Jump to content

"I'm infected ..." went well until GMER scan


Recommended Posts

Everything went as predicted with the "I'm infected what do I do know" procedure until the GMER scan. I was watching it display where it was scanning. While it was scanning inside the system drivers folder, everything suddenly disappeared from my desktop except the standard desktop background image. No icons no nothing. The mouse still functioned but moving the pointer to the bottom did not make the task bar appear as usual. Tried Ctrl+Alt+Delete for the Task Manager but got no result. I have downloaded another randomly-named GMER file but I'm not doing anything until I hear back from you guys.

Link to post
Share on other sites

Since GMER malfunctioned, I do not have ark.text to zip and attach. I only had attach.txt to zip and attach. This is all got started because something on my PC kept trying to reach malicious Web sites. That hasn't happened for about an hour and I don't know why not. Perhaps because Malwarebytes is in the middle of its scheduled nightly scan. Anyway, here is the contents of DDS.txt ....

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrator at 20:44:54.79 on Sat 08/28/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3055.2294 [GMT -5:00]

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {867FFCF4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844928C4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {867B385C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A76DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8434A4E4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {845C0DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86011BE4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844F524C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84243CF4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8685E9EC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8668639C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A77DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8689DDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86796DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86775434-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866A4BAC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8665D27C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8682E374-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {83F89054-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A768F4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {865C04DC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866963C4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {867845A4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866A7664-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A6EBB4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866A1A6C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {865EEDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844D823C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8661C794-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84742374-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A6E51C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {869E64C4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A8150C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844E0DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {869D6DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8687B524-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86728DB4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84632B74-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844EA45C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84528DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86690A6C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A6E604-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8675AC4C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A805CC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866CB7B4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844B8DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A1CDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86658DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8681633C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8457EB64-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8695F054-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {867614FC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A703AC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {868677A4-FFA4-00EF-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {867BA5AC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8471B284-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A90A94-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86B874DC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {867694B4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844CCDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8667C32C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A7339C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8673ADB4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844F5DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866A6394-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8661C91C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8670C054-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8682A054-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8666EDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {867BB35C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84B7CCE4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86976054-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86B5C614-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A0FA6C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8467DDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866B1374-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {845CC054-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8674191C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86772A3C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {867814AC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {845012A4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A6154C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {845F2DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {843B1B64-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84503554-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86769DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A5B504-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84D9ADDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {856CABD4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8668ADDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {845204C4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A6C7EC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8677D5B4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8453B054-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866C3DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A4642C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {845132A4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86587DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84694384-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8675AA3C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8680F144-FFA4-00DE-0D24-347CA8A3377C}

AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {868E2374-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {865A773C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {844F035C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86813C1C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86796964-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86B6135C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {845A157C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {845D8C0C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8678A3C4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A70DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {865DD91C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84586644-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866DB6B4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated) {83E6BDDC-FFA4-00EF-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84B28DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8673E40C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844F6744-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86696CA4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A5E72C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844C3DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8451EBB4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8471FAA4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A64DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {846A8974-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A6F054-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {867864AC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86775DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8682128C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844D23B4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844F3DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86667C94-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {845B59CC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86764C04-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8464396C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8672798C-FFA4-00EF-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866833C4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8446F054-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A5E224-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A22DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86695DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86665B24-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866AC2F4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {869B2054-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86AA9BDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8669CA74-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8678145C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86985DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {00000246-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {865D0C0C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866B6324-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8468DDDC-FFA4-00EF-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {844201F4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A4622C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8681927C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84636054-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {85C06C24-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {865D2A6C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8674B82C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8659D32C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8689BBF4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84533DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8679DDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A559B4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {866859EC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8628A6B4-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8451ADDC-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {867C137C-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86A78194-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {86798A94-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {84484504-FFA4-00DE-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated) {8677E4AC-FFA4-00DE-0D24-347CA8A3377C}

FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe

C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe

C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\SRS Labs\WOWHD DivX Edition\srspremiumpanel.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Documents and Settings\Administrator\Desktop\dds.scr

C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe

C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 192.168.2.1:80

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\4.2.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\4.2.0.12\IPSBHO.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\4.2.0.12\coIEPlg.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {58A83E4F-477A-4A3F-BF9B-B65BC2BD5598} - No File

TB: {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - No File

TB: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [CTHelper] CTHELPER.EXE

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Norton Ghost 15.0] "c:\program files\norton ghost\agent\VProTray.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wowhdd~1.lnk - c:\windows\installer\{6451c1eb-0df2-4f96-9f7c-5f7da9c4e4ae}\NewShortcut2_3CDD5AA270824DF4A30D02AE3DC4D6F5.exe

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: hp.com\www

Trusted Zone: microsoft.com\update

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281189207106

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {A57B79D8-9501-42B7-BA9B-B961454712F2} - hxxps://www.jiwire.com/activeX/wlaninfo.cab

DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab

DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab

TCP: NameServer = 208.67.220.220,208.67.222.222

TCP: {83A0B5BD-B723-4A46-94D4-5C9AA4EA17A9} = 208.67.220.220,208.67.222.222

TCP: {9ED133EB-7ED4-40F2-A968-9E0BBFC6EAD8} = 208.67.220.220,208.67.222.222

Notify: igfxcui - igfxsrvc.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\7ky188m3.default\

FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdrmv2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [2001-10-29 23120]

R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2005-4-28 17792]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-8-10 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-8-10 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-8-9 692272]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-8-10 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-8-10 116784]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-10 60936]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-5-6 10384]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-24 304464]

R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\4.2.0.12\ccsvchst.exe [2010-8-10 126392]

R2 Powert;Powertweak NT helper;c:\progra~1\powert~2\powert2k.sys [2010-8-23 4512]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-11 102448]

R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2010-2-12 57840]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20100827.001\IDSXpx86.sys [2010-8-27 331640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-24 20952]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100828.004\NAVENG.SYS [2010-8-28 85424]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100828.004\NAVEX15.SYS [2010-8-28 1362608]

R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]

R3 SRS_WOWHD_DivX_Service;WOW HD DivX Edition;c:\windows\system32\drivers\SRS_DivX_i386.sys [2010-8-4 246000]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 avgio;avgio; [x]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]

S2 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]

S3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-4-30 508544]

S3 CamdVideo32;CamdVideo32;c:\windows\system32\drivers\CamdVideo32.sys [2008-4-30 3768]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-8-11 79360]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]

S3 Dnpiesam;Dnpiesam; [x]

S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [2010-2-12 1574408]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [2005-4-26 39048]

S3 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [2001-11-13 214192]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-8-19 27064]

S3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys --> c:\windows\system32\drivers\tbcspud.sys [?]

S3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys --> c:\windows\system32\drivers\tbcwdm.sys [?]

S3 TfNetMon;TfNetMon; [x]

=============== Created Last 30 ================

2010-08-29 01:38:05 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-08-25 23:23:01 4932846 ----a-w- c:\windows\{00000001-00000000-00000000-00001102-00000008-10211102}.BAK

2010-08-24 12:45:45 0 d-----w- c:\docume~1\admini~1\applic~1\ProgSense

2010-08-23 13:04:27 0 d-----w- c:\program files\Powertweak

2010-08-23 02:12:58 124264 ----a-r- c:\windows\system32\mp3dec.dll

2010-08-23 02:12:58 120168 ----a-r- c:\windows\system32\spiccDve.dll

2010-08-23 02:12:57 79208 ----a-r- c:\windows\system32\IcdSpiDve.dll

2010-08-23 02:12:56 99688 ----a-r- c:\windows\system32\IcdCddaDve.dll

2010-08-23 02:12:56 71016 ----a-r- c:\windows\system32\ICDUSB3.dll

2010-08-23 02:12:56 238952 ----a-r- c:\windows\system32\IcdComm4.dll

2010-08-23 02:12:38 131072 ----a-r- c:\windows\system32\IcdSrc3.ax

2010-08-23 02:12:38 118784 ----a-r- c:\windows\system32\Mp3Src.ax

2010-08-21 21:57:13 0 d-----w- C:\DropMyRights

2010-08-21 13:08:44 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU

2010-08-21 13:08:37 0 d-----w- c:\docume~1\admini~1\applic~1\AVS4YOU

2010-08-21 13:06:42 0 d-----w- c:\program files\common files\AVSMedia

2010-08-21 13:06:41 974848 ----a-w- c:\windows\system32\mfc70.dll

2010-08-21 13:06:32 0 d-----w- c:\program files\AVS4YOU

2010-08-20 04:09:56 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2010-08-20 04:09:52 0 d-----w- c:\program files\VS Revo Group

2010-08-20 01:34:34 0 d-----w- C:\AutoRuns

2010-08-16 01:25:04 0 d-----w- c:\program files\HP

2010-08-15 13:54:06 131000 ----a-w- c:\windows\system32\drivers\WimFltr.sys

2010-08-15 13:53:31 138592 ----a-w- c:\windows\system32\drivers\symsnap.sys

2010-08-15 13:53:20 15096 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys

2010-08-15 13:53:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf

2010-08-15 13:53:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2010-08-15 13:53:11 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-08-15 13:52:24 0 d-----w- c:\program files\Norton Ghost

2010-08-15 13:52:24 0 d-----w- c:\docume~1\alluse~1\applic~1\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}

2010-08-15 02:40:33 0 d-----w- c:\program files\Microsoft Bootvis

2010-08-14 22:00:54 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-14 14:52:11 0 d-----w- c:\docume~1\admini~1\applic~1\Tific

2010-08-14 04:02:51 0 d-----w- c:\docume~1\admini~1\applic~1\EMCO

2010-08-14 04:02:22 0 d-----w- c:\program files\EMCO

2010-08-12 05:52:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Nokia

2010-08-12 05:48:12 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2010-08-12 05:48:02 0 d-----w- c:\program files\PC Connectivity Solution

2010-08-12 05:47:35 92672 ----a-w- c:\windows\system32\nmwcdcls.dll

2010-08-12 04:15:24 0 d-----w- c:\program files\common files\Creative

2010-08-12 04:15:23 0 d--h--w- c:\program files\Creative Installation Information

2010-08-12 03:21:28 29604 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000001-00000000-00000000-00001102-00000008-10211102}.rfx

2010-08-12 03:21:28 11564 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000000-00001102-00000008-10211102}.rfx

2010-08-12 03:19:42 4932846 ----a-w- c:\windows\{00000001-00000000-00000000-00001102-00000008-10211102}.CDF

2010-08-12 03:19:13 0 d-----w- c:\program files\common files\Creative Labs Shared

2010-08-11 23:59:11 46928 ----a-w- c:\windows\system32\AdobePDF.dll

2010-08-11 23:59:11 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2010-08-11 00:39:47 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-08-11 00:39:47 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-08-11 00:39:47 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-08-11 00:39:47 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-08-11 00:38:53 0 d-----w- c:\windows\system32\drivers\N360

2010-08-11 00:38:49 0 d-----w- c:\program files\Norton 360 Premier Edition

2010-08-11 00:37:34 0 d-----w- c:\program files\NortonInstaller

2010-08-10 23:53:37 0 d-----w- c:\windows\LMI3A.tmp

2010-08-10 10:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-08-10 10:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-08-10 04:01:34 0 d-----w- c:\docume~1\admini~1\applic~1\gnupg

2010-08-10 03:57:32 0 d-----w- c:\program files\GNU

2010-08-09 03:05:36 0 d-----w- c:\program files\Essentials Codec Pack

2010-08-09 00:22:05 0 d-----w- c:\windows\ie8updates

2010-08-08 22:54:21 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-08-08 22:54:00 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-08-08 22:54:00 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-08-08 22:53:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-08-08 22:52:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-08-08 22:52:33 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-08-08 22:52:32 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-08-08 22:49:46 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx

2010-08-08 22:46:42 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat

2010-08-08 22:46:13 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb

2010-08-08 22:46:12 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-08-08 22:19:16 0 d-----w- c:\program files\Norton Support

2010-08-08 01:51:25 421888 ----a-w- c:\windows\system32\ac3filter.acm

2010-08-08 01:51:14 0 d-----w- c:\program files\XP Codec Pack

2010-08-07 13:54:14 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2010-08-05 04:01:29 246000 ----a-r- c:\windows\system32\drivers\SRS_DivX_i386.sys

2010-08-05 04:01:02 0 d-----w- c:\program files\SRS Labs

2010-08-04 13:13:23 113504 ----a-w- c:\windows\system32\drivers\ialmsbw.sys

2010-08-04 13:13:14 98842 ----a-w- c:\windows\system32\drivers\ialmkchw.sys

2010-08-04 12:41:23 0 d-----w- c:\documents and settings\all users\Uniblue

2010-08-02 23:28:34 437248 ----a-w- c:\windows\mspaint.exe

2010-08-01 15:50:53 0 d-----w- c:\program files\Sourceforge

2010-07-31 22:50:47 54668 ---ha-w- c:\windows\system32\mlfcache.dat

2010-07-31 22:41:02 0 d-----w- c:\docume~1\admini~1\applic~1\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2010-07-31 22:32:22 0 d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe

2010-07-31 22:28:19 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM

2010-07-31 22:18:05 0 d-----w- c:\documents and settings\administrator\Adobe Flash Builder 4

2010-07-31 21:41:37 0 d-----w- c:\program files\common files\Macrovision Shared

2010-07-31 19:16:52 0 d-----w- c:\docume~1\admini~1\applic~1\Uniblue

2010-07-31 19:16:47 0 d-----w- c:\program files\Uniblue

2010-07-31 17:13:56 0 d-----w- c:\program files\common files\Akamai

==================== Find3M ====================

2010-08-12 03:18:08 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2010-08-12 03:18:08 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2010-07-21 22:33:36 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-17 14:03:00 80384 ------w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll

2010-06-09 23:01:10 126448 ------w- c:\windows\system32\pxinsi64.exe

2010-06-09 23:01:10 123888 ------w- c:\windows\system32\pxcpyi64.exe

2007-12-28 20:02:12 287232 ----a-w- c:\windows\inf\wg111v3\wg111v3.sys

2007-12-28 19:59:30 342528 ----a-w- c:\windows\inf\wg111v3\vista64\wg111v3.sys

2007-11-27 22:53:58 63488 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe

2007-11-27 22:52:44 32768 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe

2007-03-17 20:12:14 303104 ----a-w- c:\program files\common files\lame_enc.dll

2006-12-15 16:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe

2006-12-15 16:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe

2006-12-15 16:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe

2006-12-15 16:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe

2006-12-15 16:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE

2008-09-28 04:35:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080922\index.dat

2008-09-28 04:35:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 20:46:39.60 ===============

Attach.zip

Link to post
Share on other sites

Before you study my ComboFix.txt and dds.txt, four items I want to mention:

1-Your page with instructions about disabling existing antivirus programs isn't up to date with the latest Norton 360 upgrade. I didn't have any problem figuring how to make your instructions work, but then I've done this once before, and I'm moderately computer saavy. If you want a description of the new Norton 360 user interface, I'll be glad to help.

2-Screen savers. Mine kicked in while ComboFix was scanning and scared the you know what out of me. I didn't know if it was interfering with ComboFix, and I didn't know if my logging back in (my screen saver is password protect) would cause ComboFix to crash and possibly trash my PC. So I took a wild guess and just waited 15 minutes. Then I logged in past the screen saver and there was the ComboFix scan result waiting for me. Whew.

3-For FireFox users like me, pasting these scan results into the reply window can cause the browser to freeze. You don't necessarily need to kill it in the Task Manager. Best thing to do is wait a minute while FireFox figures out what to do and returns the state where the text-entry cusrsor is blinking.

4-I may have misunderstood the instruction "Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system." when I cut and pasted both into this window. Got a "post too long" message. So, I'm zipping both ComboFix.txt and dds.txt and attaching everything. Sorry if I screwed up.

Didn't know whether you needed the attach.zip dds.scr generates so I attached it anyway....

Attach.zip

ComboFix.zip

DDS.zip

Link to post
Share on other sites

  • Staff

Hi,

Thanks for being thorough.

1) The topic we reference is very old but is periodically updated. If you could give a short bullet-point tutorial on disabling it, I can submit it and we can get the tutorial updated.

2) Screen-savers should not interfere, but I can pass your concerns to ComboFix's developer.

3) Hmm. I've never encountered any issues pasting in Firefox. Ensure that you're using the latest version. Does this occur with a Quick Reply only or the Full Reply as well?

4) If you get a "post too long" message, I recommend just pasting one log into each post. Attaching is generally not recommended because then I have to physically download the log to my computer.

Pressing onward:

I notice that you are using more than one antivirus program (Avira and Norton360). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program. Let me know what you decide to keep.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

One little glitch with Eset. First time I ran it, it got 14 percent into the scan and then hit a .msf file representing one of my Thunderbird emal folders. It stayed there for about 25 minutes before I canceled the process. I opened Thunderbird to see if there was something in one of the folders to cause the problem. Everything looked normal except several files in my inbox were corrupted. Norton 360 Premier Edition also does my automatic backups to the D drive. I allows me to restore specific items like email. But the restore didn't work because the backup runs during idle time, and by the time I got there, the restore file was corrupted as well. My only gripe about that is that two of the email corrupted concern a dispute with Kagi software about whether or not they ever delivered some software I ordered. Oh well.

Re: Disabling antivirus in latest Norton 360

Right click the Norton 360 Premier Edition icon in the task bar. Choose "Disable Antivirus Automatic-Protect. You will get a new dialog box with five options: 15 minutes, 1 hour, 5 hours, Until system restart, Permanently. Choose 5 hours.

(Considering all the firewall, backup and Web surfing protection features Norton 360 offers me, and the money I paid, I may disable its antivirus permanently and use Avira Antirus free version.)

========================

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=9f8362fa947914429b0c0c975e8cfa34

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-08-30 03:00:18

# local_time=2010-08-29 10:00:18 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=256 16777215 100 0 78424975 78424975 0 0

# compatibility_mode=512 16777215 100 0 44185835 44185835 0 0

# compatibility_mode=768 16777215 100 0 57661835 57661835 0 0

# compatibility_mode=1792 16777175 100 0 0 0 0 0

# compatibility_mode=3589 16777189 100 86 1479887 46412854 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=29304

# found=0

# cleaned=0

# scan_time=2662

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=9f8362fa947914429b0c0c975e8cfa34

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-08-30 05:59:54

# local_time=2010-08-30 12:59:54 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=256 16777215 100 0 78456576 78456576 0 0

# compatibility_mode=512 16777215 100 0 44217436 44217436 0 0

# compatibility_mode=768 16777215 100 0 57693436 57693436 0 0

# compatibility_mode=1792 16777175 100 0 0 0 0 0

# compatibility_mode=3589 16777173 100 86 1511488 46444455 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=257233

# found=1

# cleaned=1

# scan_time=25037

D:\installers\audio\Media-CD-DVD\nero_stuff\Nero 7\Nero-7.10.1.2_all_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

  • Staff
(Considering all the firewall, backup and Web surfing protection features Norton 360 offers me, and the money I paid, I may disable its antivirus permanently and use Avira Antirus free version.)
Certainly a good idea. "Protection features" are relative...

Continue with the SecurityCheck scan.

Link to post
Share on other sites

Here is the security check log. I'm now watching my PC's behavior for two things. 1-Any more Malwarebytes popups about something trying to phone home to a malicious Web site ip address, and 2-A reason that my computer has stopped running immediate safety checks of files I download. Problem is, I can't remember if Malwarebytes or Norton 360 was performing that function.

PS Greatly appreciate all your help here!!!

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

Norton 360

Antivirus out of date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java 6 Update 21

Java SE Runtime Environment 6 Update 1

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.1.82.76

Adobe Reader 7.1.0

Adobe Reader 7.0.5 Language Support

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.8)

Mozilla Thunderbird (3.1.2)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Malwarebytes' Anti-Malware mbamservice.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

Link to post
Share on other sites

  • Staff

Hi,

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

6) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.