1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE Redirect

Discussion in 'Virus & Other Malware Removal' started by Artielox, Apr 18, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Artielox

    Artielox Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    12
    ok real quick description of my prob.. when i use firefox/IE to search for something it does its job, then i click a link in the search results and i get redirected to another bogus or just anoyying search engine and cant complete my search. I found this forum here and downloaded the HJT and saved my log to post with hopes to get this anoyying prob solved, please help TY

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:35:57 PM, on 4/18/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\ABonfonti\AppData\Roaming\SystemProc\lsass.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Users\ABonfonti\AppData\Local\Apps\2.0\RTO29Z37.969\LKXJQOTG.90G\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\ABonfonti\Desktop\HJTsetup.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {013D2C6A-D939-4544-B393-680FBD0380Cd} - C:\Windows\System32\dnssd32.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\IPSBHO.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [RTHDBPL] C:\Users\ABonfonti\AppData\Roaming\SystemProc\lsass.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: CurseClientStartup.ccip
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O13 - Gopher Prefix:
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 9248 bytes
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi and Welcome,

    Please do the following:

    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


    NEXT


    Download GMER Rootkit Scanner from here to your desktop.
    • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


      [​IMG]
      Click the image to enlarge it


    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and post it in reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  3. Artielox

    Artielox Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    12
    hope this is what u need, seems to be alot of info and im a lil leary of sending out stuff i know nothing about =)


    DDS (Ver_10-03-17.01)
    Microsoft® Windows Vista&#8482; Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/28/2009 10:37:57 AM
    System Uptime: 4/18/2010 4:07:15 PM (5 hours ago)
    Motherboard: ASUSTek Computer INC. | | NARRA2
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2300/200mhz
    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 364 GiB total, 180.835 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.204 GiB free.
    E: is CDROM ()
    ==== Disabled Device Manager Items =============
    ==== System Restore Points ===================

    ==== Installed Programs ======================
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 9.3
    AIM 7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AviSynth 2.5
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Bonjour
    CDDRV_Installer
    Curse Client
    Download Updater (AOL LLC)
    Enhanced Multimedia Keyboard Solution
    erLT
    Free RAR Extract Frog
    FrostWire 4.18.1
    Handbrake 0.9.4
    Hardware Diagnostic Tools
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Advisor
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Easy Setup - Frontend
    HP My Display
    HP On-Screen Cap/Num/Scroll Lock Indicator
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Picasso Media Center Add-In
    HP Update
    HPAsset component for HP Active Support Library
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 19
    Java(TM) SE Runtime Environment 6 Update 1
    KhalInstallWrapper
    LeapFrog Connect
    LeapFrog My Pals Plugin
    LeapFrog Tag Junior Plugin
    LightScribe 1.6.45.1
    Logitech SetPoint
    Logitech Webcam Software
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox (3.6.3)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.0
    My HP Games
    Norton Security Suite
    NVIDIA Drivers
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Picture Package Music Transfer
    Pivot Software
    PSSWCORE
    Python 2.5
    QuickTime
    RealNetworks - Microsoft Visual C++ 2005 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Rhapsody
    Rhapsody Player Engine
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    SDK
    Security Update for CAPICOM (KB931906)
    Sony Picture Utility
    System Requirements Lab
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Ventrilo Client
    Videora iPod touch Converter 5.03
    VideoToolkit01
    VLC media player 1.0.5
    Vuze
    WeatherBug Gadget
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    World of Warcraft
    ==== End Of File ===========================


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by ABonfonti at 21:40:28.07 on Sun 04/18/2010
    Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_19
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.3070.1422 [GMT -7:00]
    AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe
    C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Users\ABonfonti\AppData\Local\Apps\2.0\RTO29Z37.969\LKXJQOTG.90G\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe
    C:\Program Files\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\ABonfonti\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.com/
    mStart Page = about:blank
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=c:\windows\system32\Userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.1.0.32\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.1.0.32\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.1.0.32\coIEPlg.dll
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [DT HPW] c:\program files\common files\portrait displays\shared\DT_startup.exe -HPW
    mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"
    mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\abonfonti\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
    StartupFolder: c:\users\abonfo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    ================= FIREFOX ===================
    FF - ProfilePath - c:\users\abonfo~1\appdata\roaming\mozilla\firefox\profiles\fdxl59hq.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.comcast.net
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    ============= SERVICES / DRIVERS ===============
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0401000.020\symds.sys [2010-4-13 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0401000.020\symefa.sys [2010-4-13 172592]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-24 536112]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0401000.020\cchpx86.sys [2010-4-13 501888]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100415.001\IDSvix86.sys [2010-4-16 343088]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0401000.020\ironx86.sys [2010-4-13 116784]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0401000.020\symtdiv.sys [2010-4-13 340016]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.1.0.32\ccsvchst.exe [2010-4-13 126392]
    R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2009-9-20 109168]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-1 102448]
    R3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [2009-3-5 108544]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-6-18 19456]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-8-30 21504]
    S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-8-22 265216]
    =============== Created Last 30 ================
    2010-04-18 21:34:47 0 d-----w- c:\program files\Trend Micro
    2010-04-18 20:34:55 0 d-----w- c:\users\abonfo~1\appdata\roaming\Malwarebytes
    2010-04-18 20:34:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-18 20:34:43 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-18 20:34:43 0 d-----w- c:\programdata\Malwarebytes
    2010-04-18 20:34:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-18 02:32:21 0 d-sh--w- c:\programdata\SysWoW32
    2010-04-18 02:32:07 203776 --sh--w- c:\programdata\unrar.exe
    2010-04-16 22:46:25 0 d-----w- c:\program files\Free RAR Extract Frog
    2010-04-16 17:23:35 0 d-----w- c:\program files\VideoLAN
    2010-04-16 02:52:48 0 d-----w- c:\programdata\Azureus
    2010-04-16 02:49:56 0 d-----w- c:\users\abonfo~1\appdata\roaming\Azureus
    2010-04-16 02:49:10 0 d-----w- c:\program files\Vuze
    2010-04-16 02:41:06 0 d-----w- c:\users\abonfo~1\appdata\roaming\MusicNet
    2010-04-16 02:38:33 483328 ----a-w- c:\windows\system32\actskn45.ocx
    2010-04-16 02:28:07 0 d-----w- c:\users\abonfo~1\appdata\roaming\BitTorrent
    2010-04-15 22:47:19 256 ----a-w- c:\windows\system32\pool.bin
    2010-04-15 22:46:58 0 d-----w- c:\users\abonfo~1\appdata\roaming\Research In Motion
    2010-04-15 22:44:57 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
    2010-04-15 22:44:05 0 d-----w- c:\programdata\Research In Motion
    2010-04-15 22:43:43 0 d-----w- c:\program files\common files\Research In Motion
    2010-04-15 22:43:41 0 d-----w- c:\program files\Research In Motion
    2010-04-15 21:49:49 0 d-----w- c:\program files\common files\xing shared
    2010-04-15 21:49:28 0 d-----w- c:\program files\common files\Real
    2010-04-15 21:49:27 0 d-----w- c:\programdata\Real
    2010-04-15 21:37:18 0 d-----w- c:\users\abonfo~1\appdata\roaming\HandBrake
    2010-04-15 21:37:15 0 d-----w- c:\program files\Handbrake
    2010-04-15 02:36:58 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
    2010-04-15 00:12:45 6144 ----a-w- c:\windows\system32\ff_acm.acm
    2010-04-15 00:12:45 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
    2010-04-15 00:12:45 57344 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-04-15 00:12:45 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
    2010-04-15 00:12:45 258352 ----a-w- c:\windows\system32\unicows.dll
    2010-04-15 00:12:44 372736 ----a-w- c:\windows\system32\xvid.ax
    2010-04-15 00:12:43 98304 ----a-w- c:\windows\system32\L3CODECX.AX
    2010-04-15 00:12:42 0 d-----w- c:\program files\Cucusoft
    2010-04-15 00:12:01 0 d-----w- c:\users\abonfo~1\appdata\roaming\GetRightToGo
    2010-04-14 23:20:35 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-04-14 23:20:35 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-04-14 23:20:35 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-04-14 23:20:30 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-04-14 23:20:30 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-04-14 23:20:24 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-04-14 23:20:17 62464 ----a-w- c:\windows\system32\l3codeca.acm
    2010-04-14 23:20:17 220672 ----a-w- c:\windows\system32\l3codecp.acm
    2010-04-14 23:20:15 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-04-14 23:20:15 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2010-04-14 23:20:15 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
    2010-04-14 17:17:35 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-04-14 17:17:21 98304 ----a-w- c:\windows\system32\cabview.dll
    2010-04-02 19:28:49 0 d-----w- c:\program files\common files\Software Update Utility
    2010-04-02 14:13:37 0 d-----w- C:\N360_BACKUP
    2010-04-02 01:42:14 0 d-----w- c:\program files\iPod
    2010-04-02 01:42:11 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-02 01:42:11 0 d-----w- c:\program files\iTunes
    2010-04-02 01:36:00 0 d-----w- c:\program files\Bonjour
    2010-04-02 00:49:30 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-04-02 00:49:29 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2010-04-02 00:49:29 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-04-01 23:37:22 0 d-----w- c:\programdata\Sun
    2010-04-01 23:32:45 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-04-01 23:32:45 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2010-04-01 23:32:44 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-04-01 23:32:44 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-04-01 23:32:44 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-04-01 23:32:36 0 d-----w- c:\program files\Symantec
    2010-04-01 23:32:14 0 d-----w- c:\windows\system32\drivers\N360
    2010-04-01 23:32:12 0 d-----w- c:\program files\Norton Security Suite
    2010-04-01 23:32:05 0 d-----w- c:\programdata\NortonInstaller
    2010-04-01 23:32:05 0 d-----w- c:\program files\NortonInstaller
    2010-04-01 23:16:31 0 d-----w- c:\programdata\Norton
    2010-04-01 23:05:04 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-04-01 23:05:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-04-01 23:03:54 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    ==================== Find3M ====================
    2010-04-18 23:10:54 386377 ----a-w- c:\programdata\nvModes.dat
    2010-04-18 09:14:34 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys
    2010-04-15 22:46:33 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-04-15 22:46:33 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-04-15 22:46:33 143360 ----a-w- c:\windows\inf\infstor.dat
    2010-03-09 11:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-02-12 18:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 18:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-11-04 08:39:50 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-09-01 07:19:51 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-11-23 07:45:48 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2008-09-02 03:42:53 22 --sha-w- c:\windows\sminst\HPCD.SYS
    2009-10-14 21:01:10 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-11-07 00:28:40 4648480 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-11-07 00:28:40 696352 --sha-w- c:\windows\system32\drivers\fidbox2.dat
    2007-08-22 17:14:30 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
    ============= FINISH: 21:41:15.49 ===============
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-18 23:09:00
    Windows 6.0.6002 Service Pack 2
    Running: 63u8ljdd.exe; Driver: C:\Users\ABONFO~1\AppData\Local\Temp\pxrdipob.sys

    ---- System - GMER 1.0.15 ----
    SSDT 89414B48 ZwAlertResumeThread
    SSDT 89EA3C80 ZwAlertThread
    SSDT 8A44A938 ZwAllocateVirtualMemory
    SSDT 892679C8 ZwAlpcConnectPort
    SSDT 89FFA048 ZwAssignProcessToJobObject
    SSDT 8A4505B0 ZwCreateMutant
    SSDT 8A475C78 ZwCreateSymbolicLinkObject
    SSDT 8A449288 ZwCreateThread
    SSDT 894A2130 ZwDebugActiveProcess
    SSDT 8A44AAD0 ZwDuplicateObject
    SSDT 8A449F78 ZwFreeVirtualMemory
    SSDT 8941AB78 ZwImpersonateAnonymousToken
    SSDT 8941C120 ZwImpersonateThread
    SSDT 891F5A38 ZwLoadDriver
    SSDT 8A448B60 ZwMapViewOfSection
    SSDT 8A081120 ZwOpenEvent
    SSDT 8A44ACF0 ZwOpenProcess
    SSDT 8935D110 ZwOpenProcessToken
    SSDT 89398118 ZwOpenSection
    SSDT 8A44ABE0 ZwOpenThread
    SSDT 8A464930 ZwProtectVirtualMemory
    SSDT 8A06D110 ZwResumeThread
    SSDT 8A062110 ZwSetContextThread
    SSDT 8A448990 ZwSetInformationProcess
    SSDT 89441068 ZwSetSystemInformation
    SSDT 8A0E2C98 ZwSuspendProcess
    SSDT 8A063118 ZwSuspendThread
    SSDT 89351110 ZwTerminateProcess
    SSDT 8A068118 ZwTerminateThread
    SSDT 89314D98 ZwUnmapViewOfSection
    SSDT 8A448F00 ZwWriteVirtualMemory
    SSDT 8A464190 ZwCreateThreadEx
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!KeSetEvent + 11D 832C1880 8 Bytes [48, 4B, 41, 89, 80, 3C, EA, ...]
    .text ntkrnlpa.exe!KeSetEvent + 131 832C1894 4 Bytes [38, A9, 44, 8A]
    .text ntkrnlpa.exe!KeSetEvent + 13D 832C18A0 4 Bytes [C8, 79, 26, 89] {ENTER 0x2679, 0x89}
    .text ntkrnlpa.exe!KeSetEvent + 191 832C18F4 4 Bytes [48, A0, FF, 89]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 832C1958 4 Bytes [B0, 05, 45, 8A]
    .text ...
    ? System32\drivers\irrtl.sys The system cannot find the path specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] ntdll.dll!RtlEncodeSystemPointer + 873 771D938B 10 Bytes JMP 047E003A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CreateDialogParamW 769572A2 5 Bytes JMP 6AE9DE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!GetAsyncKeyState 7695863C 5 Bytes JMP 6ADB8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!SetWindowsHookExW 769587AD 5 Bytes JMP 6AE99A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CallNextHookEx 76958E3B 5 Bytes JMP 6AE8D101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!UnhookWindowsHookEx 769598DB 5 Bytes JMP 6AE0466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!EnableWindow 7695CD8B 5 Bytes JMP 6AE9DCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CreateWindowExW 76961305 5 Bytes JMP 6AE9DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!GetKeyState 76968CB1 5 Bytes JMP 6AE9D28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!IsDialogMessageW 76970745 5 Bytes JMP 6ADC5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CreateDialogParamA 769717AA 5 Bytes JMP 6AF953AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!IsDialogMessage 76971847 5 Bytes JMP 6AF94C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CreateDialogIndirectParamA 769726F1 5 Bytes JMP 6AF953E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CreateDialogIndirectParamW 76979A62 5 Bytes JMP 6AF95419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!SetKeyboardState 76980987 5 Bytes JMP 6AF94FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DialogBoxParamW 769810B0 5 Bytes JMP 6ADC5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DialogBoxIndirectParamW 76982EF5 5 Bytes JMP 6AF9473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!SendInput 76982F75 5 Bytes JMP 6AF95B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!EndDialog 7698326E 5 Bytes JMP 6ADC7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!SetCursorPos 76996FB2 5 Bytes JMP 6AF95BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DialogBoxParamA 76998152 5 Bytes JMP 6AF946DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DialogBoxIndirectParamA 7699847D 5 Bytes JMP 6AF947A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!MessageBoxIndirectA 769AD4D9 5 Bytes JMP 6AF94671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!MessageBoxIndirectW 769AD5D3 5 Bytes JMP 6AF94606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!MessageBoxExA 769AD639 5 Bytes JMP 6AF945A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!MessageBoxExW 769AD65D 5 Bytes JMP 6AF94542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!keybd_event 769AD972 5 Bytes JMP 6AF95EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] SHELL32.dll!SHRestricted + D95 759D8988 4 Bytes [4D, 30, 87, 70]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] SHELL32.dll!SHRestricted + D9D 759D8990 8 Bytes [57, 2F, 87, 70, 9C, 5B, 86, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] ole32.dll!OleLoadFromStream 76F41E12 5 Bytes JMP 6AF94AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] ole32.dll!CoGetTreatAsClass + D2F 76F5FAB7 7 Bytes JMP 047E054D
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] ole32.dll!CoCreateInstance 76F79EA6 5 Bytes JMP 6AE9DB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4128] ole32.dll!CoCreateInstance + 3E 76F79EE4 7 Bytes JMP 047E0499
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] ntdll.dll!RtlEncodeSystemPointer + 873 771D938B 10 Bytes JMP 041F003A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!CreateDialogParamW 769572A2 5 Bytes JMP 6AE9DE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!GetAsyncKeyState 7695863C 5 Bytes JMP 6ADB8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!SetWindowsHookExW 769587AD 5 Bytes JMP 6AE99A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!CallNextHookEx 76958E3B 5 Bytes JMP 6AE8D101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!UnhookWindowsHookEx 769598DB 5 Bytes JMP 6AE0466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!EnableWindow 7695CD8B 5 Bytes JMP 6AE9DCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!CreateWindowExW 76961305 5 Bytes JMP 6AE9DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!GetKeyState 76968CB1 5 Bytes JMP 6AE9D28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!IsDialogMessageW 76970745 5 Bytes JMP 6ADC5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!CreateDialogParamA 769717AA 5 Bytes JMP 6AF953AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!IsDialogMessage 76971847 5 Bytes JMP 6AF94C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!CreateDialogIndirectParamA 769726F1 5 Bytes JMP 6AF953E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!CreateDialogIndirectParamW 76979A62 5 Bytes JMP 6AF95419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!SetKeyboardState 76980987 5 Bytes JMP 6AF94FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!DialogBoxParamW 769810B0 5 Bytes JMP 6ADC5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!DialogBoxIndirectParamW 76982EF5 5 Bytes JMP 6AF9473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!SendInput 76982F75 5 Bytes JMP 6AF95B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!EndDialog 7698326E 5 Bytes JMP 6ADC7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!SetCursorPos 76996FB2 5 Bytes JMP 6AF95BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!DialogBoxParamA 76998152 5 Bytes JMP 6AF946DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!DialogBoxIndirectParamA 7699847D 5 Bytes JMP 6AF947A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!MessageBoxIndirectA 769AD4D9 5 Bytes JMP 6AF94671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!MessageBoxIndirectW 769AD5D3 5 Bytes JMP 6AF94606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!MessageBoxExA 769AD639 5 Bytes JMP 6AF945A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!MessageBoxExW 769AD65D 5 Bytes JMP 6AF94542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] USER32.dll!keybd_event 769AD972 5 Bytes JMP 6AF95EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] SHELL32.dll!SHRestricted + D95 759D8988 4 Bytes [4D, 30, 87, 70]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] SHELL32.dll!SHRestricted + D9D 759D8990 8 Bytes [57, 2F, 87, 70, 9C, 5B, 86, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] ole32.dll!OleLoadFromStream 76F41E12 5 Bytes JMP 6AF94AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] ole32.dll!CoGetTreatAsClass + D2F 76F5FAB7 7 Bytes JMP 041F01A9
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] ole32.dll!CoCreateInstance 76F79EA6 5 Bytes JMP 6AE9DB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4184] ole32.dll!CoCreateInstance + 3E 76F79EE4 7 Bytes JMP 041F00F3
    .text C:\Program Files\Internet Explorer\iexplore.exe[4228] USER32.dll!CreateWindowExW 76961305 5 Bytes JMP 6AE9DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4228] USER32.dll!DialogBoxParamW 769810B0 5 Bytes JMP 6ADC5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4228] USER32.dll!DialogBoxIndirectParamW 76982EF5 5 Bytes JMP 6AF9473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4228] USER32.dll!DialogBoxParamA 76998152 5 Bytes JMP 6AF946DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4228] USER32.dll!DialogBoxIndirectParamA 7699847D 5 Bytes JMP 6AF947A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4228] USER32.dll!MessageBoxIndirectA 769AD4D9 5 Bytes JMP 6AF94671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4228] USER32.dll!MessageBoxIndirectW 769AD5D3 5 Bytes JMP 6AF94606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4228] USER32.dll!MessageBoxExA 769AD639 5 Bytes JMP 6AF945A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4228] USER32.dll!MessageBoxExW 769AD65D 5 Bytes JMP 6AF94542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] ntdll.dll!RtlEncodeSystemPointer + 873 771D938B 10 Bytes JMP 05FC003A
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CreateDialogParamW 769572A2 5 Bytes JMP 6AE9DE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!GetAsyncKeyState 7695863C 5 Bytes JMP 6ADB8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!SetWindowsHookExW 769587AD 5 Bytes JMP 6AE99A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CallNextHookEx 76958E3B 5 Bytes JMP 6AE8D101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!UnhookWindowsHookEx 769598DB 5 Bytes JMP 6AE0466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!EnableWindow 7695CD8B 5 Bytes JMP 6AE9DCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CreateWindowExW 76961305 5 Bytes JMP 6AE9DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!GetKeyState 76968CB1 5 Bytes JMP 6AE9D28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!IsDialogMessageW 76970745 5 Bytes JMP 6ADC5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CreateDialogParamA 769717AA 5 Bytes JMP 6AF953AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!IsDialogMessage 76971847 5 Bytes JMP 6AF94C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CreateDialogIndirectParamA 769726F1 5 Bytes JMP 6AF953E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CreateDialogIndirectParamW 76979A62 5 Bytes JMP 6AF95419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!SetKeyboardState 76980987 5 Bytes JMP 6AF94FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!DialogBoxParamW 769810B0 5 Bytes JMP 6ADC5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!DialogBoxIndirectParamW 76982EF5 5 Bytes JMP 6AF9473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!SendInput 76982F75 5 Bytes JMP 6AF95B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!EndDialog 7698326E 5 Bytes JMP 6ADC7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!SetCursorPos 76996FB2 5 Bytes JMP 6AF95BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!DialogBoxParamA 76998152 5 Bytes JMP 6AF946DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!DialogBoxIndirectParamA 7699847D 5 Bytes JMP 6AF947A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!MessageBoxIndirectA 769AD4D9 5 Bytes JMP 6AF94671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!MessageBoxIndirectW 769AD5D3 5 Bytes JMP 6AF94606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!MessageBoxExA 769AD639 5 Bytes JMP 6AF945A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!MessageBoxExW 769AD65D 5 Bytes JMP 6AF94542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!keybd_event 769AD972 5 Bytes JMP 6AF95EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] SHELL32.dll!SHRestricted + D95 759D8988 4 Bytes [4D, 30, 87, 70]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] SHELL32.dll!SHRestricted + D9D 759D8990 8 Bytes [57, 2F, 87, 70, 9C, 5B, 86, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] ole32.dll!OleLoadFromStream 76F41E12 5 Bytes JMP 6AF94AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] ole32.dll!CoGetTreatAsClass + D2F 76F5FAB7 7 Bytes JMP 05FC01A9
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] ole32.dll!CoCreateInstance 76F79EA6 5 Bytes JMP 6AE9DB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5664] ole32.dll!CoCreateInstance + 3E 76F79EE4 7 Bytes JMP 05FC00F3
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] ntdll.dll!RtlEncodeSystemPointer + 873 771D938B 10 Bytes JMP 03DA00AF
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogParamW 769572A2 5 Bytes JMP 6AE9DE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!GetAsyncKeyState 7695863C 5 Bytes JMP 6ADB8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetWindowsHookExW 769587AD 5 Bytes JMP 6AE99A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CallNextHookEx 76958E3B 5 Bytes JMP 6AE8D101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!UnhookWindowsHookEx 769598DB 5 Bytes JMP 6AE0466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!EnableWindow 7695CD8B 5 Bytes JMP 6AE9DCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateWindowExW 76961305 5 Bytes JMP 6AE9DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!GetKeyState 76968CB1 5 Bytes JMP 6AE9D28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!IsDialogMessageW 76970745 5 Bytes JMP 6ADC5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogParamA 769717AA 5 Bytes JMP 6AF953AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!IsDialogMessage 76971847 5 Bytes JMP 6AF94C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogIndirectParamA 769726F1 5 Bytes JMP 6AF953E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogIndirectParamW 76979A62 5 Bytes JMP 6AF95419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetKeyboardState 76980987 5 Bytes JMP 6AF94FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxParamW 769810B0 5 Bytes JMP 6ADC5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxIndirectParamW 76982EF5 5 Bytes JMP 6AF9473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SendInput 76982F75 5 Bytes JMP 6AF95B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!EndDialog 7698326E 5 Bytes JMP 6ADC7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetCursorPos 76996FB2 5 Bytes JMP 6AF95BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxParamA 76998152 5 Bytes JMP 6AF946DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxIndirectParamA 7699847D 5 Bytes JMP 6AF947A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxIndirectA 769AD4D9 5 Bytes JMP 6AF94671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxIndirectW 769AD5D3 5 Bytes JMP 6AF94606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxExA 769AD639 5 Bytes JMP 6AF945A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxExW 769AD65D 5 Bytes JMP 6AF94542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!keybd_event 769AD972 5 Bytes JMP 6AF95EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] SHELL32.dll!SHRestricted + D95 759D8988 4 Bytes [4D, 30, 87, 70]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] SHELL32.dll!SHRestricted + D9D 759D8990 8 Bytes [57, 2F, 87, 70, 9C, 5B, 86, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] ole32.dll!OleLoadFromStream 76F41E12 5 Bytes JMP 6AF94AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] ole32.dll!CoGetTreatAsClass + D2F 76F5FAB7 7 Bytes JMP 03DA0451
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] ole32.dll!CoCreateInstance 76F79EA6 5 Bytes JMP 6AE9DB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[6128] ole32.dll!CoCreateInstance + 3E 76F79EE4 7 Bytes JMP 03DA039B
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    ---- EOF - GMER 1.0.15 ----
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Download Combofix from either of the links below, and save it to your desktop.

    Link 1
    Link 2



    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------
    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    --------------------------------------------------------------------

    Double click on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.
     
  5. Artielox

    Artielox Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    12
    ty, but i disabled nortons security suite to my knowledge but combofix said there is 2 scanners curently running "Nortons Internet Security". not sure what to do and dont want to run Combofix and risk any damage, what do u rec.? so sorry, ty in advance
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    disable norton this way:

    Please navigate to the system tray on the bottom right hand corner and look for a [​IMG] sign.
    • right-click it -> chose "Disable Auto-Protect."
    • select a duration of 5 hours (this assures no interference with the cleanup of your pc)
    • click "Ok."
    • a popup will warn that protection will now be disabled and the sign will now look like this: [​IMG]
    You have successfully disabled the Norton Antivirus Guard.


    if ComboFix still complains after doing this, you should be fine, go ahead and run it.
     
  7. Artielox

    Artielox Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    12
    here is the Combofix report..

    ComboFix 10-04-17.07 - ABonfonti 04/19/2010 1:34.1.2 - x86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.3070.1905 [GMT -7:00]
    Running from: c:\users\ABonfonti\Desktop\ComboFix.exe
    AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
    c:\$recycle.bin\S-1-5-21-2336084508-2542445618-3441604682-500
    c:\users\ABonfonti\AppData\Roaming\020000003424b2cc879C.manifest
    c:\users\ABonfonti\AppData\Roaming\020000003424b2cc879O.manifest
    c:\users\ABonfonti\AppData\Roaming\020000003424b2cc879P.manifest
    c:\users\ABonfonti\AppData\Roaming\020000003424b2cc879S.manifest
    c:\users\ABonfonti\AppData\Roaming\inst.exe
    c:\users\ABonfonti\AppData\Roaming\Mozilla\Firefox\Profiles\fdxl59hq.default\extensions\{5c3c8b17-1821-4e09-a594-49c2f8cea6f0}
    c:\users\ABonfonti\AppData\Roaming\Mozilla\Firefox\Profiles\fdxl59hq.default\extensions\{5c3c8b17-1821-4e09-a594-49c2f8cea6f0}\chrome.manifest
    c:\users\ABonfonti\AppData\Roaming\Mozilla\Firefox\Profiles\fdxl59hq.default\extensions\{5c3c8b17-1821-4e09-a594-49c2f8cea6f0}\chrome\xulcache.jar
    c:\users\ABonfonti\AppData\Roaming\Mozilla\Firefox\Profiles\fdxl59hq.default\extensions\{5c3c8b17-1821-4e09-a594-49c2f8cea6f0}\defaults\preferences\xulcache.js
    c:\users\ABonfonti\AppData\Roaming\Mozilla\Firefox\Profiles\fdxl59hq.default\extensions\{5c3c8b17-1821-4e09-a594-49c2f8cea6f0}\install.rdf
    c:\users\April J Rust\AppData\Roaming\Mozilla\Firefox\Profiles\57ltecep.default\extensions\{5c3c8b17-1821-4e09-a594-49c2f8cea6f0}
    c:\users\April J Rust\AppData\Roaming\Mozilla\Firefox\Profiles\57ltecep.default\extensions\{5c3c8b17-1821-4e09-a594-49c2f8cea6f0}\chrome.manifest
    c:\users\April J Rust\AppData\Roaming\Mozilla\Firefox\Profiles\57ltecep.default\extensions\{5c3c8b17-1821-4e09-a594-49c2f8cea6f0}\chrome\xulcache.jar
    c:\users\April J Rust\AppData\Roaming\Mozilla\Firefox\Profiles\57ltecep.default\extensions\{5c3c8b17-1821-4e09-a594-49c2f8cea6f0}\defaults\preferences\xulcache.js
    c:\users\April J Rust\AppData\Roaming\Mozilla\Firefox\Profiles\57ltecep.default\extensions\{5c3c8b17-1821-4e09-a594-49c2f8cea6f0}\install.rdf
    c:\windows\TEMP\logishrd\LVPrcInj02.dll
    D:\resycled
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
    .
    2010-04-18 21:34 . 2010-04-18 21:34 -------- d-----w- c:\program files\Trend Micro
    2010-04-18 20:34 . 2010-04-18 20:34 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\Malwarebytes
    2010-04-18 20:34 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-18 20:34 . 2010-04-18 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-18 20:34 . 2010-04-18 20:34 -------- d-----w- c:\programdata\Malwarebytes
    2010-04-18 20:34 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-18 02:32 . 2010-04-18 02:32 -------- d-sh--w- c:\programdata\SysWoW32
    2010-04-17 07:24 . 2010-04-17 07:24 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\dvdcss
    2010-04-16 22:46 . 2010-04-16 22:46 -------- d-----w- c:\program files\Free RAR Extract Frog
    2010-04-16 17:25 . 2010-04-18 08:02 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\vlc
    2010-04-16 17:23 . 2010-04-16 17:23 -------- d-----w- c:\program files\VideoLAN
    2010-04-16 02:52 . 2010-04-16 02:52 -------- d-----w- c:\programdata\Azureus
    2010-04-16 02:49 . 2010-04-19 01:54 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\Azureus
    2010-04-16 02:49 . 2010-04-16 15:46 -------- d-----w- c:\program files\Vuze
    2010-04-16 02:41 . 2010-04-16 02:41 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\MusicNet
    2010-04-16 02:28 . 2010-04-16 02:52 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\BitTorrent
    2010-04-15 22:47 . 2010-04-15 22:47 256 ----a-w- c:\windows\system32\pool.bin
    2010-04-15 22:46 . 2010-04-15 22:46 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\Research In Motion
    2010-04-15 22:44 . 2009-01-09 23:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
    2010-04-15 22:44 . 2010-04-15 22:45 -------- d-----w- c:\programdata\Research In Motion
    2010-04-15 22:43 . 2010-04-15 22:44 -------- d-----w- c:\program files\Common Files\Research In Motion
    2010-04-15 22:43 . 2010-04-15 22:45 -------- d-----w- c:\program files\Research In Motion
    2010-04-15 21:49 . 2010-04-15 21:49 -------- d-----w- c:\program files\Common Files\xing shared
    2010-04-15 21:49 . 2010-04-15 21:50 -------- d-----w- c:\program files\Common Files\Real
    2010-04-15 21:37 . 2010-04-15 21:37 -------- d-----w- c:\users\ABonfonti\AppData\Local\HandBrake
    2010-04-15 21:37 . 2010-04-15 21:37 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\HandBrake
    2010-04-15 21:37 . 2010-04-15 21:37 -------- d-----w- c:\program files\Handbrake
    2010-04-15 02:36 . 2009-12-03 06:09 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
    2010-04-15 02:30 . 2010-04-15 02:31 -------- d-----w- c:\program files\Common Files\Adobe
    2010-04-15 00:12 . 2008-12-18 08:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-04-15 00:12 . 2008-06-15 17:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
    2010-04-15 00:12 . 2008-06-15 17:01 258352 ----a-w- c:\windows\system32\unicows.dll
    2010-04-15 00:12 . 2010-04-15 00:12 -------- d-----w- c:\program files\Cucusoft
    2010-04-15 00:12 . 2010-04-18 09:44 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\GetRightToGo
    2010-04-14 23:20 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-04-14 23:20 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-04-14 23:20 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-04-14 23:20 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-04-14 23:20 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-04-14 23:20 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-04-14 23:20 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-04-14 23:20 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
    2010-04-14 23:20 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2010-04-14 18:43 . 2010-04-14 18:44 -------- d-----w- c:\program files\QuickTime
    2010-04-14 17:17 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-04-14 17:17 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
    2010-04-12 20:52 . 2010-04-18 02:32 -------- d-----w- c:\users\ABonfonti\AppData\Local\CrashDumps
    2010-04-02 19:28 . 2010-04-02 19:28 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2010-04-02 14:13 . 2010-04-02 14:13 -------- d-----w- C:\N360_BACKUP
    2010-04-02 01:42 . 2010-04-02 01:42 -------- d-----w- c:\program files\iPod
    2010-04-02 01:42 . 2010-04-02 01:42 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-02 01:42 . 2010-04-02 01:42 -------- d-----w- c:\program files\iTunes
    2010-04-02 01:36 . 2010-04-02 01:36 -------- d-----w- c:\program files\Bonjour
    2010-04-02 00:49 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-04-02 00:49 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-04-02 00:49 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2010-04-01 23:32 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-04-01 23:32 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2010-04-01 23:32 . 2010-04-01 23:32 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-04-01 23:32 . 2010-04-01 23:32 -------- d-----w- c:\program files\Symantec
    2010-04-01 23:32 . 2010-04-13 18:03 -------- d-----w- c:\windows\system32\drivers\N360
    2010-04-01 23:32 . 2010-04-01 23:32 -------- d-----w- c:\program files\Norton Security Suite
    2010-04-01 23:32 . 2010-04-16 03:28 -------- d-----w- c:\program files\NortonInstaller
    2010-04-01 23:32 . 2010-04-01 23:32 -------- d-----w- c:\programdata\NortonInstaller
    2010-04-01 23:16 . 2010-04-16 03:28 -------- d-----w- c:\programdata\Norton
    2010-04-01 23:05 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-04-01 23:05 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-04-01 23:03 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-19 08:43 . 2009-08-28 19:11 386377 ----a-w- c:\programdata\nvModes.dat
    2010-04-19 08:42 . 2009-08-28 19:08 -------- d-----w- c:\programdata\NVIDIA
    2010-04-18 20:20 . 2007-08-22 16:47 -------- d-----w- c:\programdata\Roxio
    2010-04-18 18:32 . 2007-08-22 16:52 -------- d-----w- c:\program files\Microsoft Works
    2010-04-18 18:32 . 2007-08-22 16:48 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-04-18 18:32 . 2009-09-07 22:34 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\Ventrilo
    2010-04-18 18:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-04-18 09:17 . 2009-09-27 06:28 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\Roxio
    2010-04-18 09:14 . 2007-02-02 10:00 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys
    2010-04-18 02:33 . 2009-09-13 02:19 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\FrostWire
    2010-04-18 02:32 . 2010-04-18 02:32 203776 --sh--w- c:\programdata\unrar.exe
    2010-04-18 02:32 . 2010-04-18 02:32 203776 --sh--w- c:\programdata\unrar.exe
    2010-04-17 05:12 . 2010-04-17 05:12 7282688 ----a-w- c:\users\ABonfonti\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
    2010-04-17 05:12 . 2010-04-17 05:12 4141117 ----a-w- c:\users\ABonfonti\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
    2010-04-16 03:19 . 2007-08-22 17:00 -------- d-----w- c:\programdata\Symantec
    2010-04-16 03:17 . 2010-04-16 03:17 6123008 ----a-w- c:\users\ABonfonti\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
    2010-04-15 21:50 . 2010-04-15 21:50 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-04-15 21:50 . 2010-04-15 21:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-04-15 21:50 . 2010-04-15 21:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-04-15 21:50 . 2010-04-15 21:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-04-15 21:50 . 2010-04-15 21:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-04-15 21:50 . 2010-04-15 21:50 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-04-15 21:50 . 2010-04-15 21:50 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-04-15 21:50 . 2010-04-15 21:50 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-04-15 21:50 . 2010-04-15 21:50 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-04-15 21:49 . 2007-08-22 16:49 -------- d-----w- c:\program files\Real
    2010-04-03 03:05 . 2009-08-29 11:36 88208 ----a-w- c:\users\April J Rust\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-04-02 19:28 . 2009-12-13 23:26 -------- d-----w- c:\program files\AIM
    2010-04-02 01:42 . 2009-11-23 08:47 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-02 01:33 . 2010-04-02 01:33 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
    2010-04-02 01:22 . 2009-08-28 17:50 88208 ----a-w- c:\users\ABonfonti\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-04-02 00:32 . 2007-08-22 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-04-01 23:37 . 2007-08-22 16:51 -------- d-----w- c:\program files\Common Files\Java
    2010-04-01 23:36 . 2007-08-22 16:51 -------- d-----w- c:\program files\Java
    2010-04-01 23:32 . 2010-04-01 23:32 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-04-01 23:32 . 2010-04-01 23:32 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-04-01 23:10 . 2009-08-28 18:03 -------- d-----w- c:\programdata\Kaspersky Lab
    2010-04-01 23:09 . 2009-08-28 18:03 -------- d-----w- c:\program files\Kaspersky Lab
    2010-04-01 23:09 . 2009-08-28 18:02 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2010-04-01 08:00 . 2010-04-19 05:17 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100418.022\NAVENG.SYS
    2010-04-01 08:00 . 2010-04-19 05:17 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100418.022\NAVENG32.DLL
    2010-04-01 08:00 . 2010-04-19 05:17 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100418.022\NAVEX32A.DLL
    2010-04-01 08:00 . 2010-04-19 05:17 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100418.022\NAVEX15.SYS
    2010-04-01 08:00 . 2010-04-19 05:17 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100418.022\EECTRL.SYS
    2010-04-01 08:00 . 2010-04-19 05:17 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100418.022\CCERASER.DLL
    2010-04-01 08:00 . 2010-04-19 05:17 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100418.022\ECMSVR32.DLL
    2010-04-01 08:00 . 2010-04-19 05:17 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100418.022\ERASER.SYS
    2010-03-25 23:29 . 2010-04-01 23:33 786800 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
    2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHRules.dll
    2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHEngine.dll
    2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
    2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\bbRGen.dll
    2010-03-24 07:02 . 2010-04-01 23:32 897784 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CLT\cltLMSx.dll
    2010-03-09 11:28 . 2009-10-23 23:37 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-24 17:16 . 2009-10-03 03:06 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-02-23 06:39 . 2010-04-01 23:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33 . 2010-04-01 23:04 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 06:33 . 2010-04-01 23:04 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 04:55 . 2010-04-01 23:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-01-29 09:39 . 2009-09-13 02:42 4506256 ----a-w- c:\users\ABonfonti\AppData\Roaming\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
    2010-01-25 12:00 . 2010-04-01 23:03 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-25 12:00 . 2010-04-01 23:03 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-25 12:00 . 2010-04-01 23:03 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-01-25 11:58 . 2010-04-01 23:03 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-01-25 08:21 . 2010-04-01 23:03 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-25 08:21 . 2010-04-01 23:03 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-25 08:21 . 2010-04-01 23:03 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-25 08:21 . 2010-04-01 23:03 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-01-23 09:26 . 2010-04-01 23:04 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-01-22 04:07 . 2010-01-22 00:20 106 ----a-w- c:\users\April J Rust\AppData\Roaming\wklnhst.dat
    2008-09-02 03:42 . 2009-08-28 18:32 22 --sha-w- c:\windows\SMINST\HPCD.SYS
    2009-11-07 00:28 . 2009-08-28 18:03 4648480 --sha-w- c:\windows\System32\drivers\fidbox.dat
    2009-11-07 00:28 . 2009-08-28 18:03 696352 --sha-w- c:\windows\System32\drivers\fidbox2.dat
    2007-08-22 17:14 . 2007-08-22 17:08 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "DT HPW"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-07-14 81920]
    "PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2009-07-30 846448]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-08-28 398672]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-15 202256]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
    c:\users\ABonfonti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-1-22 0]
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-24 385024]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-28 813584]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):b3,db,06,8f,d0,2d,ca,01
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2007-06-19 19456]
    R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [2009-10-15 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [2009-11-26 172592]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [2010-03-24 536112]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-25 501888]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100415.001\IDSvix86.sys [2009-11-17 343088]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0401000.020\SYMTDIV.SYS [2009-11-22 340016]
    S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe [2010-02-25 126392]
    S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-06-23 109168]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-08-17 239648]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-04-01 102448]
    S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2009-03-06 108544]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - c:\users\ABonfonti\AppData\Roaming\Mozilla\Firefox\Profiles\fdxl59hq.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.comcast.net
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-19 01:43
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'Explorer.exe'(5212)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\program files\Portrait Displays\Pivot Software\winphook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\DllHost.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\system32\schtasks.exe
    c:\windows\system32\jusched.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-19 01:50:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-19 08:50
    Pre-Run: 193,818,259,456 bytes free
    Post-Run: 193,672,417,280 bytes free
    - - End Of File - - 4424C23C32A714457FF57631A3A6C9F6
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Has your subscription for Norton expired? As it shows the definitions are outdated. If so, you should remove it entirely. I would suggest replacing it with one of the excellent free Antivirus programs, I recommend Microsoft Security Essential, Avast or Avira Antivir are equally as good.

    Let me know as there is a Norton Removal tool available also as an uninstall usually leaves remnants.


    Please do the following:

    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




    NEXT

    **Vista users - right click on the IE icon and run as administrator

    Run an on-line scan with Kaspersky

    Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

    1. Click Accept, when prompted to download and install the program files and database of malware definitions.
    2. To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    3. Click Run at the Security prompt.
    The program will then begin downloading and installing and will also update the database.
    Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View scan report at the bottom.

      [​IMG]
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
     
  9. Artielox

    Artielox Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    12
    ty so far for all the help, yes i had a expired edition of "Nortons antivirus" but when i signed up for Comcast (internet/cable provider) it offered me "Nortons Security suite" for free so i used it. so as far as me having it upto date, it should be already. if u think i should just get rid of it entirely and get one u rec. i will do so. i did see in the report it said "outdated" though
     
  10. Artielox

    Artielox Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    12
    OK i removed Norton via removal tool and reinstalled it again, ran ComboFix and had better results in not finding any Norton scanners active. when i ran ComboFix in full i got different results in the log, i didnt see anything about Norton nor it being outdated like in the begining of the last posted log. let me know if this looks better and im going to proceed with the next steps. TYVM and hope to here from u soon, here is the new log.

    ComboFix 10-04-18.04 - ABonfonti 04/19/2010 23:18:27.2.2 - x86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.3070.1904 [GMT -7:00]
    Running from: c:\users\ABonfonti\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
    .
    2010-04-20 06:25 . 2010-04-20 06:25 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-04-20 06:25 . 2010-04-20 06:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-04-20 06:25 . 2010-04-20 06:25 -------- d-----w- c:\users\April J Rust\AppData\Local\temp
    2010-04-20 06:05 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-04-20 06:05 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
    2010-04-20 06:05 . 2010-04-20 06:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-04-20 06:04 . 2010-04-20 06:04 -------- d-----w- c:\program files\Norton Security Suite
    2010-04-20 06:04 . 2010-04-20 06:04 -------- d-----w- c:\program files\NortonInstaller
    2010-04-18 21:34 . 2010-04-18 21:34 -------- d-----w- c:\program files\Trend Micro
    2010-04-18 20:34 . 2010-04-18 20:34 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\Malwarebytes
    2010-04-18 20:34 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-18 20:34 . 2010-04-18 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-18 20:34 . 2010-04-18 20:34 -------- d-----w- c:\programdata\Malwarebytes
    2010-04-18 20:34 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-18 02:32 . 2010-04-18 02:32 -------- d-sh--w- c:\programdata\SysWoW32
    2010-04-17 07:24 . 2010-04-17 07:24 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\dvdcss
    2010-04-16 22:46 . 2010-04-16 22:46 -------- d-----w- c:\program files\Free RAR Extract Frog
    2010-04-16 17:25 . 2010-04-18 08:02 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\vlc
    2010-04-16 17:23 . 2010-04-16 17:23 -------- d-----w- c:\program files\VideoLAN
    2010-04-16 02:52 . 2010-04-16 02:52 -------- d-----w- c:\programdata\Azureus
    2010-04-16 02:49 . 2010-04-20 03:09 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\Azureus
    2010-04-16 02:49 . 2010-04-16 15:46 -------- d-----w- c:\program files\Vuze
    2010-04-16 02:41 . 2010-04-16 02:41 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\MusicNet
    2010-04-16 02:28 . 2010-04-16 02:52 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\BitTorrent
    2010-04-15 22:47 . 2010-04-15 22:47 256 ----a-w- c:\windows\system32\pool.bin
    2010-04-15 22:46 . 2010-04-15 22:46 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\Research In Motion
    2010-04-15 22:44 . 2009-01-09 23:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
    2010-04-15 22:44 . 2010-04-15 22:45 -------- d-----w- c:\programdata\Research In Motion
    2010-04-15 22:43 . 2010-04-15 22:44 -------- d-----w- c:\program files\Common Files\Research In Motion
    2010-04-15 22:43 . 2010-04-15 22:45 -------- d-----w- c:\program files\Research In Motion
    2010-04-15 21:49 . 2010-04-15 21:49 -------- d-----w- c:\program files\Common Files\xing shared
    2010-04-15 21:49 . 2010-04-15 21:50 -------- d-----w- c:\program files\Common Files\Real
    2010-04-15 21:37 . 2010-04-15 21:37 -------- d-----w- c:\users\ABonfonti\AppData\Local\HandBrake
    2010-04-15 21:37 . 2010-04-15 21:37 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\HandBrake
    2010-04-15 21:37 . 2010-04-15 21:37 -------- d-----w- c:\program files\Handbrake
    2010-04-15 02:30 . 2010-04-15 02:31 -------- d-----w- c:\program files\Common Files\Adobe
    2010-04-15 00:12 . 2008-12-18 08:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-04-15 00:12 . 2008-06-15 17:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
    2010-04-15 00:12 . 2008-06-15 17:01 258352 ----a-w- c:\windows\system32\unicows.dll
    2010-04-15 00:12 . 2010-04-15 00:12 -------- d-----w- c:\program files\Cucusoft
    2010-04-15 00:12 . 2010-04-18 09:44 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\GetRightToGo
    2010-04-14 23:20 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-04-14 23:20 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-04-14 23:20 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-04-14 23:20 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-04-14 23:20 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-04-14 23:20 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-04-14 23:20 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-04-14 23:20 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
    2010-04-14 23:20 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2010-04-14 18:43 . 2010-04-14 18:44 -------- d-----w- c:\program files\QuickTime
    2010-04-14 17:17 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-04-14 17:17 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
    2010-04-12 20:52 . 2010-04-18 02:32 -------- d-----w- c:\users\ABonfonti\AppData\Local\CrashDumps
    2010-04-02 19:28 . 2010-04-02 19:28 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2010-04-02 14:13 . 2010-04-02 14:13 -------- d-----w- C:\N360_BACKUP
    2010-04-02 01:42 . 2010-04-02 01:42 -------- d-----w- c:\program files\iPod
    2010-04-02 01:42 . 2010-04-02 01:42 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-02 01:42 . 2010-04-02 01:42 -------- d-----w- c:\program files\iTunes
    2010-04-02 01:36 . 2010-04-02 01:36 -------- d-----w- c:\program files\Bonjour
    2010-04-02 00:49 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-04-02 00:49 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-04-02 00:49 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2010-04-01 23:32 . 2010-04-20 06:05 -------- d-----w- c:\program files\Symantec
    2010-04-01 23:32 . 2010-04-20 06:11 -------- d-----w- c:\windows\system32\drivers\N360
    2010-04-01 23:32 . 2010-04-01 23:32 -------- d-----w- c:\programdata\NortonInstaller
    2010-04-01 23:16 . 2010-04-20 06:04 -------- d-----w- c:\programdata\Norton
    2010-04-01 23:05 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-04-01 23:05 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-04-01 23:03 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-20 06:27 . 2009-08-28 19:11 386377 ----a-w- c:\programdata\nvModes.dat
    2010-04-20 06:27 . 2009-08-28 19:08 -------- d-----w- c:\programdata\NVIDIA
    2010-04-20 06:07 . 2010-04-20 06:07 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100419.021\naveng.sys
    2010-04-20 06:07 . 2010-04-20 06:07 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100419.021\eeCtrl.sys
    2010-04-20 06:07 . 2010-04-20 06:07 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100419.021\cceraser.dll
    2010-04-20 06:07 . 2010-04-20 06:07 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100419.021\ecmsvr32.dll
    2010-04-20 06:07 . 2010-04-20 06:07 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100419.021\naveng32.dll
    2010-04-20 06:07 . 2010-04-20 06:07 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100419.021\navex32a.dll
    2010-04-20 06:07 . 2010-04-20 06:07 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100419.021\navex15.sys
    2010-04-20 06:07 . 2010-04-20 06:07 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100419.021\eraser.sys
    2010-04-20 06:05 . 2007-08-22 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-04-20 06:05 . 2010-04-20 06:05 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-04-20 06:05 . 2010-04-20 06:05 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-04-18 20:20 . 2007-08-22 16:47 -------- d-----w- c:\programdata\Roxio
    2010-04-18 18:32 . 2007-08-22 16:52 -------- d-----w- c:\program files\Microsoft Works
    2010-04-18 18:32 . 2007-08-22 16:48 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-04-18 18:32 . 2009-09-07 22:34 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\Ventrilo
    2010-04-18 18:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-04-18 09:17 . 2009-09-27 06:28 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\Roxio
    2010-04-18 09:14 . 2007-02-02 10:00 45200 ------w- c:\windows\system32\drivers\pxhelp20.sys
    2010-04-18 02:33 . 2009-09-13 02:19 -------- d-----w- c:\users\ABonfonti\AppData\Roaming\FrostWire
    2010-04-18 02:32 . 2010-04-18 02:32 203776 --sh--w- c:\programdata\unrar.exe
    2010-04-18 02:32 . 2010-04-18 02:32 203776 --sh--w- c:\programdata\unrar.exe
    2010-04-17 05:12 . 2010-04-17 05:12 7282688 ----a-w- c:\users\ABonfonti\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
    2010-04-17 05:12 . 2010-04-17 05:12 4141117 ----a-w- c:\users\ABonfonti\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
    2010-04-16 03:17 . 2010-04-16 03:17 6123008 ----a-w- c:\users\ABonfonti\AppData\Roaming\Azureus\plugins\azemp\vuzeplayer.exe
    2010-04-15 21:50 . 2010-04-15 21:50 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-04-15 21:50 . 2010-04-15 21:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-04-15 21:50 . 2010-04-15 21:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-04-15 21:50 . 2010-04-15 21:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-04-15 21:50 . 2010-04-15 21:50 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-04-15 21:50 . 2010-04-15 21:50 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-04-15 21:50 . 2010-04-15 21:50 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-04-15 21:50 . 2010-04-15 21:50 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-04-15 21:50 . 2010-04-15 21:50 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-04-15 21:49 . 2007-08-22 16:49 -------- d-----w- c:\program files\Real
    2010-04-03 03:05 . 2009-08-29 11:36 88208 ----a-w- c:\users\April J Rust\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-04-02 19:28 . 2009-12-13 23:26 -------- d-----w- c:\program files\AIM
    2010-04-02 01:42 . 2009-11-23 08:47 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-02 01:33 . 2010-04-02 01:33 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
    2010-04-02 01:22 . 2009-08-28 17:50 88208 ----a-w- c:\users\ABonfonti\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-04-01 23:37 . 2007-08-22 16:51 -------- d-----w- c:\program files\Common Files\Java
    2010-04-01 23:36 . 2007-08-22 16:51 -------- d-----w- c:\program files\Java
    2010-04-01 23:10 . 2009-08-28 18:03 -------- d-----w- c:\programdata\Kaspersky Lab
    2010-04-01 23:09 . 2009-08-28 18:03 -------- d-----w- c:\program files\Kaspersky Lab
    2010-04-01 23:09 . 2009-08-28 18:02 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2010-03-25 23:29 . 2010-04-20 06:05 786800 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
    2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHRules.dll
    2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHEngine.dll
    2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
    2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\bbRGen.dll
    2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30123\AdobeARM.exe
    2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\268\AdobeARM.exe
    2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30123\AdobeExtractFiles.dll
    2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\268\AdobeExtractFiles.dll
    2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30123\ReaderUpdater.exe
    2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30123\AcrobatUpdater.exe
    2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\268\ReaderUpdater.exe
    2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\268\AcrobatUpdater.exe
    2010-03-24 07:02 . 2010-04-20 06:04 897784 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CLT\cltLMSx.dll
    2010-03-09 11:28 . 2009-10-23 23:37 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-24 17:16 . 2009-10-03 03:06 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-02-23 06:39 . 2010-04-01 23:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33 . 2010-04-01 23:04 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 06:33 . 2010-04-01 23:04 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 04:55 . 2010-04-01 23:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-01-29 09:39 . 2009-09-13 02:42 4506256 ----a-w- c:\users\ABonfonti\AppData\Roaming\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
    2010-01-25 12:00 . 2010-04-01 23:03 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-25 12:00 . 2010-04-01 23:03 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-25 12:00 . 2010-04-01 23:03 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-01-25 11:58 . 2010-04-01 23:03 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-01-25 08:21 . 2010-04-01 23:03 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-25 08:21 . 2010-04-01 23:03 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-25 08:21 . 2010-04-01 23:03 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-25 08:21 . 2010-04-01 23:03 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-01-23 09:26 . 2010-04-01 23:04 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-01-22 04:07 . 2010-01-22 00:20 106 ----a-w- c:\users\April J Rust\AppData\Roaming\wklnhst.dat
    2008-09-02 03:42 . 2009-08-28 18:32 22 --sha-w- c:\windows\SMINST\HPCD.SYS
    2009-11-07 00:28 . 2009-08-28 18:03 4648480 --sha-w- c:\windows\System32\drivers\fidbox.dat
    2009-11-07 00:28 . 2009-08-28 18:03 696352 --sha-w- c:\windows\System32\drivers\fidbox2.dat
    2007-08-22 17:14 . 2007-08-22 17:08 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "DT HPW"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-07-14 81920]
    "PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2009-07-30 846448]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-08-28 398672]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-15 202256]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
    c:\users\ABonfonti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-1-22 0]
    Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-24 385024]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-28 813584]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):b3,db,06,8f,d0,2d,ca,01
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2007-06-19 19456]
    R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [2009-10-15 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [2009-11-26 172592]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [2010-03-24 536112]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-25 501888]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100415.001\IDSvix86.sys [2009-11-17 343088]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0401000.020\SYMTDIV.SYS [2009-11-22 340016]
    S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe [2010-02-25 126392]
    S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-06-23 109168]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-08-17 239648]
    S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2009-03-06 108544]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - c:\users\ABonfonti\AppData\Roaming\Mozilla\Firefox\Profiles\fdxl59hq.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.comcast.net
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-19 23:27
    Windows 6.0.6002 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'Explorer.exe'(4300)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\program files\Portrait Displays\Pivot Software\winphook.dll
    c:\windows\system32\cscapi.dll
    c:\windows\system32\fdproxy.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\windows\system32\mssprxy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe
    c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\DllHost.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\Portrait Displays\HP My Display\DTHtml.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Portrait Displays\Pivot Software\floater.exe
    c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-19 23:34:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-20 06:34
    ComboFix2.txt 2010-04-19 08:50
    Pre-Run: 193,160,642,560 bytes free
    Post-Run: 193,053,765,632 bytes free
    - - End Of File - - C74CB762B227A52C34752AEAFE679D7A
     
  11. Artielox

    Artielox Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    12
    K here is the Malwarebytes' log u requested

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org
    Database version: 4011
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18904
    4/19/2010 11:53:25 PM
    mbam-log-2010-04-19 (23-53-25).txt
    Scan type: Quick scan
    Objects scanned: 114465
    Time elapsed: 6 minute(s), 9 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)

    NEXT STEP..
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    that looks better, please wait for the Kapersky scan to finish it can take quite a few hours

    also please post a fresh DDS and Attach.txt and advise how the computer is running and if there are any outstanding issues
     
  13. Artielox

    Artielox Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    12
    Uh oh.. Well while I was running Kaspersky online scan at 60000kb downloaded of 92000kb my comp. Did a shutdown and went to a blue screen. Now I'm running norton in safe mode and found 35 risks so far and still running the scan now, what do u think just happend and is my comp. Screwed :(
     
  14. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    No,

    I don't imagine any serious issues will result

    Norton is probably finding cookies, which are normal to have every time you go on the internet.

    Kaspersky can be finicky at times, especially if you had Norton Active or other windows open.

    Please let me know the results of the Norton scan,

    post a fresh DDS log once it completes.
     
  15. Artielox

    Artielox Thread Starter

    Joined:
    Apr 18, 2010
    Messages:
    12
    K after the scan I'm going to try a reboot and see what happens and then get a new DDS log for u
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Redirect
  1. OncomingStorm
    Replies:
    11
    Views:
    746
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917706

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice