waj

many thanks you are fantastic

also lastly is it ok to restore mozilla as my default browser

I re booted manually and all seems fine , can i now dlete all the saved logs and programs you have told me to use. Will i be able to keep the mailware open while also using norton or should i delete that as well

sorry about the PM's can you re send the defogger link please

the de fogger program does not say it is going to reboot it shows an error message should i re boot manually defogger_enable by jpshortstuff (23.02.10.1) Log created at 22:38 on 22/03/2011 (Antony Mann) Parsing file... -=E.O.F=-

after re enable the emulation devices in defogger it doesnt ask me to re boot should i do it manually

At the moment it all seems ok, can I reconnect my norton ComboFix 11-03-22.03 - Antony Mann 22/03/2011 21:38:40.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1279.523 [GMT 0:00] Running from: c:\documents and settings\Antony Mann\Desktop\ComboFix.exe AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 Premier Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Antony Mann\Application Data\Adobe\plugs c:\documents and settings\Antony Mann\Application Data\PriceGong c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\1.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\a.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\b.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\c.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\d.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\e.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\f.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\g.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\h.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\i.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\J.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\k.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\l.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\m.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\n.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\o.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\p.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\q.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\r.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\s.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\t.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\u.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\v.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\w.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\x.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\y.xml c:\documents and settings\Antony Mann\Application Data\PriceGong\Data\z.xml c:\documents and settings\Antony Mann\Favorites\Download programs.url c:\documents and settings\Antony Mann\Favorites\Games.url c:\documents and settings\Antony Mann\Favorites\Translator.url c:\documents and settings\Antony Mann\Favorites\Videos.url c:\documents and settings\Antony Mann\g2mdlhlpx.exe c:\documents and settings\Antony Mann\GoToAssistDownloadHelper.exe c:\documents and settings\Antony Mann\Start Menu\Programs\Download programs.url c:\documents and settings\Antony Mann\Start Menu\Programs\Games.url c:\documents and settings\Antony Mann\Start Menu\Programs\Translator.url c:\documents and settings\Antony Mann\Start Menu\Programs\Videos.url . . ((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 ))))))))))))))))))))))))))))))) . . 2011-03-22 00:30 . 2011-03-22 00:30 -------- d-----w- c:\windows\system32\scripting 2011-03-22 00:30 . 2011-03-22 00:30 -------- d-----w- c:\windows\l2schemas 2011-03-22 00:30 . 2011-03-22 00:30 -------- d-----w- c:\windows\system32\en 2011-03-22 00:30 . 2011-03-22 00:30 -------- d-----w- c:\windows\system32\bits 2011-03-22 00:18 . 2011-03-22 00:18 -------- d-----w- c:\windows\EHome 2011-03-21 23:25 . 2011-03-21 23:25 -------- d-----w- c:\documents and settings\Antony Mann\Application Data\Malwarebytes 2011-03-21 23:25 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-21 23:25 . 2011-03-21 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-21 23:25 . 2011-03-21 23:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-21 23:25 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-21 19:37 . 2011-03-21 19:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer 2011-03-21 18:35 . 2011-03-21 18:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities 2011-03-21 00:50 . 2011-03-21 00:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-03-19 19:15 . 2011-03-19 19:15 -------- d-----w- c:\documents and settings\James Mann\Application Data\Research In Motion 2011-03-03 21:07 . 2011-03-05 17:39 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2011-03-03 21:07 . 2011-03-05 17:39 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll 2011-03-03 21:07 . 2011-03-05 17:39 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll 2011-03-03 21:01 . 2011-03-21 22:29 -------- d-----w- c:\documents and settings\Antony Mann\Local Settings\Application Data\ConduitEngine 2011-03-03 21:01 . 2011-03-03 21:01 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-03-03 21:01 . 2011-03-03 21:01 -------- d-----w- c:\program files\ConduitEngine 2011-03-03 20:46 . 2011-03-03 20:47 -------- dc-h--w- c:\windows\ie8 . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-14 22:42 . 2011-02-02 22:52 256 ----a-w- c:\documents and settings\Antony Mann\pool.bin 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 1997-07-25 17:11 . 2009-11-04 15:50 304128 ----a-w- c:\program files\mozilla firefox\plugins\Pngdll.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Video_Chat\tbooVo.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 12:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2010-09-07 06:23 585096 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}] 2009-11-20 17:34 87472 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}] 2010-12-09 12:51 3911776 ----a-w- c:\program files\ooVoo_Video_Chat\tbooVo.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472] "{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Video_Chat\tbooVo.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}] . [HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}"= "c:\program files\ooVoo_Video_Chat\tbooVo.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] . [HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 68856] "ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-01-25 22504120] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-08-05 57344] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-21 615696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 68856] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-9-21 1545488] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:ooVoo TCP port 443 "443:UDP"= 443:UDP:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:ooVoo UDP port 37675 . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [5/31/2010 8:42 PM 26248] R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [5/31/2010 8:42 PM 20616] R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [12/25/2007 8:26 AM 15172] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [9/21/2010 9:09 PM 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [9/21/2010 9:09 PM 173104] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [3/10/2011 9:17 PM 800376] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [9/21/2010 9:09 PM 501888] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [9/21/2010 9:09 PM 116784] R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/16/2009 6:45 PM 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11/16/2009 6:46 PM 234888] R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\KODAK\Digital Display\OrbKodakLauncher\DllStartupService.exe [3/6/2008 12:49 PM 81920] R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe [9/21/2010 9:09 PM 126392] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2010 8:18 AM 102448] R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [5/31/2010 8:42 PM 122504] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110317.005\IDSXpx86.sys [3/22/2011 8:07 AM 341944] S2 gupdate1ca0bb398a63984;Google Update Service (gupdate1ca0bb398a63984);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 4:35 PM 133104] S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [5/31/2010 8:42 PM 14216] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/14/2008 8:45 PM 13352] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [5/10/2009 3:20 PM 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [5/10/2009 3:47 PM 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [5/10/2009 3:47 PM 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [5/10/2009 3:47 PM 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [5/10/2009 3:47 PM 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [5/10/2009 3:47 PM 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [5/10/2009 3:47 PM 97704] S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);c:\windows\system32\drivers\atinttxx.sys [11/20/2007 11:30 AM 13824] . Contents of the 'Scheduled Tasks' folder . 2011-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] . 2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 16:35] . 2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 16:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab FF - ProfilePath - c:\documents and settings\Antony Mann\Application Data\Mozilla\Firefox\Profiles\jsbqiwm3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe HKCU-Run-setup meet - c:\docume~1\ANTONY~1\APPLIC~1\MEDIAJ~1\platform blue.exe HKLM-Run-NWEReboot - (no file) AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-22 21:53 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4028) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll c:\program files\Common Files\Ahead\Lib\MFC71U.DLL c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\SOUNDMAN.EXE c:\program files\Microsoft ActiveSync\WCESCOMM.EXE c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-03-22 22:01:13 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-22 22:00 . Pre-Run: 158,271,234,048 bytes free Post-Run: 158,410,153,984 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 714927BAF6DEAEBAC74BBFB67CF13275

I am constantly getting a pop up alert message from norton telling me a recent attempt to attack your computer was blocked this is slowing up my computer, at one point the clock changed time and the appearance of the bar at the bottom of the screen had changed it also changed web pages that I was looking at and at one point the computer just re booted itself without me doing anything. When I went onto the details on norton it said IPS detection statistical submission and the 2 IP addresses were 194.60.205.232 and 68.168.212.18 I am really grateful for all your help

it seems better at the moment

will do should i re enable the cd

sorry i was opening it up again rather than using the existing scan logs, Here are the logs aswMBR version 0.9.4 Copyright© 2011 AVAST Software Run date: 2011-03-22 18:30:28 ----------------------------- 18:30:28.093 OS Version: Windows 5.1.2600 Service Pack 3 18:30:28.093 Number of processors: 1 586 0x40A 18:30:28.093 ComputerName: MANN-PC UserName: 18:30:29.906 Initialize success 18:30:32.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0 18:30:32.312 Disk 0 Vendor: ST3250620A 3.AAF Size: 238475MB BusType: 3 18:30:32.312 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3250620A______________________________3.AAF___#5&172970ab&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found 18:30:32.312 Device \Driver\atapi -> DriverStartIo 8a36727f 18:30:34.343 Disk 0 MBR read successfully 18:30:34.343 Disk 0 MBR scan 18:30:34.343 Disk 0 TDL4@MBR code has been found 18:30:34.343 Disk 0 MBR hidden 18:30:34.343 Disk 0 MBR [TDL4] **ROOTKIT** 18:30:34.343 Disk 0 trace - called modules: 18:30:34.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a367439]<< 18:30:34.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a396ab8] 18:30:34.343 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000068[0x8a3a0f18] 18:30:34.343 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a417940] 18:30:34.671 \Driver\atapi[0x8a38a030] -> IRP_MJ_CREATE -> 0x8a367439 18:30:34.671 Scan finished successfully 20:50:20.750 Disk 0 fixing MBR 20:50:30.750 Disk 0 MBR restored successfully 20:50:30.750 Infection fixed successfully - please reboot ASAP

the fix button is not highlighted, I tried clicking it but nothing happens

The same thing is happening or not happening when I press the button

I pressed the fixmbr button, not sure if anything happened but this is the log aswMBR version 0.9.4 Copyright© 2011 AVAST Software Run date: 2011-03-22 20:34:59 ----------------------------- 20:34:59.093 OS Version: Windows 5.1.2600 Service Pack 3 20:34:59.093 Number of processors: 1 586 0x40A 20:34:59.093 ComputerName: MANN-PC UserName: 20:35:01.906 Initialze error - driver not loaded

aswMBR version 0.9.4 Copyright© 2011 AVAST Software Run date: 2011-03-22 18:30:28 ----------------------------- 18:30:28.093 OS Version: Windows 5.1.2600 Service Pack 3 18:30:28.093 Number of processors: 1 586 0x40A 18:30:28.093 ComputerName: MANN-PC UserName: 18:30:29.906 Initialize success 18:30:32.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0 18:30:32.312 Disk 0 Vendor: ST3250620A 3.AAF Size: 238475MB BusType: 3 18:30:32.312 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3250620A______________________________3.AAF___#5&172970ab&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found 18:30:32.312 Device \Driver\atapi -> DriverStartIo 8a36727f 18:30:34.343 Disk 0 MBR read successfully 18:30:34.343 Disk 0 MBR scan 18:30:34.343 Disk 0 TDL4@MBR code has been found 18:30:34.343 Disk 0 MBR hidden 18:30:34.343 Disk 0 MBR [TDL4] **ROOTKIT** 18:30:34.343 Disk 0 trace - called modules: 18:30:34.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a367439]<< 18:30:34.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a396ab8] 18:30:34.343 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000068[0x8a3a0f18] 18:30:34.343 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a417940] 18:30:34.671 \Driver\atapi[0x8a38a030] -> IRP_MJ_CREATE -> 0x8a367439 18:30:34.671 Scan finished successfully