I am having ongoing issues with both IE and Firefox in regard to what appears to be some sort of malware. Initially, my firefox browser would intermittently spawn a new window taking me to an advertiser's site. I had to manually close the new window and had no further problems. Then I started to notice that my computer was slowing down significantly. When I opened the Windows Task Manager, I noticed that the svchost process was using almost all of the processor capacity. I did some research which suggested I take a look at IE and see what it was doing. I attempted to access the Windows Update site, but was given the "This site not available" message which convinced me I was infected with something. I accessed your site after discussion with one of my friends and ran through your diagnostics. When I logged in to your site on my home computer and tried to post this topic, I was again shown the "This site not available" message. I have included the log files you ask for. I hope you are able to help me get rid of this infection in my computer.
Thanks,
Ric
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ric at 19:09:04.46 on Tue 06/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.244 [GMT -7:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINNT\system32\WDBtnMgr.exe
E:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
E:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINNT\System32\tcpsvcs.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\PIXELA\PTP Manager\PixePtpManager.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\cidaemon.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ric\Local Settings\Temporary Internet Files\Content.IE5\BJ16JBME\dds[1].scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\adobe\acrobat 5.0\acrobat\activex\AcroIEHelper.ocx
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [VTTimer] VTTimer.exe
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CreateCD50] "c:\program files\common files\adaptec shared\createcd\CreateCD50.exe" -r
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [AdaptecDirectCD] "c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe"
mRun: [MSConfig] c:\winnt\pchealth\helpctr\binaries\MSConfig.exe /auto
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - e:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ptpman~1.lnk - c:\program files\pixela\ptp manager\PixePtpManager.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~2\office\1033\phdintl.dll/phdContext.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\servicepackfiles\i386\xmldso.cab
DPF: {00000075-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxmsdec.CAB
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {31564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37997.7521759259
DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: NavLogon - c:\winnt\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ric\applic~1\mozilla\firefox\profiles\hyxr5ndq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmfv.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: e:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: e:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: e:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: e:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: e:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: e:\program files\real\realone player\netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);c:\winnt\system32\drivers\SonyPVM1.sys [2005-1-6 28224]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
R2 Iprip;RIP Listener;c:\winnt\system32\svchost.exe -k netsvcs [2001-8-23 14336]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-3-18 91392]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100625.002\naveng.sys [2010-6-25 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100625.002\navex15.sys [2010-6-25 1347504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-10-6 1275216]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\winnt\system32\drivers\A5AGU.sys [2008-5-15 377920]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 87160]
S3 cpuz132;cpuz132;\??\c:\docume~1\ric\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\ric\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys --> c:\winnt\system32\drivers\el90xbc5.sys [?]
S3 FCUSB;Freecom Cable II USB Driver;c:\winnt\system32\drivers\FCUSB.sys [2001-11-29 13104]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-10-6 173392]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\winnt\system32\drivers\silabenm.sys [2010-6-5 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\winnt\system32\drivers\silabser.sys [2010-6-5 63488]
S3 USBATA;USB Removable Disk;c:\winnt\system32\drivers\usbata.sys --> c:\winnt\system32\drivers\USBATA.SYS [?]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [2004-1-12 9038]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;c:\winnt\system32\drivers\wind502u.sys --> c:\winnt\system32\drivers\wind502u.sys [?]
S3 WUSB11;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\winnt\system32\drivers\lswlusb.sys --> c:\winnt\system32\drivers\LSWLUSB.sys [?]
S4 AloPort;AloPort;c:\winnt\system32\drivers\AloPort.sys [2004-1-12 3087]
S4 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-4-3 14032]
=============== Created Last 30 ================
2010-06-29 22:31:41 0 d-----w- c:\program files\Trend Micro
2010-06-27 02:43:46 0 d-----w- c:\docume~1\ric\applic~1\SUPERAntiSpyware.com
2010-06-27 02:43:46 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-27 02:43:31 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-20 13:31:25 411368 ----a-w- c:\winnt\system32\deployJava1.dll
2010-06-06 00:23:24 0 d-----w- c:\docume~1\ric\applic~1\LocalLow
2010-06-06 00:12:56 0 ---ha-w- c:\winnt\system32\drivers\Msft_Kernel_silabser_01007.Wdf
2010-06-06 00:06:13 0 d-----w- c:\program files\DECA System
2010-06-06 00:02:57 63488 ----a-w- c:\winnt\system32\drivers\silabser.sys
2010-06-06 00:02:57 17920 ----a-w- c:\winnt\system32\drivers\silabenm.sys
2010-06-06 00:02:56 0 d-----w- c:\program files\Silabs
2010-06-06 00:01:44 0 d-----w- c:\winnt\system32\Silabs
2010-06-06 00:01:39 0 d-----w- C:\SiLabs
2010-06-02 00:13:03 0 d-----w- c:\docume~1\ric\applic~1\SuperNZB
2010-06-02 00:10:25 0 d-----w- c:\program files\SuperNZB
==================== Find3M ====================
2010-05-10 01:29:09 104182 ----a-w- c:\winnt\hpoins04.dat
2004-01-12 15:44:21 271 --sh--w- c:\program files\desktop.ini
2004-01-12 15:44:21 21952 -c-h--w- c:\program files\folder.htt
2001-01-03 16:09:22 239561 -c----w- c:\winnt\inf\ati2dvai.dll
2009-10-15 10:09:37 16384 --sha-w- c:\winnt\system32\config\systemprofile\ietldcache\index.dat
2009-10-15 10:09:37 32768 --sha-w- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012009101520091016\index.dat
============= FINISH: 19:13:14.68 ===============
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-29 19:31:59
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Ric\LOCALS~1\Temp\pwrdrpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 872BCEC5
---- Files - GMER 1.0.15 ----
File C:\WINNT\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
Edited by boopme, 30 June 2010 - 11:45 AM.