Here is the combo log. Not sure if you wanted the root repeal report. Again, I appreciate all your efforts but I'm almost at the point of blowing things up and starting all over. I just don't want to let the sob's win!
ComboFix 10-04-05.06 - Tim Brugnoli 04/08/2010 23:27:37.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1425 [GMT -4:00]
Running from: c:\documents and settings\Tim Brugnoli\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tim Brugnoli\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))
.
2010-04-09 02:24 . 2010-02-04 21:13 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100408.032\NAVENG.SYS
2010-04-09 02:24 . 2010-02-04 21:13 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100408.032\NAVEX15.SYS
2010-04-09 02:24 . 2009-12-09 23:57 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100408.032\CCERASER.DLL
2010-04-09 02:24 . 2009-11-07 02:30 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100408.032\EECTRL.SYS
2010-04-09 02:24 . 2009-11-07 02:30 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100408.032\ECMSVR32.DLL
2010-04-09 02:24 . 2009-11-07 02:30 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100408.032\NAVENG32.DLL
2010-04-09 02:24 . 2009-11-07 02:30 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100408.032\NAVEX32A.DLL
2010-04-09 02:24 . 2009-11-07 02:30 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100408.032\ERASER.SYS
2010-04-05 22:08 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSvix86.sys
2010-04-05 22:08 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\Scxpx86.dll
2010-04-05 22:08 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSxpx86.dll
2010-04-05 22:07 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSXpx86.sys
2010-04-05 22:07 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSviA64.sys
2010-04-05 21:57 . 2010-04-05 21:57 -------- d-----w- c:\program files\ESET
2010-04-01 05:35 . 2010-04-03 21:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-01 00:25 . 2010-04-01 00:25 388096 ----a-r- c:\documents and settings\Tim Brugnoli\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-01 00:25 . 2010-04-01 00:25 -------- d-----w- c:\program files\TrendMicro
2010-03-31 21:13 . 2010-03-31 21:13 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-31 01:03 . 2004-08-04 02:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-31 01:03 . 2004-08-04 02:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-31 01:03 . 2004-08-04 03:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-31 01:03 . 2004-08-04 03:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-31 01:03 . 2004-08-04 03:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-31 01:03 . 2004-08-04 03:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-27 15:11 . 2010-03-27 15:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-03-26 09:34 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSvix86.sys
2010-03-26 09:34 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSXpx86.sys
2010-03-26 09:34 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\Scxpx86.dll
2010-03-26 09:34 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSxpx86.dll
2010-03-26 09:34 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSviA64.sys
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-23 22:37 . 2010-03-23 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-23 22:37 . 2010-03-23 22:37 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-23 22:36 . 2010-03-24 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 01:54 . 2004-08-12 13:36 872064 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-04-09 01:17 . 2009-01-02 23:11 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-09 01:11 . 2006-02-21 01:29 -------- d-----w- c:\program files\Agent
2010-04-09 01:08 . 2006-02-21 22:31 -------- d-----w- c:\program files\EasyAgent
2010-04-06 11:07 . 2004-08-12 13:24 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-03-31 21:13 . 2010-03-02 02:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 04:46 . 2010-03-02 02:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-03-02 02:26 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 23:29 . 2009-10-17 02:35 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2010-03-02 02:26 . 2010-03-02 02:26 -------- d-----w- c:\documents and settings\Tim Brugnoli\Application Data\Malwarebytes
2010-03-02 02:26 . 2010-03-02 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-25 06:24 . 2004-08-12 13:33 916480 ------w- c:\windows\system32\wininet.dll
2007-08-25 03:52 . 2008-02-11 05:37 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\windows\system32\drivers\netbt.sys ---
Company: Microsoft Corporation
File Description: MBT Transport driver
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: netbt.sys
File size: 162816
Created time: 2004-08-12 13:24
Modified time: 2010-04-06 11:07
MD5: 0C80E410CD2F47134407EE7DD19CC86B
SHA1: FC94040533C8E2BBA6F4A5BFF8A97294CC5E4C06
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
[7] 9A65E42664D1534B68512CAAD0EFE963 872064 c:\windows\system32\Drivers\iaStor.sys
[7] 9A65E42664D1534B68512CAAD0EFE963 872064 \RP5\A0024451.sys
[7] 9A65E42664D1534B68512CAAD0EFE963 872064 \RP5\A0023447.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-04-04_18.07.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-09 02:38 . 2010-04-09 02:38 16384 c:\windows\Temp\Perflib_Perfdata_52c.dat
+ 2010-04-09 02:17 . 2008-12-04 13:17 15312 c:\windows\system32\ReinstallBackups\0031\DriverFiles\RaCoInst.dat
+ 2010-04-07 21:03 . 2010-02-27 02:23 43696 c:\windows\system32\drivers\NIS\1106000.020\srtspx.sys
+ 2010-04-07 21:15 . 2010-04-07 21:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-02-20 22:00 . 2010-04-04 16:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-02-20 22:00 . 2010-04-07 21:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-20 22:00 . 2010-04-04 16:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-04-09 02:17 . 2008-12-04 13:17 627072 c:\windows\system32\ReinstallBackups\0031\DriverFiles\rt2870.sys
+ 2010-04-09 02:17 . 2008-12-04 13:17 221184 c:\windows\system32\ReinstallBackups\0031\DriverFiles\RaCoInst.dll
+ 2010-04-07 21:03 . 2010-02-04 01:40 340016 c:\windows\system32\drivers\NIS\1106000.020\symtdiv.sys
+ 2010-04-07 21:03 . 2010-02-04 01:40 362032 c:\windows\system32\drivers\NIS\1106000.020\symtdi.sys
+ 2010-04-07 21:03 . 2010-02-04 01:40 172592 c:\windows\system32\drivers\NIS\1106000.020\symefa.sys
+ 2010-04-07 21:03 . 2009-11-05 22:06 328752 c:\windows\system32\drivers\NIS\1106000.020\symds.sys
+ 2010-04-07 21:03 . 2010-02-27 02:23 325680 c:\windows\system32\drivers\NIS\1106000.020\srtsp.sys
+ 2010-04-07 21:03 . 2010-02-27 02:23 116784 c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys
+ 2010-04-07 21:03 . 2010-02-25 23:22 501888 c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys
- 2004-08-12 13:24 . 2010-04-01 03:07 162816 c:\windows\system32\dllcache\netbt.sys
+ 2004-08-12 13:24 . 2010-04-06 11:07 162816 c:\windows\system32\dllcache\netbt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4612096]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"iRiver Updater"=\Updater.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"UIUCU"=c:\docume~1\TIMBRU~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
"BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
"<NO NAME>"=
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [4/7/2010 5:03 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [4/7/2010 5:03 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [3/24/2010 4:38 PM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [4/7/2010 5:03 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [4/7/2010 5:03 PM 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [4/7/2010 5:03 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/17/2009 10:38 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSXpx86.sys [3/26/2010 5:34 AM 329592]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\TIMBRU~1\LOCALS~1\Temp\00000be9.nmc\nse\bin\ndiskio.sys --> c:\docume~1\TIMBRU~1\LOCALS~1\Temp\00000be9.nmc\nse\bin\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\TIMBRU~1\LOCALS~1\Temp\00000cf5.nmc\nse\bin\nsak.sys --> c:\docume~1\TIMBRU~1\LOCALS~1\Temp\00000cf5.nmc\nse\bin\nsak.sys [?]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [11/20/2009 8:57 PM 627072]
.
Contents of the 'Scheduled Tasks' folder
2009-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]
2010-04-07 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Tim Brugnoli.job
- c:\program files\Norton Internet Security\Engine\17.6.0.32\navw32.exe [2010-04-07 23:51]
2010-01-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
2009-05-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-05 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.optimum.net/News/Weather?sta ... nton,%20NJuSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-08 23:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x887E8AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecfc3
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> atapi.sys @ 0xba7117b4
\Driver\iaStor -> iaStor.sys @ 0xba648b10
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-08 23:38:21
ComboFix-quarantined-files.txt 2010-04-09 03:38
ComboFix2.txt 2010-04-09 03:14
ComboFix3.txt 2010-04-07 02:41
ComboFix4.txt 2010-04-06 10:59
ComboFix5.txt 2010-04-09 03:25
Pre-Run: 181,386,940,416 bytes free
Post-Run: 181,369,753,600 bytes free
- - End Of File - - A2E2ECC1F6D8373463127F6E24D37EBF