Redirect problems among others

msquirrel2 · June 3, 2010

Hello... please help if you can.

I am getting some random redirects and system freezes. I can't run scanner programs at all in safe mode. Also malwarebytes and other scans showing nothing so I suspect a rootkit. My gmer log is as follows:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-02 23:17:39

Windows 5.1.2600 Service Pack 3

Running: 6fvuv24i.exe; Driver: C:\DOCUME~1\LAPTOP~1\LOCALS~1\Temp\pxtdypow.sys

---- System - GMER 1.0.15 ----

SSDT 8A37B470 ZwAlertResumeThread

SSDT 8A3BAAD8 ZwAlertThread

SSDT 8A1F02B8 ZwAllocateVirtualMemory

SSDT 8A3BD948 ZwAssignProcessToJobObject

SSDT 8A650BA0 ZwConnectPort

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEE26A210]

SSDT 8A4A5FC0 ZwCreateMutant

SSDT 8A32BEB0 ZwCreateSymbolicLinkObject

SSDT 8A46D8C0 ZwCreateThread

SSDT 8A4408F8 ZwDebugActiveProcess

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEE26A490]

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEE26A9F0]

SSDT 8A28E120 ZwDuplicateObject

SSDT 8A2A9530 ZwFreeVirtualMemory

SSDT 8A4464D8 ZwImpersonateAnonymousToken

SSDT 8A36B418 ZwImpersonateThread

SSDT 8A455358 ZwLoadDriver

SSDT 8A4084B8 ZwMapViewOfSection

SSDT 8A47DAE8 ZwOpenEvent

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xEE26A7A0]

SSDT 8A3BD488 ZwOpenProcess

SSDT 8A46E370 ZwOpenProcessToken

SSDT 8A648CD0 ZwOpenSection

SSDT 8A3B89C0 ZwOpenThread

SSDT 8A32BF80 ZwProtectVirtualMemory

SSDT 8A195CD0 ZwResumeThread

SSDT 8A3BC378 ZwSetContextThread

SSDT 8A39F198 ZwSetInformationProcess

SSDT 8A2CA4A0 ZwSetSystemInformation

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEE26AC40]

SSDT 8A307360 ZwSuspendProcess

SSDT 8A38ECD0 ZwSuspendThread

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEDFB9320]

SSDT 8A38F370 ZwTerminateThread

SSDT 8A04E6B8 ZwUnmapViewOfSection

SSDT 8A20FD58 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2534 80501D6C 4 Bytes CALL C8DA654B

? SYMDS.SYS The system cannot find the file specified. !

? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Macrium\Reflect\ReflectService.exe[212] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C32862

.text C:\Program Files\Macrium\Reflect\ReflectService.exe[212] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C326EE

.text C:\Program Files\Macrium\Reflect\ReflectService.exe[212] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C327E0

.text C:\Program Files\Macrium\Reflect\ReflectService.exe[212] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C32726

.text C:\Program Files\Macrium\Reflect\ReflectService.exe[212] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C3275E

.text C:\WINDOWS\system32\Ati2evxx.exe[280] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D22862

.text C:\WINDOWS\system32\Ati2evxx.exe[280] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D226EE

.text C:\WINDOWS\system32\Ati2evxx.exe[280] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D227E0

.text C:\WINDOWS\system32\Ati2evxx.exe[280] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D22726

.text C:\WINDOWS\system32\Ati2evxx.exe[280] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D2275E

.text C:\WINDOWS\Explorer.EXE[396] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FB2862

.text C:\WINDOWS\Explorer.EXE[396] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00FB26EE

.text C:\WINDOWS\Explorer.EXE[396] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FB27E0

.text C:\WINDOWS\Explorer.EXE[396] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00FB2726

.text C:\WINDOWS\Explorer.EXE[396] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FB275E

.text C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe[928] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01182862

.text C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe[928] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011826EE

.text C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe[928] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 011827E0

.text C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe[928] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01182726

.text C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe[928] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0118275E

.text C:\WINDOWS\system32\NOTEPAD.EXE[1552] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DF2862

.text C:\WINDOWS\system32\NOTEPAD.EXE[1552] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DF26EE

.text C:\WINDOWS\system32\NOTEPAD.EXE[1552] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DF27E0

.text C:\WINDOWS\system32\NOTEPAD.EXE[1552] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DF2726

.text C:\WINDOWS\system32\NOTEPAD.EXE[1552] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DF275E

.text C:\WINDOWS\System32\alg.exe[1608] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B72862

.text C:\WINDOWS\System32\alg.exe[1608] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B726EE

.text C:\WINDOWS\System32\alg.exe[1608] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B727E0

.text C:\WINDOWS\System32\alg.exe[1608] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B72726

.text C:\WINDOWS\System32\alg.exe[1608] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B7275E

.text C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe[1744] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CA2862

.text C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe[1744] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00CA26EE

.text C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe[1744] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CA27E0

.text C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe[1744] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00CA2726

.text C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe[1744] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CA275E

.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[1820] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EB2862

.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[1820] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EB26EE

.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[1820] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EB27E0

.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[1820] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EB2726

.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[1820] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EB275E

.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2008] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 014A2862

.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2008] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014A26EE

.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2008] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 014A27E0

.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2008] WS2_32.dll!recv 71AB676F 5 Bytes JMP 014A2726

.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[2008] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 014A275E

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2064] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DB2862

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2064] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DB26EE

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2064] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DB27E0

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2064] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DB2726

.text C:\Program Files\Canon\CAL\CALMAIN.exe[2064] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DB275E

.text C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe[2444] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01232862

.text C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe[2444] ws2_32.dll!send 71AB4C27 5 Bytes JMP 012326EE

.text C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe[2444] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012327E0

.text C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe[2444] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01232726

.text C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe[2444] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0123275E

.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3104] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F32862

.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3104] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F326EE

.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3104] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F327E0

.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3104] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F32726

.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3104] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F3275E

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01212862

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012126EE

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012127E0

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01212726

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3160] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0121275E

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3168] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01052862

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3168] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010526EE

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3168] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010527E0

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3168] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01052726

.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3168] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0105275E

.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3184] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 017F2862

.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3184] WS2_32.dll!send 71AB4C27 5 Bytes JMP 017F26EE

.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3184] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 017F27E0

.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3184] WS2_32.dll!recv 71AB676F 5 Bytes JMP 017F2726

.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3184] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 017F275E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F02862

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F026EE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F027E0

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F02726

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3308] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F0275E

.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3448] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F22862

.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3448] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F226EE

.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3448] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F227E0

.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3448] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F22726

.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3448] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F2275E

.text C:\WINDOWS\system32\wscntfy.exe[3608] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EC2862

.text C:\WINDOWS\system32\wscntfy.exe[3608] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EC26EE

.text C:\WINDOWS\system32\wscntfy.exe[3608] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EC27E0

.text C:\WINDOWS\system32\wscntfy.exe[3608] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EC2726

.text C:\WINDOWS\system32\wscntfy.exe[3608] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EC275E

.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3664] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FE2862

.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3664] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FE26EE

.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3664] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FE27E0

.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3664] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FE2726

.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3664] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FE275E

.text C:\Program Files\HPQ\shared\hpqwmi.exe[4048] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 006A2862

.text C:\Program Files\HPQ\shared\hpqwmi.exe[4048] WS2_32.dll!send 71AB4C27 5 Bytes JMP 006A26EE

.text C:\Program Files\HPQ\shared\hpqwmi.exe[4048] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 006A27E0

.text C:\Program Files\HPQ\shared\hpqwmi.exe[4048] WS2_32.dll!recv 71AB676F 5 Bytes JMP 006A2726

.text C:\Program Files\HPQ\shared\hpqwmi.exe[4048] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 006A275E

.text C:\Documents and Settings\Laptop 2\Desktop\6fvuv24i.exe[4088] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01022862

.text C:\Documents and Settings\Laptop 2\Desktop\6fvuv24i.exe[4088] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010226EE

.text C:\Documents and Settings\Laptop 2\Desktop\6fvuv24i.exe[4088] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010227E0

.text C:\Documents and Settings\Laptop 2\Desktop\6fvuv24i.exe[4088] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01022726

.text C:\Documents and Settings\Laptop 2\Desktop\6fvuv24i.exe[4088] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0102275E

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A2ED998

Device \Driver\atapi \Device\Ide\IdePort0 8A2ED998

Device \Driver\atapi \Device\Ide\IdePort1 8A2ED998

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A2ED998

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 09: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

Thanks for your help!!

Matt

Blade81 · June 3, 2010

Hi,

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
[*]Save both reports to your desktop. Post them back to your topic.

msquirrel2 · June 3, 2010

DDS (Ver_10-03-17.01) - NTFSx86

Run by Laptop 2 at 16:25:40.93 on Thu 06/03/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1188 [GMT -4:00]

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\HPQ\shared\hpqwmi.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Laptop 2\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=laptop

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [unHackMe Monitor] c:\program files\unhackme\hackmon.exe

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [CTCheck] c:\program files\creative\creative zen\zen media explorer\CTCheck.exe

mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\*.update

Trusted Zone: navy.mil\lhd8.surfor

Trusted Zone: windowsupdate.com\download

DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://mbcssl01.mbco.com/dana/download/wficat.cab?url=/dana/term/winlaunchterm.cgi?op=DownloadCitrixCab

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://yahoo.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5503/mcfscan.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\laptop~1\applic~1\mozilla\firefox\profiles\lz8p8dv1.default\

FF - prefs.js: browser.search.selectedEngine - Amazon.com

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\laptop 2\application data\mozilla\firefox\profiles\lz8p8dv1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\documents and settings\laptop 2\application data\mozilla\firefox\profiles\lz8p8dv1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - HiddenExtension: XUL Cache: {EB3AD435-E454-4D3F-99F7-25F2E874036C} - c:\documents and settings\laptop 2\local settings\application data\{EB3AD435-E454-4D3F-99F7-25F2E874036C}

FF - HiddenExtension: XUL Cache: {4F1D5671-FF15-4F42-9D1F-A9305F8B4FEE} - c:\documents and settings\administrator\local settings\application data\{4F1D5671-FF15-4F42-9D1F-A9305F8B4FEE}

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-1-21 15328]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-6-1 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-6-1 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-6-1 501888]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-6-1 116784]

R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-8-2 91456]

R2 MotoHelper.exe;Motorola Helper;c:\program files\motorola\moto helper service\MotoHelper.exe [2010-4-21 6656]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-6-1 126392]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-1-21 220128]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100528.003\IDSXpx86.sys [2010-5-28 331640]

R3 NAVENG;NAVENG;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100603.005\NAVENG.SYS [2010-6-3 85552]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100603.005\NAVEX15.SYS [2010-6-3 1347504]

R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2010-1-28 12032]

R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2010-1-28 39424]

R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-6-1 35816]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-27 135664]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-5-26 24576]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-8-2 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-8-2 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-8-2 42752]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2010-3-21 23936]

S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-6-1 24416]

=============== Created Last 30 ================

2010-06-01 20:59:14 0 d-----w- c:\program files\Easy SpyRemover

2010-06-01 05:11:53 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2010-06-01 04:59:51 37600 ----a-w- c:\windows\system32\Partizan.exe

2010-06-01 04:59:51 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2010-06-01 04:59:45 2 --shatr- c:\windows\winstart.bat

2010-06-01 04:59:22 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2010-06-01 04:59:16 0 d-----w- c:\program files\UnHackMe

2010-06-01 00:06:15 0 d-----w- c:\docume~1\laptop~1\applic~1\QuickScan

2010-05-27 01:29:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

2010-05-27 01:23:32 0 d-----w- c:\docume~1\laptop~1\applic~1\Teleca

2010-05-27 01:22:45 0 d-----w- c:\program files\common files\Teleca Shared

2010-05-27 01:21:16 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys

2010-05-27 01:21:08 0 d-----w- c:\program files\Spirent Communications

2010-05-27 01:21:00 0 d-----w- c:\program files\HTC

2010-05-27 00:12:38 14848 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys

2010-05-27 00:12:38 12416 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys

2010-05-27 00:12:38 12416 ----a-w- c:\windows\system32\drivers\sscdcm.sys

2010-05-27 00:12:38 123648 ----a-w- c:\windows\system32\drivers\sscdmdm.sys

2010-05-27 00:12:36 98560 ----a-w- c:\windows\system32\drivers\sscdbus.sys

2010-05-27 00:12:36 12288 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys

2010-05-27 00:12:36 12288 ----a-w- c:\windows\system32\drivers\sscdwh.sys

2010-05-27 00:12:35 0 d-----w- c:\program files\SAMSUNG

2010-05-27 00:12:29 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Samsung

2010-05-27 00:11:20 0 d-----w- c:\program files\Samsung Electronics

==================== Find3M ====================

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-29 01:09:43 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll

2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-03-11 12:38:51 17408 ------w- c:\windows\system32\corpol.dll

2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll

2008-07-28 19:20:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072820080729\index.dat

============= FINISH: 16:26:34.95 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 5/31/2008 11:20:46 PM

System Uptime: 6/3/2010 4:01:18 PM (0 hours ago)

Motherboard: Quanta | | 3093

Processor: AMD Turion 64 Mobile Technology ML-32 | U23 | 1794/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 13.147 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP450: 5/25/2010 8:17:53 PM - Software Distribution Service 3.0

RP451: 5/25/2010 8:51:27 PM - Removed FormatFactory

RP452: 5/26/2010 8:11:05 PM - Installed SamsungSimpleDL

RP453: 5/26/2010 9:20:57 PM - Installed HTC Driver Installer.

RP454: 5/26/2010 9:21:46 PM - Installed HTC Sync.

RP455: 5/28/2010 12:04:56 AM - System Checkpoint

RP456: 5/28/2010 11:16:13 PM - Removed HTC Sync.

RP457: 6/1/2010 1:10:56 AM - RegRun Virus Scan

RP458: 6/1/2010 1:40:25 AM - RegRun Virus Scan

==== Installed Programs ======================

"Nero SoundTrax Help

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2

Advertising Center

Apple Application Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

AudibleManager

Avanquest update

BitTorrent

Blu-ray Disc Authoring Plug-in

Broadcom 802.11 Driver

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon G.726 WMP-Decoder

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Conexant AC-Link Audio

ConvertHelper 2.2

Creative System Information

Creative ZEN

Critical Update for Windows Media Player 11 (KB959772)

Data Fax SoftModem with SmartCP

DNA

DolbyFiles

DTS Plug-in

Easy SpyRemover 5.0

Eusing Free Registry Cleaner

ExtractNow

Garmin Communicator Plugin

Garmin WebUpdater

Google Earth

Google Update Helper

Google Updater

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Deskjet 3740

HP Deskjet 3740 Series

HP Help and Support

HP Product Detection

HP Software Update

HP Wireless Assistant

HTC Driver Installer

ImagXpress

InterVideo DVD Check

InterVideo WinDVD

J2SE Runtime Environment 5.0

Java Auto Updater

Java 6 Update 18

Juniper Citrix Services Client

Juniper Networks Cache Cleaner 6.4.0

Juniper Networks Host Checker

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

LightScribe System Software

Macrium Reflect - Free Edition

Malwarebytes' Anti-Malware

Menu Templates - Starter Kit

MetaFrame Presentation Server Web Client for Win32

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Moto Helper Service

MotoConnect

Motorola Driver Installation 4.6.0

Motorola Phone Tools

Motorola Software Update

Mototools Software Update

Movie Templates - Starter Kit

Mozilla Firefox (3.6.3)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 3.5 - SE

Nero 9

Nero BackItUp 4

Nero BurningROM

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DriveSpeed

Nero Express

Nero InfoTool

Nero Installer

Nero Live

Nero Live Help

Nero MediaHome 4

Nero Move it

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero WaveEditor

Nero WaveEditor Help

NeroBurningROM

NeroExpress

neroxml

NetGear PS121v2

Norton Security Suite

OpenOffice.org 3.0

PeerBlock 1.0+ (r320)

Quick Launch Buttons 5.10 A2

QuickTime

RealPlayer

SAMSUNG USB Driver for Mobile Phones V5.2.0.0

SamsungSimpleDL

Security Task Manager 1.7h

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

Sonic RecordNow!

Sonic Update Manager

SoundTrax

SUPERAntiSpyware Free Edition

Synaptics Pointing Device Driver

TBS WMP Plug-in

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

UnHackMe 5.90 release

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Xvid 1.1.3 final uninstall

Yahoo! Messenger

ZENcast Organizer

Zone Deluxe Games

==== Event Viewer Messages From Past Week ========

6/2/2010 9:56:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM BHDrvx86 ccHP eabfiltr eeCtrl Fips SASDIFSV SASKUTIL SRTSP SRTSPX SymIRON SYMTDI

6/2/2010 9:55:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/31/2010 8:36:33 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HEATHER-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DE7D3251-0408. The master browser is stopping or an election is being forced.

5/31/2010 6:58:55 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

5/30/2010 8:51:19 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.

5/30/2010 8:48:17 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0014A52F68D4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

5/28/2010 11:17:49 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

Blade81 · June 4, 2010

Hi,

BitTorrent

DNA

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

msquirrel2 · June 4, 2010

Thank you for your continued help with this! I will be uninstalling the P2P software once cleaned.

ComboFix 10-06-03.01 - Laptop 2 06/04/2010 16:58:27.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1504 [GMT -4:00]

Running from: c:\documents and settings\Laptop 2\Desktop\ComboFix.exe

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Laptop 2\My Documents\registry053110.reg

c:\windows\run.log

c:\windows\system32\Thumbs.db

C:\xcrashdump.dat

.

original MBR restored successfully !

.

((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))

.

2010-06-02 03:04 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys

2010-06-02 03:04 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys

2010-06-02 03:04 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys

2010-06-02 03:04 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys

2010-06-02 03:04 . 2009-10-15 03:50 328752 ----a-r- c:\windows\system32\drivers\symds.sys

2010-06-02 03:04 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys

2010-06-01 20:59 . 2010-06-01 20:59 -------- d-----w- c:\program files\Easy SpyRemover

2010-06-01 05:11 . 2010-06-01 05:11 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2010-06-01 04:59 . 2010-06-01 04:59 2 --shatr- c:\windows\winstart.bat

2010-06-01 04:59 . 2010-05-21 16:16 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2010-06-01 04:59 . 2010-06-01 05:00 -------- d-----w- c:\program files\UnHackMe

2010-06-01 00:47 . 2010-05-31 20:34 702120 ----a-w- c:\documents and settings\Laptop 2\Application Data\Mozilla\Firefox\Profiles\lz8p8dv1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-06-01 00:47 . 2010-05-31 20:34 868456 ----a-w- c:\documents and settings\Laptop 2\Application Data\Mozilla\Firefox\Profiles\lz8p8dv1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-06-01 00:06 . 2010-06-01 22:06 -------- d-----w- c:\documents and settings\Laptop 2\Application Data\QuickScan

2010-05-27 01:23 . 2010-05-27 19:28 -------- d-----w- c:\documents and settings\Laptop 2\Application Data\Teleca

2010-05-27 01:22 . 2010-05-29 03:17 -------- d-----w- c:\program files\Common Files\Teleca Shared

2010-05-27 01:21 . 2009-06-10 20:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys

2010-05-27 01:21 . 2010-05-27 01:21 -------- d-----w- c:\program files\Spirent Communications

2010-05-27 01:21 . 2010-05-29 03:17 -------- d-----w- c:\program files\HTC

2010-05-27 00:12 . 2010-01-14 07:02 14848 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys

2010-05-27 00:12 . 2010-01-14 07:02 12416 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys

2010-05-27 00:12 . 2010-01-14 07:02 12416 ----a-w- c:\windows\system32\drivers\sscdcm.sys

2010-05-27 00:12 . 2010-01-14 07:02 123648 ----a-w- c:\windows\system32\drivers\sscdmdm.sys

2010-05-27 00:12 . 2010-01-14 07:02 12288 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys

2010-05-27 00:12 . 2010-01-14 07:02 12288 ----a-w- c:\windows\system32\drivers\sscdwh.sys

2010-05-27 00:12 . 2010-01-14 07:02 98560 ----a-w- c:\windows\system32\drivers\sscdbus.sys

2010-05-27 00:12 . 2010-05-27 00:12 -------- d-----w- c:\program files\SAMSUNG

2010-05-27 00:12 . 2010-05-27 00:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Samsung

2010-05-27 00:12 . 2010-05-27 00:12 53248 ----a-r- c:\documents and settings\Laptop 2\Application Data\Microsoft\Installer\{64C85B95-E971-4705-B3ED-D4A0153C0D5B}\ARPPRODUCTICON.exe

2010-05-27 00:11 . 2010-05-27 00:11 -------- d-----w- c:\program files\Samsung Electronics

2010-05-22 01:22 . 2010-05-30 01:27 439816 ----a-w- c:\documents and settings\Laptop 2\Application Data\Real\Update\setup3.10\setup.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-04 20:44 . 2010-02-12 22:17 -------- d-----w- c:\program files\PeerBlock

2010-06-04 20:19 . 2008-06-28 17:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater

2010-05-29 03:31 . 2010-02-26 21:50 117760 ----a-w- c:\documents and settings\Laptop 2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-05-27 01:29 . 2010-05-27 01:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

2010-05-26 00:56 . 2009-11-26 19:59 -------- d-----w- c:\documents and settings\Laptop 2\Application Data\Juniper Networks

2010-05-22 06:19 . 2007-09-23 23:13 -------- d-----w- c:\program files\Google

2010-05-22 03:05 . 2009-04-20 02:03 1 ----a-w- c:\documents and settings\Laptop 2\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-05-18 11:21 . 2008-07-30 22:56 -------- d-----w- c:\documents and settings\Laptop 2\Application Data\BitTorrent

2010-05-18 03:30 . 2008-07-30 22:55 -------- d-----w- c:\program files\BitTorrent

2010-05-01 19:02 . 2008-12-19 01:36 -------- d-----w- c:\program files\PeerGuardian2

2010-04-29 19:39 . 2009-12-22 21:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39 . 2009-12-22 21:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 01:54 . 2010-04-27 01:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Motorola

2010-04-27 01:53 . 2009-01-20 04:27 -------- d-----w- c:\program files\Motorola

2010-04-27 01:53 . 2010-04-27 01:52 8457728 ----a-w- c:\windows\system32\Mototools_Software_Update_3.0.5.msi

2010-04-27 01:16 . 2009-01-20 04:25 -------- d-----w- c:\program files\Common Files\Motorola Shared

2010-04-27 01:09 . 2009-01-20 04:08 -------- d-----w- c:\program files\Motorola Phone Tools

2010-04-27 01:00 . 2009-01-20 04:16 -------- d-----w- c:\program files\Avanquest update

2010-04-22 04:01 . 2007-07-23 18:32 -------- d-----w- c:\program files\QuickTime

2010-04-22 04:01 . 2010-04-22 04:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer

2010-03-29 01:09 . 2010-03-29 01:09 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-03-29 01:09 . 2010-03-29 01:09 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-03-11 12:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-03-11 12:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-03-11 12:38 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll

2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-04-13 2387968]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-03-09 1738352]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2010-05-21 594200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]

"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]

"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 184320]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-27 198160]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-5-31 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Laptop 2^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]

backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]

V600 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mumservice]

2010-02-10 16:42 1066240 ----a-w- c:\program files\Motorola\Software Update\mumservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS121v2]

2007-05-23 12:39 696320 ----a-w- c:\program files\NETGEAR\PS121v2\PS121v2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Common Files\\Real\\Update_OB\\RealOneMessageCenter.exe"=

"c:\\Program Files\\Motorola\\MotoConnectService\\MotoConnect.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"2479:TCP"= 2479:TCP:Services

"2452:TCP"= 2452:TCP:Services

"7667:TCP"= 7667:TCP:Services

"7666:TCP"= 7666:TCP:Services

"1871:TCP"= 1871:TCP:Services

"2242:TCP"= 2242:TCP:Services

"9614:TCP"= 9614:TCP:Services

"5557:TCP"= 5557:TCP:Services

"8793:TCP"= 8793:TCP:Services

"8792:TCP"= 8792:TCP:Services

"3495:TCP"= 3495:TCP:Services

"5490:TCP"= 5490:TCP:Services

"7542:TCP"= 7542:TCP:Services

"7543:TCP"= 7543:TCP:Services

"4480:TCP"= 4480:TCP:Services

"7460:TCP"= 7460:TCP:Services

"2027:TCP"= 2027:TCP:Services

"2554:TCP"= 2554:TCP:Services

"6651:TCP"= 6651:TCP:Services

"6652:TCP"= 6652:TCP:Services

"8886:TCP"= 8886:TCP:Services

"8887:TCP"= 8887:TCP:Services

"7301:TCP"= 7301:TCP:Services

"7302:TCP"= 7302:TCP:Services

"12345:TCP"= 12345:TCP:Motorola Helper

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [1/21/2010 5:20 PM 15328]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [6/1/2010 11:04 PM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [6/1/2010 11:04 PM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [4/29/2010 1:44 PM 537136]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [6/1/2010 11:04 PM 501888]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [6/1/2010 11:04 PM 116784]

R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [8/2/2009 6:10 PM 91456]

R2 MotoHelper.exe;Motorola Helper;c:\program files\Motorola\Moto Helper Service\MotoHelper.exe [4/21/2010 5:41 AM 6656]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [6/1/2010 11:04 PM 126392]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [1/21/2010 5:20 PM 220128]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 12:19 AM 102448]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 PM 231424]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [5/28/2010 3:33 PM 331640]

R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [1/28/2010 10:27 PM 12032]

R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [1/28/2010 10:27 PM 39424]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/27/2009 11:01 PM 135664]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/26/2010 9:21 PM 24576]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/2/2009 6:11 PM 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/2/2009 5:55 PM 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [8/2/2009 5:55 PM 42752]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [3/21/2010 10:27 PM 23936]

S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [6/1/2010 1:11 AM 24416]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-04-13 19:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-28 22:35]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 03:01]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 03:01]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\*.update

Trusted Zone: navy.mil\lhd8.surfor

Trusted Zone: windowsupdate.com\download

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://yahoo.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

FF - ProfilePath - c:\documents and settings\Laptop 2\Application Data\Mozilla\Firefox\Profiles\lz8p8dv1.default\

FF - prefs.js: browser.search.selectedEngine - Amazon.com

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\Laptop 2\Application Data\Mozilla\Firefox\Profiles\lz8p8dv1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\documents and settings\Laptop 2\Application Data\Mozilla\Firefox\Profiles\lz8p8dv1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - HiddenExtension: XUL Cache: {EB3AD435-E454-4D3F-99F7-25F2E874036C} - c:\documents and settings\Laptop 2\Local Settings\Application Data\{EB3AD435-E454-4D3F-99F7-25F2E874036C}

FF - HiddenExtension: XUL Cache: {4F1D5671-FF15-4F42-9D1F-A9305F8B4FEE} - c:\documents and settings\Administrator\Local Settings\Application Data\{4F1D5671-FF15-4F42-9D1F-A9305F8B4FEE}

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-04 17:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]

"Licence0"="04F0D21-79D8-7A25-D702-433F"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-06-04 17:11:23

ComboFix-quarantined-files.txt 2010-06-04 21:11

Pre-Run: 13,996,879,872 bytes free

Post-Run: 14,003,924,992 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5892BD6A5C3A507D4C62D5DC4757B010

DDS (Ver_10-03-17.01) - NTFSx86

Run by Laptop 2 at 17:15:36.04 on Fri 06/04/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1447 [GMT -4:00]

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe

C:\WINDOWS\explorer.exe