008} - %profile%\extensions\{fa038e8f-d1d1-11db-9705-005056c00008} FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} FF - Ext: ScribeFire: {F807FACD-E46A-4793-B345-D58CB177673C} - %profile%\extensions\{F807FACD-E46A-4793-B345-D58CB177673C} FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org FF - Ext: AddonFox: {ad48108d-92a6-4eb9-87e4-978aca1dbae4} - %profile%\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4} FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ============= SERVICES / DRIVERS =============== . R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-5-24 32008] R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2010-1-12 4064] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-1-9 13696] R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-5-24 6416120] R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-8-13 3712] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-11 366152] R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-9-24 9232] R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656] R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2010-4-14 261256] R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-5-24 76696] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 42648] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 12184] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-11 22216] R3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2001-9-24 176208] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVENG.sys [2010-10-13 86064] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVEX15.sys [2010-10-13 1371184] R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-5-24 26096] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\emily\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\emily\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\emily\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\emily\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-21 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-21 8456] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-11 27064] S3 ZWDAGMLowerFilter;ZWDA General Mouse Filter Driver;c:\windows\system32\drivers\zwda_gm_lowerfilter.sys [2011-8-13 21248] . =============== Created Last 30 ================ . 2011-09-27 14:38:51 -------- d-sha-r- C:\cmdcons 2011-09-17 16:25:06 208896 ----a-w- c:\windows\MBR.exe 2011-09-17 16:25:05 518144 ----a-w- c:\windows\SWREG.exe 2011-09-17 16:25:05 256000 ----a-w- c:\windows\PEV.exe 2011-09-17 16:25:04 98816 ----a-w- c:\windows\sed.exe 2011-09-12 04:56:18 6144 ------w- c:\windows\system32\2.tmp 2011-09-12 03:23:25 6144 ------w- c:\windows\system32\12.tmp 2011-09-12 02:18:06 -------- d-----w- c:\program files\kohmtgiw 2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll . ==================== Find3M ==================== . 2011-09-27 15:14:34 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-23 20:25:26 71880 ----a-w- c:\windows\system32\PxSecure.dll 2011-09-23 20:25:24 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys 2011-09-23 20:25:22 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys 2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-24 15:57:25 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-08-11 23:45:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-05 07:09:24 7221248 ----a-w- c:\program files\praat.exe 2010-05-26 23:16:12 9194224 ----a-w- c:\program files\IconWorkshop.exe 2010-05-25 15:19:36 1124864 ----a-w- c:\program files\ResGer.dll 2010-05-25 15:18:44 1127936 ----a-w- c:\program files\ResFra.dll 2009-09-02 15:02:44 110080 ----a-w- c:\program files\IconWorkshopAddin.dll 2008-08-08 20:25:00 81920 ----a-w- c:\program files\IconWorkshopAddin2005.dll 2008-03-25 03:50:26 554008 ----a-w- c:\program files\common files\dao360.dll . ============= FINISH: 10:15:17.32 =============== Thank you. Hoping this is maybe close to being resolved?

Thank you. It did run and rebooted successfully. The log didn't come up on its own but it was in the sega folder on C. Here is the log. ComboFix log aComboFix 11-09-23.03 - Emily 09/23/2011 15:15:56.2.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2905 [GMT -5:00] Running from: C:\Documents and Settings\Emily\desktop\sega.com Command switches used :: /killall WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\Emily\Application Data\cacaoweb\replicatingF8BAE633D2452D325EC096B06A043A5D.cacao ---- Previous Run ------- C:\Documents and Settings\Emily\Application Data\cacaoweb C:\Documents and Settings\Emily\Application Data\cacaoweb\ad96D9145E8C867A23E1125CAAA9681BE1.ad C:\Documents and Settings\Emily\Application Data\cacaoweb\errorlog.txt C:\Documents and Settings\Emily\Application Data\cacaoweb\npdfile.dat C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating085894C846EB8C86A935E3DB5A485E0D.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating2275E3B84689680F44860D6C665A8797.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating3730549CA1B0296C4C166022A0DD63E4.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating555B862BAB752757F595505B07F66854.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating624DF20E14B4520E7EC78720480A942A.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating711197015AEF01359CA0E45B827C6392.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating74514616431E29E60A4A1A27DFA9774C.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating7C727EF6320FBC3B47FEC06F86EB2689.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating7FEE6F63A4346A6E8BB710FBBDDE00C5.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating8139206ADBD5418FC2C2792BBFA67E0B.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating8BFBAB7A159C6B48C72D741451CC1365.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicating9888A55C356F3A692EA220B4005C1311.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicatingCD2A6C367C195C044F8C4596FD449459.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicatingD6F7705E78BB8F17FBC7B46EEF38FA6B.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicatingE3BE23BEF25BB466F960DFBB4057EF29.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicatingEE9FECD073E1282224F0648E14E0C276.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\replicatingFD89E9E9F118ACE721774DC1924DAC0C.cacao C:\Documents and Settings\Emily\Application Data\cacaoweb\storage.db C:\Documents and Settings\Emily\Desktop\cacaoweb.exe C:\Documents and Settings\Emily\Local Settings\Application Data\ApplicationHistory C:\Documents and Settings\Emily\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini C:\Documents and Settings\Emily\My Documents\2010.enl C:\Documents and Settings\Emily\WINDOWS C:\install.exe C:\Program Files\cacaoweb C:\Program Files\cacaoweb\cacaoweb.exe C:\Program Files\driver C:\Program Files\Microsoft Office\OFFICE11\OSA.exe C:\Program Files\Uninstall.exe C:\Program Files\Uninstall.ini C:\WINDOWS\system32\1.tmp C:\WINDOWS\system32\comct332.ocx C:\WINDOWS\system32\regobj.dll Pass LEGAL for license information. Built Sat Jun 25 23:20:28 2011C:\Documents and Settings\Default User\NtUser.dat.LOG ((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 ))))))))))))))))))))))))))))))) 2011-09-12 04:56:18 . 2009-06-18 18:54:10 6144 ------w- C:\WINDOWS\system32\2.tmp 2011-09-12 03:23:25 . 2009-06-18 18:54:10 6144 ------w- C:\WINDOWS\system32\12.tmp 2011-09-12 02:18:06 . 2011-09-12 02:18:49 -------- d-----w- C:\Program Files\kohmtgiw 2011-09-03 10:17:37 . 2011-09-03 10:17:37 599040 -c----w- C:\WINDOWS\system32\dllcache\crypt32.dll 2011-08-27 20:31:39 . 2011-08-27 20:31:39 -------- d-----w- C:\Program Files\iPod 2011-08-27 20:31:22 . 2011-08-27 20:32:47 -------- d-----w- C:\Program Files\iTunes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-09-23 20:25:24 . 2010-05-24 17:35:16 32008 ----a-w- C:\WINDOWS\system32\drivers\pxscan.sys 2011-09-23 20:25:22 . 2010-05-24 17:35:15 26096 ----a-w- C:\WINDOWS\system32\drivers\pxkbf.sys 2011-09-12 02:37:20 . 2010-05-24 17:35:16 71880 ----a-w- C:\WINDOWS\system32\PxSecure.dll 2011-09-03 10:17:37 . 2004-08-04 05:56:42 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll 2011-08-31 22:00:50 . 2010-01-11 18:30:46 22216 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2011-08-24 15:57:25 . 2010-06-17 20:18:37 16400 ----a-w- C:\WINDOWS\system32\drivers\LNonPnP.sys 2011-08-13 06:36:11 . 2011-08-13 06:36:11 53248 ----a-r- C:\Documents and Settings\Emily\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-08-11 23:45:42 . 2011-05-20 17:22:35 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 . 2004-08-04 04:15:18 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys 2011-07-12 16:20:54 . 2011-07-12 16:20:54 83816 ----a-w- C:\WINDOWS\system32\dns-sd.exe 2011-07-12 16:20:54 . 2011-07-12 16:20:54 73064 ----a-w- C:\WINDOWS\system32\dnssd.dll 2011-07-12 16:20:54 . 2011-07-12 16:20:54 50536 ----a-w- C:\WINDOWS\system32\jdns_sd.dll 2011-07-12 16:20:54 . 2011-07-12 16:20:54 178536 ----a-w- C:\WINDOWS\system32\dnssdX.dll 2011-07-08 14:02:00 . 2001-08-23 12:00:00 10496 ----a-w- C:\WINDOWS\system32\drivers\ndistapi.sys 2011-07-05 23:37:00 . 2011-07-05 23:37:00 94208 ----a-w- C:\WINDOWS\system32\QuickTimeVR.qtx 2011-07-05 23:37:00 . 2011-07-05 23:37:00 69632 ----a-w- C:\WINDOWS\system32\QuickTime.qts 2010-11-05 07:09:24 . 2010-11-16 19:28:32 7221248 ----a-w- C:\Program Files\praat.exe 2010-05-26 23:16:12 . 2010-05-26 23:16:12 9194224 ----a-w- C:\Program Files\IconWorkshop.exe 2010-05-25 15:19:36 . 2010-05-25 15:19:36 1124864 ----a-w- C:\Program Files\ResGer.dll 2010-05-25 15:18:44 . 2010-05-25 15:18:44 1127936 ----a-w- C:\Program Files\ResFra.dll 2009-09-02 15:02:44 . 2009-09-02 15:02:44 110080 ----a-w- C:\Program Files\IconWorkshopAddin.dll 2008-08-08 20:25:00 . 2008-08-08 20:25:00 81920 ----a-w- C:\Program Files\IconWorkshopAddin2005.dll 2008-03-25 03:50:26 . 2008-03-25 03:50:26 554008 ----a-w- C:\Program Files\Common Files\dao360.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] 2011-04-06 20:49:30 232696 ----a-w- C:\Program Files\Expat Shield\HssIE\ExpatIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 22:07:20 2260480] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 10:40:32 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-18 05:55:00 13574144] "RTHDCPL"="RTHDCPL.EXE" [2007-10-17 00:30:10 16855552] "SkyTel"="SkyTel.EXE" [2007-10-11 17:04:04 1826816] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-16 11:10:00 122940] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 10:40:34 86960] "vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 13:59:00 73728] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-18 05:55:00 86016] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 17:59:52 254696] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 08:12:38 76304] "Logicool Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 08:12:38 76304] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 08:12:38 76304] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-08-19 06:07:38 421736] "Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 22:00:48 449608] Thank you.

Thank you for clarifying the bump/PM thing. I did as asked and TDSS did not find anything. I rebooted and scanned again and it still did not find anything. Here is the log: TDSS log 2011/09/22 09:40:43.0421 3764 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10 2011/09/22 09:40:43.0531 3764 ================================================================================ 2011/09/22 09:40:43.0531 3764 SystemInfo: 2011/09/22 09:40:43.0531 3764 2011/09/22 09:40:43.0531 3764 OS Version: 5.1.2600 ServicePack: 3.0 2011/09/22 09:40:43.0531 3764 Product type: Workstation 2011/09/22 09:40:43.0531 3764 ComputerName: OASIS 2011/09/22 09:40:43.0531 3764 UserName: Emily 2011/09/22 09:40:43.0531 3764 Windows directory: C:\WINDOWS 2011/09/22 09:40:43.0531 3764 System windows directory: C:\WINDOWS 2011/09/22 09:40:43.0531 3764 Processor architecture: Intel x86 2011/09/22 09:40:43.0531 3764 Number of processors: 2 2011/09/22 09:40:43.0531 3764 Page size: 0x1000 2011/09/22 09:40:43.0531 3764 Boot type: Normal boot 2011/09/22 09:40:43.0531 3764 ================================================================================ 2011/09/22 09:40:44.0046 3764 Initialize success 2011/09/22 09:40:49.0015 1016 ================================================================================ 2011/09/22 09:40:49.0015 1016 Scan started 2011/09/22 09:40:49.0015 1016 Mode: Manual; 2011/09/22 09:40:49.0015 1016 ================================================================================ 2011/09/22 09:40:49.0437 1016 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/09/22 09:40:49.0500 1016 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/09/22 09:40:49.0593 1016 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/09/22 09:40:49.0656 1016 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/09/22 09:40:49.0796 1016 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 2011/09/22 09:40:49.0921 1016 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/09/22 09:40:49.0984 1016 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/09/22 09:40:50.0046 1016 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/09/22 09:40:50.0140 1016 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys 2011/09/22 09:40:50.0171 1016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/09/22 09:40:50.0218 1016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/09/22 09:40:50.0265 1016 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys 2011/09/22 09:40:50.0515 1016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/09/22 09:40:50.0578 1016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/09/22 09:40:50.0640 1016 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/09/22 09:40:50.0703 1016 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/09/22 09:40:50.0843 1016 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/09/22 09:40:50.0890 1016 DLABOIOM (631b3dd27adb49aa4546a0eec92e81b7) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/09/22 09:40:50.0937 1016 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/09/22 09:40:51.0000 1016 DLADResN (3acd81ab9b065147dc60522a5c0bb257) C:\WINDOWS\system32\DLA\DLADResN.SYS 2011/09/22 09:40:51.0015 1016 DLAIFS_M (4f179116df60d3272d4e71cda6da2f20) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/09/22 09:40:51.0046 1016 DLAOPIOM (7359f3ed620bc002cbee0664333a4540) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/09/22 09:40:51.0078 1016 DLAPoolM (17c22b10766e9fb31d201cf88e783a3c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/09/22 09:40:51.0109 1016 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 2011/09/22 09:40:51.0140 1016 DLAUDFAM (456cd604360863565655eb2a078b430d) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/09/22 09:40:51.0171 1016 DLAUDF_M (1ba22e89b314a67fe3d211a12abcd0ef) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/09/22 09:40:51.0234 1016 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/09/22 09:40:51.0312 1016 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/09/22 09:40:51.0375 1016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/09/22 09:40:51.0437 1016 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/09/22 09:40:51.0484 1016 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/09/22 09:40:51.0515 1016 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/09/22 09:40:51.0562 1016 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/09/22 09:40:51.0609 1016 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys 2011/09/22 09:40:51.0656 1016 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys 2011/09/22 09:40:51.0781 1016 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/09/22 09:40:51.0812 1016 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/09/22 09:40:51.0859 1016 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/09/22 09:40:51.0890 1016 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/09/22 09:40:51.0921 1016 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/09/22 09:40:52.0031 1016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/09/22 09:40:52.0078 1016 FTDIBUS (bb5107ca0569c95f2a850722c34d20c9) C:\WINDOWS\system32\drivers\ftdibus.sys 2011/09/22 09:40:52.0125 1016 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/09/22 09:40:52.0171 1016 FTSER2K (296be0a1d7c96a7abbede6b97baf96b3) C:\WINDOWS\system32\drivers\ftser2k.sys 2011/09/22 09:40:52.0218 1016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/09/22 09:40:52.0328 1016 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/09/22 09:40:52.0390 1016 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/09/22 09:40:52.0468 1016 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/09/22 09:40:52.0546 1016 HssDrv (06c9c9de9ab51daa5a83a838c7a58adf) C:\WINDOWS\system32\DRIVERS\HssDrv.sys 2011/09/22 09:40:52.0671 1016 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/09/22 09:40:52.0765 1016 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/09/22 09:40:52.0812 1016 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys 2011/09/22 09:40:52.0843 1016 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys 2011/09/22 09:40:52.0906 1016 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/09/22 09:40:53.0140 1016 IntcAzAudAddService (c464cf7a58c011a70188602b55c64e99) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/09/22 09:40:53.0312 1016 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/09/22 09:40:53.0359 1016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/09/22 09:40:53.0390 1016 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/09/22 09:40:53.0500 1016 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/09/22 09:40:53.0546 1016 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/09/22 09:40:53.0593 1016 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/09/22 09:40:53.0640 1016 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/09/22 09:40:53.0781 1016 Jukebox3 (6c24d3878f44c271d94ea6cab1acd739) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys 2011/09/22 09:40:53.0859 1016 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/09/22 09:40:53.0890 1016 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/09/22 09:40:53.0953 1016 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/09/22 09:40:54.0031 1016 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/09/22 09:40:54.0093 1016 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 2011/09/22 09:40:54.0171 1016 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys 2011/09/22 09:40:54.0218 1016 LBeepKE (ca4c92d8b59ddee29759e35aa2cc4c3b) C:\WINDOWS\system32\Drivers\LBeepKE.sys 2011/09/22 09:40:54.0281 1016 LEqdUsb (0fe8fefe98626509661b50ea20ecd129) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys 2011/09/22 09:40:54.0359 1016 LHidEqd (93657522a5dd7da4c81fb347973ae01c) C:\WINDOWS\system32\Drivers\LHidEqd.Sys 2011/09/22 09:40:54.0453 1016 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 2011/09/22 09:40:54.0515 1016 LHidKe (d86c17d256bbbcfb51b9c8c20dc56804) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys 2011/09/22 09:40:54.0562 1016 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 2011/09/22 09:40:54.0609 1016 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 2011/09/22 09:40:54.0750 1016 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys 2011/09/22 09:40:54.0859 1016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/09/22 09:40:54.0921 1016 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/09/22 09:40:54.0984 1016 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/09/22 09:40:55.0046 1016 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/09/22 09:40:55.0062 1016 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/09/22 09:40:55.0109 1016 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/09/22 09:40:55.0171 1016 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/09/22 09:40:55.0218 1016 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/09/22 09:40:55.0250 1016 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/09/22 09:40:55.0281 1016 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/09/22 09:40:55.0312 1016 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/09/22 09:40:55.0375 1016 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/09/22 09:40:55.0421 1016 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/09/22 09:40:55.0546 1016 NAVAP (69b2c32f9382ff0ab458d43415cd9460) C:\Program Files\NavNT\NAVAP.sys 2011/09/22 09:40:55.0578 1016 NAVAPEL (d488113cfbaa3a4a7c2822662923a3e9) C:\Program Files\NavNT\NAVAPEL.SYS 2011/09/22 09:40:55.0703 1016 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys 2011/09/22 09:40:55.0796 1016 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys 2011/09/22 09:40:55.0921 1016 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/09/22 09:40:55.0984 1016 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/09/22 09:40:56.0000 1016 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/09/22 09:40:56.0031 1016 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/09/22 09:40:56.0093 1016 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/09/22 09:40:56.0203 1016 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/09/22 09:40:56.0234 1016 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/09/22 09:40:56.0296 1016 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/09/22 09:40:56.0343 1016 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/09/22 09:40:56.0421 1016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/09/22 09:40:56.0625 1016 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/09/22 09:40:57.0046 1016 nvata (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\DRIVERS\nvata.sys 2011/09/22 09:40:57.0093 1016 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/09/22 09:40:57.0140 1016 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/09/22 09:40:57.0203 1016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/09/22 09:40:57.0234 1016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/09/22 09:40:57.0343 1016 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/09/22 09:40:57.0390 1016 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/09/22 09:40:57.0437 1016 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/09/22 09:40:57.0468 1016 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/09/22 09:40:57.0515 1016 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/09/22 09:40:57.0562 1016 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/09/22 09:40:57.0718 1016 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys 2011/09/22 09:40:57.0828 1016 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/09/22 09:40:57.0859 1016 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/09/22 09:40:57.0921 1016 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/09/22 09:40:57.0968 1016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/09/22 09:40:58.0031 1016 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/09/22 09:40:58.0125 1016 pxkbf (0c738845c7c12c45f05b127edff2cc87) C:\WINDOWS\system32\drivers\pxkbf.sys 2011/09/22 09:40:58.0156 1016 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\WINDOWS\system32\drivers\pxrts.sys 2011/09/22 09:40:58.0187 1016 pxscan (e6e1f9f717feab3e16c3b160b17e6855) C:\WINDOWS\system32\drivers\pxscan.sys 2011/09/22 09:40:58.0296 1016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/09/22 09:40:58.0343 1016 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/09/22 09:40:58.0375 1016 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/09/22 09:40:58.0421 1016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/09/22 09:40:58.0468 1016 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/09/22 09:40:58.0515 1016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/09/22 09:40:58.0593 1016 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/09/22 09:40:58.0656 1016 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/09/22 09:40:58.0703 1016 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/09/22 09:40:58.0796 1016 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys 2011/09/22 09:40:58.0875 1016 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys 2011/09/22 09:40:58.0968 1016 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 2011/09/22 09:40:59.0031 1016 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2011/09/22 09:40:59.0343 1016 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/09/22 09:40:59.0390 1016 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/09/22 09:40:59.0421 1016 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/09/22 09:40:59.0468 1016 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/09/22 09:40:59.0531 1016 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/09/22 09:40:59.0640 1016 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/09/22 09:40:59.0718 1016 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/09/22 09:40:59.0781 1016 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/09/22 09:40:59.0812 1016 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/09/22 09:41:00.0015 1016 SymEvent (a769203607d8af4efa01148ae86697d5) C:\Program Files\Symantec\SYMEVENT.SYS 2011/09/22 09:41:00.0109 1016 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/09/22 09:41:00.0171 1016 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/09/22 09:41:00.0281 1016 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/09/22 09:41:00.0312 1016 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/09/22 09:41:00.0359 1016 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/09/22 09:41:00.0437 1016 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/09/22 09:41:00.0531 1016 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/09/22 09:41:00.0625 1016 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/09/22 09:41:00.0687 1016 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/09/22 09:41:00.0734 1016 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/09/22 09:41:00.0781 1016 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/09/22 09:41:00.0828 1016 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/09/22 09:41:00.0875 1016 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/09/22 09:41:00.0906 1016 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/09/22 09:41:00.0937 1016 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/09/22 09:41:01.0015 1016 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/09/22 09:41:01.0062 1016 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/09/22 09:41:01.0125 1016 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/09/22 09:41:01.0234 1016 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/09/22 09:41:01.0359 1016 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/09/22 09:41:01.0390 1016 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/09/22 09:41:01.0484 1016 ZWDAGMLowerFilter (2e3f2f8ef0ae16430823c59c03bcef26) C:\WINDOWS\system32\DRIVERS\zwda_gm_lowerfilter.sys 2011/09/22 09:41:01.0531 1016 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/09/22 09:41:01.0593 1016 Boot (0x1200) (ecb08b0cf63b58cbfa100c229b75b682) \Device\Harddisk0\DR0\Partition0 2011/09/22 09:41:01.0609 1016 ================================================================================ 2011/09/22 09:41:01.0609 1016 Scan finished 2011/09/22 09:41:01.0609 1016 ================================================================================ 2011/09/22 09:41:01.0609 0972 Detected object count: 0 2011/09/22 09:41:01.0609 0972 Actual detected object count: 0 2011/09/22 09:45:56.0734 0284 ================================================================================ 2011/09/22 09:45:56.0734 0284 Scan started 2011/09/22 09:45:56.0734 0284 Mode: Manual; 2011/09/22 09:45:56.0734 0284 ================================================================================ 2011/09/22 09:45:57.0062 0284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/09/22 09:45:57.0109 0284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/09/22 09:45:57.0140 0284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/09/22 09:45:57.0218 0284 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/09/22 09:45:57.0328 0284 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 2011/09/22 09:45:57.0437 0284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/09/22 09:45:57.0468 0284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/09/22 09:45:57.0515 0284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/09/22 09:45:57.0593 0284 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys 2011/09/22 09:45:57.0609 0284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/09/22 09:45:57.0640 0284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/09/22 09:45:57.0671 0284 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys 2011/09/22 09:45:57.0921 0284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/09/22 09:45:57.0968 0284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/09/22 09:45:58.0015 0284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/09/22 09:45:58.0062 0284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/09/22 09:45:58.0171 0284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/09/22 09:45:58.0218 0284 DLABOIOM (631b3dd27adb49aa4546a0eec92e81b7) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/09/22 09:45:58.0250 0284 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/09/22 09:45:58.0265 0284 DLADResN (3acd81ab9b065147dc60522a5c0bb257) C:\WINDOWS\system32\DLA\DLADResN.SYS 2011/09/22 09:45:58.0296 0284 DLAIFS_M (4f179116df60d3272d4e71cda6da2f20) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/09/22 09:45:58.0312 0284 DLAOPIOM (7359f3ed620bc002cbee0664333a4540) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/09/22 09:45:58.0312 0284 DLAPoolM (17c22b10766e9fb31d201cf88e783a3c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/09/22 09:45:58.0328 0284 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 2011/09/22 09:45:58.0343 0284 DLAUDFAM (456cd604360863565655eb2a078b430d) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/09/22 09:45:58.0359 0284 DLAUDF_M (1ba22e89b314a67fe3d211a12abcd0ef) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/09/22 09:45:58.0406 0284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/09/22 09:45:58.0437 0284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/09/22 09:45:58.0484 0284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/09/22 09:45:58.0500 0284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/09/22 09:45:58.0546 0284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/09/22 09:45:58.0578 0284 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/09/22 09:45:58.0593 0284 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/09/22 09:45:58.0609 0284 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys 2011/09/22 09:45:58.0625 0284 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys 2011/09/22 09:45:58.0703 0284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/09/22 09:45:58.0750 0284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/09/22 09:45:58.0781 0284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/09/22 09:45:58.0812 0284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/09/22 09:45:58.0875 0284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/09/22 09:45:58.0906 0284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/09/22 09:45:58.0937 0284 FTDIBUS (bb5107ca0569c95f2a850722c34d20c9) C:\WINDOWS\system32\drivers\ftdibus.sys 2011/09/22 09:45:58.0953 0284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/09/22 09:45:58.0968 0284 FTSER2K (296be0a1d7c96a7abbede6b97baf96b3) C:\WINDOWS\system32\drivers\ftser2k.sys 2011/09/22 09:45:59.0046 0284 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/09/22 09:45:59.0093 0284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/09/22 09:45:59.0140 0284 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/09/22 09:45:59.0187 0284 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/09/22 09:45:59.0281 0284 HssDrv (06c9c9de9ab51daa5a83a838c7a58adf) C:\WINDOWS\system32\DRIVERS\HssDrv.sys 2011/09/22 09:45:59.0343 0284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/09/22 09:45:59.0421 0284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/09/22 09:45:59.0515 0284 imagedrv (0a7c49b48c772591a2d362daa00246c8) C:\WINDOWS\system32\Drivers\imagedrv.sys 2011/09/22 09:45:59.0531 0284 imagesrv (549ba4f539e7b8d8129500b96dd7b27a) C:\WINDOWS\system32\DRIVERS\imagesrv.sys 2011/09/22 09:45:59.0578 0284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/09/22 09:45:59.0750 0284 IntcAzAudAddService (c464cf7a58c011a70188602b55c64e99) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/09/22 09:45:59.0875 0284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/09/22 09:45:59.0890 0284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/09/22 09:45:59.0921 0284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/09/22 09:46:00.0000 0284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/09/22 09:46:00.0031 0284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/09/22 09:46:00.0046 0284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/09/22 09:46:00.0078 0284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/09/22 09:46:00.0171 0284 Jukebox3 (6c24d3878f44c271d94ea6cab1acd739) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys 2011/09/22 09:46:00.0218 0284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/09/22 09:46:00.0234 0284 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/09/22 09:46:00.0281 0284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/09/22 09:46:00.0328 0284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/09/22 09:46:00.0406 0284 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 2011/09/22 09:46:00.0453 0284 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys 2011/09/22 09:46:00.0515 0284 LBeepKE (ca4c92d8b59ddee29759e35aa2cc4c3b) C:\WINDOWS\system32\Drivers\LBeepKE.sys 2011/09/22 09:46:00.0593 0284 LEqdUsb (0fe8fefe98626509661b50ea20ecd129) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys 2011/09/22 09:46:00.0687 0284 LHidEqd (93657522a5dd7da4c81fb347973ae01c) C:\WINDOWS\system32\Drivers\LHidEqd.Sys 2011/09/22 09:46:00.0718 0284 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 2011/09/22 09:46:00.0750 0284 LHidKe (d86c17d256bbbcfb51b9c8c20dc56804) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys 2011/09/22 09:46:00.0781 0284 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 2011/09/22 09:46:00.0812 0284 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 2011/09/22 09:46:00.0875 0284 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys 2011/09/22 09:46:00.0968 0284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/09/22 09:46:01.0015 0284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/09/22 09:46:01.0046 0284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/09/22 09:46:01.0109 0284 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/09/22 09:46:01.0125 0284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/09/22 09:46:01.0187 0284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/09/22 09:46:01.0250 0284 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/09/22 09:46:01.0265 0284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/09/22 09:46:01.0312 0284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/09/22 09:46:01.0328 0284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/09/22 09:46:01.0390 0284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/09/22 09:46:01.0421 0284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/09/22 09:46:01.0468 0284 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/09/22 09:46:01.0578 0284 NAVAP (69b2c32f9382ff0ab458d43415cd9460) C:\Program Files\NavNT\NAVAP.sys 2011/09/22 09:46:01.0593 0284 NAVAPEL (d488113cfbaa3a4a7c2822662923a3e9) C:\Program Files\NavNT\NAVAPEL.SYS 2011/09/22 09:46:01.0687 0284 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVENG.sys 2011/09/22 09:46:01.0812 0284 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101013.002\NAVEX15.sys 2011/09/22 09:46:01.0921 0284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/09/22 09:46:01.0968 0284 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/09/22 09:46:01.0984 0284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/09/22 09:46:01.0984 0284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/09/22 09:46:02.0031 0284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/09/22 09:46:02.0125 0284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/09/22 09:46:02.0140 0284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/09/22 09:46:02.0187 0284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/09/22 09:46:02.0234 0284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/09/22 09:46:02.0296 0284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/09/22 09:46:02.0515 0284 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/09/22 09:46:02.0656 0284 nvata (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\DRIVERS\nvata.sys 2011/09/22 09:46:02.0703 0284 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/09/22 09:46:02.0718 0284 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/09/22 09:46:02.0765 0284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/09/22 09:46:02.0843 0284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/09/22 09:46:02.0875 0284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/09/22 09:46:02.0921 0284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/09/22 09:46:02.0968 0284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/09/22 09:46:02.0984 0284 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/09/22 09:46:03.0015 0284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/09/22 09:46:03.0046 0284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/09/22 09:46:03.0203 0284 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys 2011/09/22 09:46:03.0265 0284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/09/22 09:46:03.0296 0284 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/09/22 09:46:03.0343 0284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/09/22 09:46:03.0359 0284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/09/22 09:46:03.0406 0284 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/09/22 09:46:03.0453 0284 pxkbf (0c738845c7c12c45f05b127edff2cc87) C:\WINDOWS\system32\drivers\pxkbf.sys 2011/09/22 09:46:03.0500 0284 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\WINDOWS\system32\drivers\pxrts.sys 2011/09/22 09:46:03.0531 0284 pxscan (e6e1f9f717feab3e16c3b160b17e6855) C:\WINDOWS\system32\drivers\pxscan.sys 2011/09/22 09:46:03.0609 0284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/09/22 09:46:03.0671 0284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/09/22 09:46:03.0687 0284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/09/22 09:46:03.0718 0284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/09/22 09:46:03.0781 0284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/09/22 09:46:03.0812 0284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/09/22 09:46:03.0828 0284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/09/22 09:46:03.0890 0284 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/09/22 09:46:03.0906 0284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/09/22 09:46:03.0984 0284 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys 2011/09/22 09:46:04.0031 0284 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys 2011/09/22 09:46:04.0109 0284 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 2011/09/22 09:46:04.0156 0284 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2011/09/22 09:46:04.0437 0284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/09/22 09:46:04.0484 0284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/09/22 09:46:04.0500 0284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/09/22 09:46:04.0531 0284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/09/22 09:46:04.0609 0284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/09/22 09:46:04.0625 0284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/09/22 09:46:04.0734 0284 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/09/22 09:46:04.0765 0284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/09/22 09:46:04.0781 0284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/09/22 09:46:04.0921 0284 SymEvent (a769203607d8af4efa01148ae86697d5) C:\Program Files\Symantec\SYMEVENT.SYS 2011/09/22 09:46:05.0031 0284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/09/22 09:46:05.0093 0284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/09/22 09:46:05.0125 0284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/09/22 09:46:05.0171 0284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/09/22 09:46:05.0218 0284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/09/22 09:46:05.0281 0284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/09/22 09:46:05.0343 0284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/09/22 09:46:05.0390 0284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/09/22 09:46:05.0437 0284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/09/22 09:46:05.0500 0284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/09/22 09:46:05.0500 0284 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/09/22 09:46:05.0515 0284 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/09/22 09:46:05.0562 0284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/09/22 09:46:05.0578 0284 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/09/22 09:46:05.0625 0284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/09/22 09:46:05.0734 0284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/09/22 09:46:05.0765 0284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/09/22 09:46:05.0812 0284 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/09/22 09:46:05.0875 0284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/09/22 09:46:05.0968 0284 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/09/22 09:46:06.0031 0284 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/09/22 09:46:06.0078 0284 ZWDAGMLowerFilter (2e3f2f8ef0ae16430823c59c03bcef26) C:\WINDOWS\system32\DRIVERS\zwda_gm_lowerfilter.sys 2011/09/22 09:46:06.0109 0284 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/09/22 09:46:06.0171 0284 Boot (0x1200) (ecb08b0cf63b58cbfa100c229b75b682) \Device\Harddisk0\DR0\Partition0 2011/09/22 09:46:06.0187 0284 ================================================================================ 2011/09/22 09:46:06.0187 0284 Scan finished 2011/09/22 09:46:06.0187 0284 ================================================================================ 2011/09/22 09:46:06.0203 1188 Detected object count: 0 2011/09/22 09:46:06.0203 1188 Actual detected object count: 0

48 hour bump. Thanks!

Thank you very much. Here is an update. The computer seemed to boot fine. The internet connection was still disabled. No combofix logs appeared--maybe they are somewhere on my machine but I didn't want to poke around. I did not run combofix again b/c I had no instruction to do so. MBAM would not start, so I did a fresh install, checked no when it asked to update and then scanned. I also did a DDS scan. These are not posted but the DDS log is attached as Attach1. I then rebooted successfully, re-enabled virus protection, re-enabled internet connection, updated MBAM, disabled internet, and scanned with MBAM and DDS again. These are posted below, and the DDS log is attached as Attach2. During the minute or so internet connection was active MBAM did not log any incoming or outgoing attacks. Here are the logs (except for combofix log, which as I said did not come up on reboot): MBAM log Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7622 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/18/2011 1:26:00 PM mbam-log-2011-09-18 (13-26-00).txt Scan type: Quick scan Objects scanned: 179525 Time elapsed: 5 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------- DDS log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Emily at 14:06:56 on 2011-09-18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2110 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Prevx\prevx.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\Expat Shield\bin\hsswd.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NavNT\rtvscan.exe C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Prevx\prevx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\NavNT\vptray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\system32\taskmgr.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - c:\program files\expat shield\hssie\ExpatIE.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [cacaoweb] "c:\program files\cacaoweb\cacaoweb.exe" -noplayer mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [vptray] c:\program files\navnt\vptray.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Logicool Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: Semagic - c:\program files\semagic\link.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: cleverreach.com\novastor Trusted Zone: google-analytics.com Trusted Zone: novastor.com DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263066431796 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 97.64.168.12 97.64.183.165 TCP: Interfaces\{95FD4FBC-FE00-4841-8934-F54CDC3596B1} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{95FD4FBC-FE00-4841-8934-F54CDC3596B1} : DhcpNameServer = 97.64.168.12 97.64.183.165 Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q= FF - component: c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll FF - plugin: c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org FF - Ext: Cache Status: cache@status.org - %profile%\extensions\cache@status.org FF - Ext: eSnipe.com SnipeIt!: esnipesnipeit@esnipe.com - %profile%\extensions\esnipesnipeit@esnipe.com FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent FF - Ext: Clear History: nadir.kadem@gmail.com - %profile%\extensions\nadir.kadem@gmail.com FF - Ext: TACO with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net FF - Ext: RightBar: rightbar@realmtech.net - %profile%\extensions\rightbar@realmtech.net FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - %profile%\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Steep and Cheap Watcher: {fa038e8f-d1d1-11db-9705-005056c00008} - %profile%\extensions\{fa038e8f-d1d1-11db-9705-005056c00008} FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} FF - Ext: ScribeFire: {F807FACD-E46A-4793-B345-D58CB177673C} - %profile%\extensions\{F807FACD-E46A-4793-B345-D58CB177673C} FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org FF - Ext: AddonFox: {ad48108d-92a6-4eb9-87e4-978aca1dbae4} - %profile%\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4} FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-5-24 32008] R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2010-1-12 4064] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-1-9 13696] R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-5-24 6416120] R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-8-13 3712] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-11 366152] R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-9-24 9232] R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656] R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2010-4-14 261256] R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-5-24 76696] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 42648] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 12184] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-11 22216] R3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2001-9-24 176208] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVENG.sys [2010-10-13 86064] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVEX15.sys [2010-10-13 1371184] R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-5-24 26096] R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-18 41272] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\emily\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\emily\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\emily\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\emily\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?] S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-21 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-21 8456] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-11 27064] S3 ZWDAGMLowerFilter;ZWDA General Mouse Filter Driver;c:\windows\system32\drivers\zwda_gm_lowerfilter.sys [2011-8-13 21248] . =============== Created Last 30 ================ . 2011-09-18 19:01:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-17 16:50:48 60416 ----a-w- c:\windows\system32\drivers\Combo-Fix.sys 2011-09-17 16:25:06 208896 ----a-w- c:\windows\MBR.exe 2011-09-17 16:25:05 518144 ----a-w- c:\windows\SWREG.exe 2011-09-17 16:25:05 256000 ----a-w- c:\windows\PEV.exe 2011-09-17 16:25:04 98816 ----a-w- c:\windows\sed.exe 2011-09-17 16:24:44 -------- d-s---w- C:\ComboFix 2011-09-12 04:56:18 6144 ------w- c:\windows\system32\2.tmp 2011-09-12 03:23:25 6144 ------w- c:\windows\system32\12.tmp 2011-09-12 02:18:06 -------- d-----w- c:\program files\kohmtgiw 2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll 2011-08-27 20:31:39 -------- d-----w- c:\program files\iPod 2011-08-27 20:31:22 -------- d-----w- c:\program files\iTunes 2011-08-20 08:27:52 -------- d-----w- C:\PrevxCSI . ==================== Find3M ==================== . 2011-09-12 02:37:20 71880 ----a-w- c:\windows\system32\PxSecure.dll 2011-09-12 02:37:18 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys 2011-09-12 02:37:16 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys 2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-24 15:57:25 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-08-11 23:45:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\SET1E6.tmp 2011-06-23 18:36:30 66560 ----a-w- c:\windows\system32\SET1EB.tmp 2011-06-23 18:36:30 611840 ----a-w- c:\windows\system32\SET1EA.tmp 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\SET1EF.tmp 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 25600 ----a-w- c:\windows\system32\SET1F0.tmp 2011-06-23 18:36:30 206848 ----a-w- c:\windows\system32\SET1E9.tmp 2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 18:36:30 1212416 ----a-w- c:\windows\system32\SET1E7.tmp 2011-06-23 18:36:30 105984 ----a-w- c:\windows\system32\SET1E8.tmp 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2010-11-05 07:09:24 7221248 ----a-w- c:\program files\praat.exe 2010-05-26 23:16:12 9194224 ----a-w- c:\program files\IconWorkshop.exe 2010-05-25 15:19:36 1124864 ----a-w- c:\program files\ResGer.dll 2010-05-25 15:18:44 1127936 ----a-w- c:\program files\ResFra.dll 2009-09-02 15:02:44 110080 ----a-w- c:\program files\IconWorkshopAddin.dll 2008-08-08 20:25:00 81920 ----a-w- c:\program files\IconWorkshopAddin2005.dll 2008-03-25 03:50:26 554008 ----a-w- c:\program files\common files\dao360.dll . ============= FINISH: 14:09:04.37 =============== Thank you and I await further instruction. attach2.zip

Has been 12 hours now with no change. Anyone? Can I manually reboot?

Combofix ran and is trying to reboot. It has been stuck on the reboot screen for over an hour now and I'm starting to freak out a little bit. I don't want to screw up by touching anything but I'm pretty sure it's not going to reboot on its own. What can I do now?

Bumping this as per the 48 hrs rule on the help post. Thanks.

Here you are. MBAM log Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7694 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/12/2011 5:35:17 AM mbam-log-2011-09-12 (05-35-17).txt Scan type: Full scan (C:\|) Objects scanned: 305808 Time elapsed: 4 hour(s), 59 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Emily at 9:51:41 on 2011-09-12 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1937 [GMT -5:00] . AV: Prevx 3.0 *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D901} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Prevx\prevx.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\Expat Shield\bin\hsswd.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NavNT\rtvscan.exe C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\Prevx\prevx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\NavNT\vptray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\cacaoweb\cacaoweb.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Emily\Desktop\Defogger.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - c:\program files\expat shield\hssie\ExpatIE.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [cacaoweb] "c:\program files\cacaoweb\cacaoweb.exe" -noplayer mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [vptray] c:\program files\navnt\vptray.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Logicool Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: Semagic - c:\program files\semagic\link.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: cleverreach.com\novastor Trusted Zone: google-analytics.com Trusted Zone: novastor.com DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263066431796 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: Interfaces\{95FD4FBC-FE00-4841-8934-F54CDC3596B1} : NameServer = 208.67.222.222,208.67.220.220 Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q= FF - component: c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll FF - plugin: c:\documents and settings\emily\application data\mozilla\firefox\profiles\lfmweh3o.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org FF - Ext: Cache Status: cache@status.org - %profile%\extensions\cache@status.org FF - Ext: eSnipe.com SnipeIt!: esnipesnipeit@esnipe.com - %profile%\extensions\esnipesnipeit@esnipe.com FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent FF - Ext: Clear History: nadir.kadem@gmail.com - %profile%\extensions\nadir.kadem@gmail.com FF - Ext: TACO with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net FF - Ext: RightBar: rightbar@realmtech.net - %profile%\extensions\rightbar@realmtech.net FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Old Location Bar: {3205B348-523A-4fac-9BC4-9939CBF583B0} - %profile%\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: Abduction!: {b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} - %profile%\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Steep and Cheap Watcher: {fa038e8f-d1d1-11db-9705-005056c00008} - %profile%\extensions\{fa038e8f-d1d1-11db-9705-005056c00008} FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} FF - Ext: ScribeFire: {F807FACD-E46A-4793-B345-D58CB177673C} - %profile%\extensions\{F807FACD-E46A-4793-B345-D58CB177673C} FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org FF - Ext: AddonFox: {ad48108d-92a6-4eb9-87e4-978aca1dbae4} - %profile%\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4} FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-5-24 32008] R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2010-1-12 4064] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-1-9 13696] R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-5-24 6416120] R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-8-13 3712] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-11 366640] R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-9-24 9232] R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656] R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2010-4-14 261256] R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-5-24 76696] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 42648] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 12184] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-11 22712] R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?] R3 NAVAP;NAVAP;c:\program files\navnt\navap.sys [2001-9-24 176208] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVENG.sys [2010-10-13 86064] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101013.002\NAVEX15.sys [2010-10-13 1371184] R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-5-24 26096] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\emily\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\emily\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\emily\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\emily\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?] S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-21 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-21 8456] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-11 27064] S3 ZWDAGMLowerFilter;ZWDA General Mouse Filter Driver;c:\windows\system32\drivers\zwda_gm_lowerfilter.sys [2011-8-13 21248] . =============== Created Last 30 ================ . 2011-09-12 04:56:18 6144 ------w- c:\windows\system32\2.tmp 2011-09-12 04:56:12 6144 ------w- c:\windows\system32\1.tmp 2011-09-12 03:23:25 6144 ------w- c:\windows\system32\12.tmp 2011-09-12 02:18:06 -------- d-----w- c:\program files\kohmtgiw 2011-09-11 16:34:17 208896 ----a-w- c:\windows\MBR.exe 2011-09-11 16:34:16 518144 ----a-w- c:\windows\SWREG.exe 2011-09-11 16:34:16 256000 ----a-w- c:\windows\PEV.exe 2011-09-11 16:34:15 98816 ----a-w- c:\windows\sed.exe 2011-09-11 16:33:29 -------- d-s---w- C:\ComboFix 2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll 2011-08-27 20:31:39 -------- d-----w- c:\program files\iPod 2011-08-27 20:31:22 -------- d-----w- c:\program files\iTunes 2011-08-20 08:27:52 -------- d-----w- C:\PrevxCSI 2011-08-13 18:31:36 301656 ----a-w- c:\windows\system32\BtCoreIf.dll . ==================== Find3M ==================== . 2011-09-12 02:37:20 71880 ----a-w- c:\windows\system32\PxSecure.dll 2011-09-12 02:37:18 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys 2011-09-12 02:37:16 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys 2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-08-24 15:57:25 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-08-11 23:45:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\SET1E6.tmp 2011-06-23 18:36:30 66560 ----a-w- c:\windows\system32\SET1EB.tmp 2011-06-23 18:36:30 611840 ----a-w- c:\windows\system32\SET1EA.tmp 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\SET1EF.tmp 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 25600 ----a-w- c:\windows\system32\SET1F0.tmp 2011-06-23 18:36:30 206848 ----a-w- c:\windows\system32\SET1E9.tmp 2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 18:36:30 1212416 ----a-w- c:\windows\system32\SET1E7.tmp 2011-06-23 18:36:30 105984 ----a-w- c:\windows\system32\SET1E8.tmp 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll 2010-11-05 07:09:24 7221248 ----a-w- c:\program files\praat.exe 2010-09-19 05:05:44 455480 ----a-w- c:\program files\UnInstall.exe 2010-05-26 23:16:12 9194224 ----a-w- c:\program files\IconWorkshop.exe 2010-05-25 15:19:36 1124864 ----a-w- c:\program files\ResGer.dll 2010-05-25 15:18:44 1127936 ----a-w- c:\program files\ResFra.dll 2009-09-02 15:02:44 110080 ----a-w- c:\program files\IconWorkshopAddin.dll 2008-08-08 20:25:00 81920 ----a-w- c:\program files\IconWorkshopAddin2005.dll 2008-03-25 03:50:26 554008 ----a-w- c:\program files\common files\dao360.dll . ============= FINISH: 9:52:47.53 =============== GMER log GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-12 14:02:40 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000076 Hitachi_HDS721616PLA380 rev.P22OABEA Running: k28ki1pi.exe; Driver: C:\DOCUME~1\Emily\LOCALS~1\Temp\kxtdapod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAllocateVirtualMemory [0xB4E26F60] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xB4E26AF0] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xB4E26B40] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDebugActiveProcess [0xB4E26F10] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xB4E26810] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xB4E268D0] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDuplicateObject [0xB4E27180] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xB4E27490] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenSection [0xB4E26CD0] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xB4E27320] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xB4E26BE0] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xB4E26AA0] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xB4E269B0] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSystemDebugControl [0xB4E26E80] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xB4E27630] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xB4E26C80] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xB4E27000] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB905F360, 0x32DEFD, 0xE8000020] ? C:\WINDOWS\system32\13.tmp The system cannot find the file specified. ! ? C:\DOCUME~1\Emily\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe[636] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 044EA939 C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll .text C:\WINDOWS\system32\SearchIndexer.exe[2116] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated) AttachedDevice \Driver\Tcpip \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 ---- EOF - GMER 1.0.15 ---- MBAM sample attack log 22:28:55 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:29:06 Emily IP-BLOCK 204.188.235.81 (Type: incoming) 22:29:17 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:29:18 Emily IP-BLOCK 94.102.49.218 (Type: outgoing) 22:29:19 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:29:19 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:29:20 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:29:22 Emily IP-BLOCK 94.102.49.218 (Type: outgoing) 22:29:26 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:29:28 Emily IP-BLOCK 94.102.49.218 (Type: outgoing) 22:29:28 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:29:48 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:29:51 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:29:56 Emily IP-BLOCK 94.102.49.218 (Type: outgoing) 22:29:57 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:29:59 Emily IP-BLOCK 94.102.49.218 (Type: outgoing) 22:30:05 Emily IP-BLOCK 94.102.49.218 (Type: outgoing) 22:30:15 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:30:18 Emily IP-BLOCK 94.102.49.218 (Type: outgoing) 22:30:18 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:30:18 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:30:18 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:30:21 Emily IP-BLOCK 94.102.49.218 (Type: outgoing) 22:30:21 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:30:24 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:30:27 Emily IP-BLOCK 94.102.49.218 (Type: outgoing) 22:30:27 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:30:46 Emily IP-BLOCK 94.102.49.218 (Type: outgoing) 22:30:46 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:30:49 Emily IP-BLOCK 94.102.49.218 (Type: outgoing) 22:30:49 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:30:55 Emily IP-BLOCK 94.102.49.218 (Type: outgoing) 22:30:55 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) 22:31:16 Emily IP-BLOCK 204.188.235.81 (Type: outgoing) ark.zip attach.zip

well, now i that i check the path see it's in the system32 folder, so perhaps it is not.

update: this file name came up, registered as a trojan: csrss.exe http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/ now googling how to remove, any help appreciated.

update: i'm now finding .exe's running from the temp folder. only one at a time, can kill with reboot but another with a new name comes back. still not finding anything on scans.

Please help me. MBAM is blocking 3-4 attacks per minute from the same two IPs. This has been going on for 48+ hours. I have run MBAM, Prevx, Spybot S&D, Sophos Antiroot Kit, Superantispyware and HiJack This but only found a few pieces of adware. Everything on the computer seems to be running normally except for the repeated attacks. They're listed as outgoing so I'm thinking there has to be something on my machine that's triggering them. Let me know what logs you want posted and I'll put them up. Thanks so much.