Help with C Drive space please

P

Prototypical

New Member
Hi. I recently download and installed a game which was 8gb. Before i downloaded the game i had about 70gb of space. after downloading the .rar file, extracting it, installing the game, and downloading a few things needed to play the game, i had only about 20gb left. So i deleted the .rar, the extracted files and the other files i needed for the game. I just kept the 8gb folder where the game is. after doing that i only have 26gb left :( Those were the only things i downloaded and i only kept the 8gb folder so i should have about 60gb left. why 26?
 
lol yes i emptied the recylce bin. i ran ccleaner, i used smart defrag and ran a defrag and fast optimize and still nothing. if anything i lost space because i am now up to 21gb.
 
How much space do you have system restore using? Are you running XP? Reduce system restore usage down to about 5-6 percent. If that don't work then its possible that you are infected.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware


Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
ok hijackthis finished but malware is still scanning. and i went to check system restore and it said that i had it turned off so i left it off. this is the log for hijack


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:00:52 PM, on 12/19/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Albert\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - (no file)
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [U36VRSFLG6] C:\Users\Albert\AppData\Local\Temp\Qnr.exe
O4 - HKCU\..\Run: [MNTK1K67YO] C:\Users\Albert\AppData\Local\Temp\Qnq.exe
O4 - HKCU\..\Run: [NtWqIVLZEWZU] C:\Users\Albert\AppData\Local\Temp\Qnu.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D78AB608-BA18-49FB-B58E-A1044727D2B6}: NameServer = 209.18.47.61,209.18.47.62
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8291 bytes
 
ok malware just finished. this is the log file


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5358

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/19/2010 12:11:36 PM
mbam-log-2010-12-19 (12-11-36).txt

Scan type: Quick scan
Objects scanned: 141014
Time elapsed: 11 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MNTK1K67YO (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\U36VRSFLG6 (Trojan.FakeAlert) -> Value: U36VRSFLG6 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MNTK1K67YO (Trojan.FakeAlert) -> Value: MNTK1K67YO -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NtWqIVLZEWZU (Trojan.FakeAlert) -> Value: NtWqIVLZEWZU -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
 
Your supposed to finish scanning with malwarebytes before posting the hijackthis log. So you'll have to post a fresh log after malwarebytes finishes.
 
oh -.- ok srry here is the new hijack log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:13:35 PM, on 12/19/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Albert\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - (no file)
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D78AB608-BA18-49FB-B58E-A1044727D2B6}: NameServer = 209.18.47.61,209.18.47.62
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8060 bytes
 
You will need to disable nortons before running the folllowing program.


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
:D wow i checked the memory and i had 69 gb... Here is the combofix log


ComboFix 10-12-18.02 - Albert 12/19/2010 12:30:15.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.839 [GMT -5:00]
Running from: c:\users\Albert\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\drivers\mxlitk.sys
c:\windows\system32\mi2.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_rpcikfyo


((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-19 17:42 . 2010-12-19 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-19 17:22 . 2010-12-19 17:22 -------- d-----w- c:\program files\Elf_1
2010-12-19 16:58 . 2010-12-19 16:58 -------- d-----w- c:\users\Albert\AppData\Roaming\Malwarebytes
2010-12-19 16:58 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 16:58 . 2010-12-19 16:58 -------- d-----w- c:\programdata\Malwarebytes
2010-12-19 16:58 . 2010-12-19 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-19 16:58 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 16:46 . 2010-12-19 16:46 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-19 16:46 . 2010-12-19 16:46 -------- d-----w- c:\program files\Symantec
2010-12-19 16:46 . 2010-12-19 16:46 -------- d-----w- c:\windows\system32\drivers\NAV
2010-12-19 16:46 . 2010-12-19 16:46 -------- d-----w- c:\program files\Norton AntiVirus
2010-12-19 16:46 . 2010-12-19 16:47 -------- d-----w- c:\programdata\Norton
2010-12-19 15:44 . 2010-12-19 15:44 -------- d-----w- c:\users\Albert\AppData\Local\Tific
2010-12-19 15:44 . 2010-12-19 15:44 -------- d-----w- c:\users\Albert\AppData\Roaming\Tific
2010-12-19 00:24 . 2010-12-19 00:24 -------- d-----w- c:\program files\Bing Bar Installer
2010-12-18 05:37 . 2010-12-18 05:37 -------- d-----w- C:\Intel
2010-12-18 04:18 . 2010-12-18 22:25 -------- d-----w- c:\users\Albert\AppData\Local\Activision
2010-12-17 21:25 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF96AF60-2718-498C-B016-6DB22838D517}\mpengine.dll
2010-12-16 01:17 . 2010-12-19 16:45 -------- d-----w- c:\program files\NortonInstaller
2010-12-16 01:08 . 2010-10-21 20:08 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-16 01:08 . 2010-10-21 18:30 389632 ----a-w- c:\windows\system32\html.iec
2010-12-16 01:08 . 2010-10-20 17:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-16 01:08 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 01:08 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-16 00:57 . 2010-12-16 00:57 -------- d-----w- c:\users\Albert\AppData\Local\{72224FFC-1897-4377-BBBB-0FB67A18003B}
2010-12-16 00:57 . 2010-12-16 00:57 -------- d-----w- c:\users\Albert\AppData\Local\{50085461-A1AE-454E-9EE3-B850E83D11EA}
2010-12-14 21:57 . 2010-12-14 21:57 -------- d-----w- c:\program files\ConduitEngine
2010-12-14 21:57 . 2010-12-14 21:57 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-12-14 21:46 . 2010-12-14 21:46 -------- d-----w- c:\users\Albert\AppData\Local\{C9A59ED5-C364-49D5-94D4-8E5D81AC8EDF}
2010-12-13 20:30 . 2010-12-13 20:30 -------- d-----w- c:\users\Albert\AppData\Local\{2B03BF7C-19B6-4E50-8069-9F34274A2946}
2010-12-12 18:00 . 2010-12-12 18:00 -------- d-----w- c:\users\Albert\AppData\Local\{3C465E1B-A9BB-4792-914F-E1DCFA5A5F25}
2010-12-12 18:00 . 2010-12-16 00:57 -------- d-----w- c:\users\Albert\Tracing
2010-12-12 17:47 . 2010-12-12 17:48 -------- d-----w- c:\program files\Windows Live
2010-12-12 17:46 . 2010-12-16 00:57 -------- d-----w- c:\users\Albert\AppData\Local\Windows Live
2010-12-12 17:17 . 2010-12-12 17:17 -------- d-----w- c:\users\Albert\AppData\Roaming\JAM Software
2010-12-12 17:17 . 2010-12-12 17:17 -------- d-----w- c:\program files\JAM Software
2010-12-07 22:59 . 2010-12-08 03:12 -------- d-----w- c:\users\Albert\AppData\Roaming\FVZilla
2010-11-26 18:02 . 2010-11-26 18:20 -------- d-----w- c:\users\Albert\AppData\Roaming\Ventrilo
2010-11-24 19:07 . 2010-12-05 16:20 -------- d-----w- c:\program files\Kaiba Corp VDS
2010-11-24 18:18 . 2010-12-04 16:08 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-24 18:07 . 2010-12-04 16:01 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-24 18:07 . 2010-11-24 18:07 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-24 18:06 . 2010-11-24 18:18 -------- d-----w- c:\programdata\Hitman Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-19 00:30 . 2009-11-13 02:15 139152 ----a-w- c:\users\Albert\AppData\Roaming\PnkBstrK.sys
2010-12-19 00:28 . 2009-11-13 02:15 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-19 00:28 . 2009-11-13 02:15 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-18 23:52 . 2009-11-13 02:15 111928 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-18 22:10 . 2009-11-15 22:56 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-17 22:02 . 2009-12-02 21:52 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-11 22:27 . 2009-11-13 02:15 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-10 07:54 . 2010-11-10 07:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-10-19 15:41 . 2009-10-10 03:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2008-06-30 17:44 . 2009-07-23 22:49 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2010-08-04 05:41 . 2009-11-14 22:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]
"{22e03916-85c5-44b0-8dc9-1830c11238d9}"= "c:\program files\Elf_1\tbElf_.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e03916-85c5-44b0-8dc9-1830c11238d9}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\Elf_1\tbElf_.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Softonic-Eng7\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]
"{22e03916-85c5-44b0-8dc9-1830c11238d9}"= "c:\program files\Elf_1\tbElf_.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]
"{22E03916-85C5-44B0-8DC9-1830C11238D9}"= "c:\program files\Elf_1\tbElf_.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Google Update"="c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-17 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-04 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

c:\users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xlkfs.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^Albert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-04 05:41 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-10-03 18:05 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 01:15 1826816 ----a-w- c:\windows\SkyTel.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;c:\users\Albert\AppData\Local\Temp\nso6458.tmp\TfFRegNt.sys [x]
R3 ByakkoDriver;ByakkoDriver;c:\users\Albert\AppData\Local\Temp\17339542.11-11-2009 [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-04 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-08 3290184]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]
R3 XDva327;XDva327;c:\windows\system32\XDva327.sys [x]
R3 XDva332;XDva332;c:\windows\system32\XDva332.sys [x]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-07 691696]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1100000.088\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1100000.088\SYMEFA.SYS [2009-08-30 169008]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx86.sys [2009-08-30 506928]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1100000.088\ccHPx86.sys [2009-08-24 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20090828.002\IDSVix86.sys [2009-08-30 342576]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1100000.088\Ironx86.SYS [2009-08-30 114736]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NAV\1100000.088\SYMTDIV.SYS [2009-08-30 338480]
S1 xlkfs;xlkfs;c:\windows\system32\DRIVERS\xlkfs.sys [2009-09-14 18432]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-19 102448]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748510194-217282370-3783705229-1000Core.job
- c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-05 22:24]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748510194-217282370-3783705229-1000UA.job
- c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-05 22:24]

2010-12-06 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-07-20 22:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {D78AB608-BA18-49FB-B58E-A1044727D2B6} = 209.18.47.61,209.18.47.62
FF - ProfilePath - c:\users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\ke3fg30w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62219&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: The Banana Bar Toolbar: {d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c} - %profile%\extensions\{d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}
FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Battlefield Heroes Updater: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Webs Credits 2: {90037cad-93df-4feb-9624-76c8ac58f253} - %profile%\extensions\{90037cad-93df-4feb-9624-76c8ac58f253}
FF - Ext: Pokemon Equinox Toolbar: {e2219a9b-b543-4544-970f-d2ed275e2bd2} - %profile%\extensions\{e2219a9b-b543-4544-970f-d2ed275e2bd2}
FF - Ext: FIFA Online Web Launcher: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: FoxyProxy Standard: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyProxy Basic: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: [email protected] - c:\users\Albert\AppData\Roaming\Move Networks
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-c:\program files\Free Video Zilla\FVZilla.exe - (no file)
MSConfigStartUp-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
MSConfigStartUp-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
AddRemove-Acoustica Effects Pack - c:\progra~1\ACOUST~2\UNWISE.EXE
AddRemove-Acoustica Mixcraft 5 - c:\progra~1\ACOUST~1\Unwise.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 12:47
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ByakkoDriver]
"ImagePath"="\??\c:\users\Albert\AppData\Local\Temp\17339542.11-11-2009"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\DllHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\Power Saver\TPwrMain.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-12-19 12:54:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-19 17:54

Pre-Run: 22,474,125,312 bytes free
Post-Run: 74,042,089,472 bytes free

- - End Of File - - 678EE7958F658A99126DBE2641C84105



and here is the new hijack log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:03 PM, on 12/19/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Users\Albert\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
R3 - URLSearchHook: Elf 1 Toolbar - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files\Elf_1\tbElf_.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Elf 1 Toolbar - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files\Elf_1\tbElf_.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - (no file)
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
O3 - Toolbar: Elf 1 Toolbar - {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files\Elf_1\tbElf_.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D78AB608-BA18-49FB-B58E-A1044727D2B6}: NameServer = 209.18.47.61,209.18.47.62
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7466 bytes
 
Move combofix to your desktop so you can perform the next procedure.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
File:
c:\windows\system32\XDva281.sys 
c:\windows\system32\XDva327.sys 
c:\windows\system32\XDva332.sys 
c:\windows\system32\XDva337.sys 
c:\windows\system32\XDva370.sys 

Driver: 
XDva281
XDva327
XDva332
XDva337
XDva370
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
Last edited:
ok here is the log


ComboFix 10-12-18.02 - Albert 12/19/2010 14:28:06.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.891 [GMT -5:00]
Running from: c:\users\Albert\Downloads\ComboFix.exe
Command switches used :: c:\users\Albert\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Norton AntiVirus *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-19 19:41 . 2010-12-19 19:41 -------- d-----w- c:\users\Graboid Account\AppData\Local\temp
2010-12-19 19:41 . 2010-12-19 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-19 17:22 . 2010-12-19 17:22 -------- d-----w- c:\program files\Elf_1
2010-12-19 16:58 . 2010-12-19 16:58 -------- d-----w- c:\users\Albert\AppData\Roaming\Malwarebytes
2010-12-19 16:58 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 16:58 . 2010-12-19 16:58 -------- d-----w- c:\programdata\Malwarebytes
2010-12-19 16:58 . 2010-12-19 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-19 16:58 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 16:46 . 2010-12-19 16:46 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-19 16:46 . 2010-12-19 16:46 -------- d-----w- c:\program files\Symantec
2010-12-19 16:46 . 2010-12-19 16:46 -------- d-----w- c:\windows\system32\drivers\NAV
2010-12-19 16:46 . 2010-12-19 16:46 -------- d-----w- c:\program files\Norton AntiVirus
2010-12-19 16:46 . 2010-12-19 16:47 -------- d-----w- c:\programdata\Norton
2010-12-19 15:44 . 2010-12-19 15:44 -------- d-----w- c:\users\Albert\AppData\Local\Tific
2010-12-19 15:44 . 2010-12-19 15:44 -------- d-----w- c:\users\Albert\AppData\Roaming\Tific
2010-12-19 00:24 . 2010-12-19 00:24 -------- d-----w- c:\program files\Bing Bar Installer
2010-12-18 05:37 . 2010-12-18 05:37 -------- d-----w- C:\Intel
2010-12-18 04:18 . 2010-12-18 22:25 -------- d-----w- c:\users\Albert\AppData\Local\Activision
2010-12-17 21:25 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF96AF60-2718-498C-B016-6DB22838D517}\mpengine.dll
2010-12-16 01:17 . 2010-12-19 16:45 -------- d-----w- c:\program files\NortonInstaller
2010-12-16 01:08 . 2010-10-21 20:08 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-16 01:08 . 2010-10-21 18:30 389632 ----a-w- c:\windows\system32\html.iec
2010-12-16 01:08 . 2010-10-20 17:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-16 01:08 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 01:08 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-16 00:57 . 2010-12-16 00:57 -------- d-----w- c:\users\Albert\AppData\Local\{72224FFC-1897-4377-BBBB-0FB67A18003B}
2010-12-16 00:57 . 2010-12-16 00:57 -------- d-----w- c:\users\Albert\AppData\Local\{50085461-A1AE-454E-9EE3-B850E83D11EA}
2010-12-14 21:57 . 2010-12-14 21:57 -------- d-----w- c:\program files\ConduitEngine
2010-12-14 21:57 . 2010-12-14 21:57 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-12-14 21:46 . 2010-12-14 21:46 -------- d-----w- c:\users\Albert\AppData\Local\{C9A59ED5-C364-49D5-94D4-8E5D81AC8EDF}
2010-12-13 20:30 . 2010-12-13 20:30 -------- d-----w- c:\users\Albert\AppData\Local\{2B03BF7C-19B6-4E50-8069-9F34274A2946}
2010-12-12 18:00 . 2010-12-12 18:00 -------- d-----w- c:\users\Albert\AppData\Local\{3C465E1B-A9BB-4792-914F-E1DCFA5A5F25}
2010-12-12 18:00 . 2010-12-16 00:57 -------- d-----w- c:\users\Albert\Tracing
2010-12-12 17:47 . 2010-12-12 17:48 -------- d-----w- c:\program files\Windows Live
2010-12-12 17:46 . 2010-12-16 00:57 -------- d-----w- c:\users\Albert\AppData\Local\Windows Live
2010-12-12 17:17 . 2010-12-12 17:17 -------- d-----w- c:\users\Albert\AppData\Roaming\JAM Software
2010-12-12 17:17 . 2010-12-12 17:17 -------- d-----w- c:\program files\JAM Software
2010-12-07 22:59 . 2010-12-08 03:12 -------- d-----w- c:\users\Albert\AppData\Roaming\FVZilla
2010-11-26 18:02 . 2010-11-26 18:20 -------- d-----w- c:\users\Albert\AppData\Roaming\Ventrilo
2010-11-24 19:07 . 2010-12-05 16:20 -------- d-----w- c:\program files\Kaiba Corp VDS
2010-11-24 18:18 . 2010-12-04 16:08 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-24 18:07 . 2010-12-04 16:01 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-24 18:07 . 2010-11-24 18:07 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-24 18:06 . 2010-11-24 18:18 -------- d-----w- c:\programdata\Hitman Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-19 00:30 . 2009-11-13 02:15 139152 ----a-w- c:\users\Albert\AppData\Roaming\PnkBstrK.sys
2010-12-19 00:28 . 2009-11-13 02:15 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-19 00:28 . 2009-11-13 02:15 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-18 23:52 . 2009-11-13 02:15 111928 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-18 22:10 . 2009-11-15 22:56 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-17 22:02 . 2009-12-02 21:52 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-11 22:27 . 2009-11-13 02:15 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-10 07:54 . 2010-11-10 07:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-10-19 15:41 . 2009-10-10 03:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2008-06-30 17:44 . 2009-07-23 22:49 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2010-08-04 05:41 . 2009-11-14 22:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]
"{22e03916-85c5-44b0-8dc9-1830c11238d9}"= "c:\program files\Elf_1\tbElf_.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e03916-85c5-44b0-8dc9-1830c11238d9}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\Elf_1\tbElf_.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Softonic-Eng7\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]
"{22e03916-85c5-44b0-8dc9-1830c11238d9}"= "c:\program files\Elf_1\tbElf_.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]
"{22E03916-85C5-44B0-8DC9-1830C11238D9}"= "c:\program files\Elf_1\tbElf_.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Google Update"="c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-17 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-04 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

c:\users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xlkfs.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^Albert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-04 05:41 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-10-03 18:05 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 01:15 1826816 ----a-w- c:\windows\SkyTel.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;c:\users\Albert\AppData\Local\Temp\nso6458.tmp\TfFRegNt.sys [x]
R3 ByakkoDriver;ByakkoDriver;c:\users\Albert\AppData\Local\Temp\17339542.11-11-2009 [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-04 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-08 3290184]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]
R3 XDva327;XDva327;c:\windows\system32\XDva327.sys [x]
R3 XDva332;XDva332;c:\windows\system32\XDva332.sys [x]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-07 691696]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1100000.088\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1100000.088\SYMEFA.SYS [2009-08-30 169008]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1100000.088\ccHPx86.sys [2009-08-24 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101215.001\IDSvix86.sys [2010-12-01 353912]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1100000.088\Ironx86.SYS [2009-08-30 114736]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NAV\1100000.088\SYMTDIV.SYS [2009-08-30 338480]
S1 xlkfs;xlkfs;c:\windows\system32\DRIVERS\xlkfs.sys [2009-09-14 18432]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-19 102448]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748510194-217282370-3783705229-1000Core.job
- c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-05 22:24]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748510194-217282370-3783705229-1000UA.job
- c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-05 22:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {D78AB608-BA18-49FB-B58E-A1044727D2B6} = 209.18.47.61,209.18.47.62
FF - ProfilePath - c:\users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\ke3fg30w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62219&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: The Banana Bar Toolbar: {d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c} - %profile%\extensions\{d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}
FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Battlefield Heroes Updater: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Webs Credits 2: {90037cad-93df-4feb-9624-76c8ac58f253} - %profile%\extensions\{90037cad-93df-4feb-9624-76c8ac58f253}
FF - Ext: Pokemon Equinox Toolbar: {e2219a9b-b543-4544-970f-d2ed275e2bd2} - %profile%\extensions\{e2219a9b-b543-4544-970f-d2ed275e2bd2}
FF - Ext: FIFA Online Web Launcher: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: FoxyProxy Standard: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyProxy Basic: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: [email protected] - c:\users\Albert\AppData\Roaming\Move Networks
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 14:41
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ByakkoDriver]
"ImagePath"="\??\c:\users\Albert\AppData\Local\Temp\17339542.11-11-2009"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2010-12-19 14:52:49
ComboFix-quarantined-files.txt 2010-12-19 19:52
ComboFix2.txt 2010-12-19 17:54

Pre-Run: 74,076,766,208 bytes free
Post-Run: 74,043,400,192 bytes free

- - End Of File - - 5399C71239B7ABF6AF5F42E839C2AC65
 
My bad.... Please use this script and run it again. I failed to write it correctly.

Code: 
File::
c:\windows\system32\XDva281.sys 
c:\windows\system32\XDva327.sys 
c:\windows\system32\XDva332.sys 
c:\windows\system32\XDva337.sys 
c:\windows\system32\XDva370.sys 

Driver::
XDva281
XDva327
XDva332
XDva337
XDva370
 
hehe its alright here is the log


ComboFix 10-12-18.02 - Albert 12/19/2010 16:29:06.3.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.843 [GMT -5:00]
Running from: c:\users\Albert\Downloads\ComboFix.exe
Command switches used :: c:\users\Albert\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Norton AntiVirus *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\system32\XDva281.sys"
"c:\windows\system32\XDva327.sys"
"c:\windows\system32\XDva332.sys"
"c:\windows\system32\XDva337.sys"
"c:\windows\system32\XDva370.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA281
-------\Legacy_XDVA327
-------\Legacy_XDVA332
-------\Legacy_XDVA337
-------\Legacy_XDVA370
-------\Service_XDva281
-------\Service_XDva327
-------\Service_XDva332
-------\Service_XDva337
-------\Service_XDva370


((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-19 21:42 . 2010-12-19 21:42 -------- d-----w- c:\users\Graboid Account\AppData\Local\temp
2010-12-19 17:22 . 2010-12-19 17:22 -------- d-----w- c:\program files\Elf_1
2010-12-19 16:58 . 2010-12-19 16:58 -------- d-----w- c:\users\Albert\AppData\Roaming\Malwarebytes
2010-12-19 16:58 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 16:58 . 2010-12-19 16:58 -------- d-----w- c:\programdata\Malwarebytes
2010-12-19 16:58 . 2010-12-19 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-19 16:58 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 16:46 . 2010-12-19 16:46 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-19 16:46 . 2010-12-19 16:46 -------- d-----w- c:\program files\Symantec
2010-12-19 16:46 . 2010-12-19 21:45 -------- d-----w- c:\windows\system32\drivers\NAV
2010-12-19 16:46 . 2010-12-19 16:46 -------- d-----w- c:\program files\Norton AntiVirus
2010-12-19 16:46 . 2010-12-19 16:47 -------- d-----w- c:\programdata\Norton
2010-12-19 15:44 . 2010-12-19 15:44 -------- d-----w- c:\users\Albert\AppData\Local\Tific
2010-12-19 15:44 . 2010-12-19 15:44 -------- d-----w- c:\users\Albert\AppData\Roaming\Tific
2010-12-19 00:24 . 2010-12-19 00:24 -------- d-----w- c:\program files\Bing Bar Installer
2010-12-18 05:37 . 2010-12-18 05:37 -------- d-----w- C:\Intel
2010-12-18 04:18 . 2010-12-18 22:25 -------- d-----w- c:\users\Albert\AppData\Local\Activision
2010-12-17 21:25 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF96AF60-2718-498C-B016-6DB22838D517}\mpengine.dll
2010-12-16 01:17 . 2010-12-19 16:45 -------- d-----w- c:\program files\NortonInstaller
2010-12-16 01:08 . 2010-10-21 20:08 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-16 01:08 . 2010-10-21 18:30 389632 ----a-w- c:\windows\system32\html.iec
2010-12-16 01:08 . 2010-10-20 17:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-16 01:08 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 01:08 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-16 00:57 . 2010-12-16 00:57 -------- d-----w- c:\users\Albert\AppData\Local\{72224FFC-1897-4377-BBBB-0FB67A18003B}
2010-12-16 00:57 . 2010-12-16 00:57 -------- d-----w- c:\users\Albert\AppData\Local\{50085461-A1AE-454E-9EE3-B850E83D11EA}
2010-12-14 21:57 . 2010-12-14 21:57 -------- d-----w- c:\program files\ConduitEngine
2010-12-14 21:57 . 2010-12-14 21:57 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-12-14 21:46 . 2010-12-14 21:46 -------- d-----w- c:\users\Albert\AppData\Local\{C9A59ED5-C364-49D5-94D4-8E5D81AC8EDF}
2010-12-13 20:30 . 2010-12-13 20:30 -------- d-----w- c:\users\Albert\AppData\Local\{2B03BF7C-19B6-4E50-8069-9F34274A2946}
2010-12-12 18:00 . 2010-12-12 18:00 -------- d-----w- c:\users\Albert\AppData\Local\{3C465E1B-A9BB-4792-914F-E1DCFA5A5F25}
2010-12-12 18:00 . 2010-12-16 00:57 -------- d-----w- c:\users\Albert\Tracing
2010-12-12 17:47 . 2010-12-12 17:48 -------- d-----w- c:\program files\Windows Live
2010-12-12 17:46 . 2010-12-16 00:57 -------- d-----w- c:\users\Albert\AppData\Local\Windows Live
2010-12-12 17:17 . 2010-12-12 17:17 -------- d-----w- c:\users\Albert\AppData\Roaming\JAM Software
2010-12-12 17:17 . 2010-12-12 17:17 -------- d-----w- c:\program files\JAM Software
2010-12-07 22:59 . 2010-12-08 03:12 -------- d-----w- c:\users\Albert\AppData\Roaming\FVZilla
2010-11-26 18:02 . 2010-11-26 18:20 -------- d-----w- c:\users\Albert\AppData\Roaming\Ventrilo
2010-11-24 19:07 . 2010-12-05 16:20 -------- d-----w- c:\program files\Kaiba Corp VDS
2010-11-24 18:18 . 2010-12-04 16:08 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-24 18:07 . 2010-12-04 16:01 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-24 18:07 . 2010-11-24 18:07 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-24 18:06 . 2010-11-24 18:18 -------- d-----w- c:\programdata\Hitman Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-19 00:30 . 2009-11-13 02:15 139152 ----a-w- c:\users\Albert\AppData\Roaming\PnkBstrK.sys
2010-12-19 00:28 . 2009-11-13 02:15 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-19 00:28 . 2009-11-13 02:15 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-18 23:52 . 2009-11-13 02:15 111928 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-18 22:10 . 2009-11-15 22:56 682280 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-17 22:02 . 2009-12-02 21:52 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-12-11 22:27 . 2009-11-13 02:15 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-10 07:54 . 2010-11-10 07:54 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-10-19 15:41 . 2009-10-10 03:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2008-06-30 17:44 . 2009-07-23 22:49 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2010-08-04 05:41 . 2009-11-14 22:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]
"{22e03916-85c5-44b0-8dc9-1830c11238d9}"= "c:\program files\Elf_1\tbElf_.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e03916-85c5-44b0-8dc9-1830c11238d9}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\Elf_1\tbElf_.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Softonic-Eng7\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]
"{22e03916-85c5-44b0-8dc9-1830c11238d9}"= "c:\program files\Elf_1\tbElf_.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]
"{22E03916-85C5-44B0-8DC9-1830C11238D9}"= "c:\program files\Elf_1\tbElf_.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{22e03916-85c5-44b0-8dc9-1830c11238d9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Google Update"="c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-17 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-04 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

c:\users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xlkfs.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^Albert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-04 05:41 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-10-03 18:05 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 01:15 1826816 ----a-w- c:\windows\SkyTel.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;c:\users\Albert\AppData\Local\Temp\nso6458.tmp\TfFRegNt.sys [x]
R3 ByakkoDriver;ByakkoDriver;c:\users\Albert\AppData\Local\Temp\17339542.11-11-2009 [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-04 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-08 3290184]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-07 691696]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101215.001\IDSvix86.sys [2010-12-01 353912]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1107000.00C\SYMTDIV.SYS [2010-05-06 339504]
S1 xlkfs;xlkfs;c:\windows\system32\DRIVERS\xlkfs.sys [2009-09-14 18432]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-19 102448]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748510194-217282370-3783705229-1000Core.job
- c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-05 22:24]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-748510194-217282370-3783705229-1000UA.job
- c:\users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-05 22:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {D78AB608-BA18-49FB-B58E-A1044727D2B6} = 209.18.47.61,209.18.47.62
FF - ProfilePath - c:\users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\ke3fg30w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62219&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: The Banana Bar Toolbar: {d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c} - %profile%\extensions\{d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}
FF - Ext: Black Steel: {e2c58150-9d72-11dd-ad8b-0800200c9a66} - %profile%\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Battlefield Heroes Updater: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Webs Credits 2: {90037cad-93df-4feb-9624-76c8ac58f253} - %profile%\extensions\{90037cad-93df-4feb-9624-76c8ac58f253}
FF - Ext: Pokemon Equinox Toolbar: {e2219a9b-b543-4544-970f-d2ed275e2bd2} - %profile%\extensions\{e2219a9b-b543-4544-970f-d2ed275e2bd2}
FF - Ext: FIFA Online Web Launcher: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: FoxyProxy Standard: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyProxy Basic: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: [email protected] - c:\users\Albert\AppData\Roaming\Move Networks
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 16:52
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ByakkoDriver]
"ImagePath"="\??\c:\users\Albert\AppData\Local\Temp\17339542.11-11-2009"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2010-12-19 17:03:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-19 22:03
ComboFix2.txt 2010-12-19 19:52
ComboFix3.txt 2010-12-19 17:54

Pre-Run: 73,949,409,280 bytes free
Post-Run: 73,941,098,496 bytes free

- - End Of File - - 1B31787CCA7D5EA9D994BA0337DBEFE0
 
Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.
 
ok that one took a while.


C:\Users\Albert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\20db519d-185c503b probably a variant of Win32/Agent.FXHNPDJ trojan
C:\Users\Albert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\6a0409a5-2c9cf8cd probably a variant of Win32/Agent.FXHNPDJ trojan
C:\Users\Albert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\7cc1ceff-3035d73e a variant of Java/Rowindal.A trojan
C:\Users\Albert\Desktop\Etc\Norton AntiVirus 2010 v17.0.0.136\BOX_NTR_v1.4.0_BETA.Edition\BOX_NTR2010_v1.4BE.exe Win32/Packed.Autoit.E.Gen application
 
Did you get nortons legally? Looks like you may have downloaded it illegally.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

infection-found.jpg


To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

scan-completed.jpg


If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.
 
no i download the free 30-day norton antivirus trial and then when the 30 days run out, i use this program that renews the 30 days. should i delete it? and here is the log


2010/12/20 17:19:59.0827 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/20 17:19:59.0827 ================================================================================
2010/12/20 17:19:59.0827 SystemInfo:
2010/12/20 17:19:59.0827
2010/12/20 17:19:59.0827 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/20 17:19:59.0827 Product type: Workstation
2010/12/20 17:19:59.0828 ComputerName: ALBERT-PC
2010/12/20 17:19:59.0828 UserName: Albert
2010/12/20 17:19:59.0828 Windows directory: C:\Windows
2010/12/20 17:19:59.0828 System windows directory: C:\Windows
2010/12/20 17:19:59.0828 Processor architecture: Intel x86
2010/12/20 17:19:59.0828 Number of processors: 1
2010/12/20 17:19:59.0828 Page size: 0x1000
2010/12/20 17:19:59.0828 Boot type: Normal boot
2010/12/20 17:19:59.0828 ================================================================================
2010/12/20 17:20:01.0242 Initialize success
2010/12/20 17:20:09.0483 ================================================================================
2010/12/20 17:20:09.0483 Scan started
2010/12/20 17:20:09.0483 Mode: Manual;
2010/12/20 17:20:09.0483 ================================================================================
2010/12/20 17:20:10.0936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/20 17:20:11.0186 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/20 17:20:11.0783 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/20 17:20:12.0296 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/20 17:20:12.0499 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/20 17:20:12.0566 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/20 17:20:12.0836 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/12/20 17:20:13.0456 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/20 17:20:14.0587 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/20 17:20:14.0777 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/20 17:20:14.0860 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/20 17:20:14.0911 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/20 17:20:14.0954 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/20 17:20:14.0989 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/20 17:20:15.0113 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/20 17:20:15.0165 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/20 17:20:15.0221 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/20 17:20:15.0318 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2010/12/20 17:20:15.0532 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/20 17:20:15.0976 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
2010/12/20 17:20:16.0145 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/20 17:20:16.0187 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/20 17:20:16.0322 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/20 17:20:16.0374 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/20 17:20:16.0477 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/20 17:20:16.0535 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/20 17:20:16.0578 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/20 17:20:16.0609 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/20 17:20:16.0697 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/20 17:20:17.0117 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\NAV\1108000.005\ccHPx86.sys
2010/12/20 17:20:17.0224 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/20 17:20:17.0296 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/20 17:20:17.0418 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/20 17:20:17.0494 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/20 17:20:17.0598 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/20 17:20:17.0811 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/20 17:20:17.0992 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/20 17:20:18.0089 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/20 17:20:18.0147 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/20 17:20:18.0285 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/20 17:20:18.0425 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/20 17:20:18.0568 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/20 17:20:18.0728 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/20 17:20:18.0846 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/20 17:20:19.0010 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/20 17:20:19.0130 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/20 17:20:19.0239 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/20 17:20:19.0442 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/20 17:20:19.0568 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/12/20 17:20:19.0739 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/20 17:20:19.0818 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/20 17:20:19.0893 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/20 17:20:20.0015 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/20 17:20:20.0087 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/20 17:20:20.0123 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/20 17:20:20.0239 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/20 17:20:20.0316 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/20 17:20:20.0407 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2010/12/20 17:20:20.0449 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/20 17:20:20.0488 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/12/20 17:20:20.0566 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2010/12/20 17:20:20.0664 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/20 17:20:20.0755 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/20 17:20:20.0880 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/20 17:20:20.0920 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/20 17:20:20.0996 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/20 17:20:21.0147 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/20 17:20:21.0220 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2010/12/20 17:20:21.0311 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/20 17:20:21.0347 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/20 17:20:21.0428 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/20 17:20:21.0530 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/20 17:20:21.0719 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101215.001\IDSvix86.sys
2010/12/20 17:20:21.0937 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/20 17:20:22.0041 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/20 17:20:22.0181 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/20 17:20:22.0288 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/20 17:20:22.0322 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/20 17:20:22.0486 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/20 17:20:22.0546 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/20 17:20:22.0584 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/20 17:20:22.0603 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/20 17:20:22.0635 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/20 17:20:22.0755 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/20 17:20:22.0796 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/20 17:20:22.0830 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/20 17:20:22.0863 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/20 17:20:22.0954 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/20 17:20:22.0997 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
2010/12/20 17:20:23.0035 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
2010/12/20 17:20:23.0121 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/20 17:20:23.0276 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/12/20 17:20:23.0337 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/20 17:20:23.0372 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/12/20 17:20:23.0415 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/20 17:20:23.0502 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/20 17:20:23.0534 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/20 17:20:23.0560 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/20 17:20:23.0578 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/20 17:20:23.0618 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/20 17:20:23.0716 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/20 17:20:23.0754 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/20 17:20:23.0780 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/20 17:20:23.0885 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/20 17:20:23.0914 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/20 17:20:23.0951 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/20 17:20:23.0984 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/20 17:20:24.0074 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/20 17:20:24.0134 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/20 17:20:24.0200 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/20 17:20:24.0231 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/20 17:20:24.0347 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/20 17:20:24.0384 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2010/12/20 17:20:24.0410 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/20 17:20:24.0549 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/20 17:20:24.0589 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/20 17:20:24.0679 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/20 17:20:24.0790 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/20 17:20:24.0920 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/20 17:20:25.0074 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/20 17:20:25.0146 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/20 17:20:25.0184 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/20 17:20:25.0213 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/20 17:20:25.0343 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/20 17:20:25.0551 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101219.003\NAVENG.SYS
2010/12/20 17:20:25.0627 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101219.003\NAVEX15.SYS
2010/12/20 17:20:25.0771 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/20 17:20:25.0860 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/20 17:20:25.0926 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/20 17:20:26.0039 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/20 17:20:26.0129 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/20 17:20:26.0222 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/20 17:20:26.0323 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/20 17:20:26.0451 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/20 17:20:26.0512 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/20 17:20:26.0605 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/20 17:20:26.0779 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/20 17:20:26.0887 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/20 17:20:26.0964 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/20 17:20:26.0998 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/12/20 17:20:27.0040 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/12/20 17:20:27.0141 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/12/20 17:20:27.0224 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/12/20 17:20:27.0268 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/20 17:20:27.0329 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/20 17:20:27.0428 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/20 17:20:27.0507 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/20 17:20:27.0545 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/20 17:20:27.0577 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/20 17:20:27.0691 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/20 17:20:27.0915 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/20 17:20:27.0961 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/20 17:20:28.0044 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/20 17:20:28.0156 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/20 17:20:28.0220 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/20 17:20:28.0325 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/20 17:20:28.0379 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/20 17:20:28.0410 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/20 17:20:28.0438 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/20 17:20:28.0556 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/20 17:20:28.0620 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/20 17:20:28.0695 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/20 17:20:28.0799 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/20 17:20:28.0838 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/20 17:20:28.0857 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/20 17:20:28.0942 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/20 17:20:29.0085 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/20 17:20:29.0149 RTL8169 (2dd5dd25fb68975d094ae57d46097f48) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/12/20 17:20:29.0222 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
2010/12/20 17:20:29.0330 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
2010/12/20 17:20:29.0371 RTSTOR (f5825e41286556ddb8cc83a91d88f3c6) C:\Windows\system32\drivers\RTSTOR.SYS
2010/12/20 17:20:29.0427 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/20 17:20:29.0584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/20 17:20:29.0678 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/20 17:20:29.0733 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/20 17:20:29.0820 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/20 17:20:29.0867 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/12/20 17:20:29.0936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/20 17:20:30.0010 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/20 17:20:30.0088 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/20 17:20:30.0197 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/20 17:20:30.0215 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/20 17:20:30.0288 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/20 17:20:30.0432 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/20 17:20:30.0530 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/20 17:20:30.0660 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/12/20 17:20:30.0660 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/12/20 17:20:30.0669 sptd - detected Locked file (1)
2010/12/20 17:20:30.0782 SQTECH905C (7724447e0bc2fa6d5a2e44c66ed770cf) C:\Windows\system32\Drivers\Capt905c.sys
2010/12/20 17:20:30.0963 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\NAV\1108000.005\SRTSP.SYS
2010/12/20 17:20:31.0150 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\NAV\1108000.005\SRTSPX.SYS
2010/12/20 17:20:31.0255 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/20 17:20:31.0370 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/20 17:20:31.0450 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/20 17:20:31.0538 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
2010/12/20 17:20:31.0668 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/20 17:20:31.0714 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/20 17:20:31.0842 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\NAV\1108000.005\SYMDS.SYS
2010/12/20 17:20:32.0047 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\NAV\1108000.005\SYMEFA.SYS
2010/12/20 17:20:32.0117 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/12/20 17:20:32.0336 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\NAV\1108000.005\Ironx86.SYS
2010/12/20 17:20:32.0402 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\NAV\1108000.005\SYMTDIV.SYS
2010/12/20 17:20:32.0505 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/20 17:20:32.0545 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/20 17:20:32.0613 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/20 17:20:32.0780 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/20 17:20:32.0958 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/20 17:20:33.0102 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/20 17:20:33.0150 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2010/12/20 17:20:33.0211 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/20 17:20:33.0268 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/20 17:20:33.0385 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/20 17:20:33.0471 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/20 17:20:33.0637 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
2010/12/20 17:20:33.0707 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/20 17:20:33.0801 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/20 17:20:33.0861 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/20 17:20:33.0905 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2010/12/20 17:20:33.0951 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/20 17:20:34.0075 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/20 17:20:34.0151 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/20 17:20:34.0187 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/20 17:20:34.0211 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/20 17:20:34.0327 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/20 17:20:34.0360 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/20 17:20:34.0412 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/20 17:20:34.0446 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/20 17:20:34.0535 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/20 17:20:34.0616 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/20 17:20:34.0678 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
2010/12/20 17:20:34.0787 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/20 17:20:34.0821 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/12/20 17:20:34.0897 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/20 17:20:35.0034 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/20 17:20:35.0100 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/20 17:20:35.0165 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/20 17:20:35.0270 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/20 17:20:35.0310 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/20 17:20:35.0341 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/20 17:20:35.0455 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/12/20 17:20:35.0528 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/20 17:20:35.0596 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/20 17:20:35.0722 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/20 17:20:35.0796 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/20 17:20:35.0844 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/20 17:20:35.0940 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/20 17:20:35.0954 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/20 17:20:35.0999 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/20 17:20:36.0076 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/20 17:20:36.0300 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/20 17:20:36.0362 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/20 17:20:36.0391 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/20 17:20:36.0535 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/20 17:20:36.0619 xlkfs (c9962dbf735263d77f2e3e6200e939d0) C:\Windows\system32\DRIVERS\xlkfs.sys
2010/12/20 17:20:36.0684 ================================================================================
2010/12/20 17:20:36.0684 Scan finished
2010/12/20 17:20:36.0684 ================================================================================
2010/12/20 17:20:36.0699 Detected object count: 1
2010/12/20 17:21:26.0666 Locked file(sptd) - User select action: Skip
 
Yes get rid of it, it's an infected file. And besides what you are doing is illegal.

C:\Users\Albert\Desktop\Etc\Norton AntiVirus 2010 v17.0.0.136\BOX_NTR_v1.4.0_BETA.Edition\BOX_NTR201 0_v1.4BE.exe

Download and install either Microsoft Security Essentials or Avast Antivirus.

http://www.microsoft.com/security_essentials/

http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html

Follow the instructions here on how to delete your java cache.

http://www.java.com/en/download/help/plugin_cache.xml
 
....the game he probably was trying to get was illegal too. id hate to say it, when you try to get 'free' stuff you pick up this crap. :/
 
You must log in or register to reply here.
Back
Top