Author Topic: [Inactive] Hijacking mtc.makemesearch.com (Read 1560 times)

DonkeyDragon · « **on:** February 12, 2012, 12:18:34 PM »

Spybot S&D found Huntbar.stoolbar and mtc.makemesearch.com. It shows that it can fix Huntbar.stoolbar but not mtc.makemesearch.com. After spybot is finished I can run it again and it shows that there are no items found. I know there is still something nasty in there because if i leave the computer alone weird things will happen: volume control will disappear and norton anti virus will uninstall on its own. I then do a system restore and volume control will return and I can reinstall norton but if i run spybot after the restore it will find Huntbar.stoolbar and mtc.makemesearch.com just like it did before.

I have been reading forums for days to try to find a solution.
i need help. i have hijackthis if a log would be helpful.

Bear · « **Reply #1 on:** February 12, 2012, 01:20:37 PM »

Hi Dragon

Malware is very difficult to remove and can severely compromise your data. We know you are anxious to deal with it so please read this: http://spywarehammer.com/simplemachinesforum/index.php?topic=12262.0 and follow those instructions. As soon as you post the requested information, a malware removal specialist will help you.

DonkeyDragon · « **Reply #2 on:** February 12, 2012, 01:41:32 PM »

Spybot S&D found Huntbar.stoolbar and mtc.makemesearch.com. It shows that it can fix Huntbar.stoolbar but not mtc.makemesearch.com. After spybot is finished I can run it again and it shows that there are no items found. I know there is still something nasty in there because if i leave the computer alone weird things will happen: volume control will disappear and norton anti virus will uninstall on its own. I then do a system restore and volume control will return and I can reinstall norton but if i run spybot after the restore it will find Huntbar.stoolbar and mtc.makemesearch.com just like it did before.

I have been reading forums for days to try to find a solution.
i need help. i have hijackthis if a log would be helpful.

first dds log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3DMark06
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belkin Setup and Router Monitor
Belkin Wireless Utility
Bonjour
CCleaner
Diablo II
DivX Setup
Download Manager 2.3.7
EverQuest II
EverQuest II Extended
FFLM version 11.00
Futuremark Measurement Services Client
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
iTunes
Java(TM) 6 Update 17
Lexmark Photo Center
Lexmark Z700-P700 Series
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.24)
Music Manager
Norton AntiVirus
NVIDIA Control Panel 260.99
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA nView 135.36
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
OverDrive Media Console
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
ScenePD 5
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sid Meier's Civilization 4
Sid Meier's Civilization V
Sid Meier's Pirates!
Spybot - Search & Destroy
SpywareBlaster 4.6
Steam
System Requirements Lab
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VideoLAN VLC media player 0.8.6f
Warhammer Online: Age of Reckoning Beta
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live ID Sign-in Assistant
Windows XP Service Pack 3
WinPatrol
X-Lite 3.0
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================

2nd dds log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Run by STOUT at 14:32:26 on 2012-02-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.746 [GMT -5:00]
.
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [DriverUpdaterPro] c:\program files\ixi tools\driver updater pro\DriverUpdaterPro.exe -t
uRun: [Google Update] "c:\documents and settings\stout\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\documents and settings\stout\local settings\application data\programs\google\musicmanager\MusicManager.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [GEST]
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [wltray.exe] c:\windows\system32\wltray.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220045636656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B1205748-A0BE-455D-93A1-9C5BD2E96CF1} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\stout\application data\mozilla\firefox\profiles\2iqes1ho.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z129&form=ZGAADF&install_date=20110902&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\stout\application data\mozilla\firefox\profiles\2iqes1ho.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-02-12 18:12:33   388216   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\symtdi.sys
2012-02-12 18:12:33   345208   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\symtdiv.sys
2012-02-12 18:12:33   318584   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\symnets.sys
2012-02-12 18:12:32   905336   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\symefa.sys
2012-02-12 18:12:32   574584   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\srtsp.sys
2012-02-12 18:12:32   340088   ----a-r-   c:\windows\system32\drivers\nav\1305000.091\symds.sys
2012-02-12 18:12:32   32888   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\srtspx.sys
2012-02-12 18:12:32   149624   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\ironx86.sys
2012-02-12 18:12:31   132744   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\ccsetx86.sys
2012-02-12 18:12:06   4782   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\symvtcer.dat
2012-02-12 18:12:06   --------   d-----w-   c:\windows\system32\drivers\nav\1305000.091
2012-02-12 04:29:46   60872   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2012-02-12 04:29:46   141944   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-12 04:29:46   --------   d-----w-   c:\program files\Symantec
2012-02-12 04:29:46   --------   d-----w-   c:\program files\common files\Symantec Shared
2012-02-12 04:04:31   --------   d-----w-   c:\program files\SpywareBlaster
2012-02-12 04:03:55   --------   d-----w-   c:\program files\NortonInstaller
2012-02-12 03:40:15   --------   d-----w-   c:\documents and settings\stout\application data\WinPatrol
2012-02-12 03:40:04   --------   d-----w-   c:\program files\BillP Studios
2012-02-12 03:40:03   --------   d-----w-   c:\documents and settings\all users\application data\InstallMate
2012-02-12 02:34:58   --------   d-----w-   c:\documents and settings\stout\application data\Malwarebytes
2012-02-12 02:34:53   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2012-02-12 02:34:52   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-12 02:34:52   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-02-12 02:26:37   --------   d-----w-   c:\program files\CCleaner
2012-02-12 01:40:58   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2012-02-12 01:40:58   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-02-10 02:52:07   388096   ----a-r-   c:\documents and settings\stout\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-10 02:52:06   --------   d-----w-   c:\program files\Trend Micro
2012-02-08 06:05:36   --------   d-----w-   c:\documents and settings\all users\application data\PCSettings
2012-02-08 05:37:12   --------   d-----w-   c:\documents and settings\stout\local settings\application data\LogMeIn Rescue Applet
2012-01-28 17:36:31   --------   d-----w-   c:\program files\Maxis
.
==================== Find3M ====================
.
2012-02-11 03:32:20   12464   ----a-w-   c:\windows\system32\drivers\secdrv.sys
2011-12-20 03:32:27   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:25:32   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 12:35:08   60416   ----a-w-   c:\windows\system32\packager.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L200R0 rev.BAH41G10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89B9949F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89ba0738]; MOV EAX, [0x89ba08ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8ADACAB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000077[0x8ADB3A98]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8ADB5238]
\Driver\atapi[0x8A5B2030] -> IRP_MJ_CREATE -> 0x89B9949F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89B992C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 14:34:06.70 ===============

Hoov · « **Reply #3 on:** February 12, 2012, 02:13:35 PM »

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

'Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may \"make changes to your registry\" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot''s Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes'' Anti-Malware
Launch Malwarebytes'' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the \"Perform Quick Scan\" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and \"Scan in progress\" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say \"The scan completed successfully. Click ''Show Results'' to display all objects found\".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.');

Download TDSSKiller and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application. Now click Start Scan.

Click on Change parameters and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue.

Click on Reboot Now if you are asked to reboot the computer.

If reboot is NOT required, click on Report. Please copy that file. If a reboot IS required, the report can also be found in your root directory (usually C:\ folder). It's file name will take the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt]". Please copy that file.

DonkeyDragon · « **Reply #4 on:** February 12, 2012, 03:14:12 PM »

1. things i have done: Searched through registry and system files for items that other forums said might be associated with this problem. none were found. I downloaded hijack this, malware bytes, winpatrol and spyware blaster. i used them all a little bit to see if they could fix problem. i got the latest updates for norton and spybot s&D and reran them.

The symptoms of the problem are not crippling, more annoying. like i said before if i just use the computer normally the volume controls and norton will uninstall on their own. I think other windows programs may be uninstalling as it seems that there are spaces where icons should be in places like control panel. also computer seems to be running slow.

new updates of norton found and killed a virus last night that it said was high risk during a scan. it did see the virus before the latest update.

I believe i may have gotten this problem when attempting to watch a streaming video at surfthechannel.com

malwarebytes report

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.12.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
STOUT :: STOUT [administrator]

2/12/2012 3:37:49 PM
mbam-log-2012-02-12 (15-37-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237788
Time elapsed: 12 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

TDS Killer logs: reboot was necessary. having trouble finding log.
can find C:\TDSSKiller_Quarantine\12.02.2012_15.46.55\mbr0000
then ther are 2 folders: mbr0000, and tdlfs0000 both contain configuration settings and DTA files, also there is a DTA file:
[InfectedObject]
Verdict: Rootkit.Boot.Pihar.b

Hoov · « **Reply #5 on:** February 12, 2012, 03:22:18 PM »

Try running TDSSKiller again.

DonkeyDragon · « **Reply #6 on:** February 12, 2012, 03:45:54 PM »

tdsskiller report

15:59:29.0593 0568   TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
15:59:29.0906 0568   ============================================================
15:59:29.0906 0568   Current date / time: 2012/02/12 15:59:29.0906
15:59:29.0906 0568   SystemInfo:
15:59:29.0906 0568
15:59:29.0906 0568   OS Version: 5.1.2600 ServicePack: 3.0
15:59:29.0906 0568   Product type: Workstation
15:59:29.0906 0568   ComputerName: STOUT
15:59:29.0906 0568   UserName: STOUT
15:59:29.0906 0568   Windows directory: C:\WINDOWS
15:59:29.0906 0568   System windows directory: C:\WINDOWS
15:59:29.0906 0568   Processor architecture: Intel x86
15:59:29.0906 0568   Number of processors: 2
15:59:29.0906 0568   Page size: 0x1000
15:59:29.0906 0568   Boot type: Normal boot
15:59:29.0906 0568   ============================================================
15:59:33.0140 0568   Drive \Device\Harddisk0\DR0 - Size: 0x2F7AFF7E00 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:59:33.0140 0568   \Device\Harddisk0\DR0:
15:59:33.0140 0568   MBR used
15:59:33.0140 0568   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD13D8
15:59:33.0140 0568   Initialize success
15:59:33.0140 0568   ============================================================
16:44:09.0187 1736   ============================================================
16:44:09.0187 1736   Scan started
16:44:09.0187 1736   Mode: Manual;
16:44:09.0187 1736   ============================================================
16:44:09.0703 1736   Abiosdsk - ok
16:44:09.0734 1736   abp480n5 - ok
16:44:09.0812 1736   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:44:09.0828 1736   ACPI - ok
16:44:09.0890 1736   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:44:09.0906 1736   ACPIEC - ok
16:44:09.0937 1736   adpu160m - ok
16:44:09.0984 1736   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:44:10.0015 1736   aec - ok
16:44:10.0078 1736   AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:44:10.0078 1736   AegisP - ok
16:44:10.0109 1736   AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:44:10.0125 1736   AFD - ok
16:44:10.0156 1736   AFGMp50 - ok
16:44:10.0218 1736   AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
16:44:10.0218 1736   AFGSp50 - ok
16:44:10.0250 1736   Aha154x - ok
16:44:10.0281 1736   aic78u2 - ok
16:44:10.0328 1736   aic78xx - ok
16:44:10.0359 1736   AliIde - ok
16:44:10.0390 1736   amsint - ok
16:44:10.0421 1736   asc - ok
16:44:10.0453 1736   asc3350p - ok
16:44:10.0484 1736   asc3550 - ok
16:44:10.0546 1736   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:44:10.0546 1736   AsyncMac - ok
16:44:10.0609 1736   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:44:10.0609 1736   atapi - ok
16:44:10.0640 1736   Atdisk - ok
16:44:10.0687 1736   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:44:10.0687 1736   Atmarpc - ok
16:44:10.0765 1736   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:44:10.0781 1736   audstub - ok
16:44:10.0828 1736   BCM43XX (30f4485f9e9ad79c2dfa1e579b2f90c6) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:44:10.0828 1736   BCM43XX - ok
16:44:10.0859 1736   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:44:10.0859 1736   Beep - ok
16:44:11.0046 1736   BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
16:44:11.0062 1736   BHDrvx86 - ok
16:44:11.0171 1736   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:44:11.0171 1736   cbidf2k - ok
16:44:11.0250 1736   ccSet_NAV (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NAV\1305000.091\ccSetx86.sys
16:44:11.0265 1736   ccSet_NAV - ok
16:44:11.0281 1736   cd20xrnt - ok
16:44:11.0328 1736   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:44:11.0328 1736   Cdaudio - ok
16:44:11.0406 1736   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:44:11.0406 1736   Cdfs - ok
16:44:11.0453 1736   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:44:11.0453 1736   Cdrom - ok
16:44:11.0484 1736   Changer - ok
16:44:11.0546 1736   CmdIde - ok
16:44:11.0656 1736   Cpqarray - ok
16:44:11.0734 1736   cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
16:44:11.0750 1736   cpudrv - ok
16:44:11.0781 1736   dac2w2k - ok
16:44:11.0812 1736   dac960nt - ok
16:44:11.0859 1736   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:44:11.0875 1736   Disk - ok
16:44:11.0953 1736   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:44:11.0984 1736   dmboot - ok
16:44:12.0015 1736   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:44:12.0031 1736   dmio - ok
16:44:12.0046 1736   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:44:12.0062 1736   dmload - ok
16:44:12.0093 1736   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:44:12.0093 1736   DMusic - ok
16:44:12.0140 1736   dpti2o - ok
16:44:12.0171 1736   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:44:12.0171 1736   drmkaud - ok
16:44:12.0218 1736   eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:44:12.0250 1736   eeCtrl - ok
16:44:12.0296 1736   ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
16:44:12.0296 1736   ENTECH - ok
16:44:12.0328 1736   EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:44:12.0328 1736   EraserUtilRebootDrv - ok
16:44:12.0421 1736   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:44:12.0437 1736   Fastfat - ok
16:44:12.0500 1736   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:44:12.0515 1736   Fdc - ok
16:44:12.0593 1736   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:44:12.0609 1736   Fips - ok
16:44:12.0656 1736   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:44:12.0656 1736   Flpydisk - ok
16:44:12.0671 1736   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:44:12.0703 1736   FltMgr - ok
16:44:12.0734 1736   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:44:12.0750 1736   Fs_Rec - ok
16:44:12.0765 1736   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:44:12.0781 1736   Ftdisk - ok
16:44:12.0812 1736   gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
16:44:13.0171 1736   gdrv - ok
16:44:13.0281 1736   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:44:13.0281 1736   GEARAspiWDM - ok
16:44:13.0343 1736   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:44:13.0343 1736   Gpc - ok
16:44:13.0390 1736   HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:44:13.0406 1736   HDAudBus - ok
16:44:13.0437 1736   hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:44:13.0453 1736   hidusb - ok
16:44:13.0484 1736   hpn - ok
16:44:13.0562 1736   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:44:13.0593 1736   HTTP - ok
16:44:13.0640 1736   i2omgmt - ok
16:44:13.0671 1736   i2omp - ok
16:44:13.0718 1736   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:44:13.0718 1736   i8042prt - ok
16:44:13.0843 1736   IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSxpx86.sys
16:44:13.0875 1736   IDSxpx86 - ok
16:44:13.0906 1736   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:44:13.0906 1736   Imapi - ok
16:44:13.0937 1736   ini910u - ok
16:44:14.0140 1736   IntcAzAudAddService (053517d1bcadf00bedb21fb7218c8f33) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:44:14.0281 1736   IntcAzAudAddService - ok
16:44:14.0312 1736   IntelIde - ok
16:44:14.0343 1736   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:44:14.0343 1736   intelppm - ok
16:44:14.0468 1736   ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:44:14.0468 1736   ip6fw - ok
16:44:14.0531 1736   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:44:14.0531 1736   IpFilterDriver - ok
16:44:14.0640 1736   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:44:14.0640 1736   IpInIp - ok
16:44:14.0671 1736   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:44:14.0687 1736   IpNat - ok
16:44:14.0718 1736   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:44:14.0718 1736   IPSec - ok
16:44:14.0765 1736   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:44:14.0765 1736   IRENUM - ok
16:44:14.0812 1736   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:44:14.0812 1736   isapnp - ok
16:44:14.0859 1736   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:44:14.0859 1736   Kbdclass - ok
16:44:14.0906 1736   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:44:14.0921 1736   kmixer - ok
16:44:14.0968 1736   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:44:14.0968 1736   KSecDD - ok
16:44:15.0015 1736   lbrtfdc - ok
16:44:15.0078 1736   MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
16:44:15.0078 1736   MBAMSwissArmy - ok
16:44:15.0140 1736   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:44:15.0156 1736   mnmdd - ok
16:44:15.0203 1736   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:44:15.0203 1736   Modem - ok
16:44:15.0312 1736   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:44:15.0312 1736   Mouclass - ok
16:44:15.0390 1736   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:44:15.0390 1736   mouhid - ok
16:44:15.0421 1736   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:44:15.0421 1736   MountMgr - ok
16:44:15.0453 1736   mraid35x - ok
16:44:15.0484 1736   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:44:15.0500 1736   MRxDAV - ok
16:44:15.0593 1736   MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:44:15.0609 1736   MRxSmb - ok
16:44:15.0656 1736   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:44:15.0656 1736   Msfs - ok
16:44:15.0703 1736   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:44:15.0703 1736   MSKSSRV - ok
16:44:15.0750 1736   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:44:15.0750 1736   MSPCLOCK - ok
16:44:15.0812 1736   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:44:15.0812 1736   MSPQM - ok
16:44:15.0890 1736   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:44:15.0890 1736   mssmbios - ok
16:44:15.0937 1736   Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:44:15.0953 1736   Mup - ok
16:44:16.0125 1736   NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120211.006\NAVENG.SYS
16:44:16.0125 1736   NAVENG - ok
16:44:16.0187 1736   NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120211.006\NAVEX15.SYS
16:44:16.0203 1736   NAVEX15 - ok
16:44:16.0281 1736   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:44:16.0296 1736   NDIS - ok
16:44:16.0343 1736   NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:44:16.0343 1736   NdisTapi - ok
16:44:16.0390 1736   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:44:16.0390 1736   Ndisuio - ok
16:44:16.0421 1736   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:44:16.0437 1736   NdisWan - ok
16:44:16.0468 1736   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:44:16.0468 1736   NDProxy - ok
16:44:16.0531 1736   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:44:16.0531 1736   NetBIOS - ok
16:44:16.0625 1736   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:44:16.0640 1736   NetBT - ok
16:44:16.0687 1736   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:44:16.0687 1736   Npfs - ok
16:44:16.0734 1736   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:44:16.0765 1736   Ntfs - ok
16:44:16.0796 1736   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:44:16.0796 1736   Null - ok
16:44:17.0125 1736   nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:44:17.0375 1736   nv - ok
16:44:17.0421 1736   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:44:17.0437 1736   NwlnkFlt - ok
16:44:17.0484 1736   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:44:17.0484 1736   NwlnkFwd - ok
16:44:17.0562 1736   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:44:17.0578 1736   Parport - ok
16:44:17.0656 1736   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:44:17.0656 1736   PartMgr - ok
16:44:17.0703 1736   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:44:17.0703 1736   ParVdm - ok
16:44:17.0734 1736   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:44:17.0734 1736   PCI - ok
16:44:17.0765 1736   PCIDump - ok
16:44:17.0812 1736   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:44:17.0828 1736   PCIIde - ok
16:44:17.0875 1736   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:44:17.0906 1736   Pcmcia - ok
16:44:17.0921 1736   PDCOMP - ok
16:44:17.0953 1736   PDFRAME - ok
16:44:17.0984 1736   PDRELI - ok
16:44:18.0031 1736   PDRFRAME - ok
16:44:18.0062 1736   perc2 - ok
16:44:18.0093 1736   perc2hib - ok
16:44:18.0171 1736   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:44:18.0171 1736   PptpMiniport - ok
16:44:18.0203 1736   Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:44:18.0203 1736   Processor - ok
16:44:18.0250 1736   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:44:18.0250 1736   PSched - ok
16:44:18.0281 1736   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:44:18.0281 1736   Ptilink - ok
16:44:18.0328 1736   PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:44:18.0343 1736   PxHelp20 - ok
16:44:18.0359 1736   ql1080 - ok
16:44:18.0406 1736   Ql10wnt - ok
16:44:18.0437 1736   ql12160 - ok
16:44:18.0468 1736   ql1240 - ok
16:44:18.0500 1736   ql1280 - ok
16:44:18.0531 1736   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:44:18.0531 1736   RasAcd - ok
16:44:18.0656 1736   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:44:18.0656 1736   Rasl2tp - ok
16:44:18.0687 1736   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:44:18.0687 1736   RasPppoe - ok
16:44:18.0718 1736   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:44:18.0718 1736   Raspti - ok
16:44:18.0750 1736   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:44:18.0765 1736   Rdbss - ok
16:44:18.0796 1736   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:44:18.0796 1736   RDPCDD - ok
16:44:18.0843 1736   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:44:18.0843 1736   rdpdr - ok
16:44:18.0906 1736   RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:44:18.0921 1736   RDPWD - ok
16:44:18.0953 1736   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:44:18.0953 1736   redbook - ok
16:44:19.0015 1736   RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:44:19.0031 1736   RTLE8023xp - ok
16:44:19.0093 1736   Secdrv (890cada2ab7acf53a5f9cce7515522a2) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:44:19.0109 1736   Secdrv - ok
16:44:19.0140 1736   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:44:19.0140 1736   serenum - ok
16:44:19.0171 1736   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:44:19.0171 1736   Serial - ok
16:44:19.0265 1736   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:44:19.0281 1736   Sfloppy - ok
16:44:19.0328 1736   Simbad - ok
16:44:19.0359 1736   Sparrow - ok
16:44:19.0406 1736   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:44:19.0406 1736   splitter - ok
16:44:19.0453 1736   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:44:19.0453 1736   sr - ok
16:44:19.0578 1736   SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\System32\Drivers\NAV\1305000.091\SRTSP.SYS
16:44:19.0593 1736   SRTSP - ok
16:44:19.0703 1736   SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NAV\1305000.091\SRTSPX.SYS
16:44:19.0718 1736   SRTSPX - ok
16:44:19.0765 1736   Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:44:19.0781 1736   Srv - ok
16:44:19.0859 1736   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:44:19.0859 1736   swenum - ok
16:44:19.0890 1736   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:44:19.0890 1736   swmidi - ok
16:44:19.0937 1736   symc810 - ok
16:44:19.0968 1736   symc8xx - ok
16:44:20.0031 1736   SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NAV\1305000.091\SYMDS.SYS
16:44:20.0046 1736   SymDS - ok
16:44:20.0125 1736   SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NAV\1305000.091\SYMEFA.SYS
16:44:20.0171 1736   SymEFA - ok
16:44:20.0250 1736   SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:44:20.0265 1736   SymEvent - ok
16:44:20.0312 1736   SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NAV\1305000.091\Ironx86.SYS
16:44:20.0328 1736   SymIRON - ok
16:44:20.0421 1736   SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NAV\1305000.091\SYMTDI.SYS
16:44:20.0437 1736   SYMTDI - ok
16:44:20.0468 1736   sym_hi - ok
16:44:20.0500 1736   sym_u3 - ok
16:44:20.0546 1736   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:44:20.0546 1736   sysaudio - ok
16:44:20.0671 1736   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:44:20.0687 1736   Tcpip - ok
16:44:20.0734 1736   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:44:20.0734 1736   TDPIPE - ok
16:44:20.0781 1736   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:44:20.0796 1736   TDTCP - ok
16:44:20.0828 1736   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:44:20.0828 1736   TermDD - ok
16:44:20.0875 1736   TosIde - ok
16:44:20.0921 1736   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:44:20.0937 1736   Udfs - ok
16:44:20.0968 1736   ultra - ok
16:44:21.0015 1736   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:44:21.0031 1736   Update - ok
16:44:21.0078 1736   usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:44:21.0093 1736   usbaudio - ok
16:44:21.0140 1736   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:44:21.0140 1736   usbccgp - ok
16:44:21.0187 1736   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:44:21.0187 1736   usbehci - ok
16:44:21.0218 1736   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:44:21.0234 1736   usbhub - ok
16:44:21.0281 1736   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:44:21.0296 1736   usbprint - ok
16:44:21.0359 1736   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:44:21.0359 1736   usbscan - ok
16:44:21.0421 1736   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:44:21.0421 1736   USBSTOR - ok
16:44:21.0500 1736   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:44:21.0500 1736   usbuhci - ok
16:44:21.0609 1736   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:44:21.0609 1736   VgaSave - ok
16:44:21.0687 1736   ViaIde - ok
16:44:21.0718 1736   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:44:21.0734 1736   VolSnap - ok
16:44:21.0781 1736   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:44:21.0781 1736   Wanarp - ok
16:44:21.0812 1736   WDICA - ok
16:44:21.0843 1736   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:44:21.0859 1736   wdmaud - ok
16:44:21.0953 1736   MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:44:22.0078 1736   \Device\Harddisk0\DR0 - ok
16:44:22.0093 1736   Boot (0x1200) (5e35459700a8a95a3c57b8b7197b7fa6) \Device\Harddisk0\DR0\Partition0
16:44:22.0093 1736   \Device\Harddisk0\DR0\Partition0 - ok
16:44:22.0093 1736   ============================================================
16:44:22.0093 1736   Scan finished
16:44:22.0093 1736   ============================================================
16:44:22.0109 2736   Detected object count: 0
16:44:22.0109 2736   Actual detected object count: 0

Hoov · « **Reply #7 on:** February 12, 2012, 03:59:27 PM »

With the problem you had after the first run, and this one, You had a TDSS infection, but it is gone now.

Earlier you said the problem would come back if you left the computer alone, how long did it usually take?

DonkeyDragon · « **Reply #8 on:** February 12, 2012, 04:02:51 PM »

a few days

DonkeyDragon · « **Reply #9 on:** February 12, 2012, 04:15:03 PM »

should i assume whatever it was is now gone unless there is another incident?

Hoov · « **Reply #10 on:** February 12, 2012, 04:47:54 PM »

I think we should do a few more scans. I would like to say yes, but if it takes that long, then there really is no way to be sure. Run a combofix scan using the instructions below. If it shows nothing, then we can let it go for a couple days and see what happens.

'* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall

DonkeyDragon · « **Reply #11 on:** February 12, 2012, 05:17:42 PM »

combofix report

ComboFix 12-02-10.03 - STOUT 02/12/2012 18:01:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1847 [GMT -5:00]
Running from: c:\documents and settings\STOUT\My Documents\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\STOUT\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\STOUT\Local Settings\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\STOUT\WINDOWS
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 20:49 . 2012-02-12 20:49   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-02-12 04:29 . 2012-02-12 18:12   --------   d-----w-   c:\program files\Symantec
2012-02-12 04:29 . 2012-02-12 18:12   60872   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2012-02-12 04:29 . 2012-02-12 18:12   141944   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-12 04:29 . 2012-02-12 04:41   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2012-02-12 04:28 . 2012-02-12 20:54   --------   d-----w-   c:\windows\system32\drivers\NAV
2012-02-12 04:28 . 2012-02-12 04:28   --------   d-----w-   c:\program files\Norton AntiVirus
2012-02-12 04:04 . 2012-02-12 04:04   --------   d-----w-   c:\program files\SpywareBlaster
2012-02-12 04:03 . 2012-02-12 04:03   --------   d-----w-   c:\program files\NortonInstaller
2012-02-12 03:40 . 2012-02-12 03:40   --------   d-----w-   c:\documents and settings\STOUT\Application Data\WinPatrol
2012-02-12 03:40 . 2012-02-12 03:40   --------   d-----w-   c:\program files\BillP Studios
2012-02-12 03:40 . 2012-02-12 03:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\InstallMate
2012-02-12 02:34 . 2012-02-12 02:34   --------   d-----w-   c:\documents and settings\STOUT\Application Data\Malwarebytes
2012-02-12 02:34 . 2012-02-12 02:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-12 02:34 . 2012-02-12 02:34   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-02-12 02:34 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-12 02:26 . 2012-02-12 02:26   --------   d-----w-   c:\program files\CCleaner
2012-02-12 01:40 . 2012-02-12 01:40   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-02-10 03:44 . 2012-02-10 03:44   --------   d-----w-   c:\documents and settings\Administrator
2012-02-10 02:52 . 2012-02-12 04:43   388096   ----a-r-   c:\documents and settings\STOUT\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-10 02:52 . 2012-02-10 02:52   --------   d-----w-   c:\program files\Trend Micro
2012-02-08 06:05 . 2012-02-08 06:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\PCSettings
2012-02-08 05:37 . 2012-02-09 02:02   --------   d-----w-   c:\documents and settings\STOUT\Local Settings\Application Data\LogMeIn Rescue Applet
2012-01-28 17:36 . 2012-01-28 17:36   --------   d-----w-   c:\program files\Maxis
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 03:32 . 2002-03-25 20:02   12464   ----a-w-   c:\windows\system32\drivers\secdrv.sys
2011-12-20 03:32 . 2011-12-20 03:32   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2002-08-29 10:41   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2002-08-29 09:14   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2002-08-29 10:41   60416   ----a-w-   c:\windows\system32\packager.exe
2012-02-11 15:28 . 2011-12-11 06:56   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"MusicManager"="c:\documents and settings\STOUT\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2012-01-11 13224448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-10 16851968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-23 149280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-06-09 778318]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-01-30 400480]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EverQuest2.exe"=
"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\Launcher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1305000.091\symds.sys [2/12/2012 1:12 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1305000.091\symefa.sys [2/12/2012 1:12 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx86.sys [2/7/2012 6:18 AM 820344]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1305000.091\ccsetx86.sys [2/12/2012 1:12 PM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1305000.091\ironx86.sys [2/12/2012 1:12 PM 149624]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.5.0.145\ccsvchst.exe [2/12/2012 1:12 PM 138248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/11/2012 11:34 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSXpx86.sys [2/10/2012 4:27 PM 356280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/22/2011 10:02 PM 135664]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 12:58 PM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/22/2011 10:02 PM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 03:02]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 03:02]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1592454029-839522115-1003Core.job
- c:\documents and settings\STOUT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:45]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1592454029-839522115-1003UA.job
- c:\documents and settings\STOUT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:45]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\STOUT\Application Data\Mozilla\Firefox\Profiles\2iqes1ho.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z129&form=ZGAADF&install_date=20110902&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKLM-Run-GEST - (no file)
HKLM-Run-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
HKLM-Run-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\15.0.874.121\Installer\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 18:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2376)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-02-12 18:15:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 23:15
.
Pre-Run: 115,408,523,264 bytes free
Post-Run: 116,282,667,008 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 09787AA9FD5373991140AF47BB992883

Hoov · « **Reply #12 on:** February 12, 2012, 05:55:16 PM »

There is still one program that concerns me. The information about it is ambiguous at best. Do you know anything about x-lite.exe? From what I have found it may have something to do with a softphone? Does that make any sense to you?

Download and scan with CCleaner
1. CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.

How is your computer running? [/list]

DonkeyDragon · « **Reply #13 on:** February 12, 2012, 05:59:36 PM »

x-lite is a voip program i have used for work
it should be ok

Hoov · « **Reply #14 on:** February 12, 2012, 06:34:00 PM »

OK. Thanks for the info. How is the computer running?

News:

Author Topic: [Inactive] Hijacking mtc.makemesearch.com (Read 1560 times)

DonkeyDragon

[Inactive] Hijacking mtc.makemesearch.com

Bear

Re: hijacking program found, i am having trouble getting rid of it

DonkeyDragon

Hijacking mtc.makemesearch.com

Hoov

Re: [In Progress] Hijacking mtc.makemesearch.com

DonkeyDragon

Re: [In Progress] Hijacking mtc.makemesearch.com

Hoov

Re: [In Progress] Hijacking mtc.makemesearch.com

DonkeyDragon

Re: [In Progress] Hijacking mtc.makemesearch.com

Hoov

Re: [In Progress] Hijacking mtc.makemesearch.com

DonkeyDragon

Re: [In Progress] Hijacking mtc.makemesearch.com

DonkeyDragon

Re: [In Progress] Hijacking mtc.makemesearch.com

Hoov

Re: [In Progress] Hijacking mtc.makemesearch.com

DonkeyDragon

Re: [In Progress] Hijacking mtc.makemesearch.com

Hoov

Re: [In Progress] Hijacking mtc.makemesearch.com

DonkeyDragon

Re: [In Progress] Hijacking mtc.makemesearch.com

Hoov

Re: [In Progress] Hijacking mtc.makemesearch.com