mswind18

You're right....however it was a couple days ago, I may have fat fingered the process, don't remember..... Will do the clean up recommendations! Thanks for your help and patience! mark

This should be a little embarrassing after all this: Mastershake; you are on the right track.......I found this before your post... "" To resolve this behavior, turn on the Show Desktop Icons feature: 1. Right-click the desktop. 2. Point to Arrange Icons By. 3. Click Show Desktop Icons. "" Fixed

No luck still.

Sorry about that forgot to post...here it is... ComboFix 10-11-28.05 - Dad 11/29/2010 15:02:07.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.407 [GMT -5:00] Running from: c:\documents and settings\Dad\My Documents\Downloads\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 ))))))))))))))))))))))))))))))) . 2010-11-21 12:34 . 2010-11-21 12:34 -------- d-----w- c:\documents and settings\Mom2\Local Settings\Application Data\AOL Toolbar 2010-11-15 10:19 . 2010-11-15 10:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL 2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Toolbar 2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\program files\Common Files\Software Update Utility 2010-11-15 04:12 . 2010-11-15 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP 2010-11-15 04:10 . 2010-11-15 04:21 -------- d-----w- c:\program files\AOL 9.5 2010-11-15 04:10 . 2010-11-15 04:18 -------- d-----w- c:\program files\Common Files\aolshare 2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install AOL Communicator 2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install Winamp 2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install ICQ 2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\AOL Instant Messenger 2010-11-14 16:22 . 2010-11-14 16:22 -------- d-----w- c:\program files\Learn2.com . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 15:29 . 2009-03-06 03:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-11-29 15:29 . 2007-04-04 00:35 214520 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-11-29 15:22 . 2007-04-04 00:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-11-24 23:46 . 2010-01-07 00:30 41856 ----a-w- c:\windows\system32\drivers\imapi.sys 2010-11-24 04:39 . 2006-10-27 18:33 963 -c-ha-w- c:\windows\win.tmp 2006-04-05 16:26 . 2006-09-23 21:46 233472 -c--a-w- c:\program files\ShellEnglishLC.dll 2006-04-05 16:26 . 2006-09-23 21:46 36864 -c--a-w- c:\program files\ShellDLLResEnglish.dll 2006-04-05 16:26 . 2006-09-23 21:46 483328 -c--a-w- c:\program files\Shell2EnglishLC.dll 2006-04-05 16:26 . 2006-09-23 21:46 208896 -c--a-w- c:\program files\ShellLC.dll 2006-04-05 16:26 . 2006-09-23 21:46 114688 -c--a-w- c:\program files\RTFCtrl.dll 2006-04-05 16:26 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXExHand.dll 2006-04-05 16:24 . 2006-09-23 21:46 45056 -c--a-w- c:\program files\DMUtilsResEnglish.dll 2006-04-05 16:24 . 2006-09-23 21:46 184320 -c--a-w- c:\program files\DMUtils.dll 2006-04-05 16:23 . 2006-09-23 21:46 86016 -c--a-w- c:\program files\DMTutorialResEnglish.dll 2006-04-05 16:23 . 2006-09-23 21:46 90112 -c--a-w- c:\program files\DMTutorial.dll 2006-04-05 16:22 . 2006-09-23 21:46 159744 -c--a-w- c:\program files\DMSetupResEnglish.dll 2006-04-05 16:22 . 2006-09-23 21:46 303104 -c--a-w- c:\program files\DMSetup.dll 2006-04-05 16:21 . 2006-09-23 21:46 118784 -c--a-w- c:\program files\ODIFCopy.dll 2006-04-05 16:21 . 2006-09-23 21:46 98304 -c--a-w- c:\program files\ODIMan.dll 2006-04-05 16:21 . 2006-09-23 21:46 20480 -c--a-w- c:\program files\DMInfoResEnglish.dll 2006-04-05 16:20 . 2006-09-23 21:46 151552 -c--a-w- c:\program files\DMInfo.dll 2006-04-05 16:19 . 2006-09-23 21:46 3497984 -c--a-w- c:\program files\ODIJump.dll 2006-04-05 16:19 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODICtrl.dll 2006-04-05 16:19 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\ODIFrmt.dll 2006-04-05 16:18 . 2006-09-23 21:46 61440 -c--a-w- c:\program files\CDEject.exe 2006-04-05 16:18 . 2006-09-23 21:46 49152 ----a-w- c:\program files\DataLifeguard.exe 2006-04-05 16:18 . 2006-09-23 21:46 266240 -c--a-w- c:\program files\ShellDLL.dll 2006-04-05 16:17 . 2006-09-23 21:46 139264 -c--a-w- c:\program files\ODIPart.dll 2006-04-05 16:16 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODIDev.dll 2006-04-05 16:16 . 2006-09-23 21:46 49152 -c--a-w- c:\program files\Scsilib.dll 2006-04-05 16:15 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\mxdlgsup.dll 2006-04-05 16:15 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXPM.dll 2004-12-08 14:50 . 2004-12-08 14:50 2112103 -c--a-w- c:\program files\BHODemon20Setup_2020.exe 2004-12-02 13:24 . 2004-12-02 13:22 16706160 -c--a-w- c:\program files\AdbeRdr60_enu_full.exe 2004-12-02 13:22 . 2004-12-02 13:22 6811656 -c--a-w- c:\program files\psa201se_us.exe 2003-04-03 12:47 . 2003-04-03 12:47 1684194 -c--a-w- c:\program files\SpamNet1.0Beta9.exe 2003-02-18 01:31 . 2003-02-18 01:31 2430662 -c--a-w- c:\program files\spybotsd11.exe 2003-02-09 03:10 . 2003-02-09 03:10 37376 -c-ha-w- c:\program files\iblock.exe 2003-01-17 04:22 . 2003-01-17 04:22 3781808 -c-ha-w- c:\program files\zaSetup_1001.exe 2003-01-11 15:07 . 2003-01-11 14:41 8839120 -c-ha-w- c:\program files\AcroReader51_ENU.exe 2003-01-11 14:41 . 2003-01-11 04:22 13736688 -c-ha-w- c:\program files\AcroReader51_ENU_full.exe 2000-03-13 16:13 . 2006-09-23 21:46 509984 -c--a-w- c:\program files\50comupd.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856] "AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2010-03-23 29520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-12 192512] "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-25 290816] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2007-09-18 25472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "HostManager"="c:\program files\Common Files\AOL\1188076909\ee\AOLSoftware.exe" [2010-02-10 41800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 152952] "Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-12-11 2115728] c:\documents and settings\Dad\Start Menu\Programs\Startup\ HotSync Manager.LNK - c:\program files\Palm\Hotsync.exe [2004-6-9 471040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-2-2 28672] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-12-22 45056] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2002-04-10 20:44 679936 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-24 10:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "Camera Detector"=c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "f:\\America Online 9.0\\waol.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\cod2mp_s.exe"= "c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"= "c:\\Program Files\\Palm\\Hotsync.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\Common Files\\AOL\\1188076909\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.5\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 135664] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632] S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSxpx86.sys [2010-10-19 341880] S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640] S2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2005-11-04 95832] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448] --- Other Services/Drivers In Memory --- *NewlyCreated* - PNKBSTRB *NewlyCreated* - PNKBSTRK *Deregistered* - klmd25 *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2010-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37] 2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37] 2010-11-01 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job - c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 12:22] . . ------- Supplementary Scan ------- . uLocal Page = C:\WINDOWSabout.htm uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mLocal Page = about:blank mStart Page = about:blank mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html Trusted Zone: finefind.net DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\46d37nqd.dad\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Extension: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\46d37nqd.dad\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Extension: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-29 15:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\windows\TEMP\mc23.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005) @Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005) @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(520) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(43068) c:\program files\Logitech\iTouch\iTchHk.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\System32\shdoclc.dll c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-11-29 16:49:15 ComboFix-quarantined-files.txt 2010-11-29 21:48 ComboFix2.txt 2010-11-29 18:49 ComboFix3.txt 2010-11-25 02:07 Pre-Run: 11,900,088,320 bytes free Post-Run: 12,105,166,848 bytes free - - End Of File - - C71348CEEB57BEFF015A165E85AF5CEE

Here is the report from the affected account....this also took longer than the one I ran the other day (for the first time)....

I was getting nervous.....started the program and it seemed the"creating report" part was running too long....certainly not as long in my (the problem) directory....so I stopped and ran again...and just let it run.....report finally appeared (attached) also note I think I did not run combofix as you requested earlier today from the problem account....should I run again? Here is from a good account. ComboFix 10-11-28.05 - Mom2 11/29/2010 12:32:26.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.314 [GMT -5:00] Running from: c:\documents and settings\Dad\My Documents\Downloads\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 ))))))))))))))))))))))))))))))) . 2010-11-29 16:08 . 2010-11-29 16:08 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\AOL Toolbar 2010-11-29 16:03 . 2010-11-29 16:03 -------- d-----w- c:\documents and settings\Greg\Application Data\Malwarebytes 2010-11-21 12:34 . 2010-11-21 12:34 -------- d-----w- c:\documents and settings\Mom2\Local Settings\Application Data\AOL Toolbar 2010-11-15 10:19 . 2010-11-15 10:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL 2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Toolbar 2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\program files\Common Files\Software Update Utility 2010-11-15 04:12 . 2010-11-15 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP 2010-11-15 04:10 . 2010-11-15 04:21 -------- d-----w- c:\program files\AOL 9.5 2010-11-15 04:10 . 2010-11-15 04:18 -------- d-----w- c:\program files\Common Files\aolshare 2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install AOL Communicator 2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install Winamp 2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install ICQ 2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\AOL Instant Messenger 2010-11-14 16:22 . 2010-11-14 16:22 -------- d-----w- c:\program files\Learn2.com . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 15:29 . 2009-03-06 03:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-11-29 15:29 . 2007-04-04 00:35 214520 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-11-29 15:22 . 2007-04-04 00:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-11-24 23:46 . 2010-01-07 00:30 41856 ----a-w- c:\windows\system32\drivers\imapi.sys 2010-11-24 04:39 . 2006-10-27 18:33 963 -c-ha-w- c:\windows\win.tmp 2006-04-05 16:26 . 2006-09-23 21:46 233472 -c--a-w- c:\program files\ShellEnglishLC.dll 2006-04-05 16:26 . 2006-09-23 21:46 36864 -c--a-w- c:\program files\ShellDLLResEnglish.dll 2006-04-05 16:26 . 2006-09-23 21:46 483328 -c--a-w- c:\program files\Shell2EnglishLC.dll 2006-04-05 16:26 . 2006-09-23 21:46 208896 -c--a-w- c:\program files\ShellLC.dll 2006-04-05 16:26 . 2006-09-23 21:46 114688 -c--a-w- c:\program files\RTFCtrl.dll 2006-04-05 16:26 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXExHand.dll 2006-04-05 16:24 . 2006-09-23 21:46 45056 -c--a-w- c:\program files\DMUtilsResEnglish.dll 2006-04-05 16:24 . 2006-09-23 21:46 184320 -c--a-w- c:\program files\DMUtils.dll 2006-04-05 16:23 . 2006-09-23 21:46 86016 -c--a-w- c:\program files\DMTutorialResEnglish.dll 2006-04-05 16:23 . 2006-09-23 21:46 90112 -c--a-w- c:\program files\DMTutorial.dll 2006-04-05 16:22 . 2006-09-23 21:46 159744 -c--a-w- c:\program files\DMSetupResEnglish.dll 2006-04-05 16:22 . 2006-09-23 21:46 303104 -c--a-w- c:\program files\DMSetup.dll 2006-04-05 16:21 . 2006-09-23 21:46 118784 -c--a-w- c:\program files\ODIFCopy.dll 2006-04-05 16:21 . 2006-09-23 21:46 98304 -c--a-w- c:\program files\ODIMan.dll 2006-04-05 16:21 . 2006-09-23 21:46 20480 -c--a-w- c:\program files\DMInfoResEnglish.dll 2006-04-05 16:20 . 2006-09-23 21:46 151552 -c--a-w- c:\program files\DMInfo.dll 2006-04-05 16:19 . 2006-09-23 21:46 3497984 -c--a-w- c:\program files\ODIJump.dll 2006-04-05 16:19 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODICtrl.dll 2006-04-05 16:19 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\ODIFrmt.dll 2006-04-05 16:18 . 2006-09-23 21:46 61440 -c--a-w- c:\program files\CDEject.exe 2006-04-05 16:18 . 2006-09-23 21:46 49152 ----a-w- c:\program files\DataLifeguard.exe 2006-04-05 16:18 . 2006-09-23 21:46 266240 -c--a-w- c:\program files\ShellDLL.dll 2006-04-05 16:17 . 2006-09-23 21:46 139264 -c--a-w- c:\program files\ODIPart.dll 2006-04-05 16:16 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODIDev.dll 2006-04-05 16:16 . 2006-09-23 21:46 49152 -c--a-w- c:\program files\Scsilib.dll 2006-04-05 16:15 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\mxdlgsup.dll 2006-04-05 16:15 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXPM.dll 2004-12-08 14:50 . 2004-12-08 14:50 2112103 -c--a-w- c:\program files\BHODemon20Setup_2020.exe 2004-12-02 13:24 . 2004-12-02 13:22 16706160 -c--a-w- c:\program files\AdbeRdr60_enu_full.exe 2004-12-02 13:22 . 2004-12-02 13:22 6811656 -c--a-w- c:\program files\psa201se_us.exe 2003-04-03 12:47 . 2003-04-03 12:47 1684194 -c--a-w- c:\program files\SpamNet1.0Beta9.exe 2003-02-18 01:31 . 2003-02-18 01:31 2430662 -c--a-w- c:\program files\spybotsd11.exe 2003-02-09 03:10 . 2003-02-09 03:10 37376 -c-ha-w- c:\program files\iblock.exe 2003-01-17 04:22 . 2003-01-17 04:22 3781808 -c-ha-w- c:\program files\zaSetup_1001.exe 2003-01-11 15:07 . 2003-01-11 14:41 8839120 -c-ha-w- c:\program files\AcroReader51_ENU.exe 2003-01-11 14:41 . 2003-01-11 04:22 13736688 -c-ha-w- c:\program files\AcroReader51_ENU_full.exe 2000-03-13 16:13 . 2006-09-23 21:46 509984 -c--a-w- c:\program files\50comupd.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="\Program\BackWeb-8876480.exe" [bU] "SpokeSysTray"="c:\program files\Spoke Client\SpokeSysTray.exe" [2008-08-11 1875920] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-12 192512] "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-25 290816] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2007-09-18 25472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "HostManager"="c:\program files\Common Files\AOL\1188076909\ee\AOLSoftware.exe" [2010-02-10 41800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 152952] "Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-12-11 2115728] c:\documents and settings\Dad\Start Menu\Programs\Startup\ HotSync Manager.LNK - c:\program files\Palm\Hotsync.exe [2004-6-9 471040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-2-2 28672] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-12-22 45056] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2002-04-10 20:44 679936 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-24 10:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "Camera Detector"=c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "f:\\America Online 9.0\\waol.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\cod2mp_s.exe"= "c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"= "c:\\Program Files\\Palm\\Hotsync.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\Common Files\\AOL\\1188076909\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.5\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 135664] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632] S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSxpx86.sys [2010-10-19 341880] S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640] S2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2005-11-04 95832] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448] --- Other Services/Drivers In Memory --- *NewlyCreated* - PNKBSTRB *NewlyCreated* - PNKBSTRK *Deregistered* - klmd25 *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2010-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37] 2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37] 2010-11-01 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job - c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 12:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dellnet.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mLocal Page = about:blank mStart Page = about:blank mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = hxxp://localhost; uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB FF - ProfilePath - c:\documents and settings\Mom2\Application Data\Mozilla\Firefox\Profiles\nusav8en.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\Mom2\Application Data\Mozilla\Firefox\Profiles\nusav8en.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Extension: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-29 12:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\windows\TEMP\mc23.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005) @Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005) @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(520) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(29564) c:\program files\Logitech\iTouch\iTchHk.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-11-29 13:48:54 ComboFix-quarantined-files.txt 2010-11-29 18:48 ComboFix2.txt 2010-11-25 02:07 Pre-Run: 12,074,573,824 bytes free Post-Run: 12,042,928,128 bytes free - - End Of File - - 646C70035D6DBD164ACB54A29851041E

This is from another account....nothing abnormal found 2010/11/29 11:12:21.0390 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56 2010/11/29 11:12:21.0390 ================================================================================ 2010/11/29 11:12:21.0390 SystemInfo: 2010/11/29 11:12:21.0390 2010/11/29 11:12:21.0390 OS Version: 5.1.2600 ServicePack: 2.0 2010/11/29 11:12:21.0390 Product type: Workstation 2010/11/29 11:12:21.0390 ComputerName: SAMSELMAIN 2010/11/29 11:12:21.0390 UserName: Mom2 2010/11/29 11:12:21.0390 Windows directory: C:\WINDOWS 2010/11/29 11:12:21.0390 System windows directory: C:\WINDOWS 2010/11/29 11:12:21.0390 Processor architecture: Intel x86 2010/11/29 11:12:21.0390 Number of processors: 1 2010/11/29 11:12:21.0390 Page size: 0x1000 2010/11/29 11:12:21.0390 Boot type: Normal boot 2010/11/29 11:12:21.0390 ================================================================================ 2010/11/29 11:12:23.0234 Initialize success 2010/11/29 11:12:26.0062 ================================================================================ 2010/11/29 11:12:26.0062 Scan started 2010/11/29 11:12:26.0062 Mode: Manual; 2010/11/29 11:12:26.0062 ================================================================================ 2010/11/29 11:12:29.0125 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS 2010/11/29 11:12:29.0359 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/29 11:12:29.0578 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/29 11:12:29.0843 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys 2010/11/29 11:12:30.0109 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2010/11/29 11:12:30.0328 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2010/11/29 11:12:30.0578 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/11/29 11:12:31.0109 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys 2010/11/29 11:12:31.0296 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys 2010/11/29 11:12:31.0468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys 2010/11/29 11:12:31.0640 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys 2010/11/29 11:12:31.0828 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys 2010/11/29 11:12:31.0984 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys 2010/11/29 11:12:32.0171 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys 2010/11/29 11:12:32.0343 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys 2010/11/29 11:12:32.0546 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys 2010/11/29 11:12:32.0750 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys 2010/11/29 11:12:32.0937 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys 2010/11/29 11:12:33.0109 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2010/11/29 11:12:33.0281 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/29 11:12:33.0390 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/29 11:12:33.0718 ati2mtag (bf94a12f9d86b28fecf00b24b7129013) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/11/29 11:12:34.0203 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/29 11:12:34.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/29 11:12:34.0734 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys 2010/11/29 11:12:34.0921 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/11/29 11:12:35.0171 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys 2010/11/29 11:12:35.0609 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys 2010/11/29 11:12:35.0859 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/29 11:12:36.0078 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys 2010/11/29 11:12:36.0359 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys 2010/11/29 11:12:36.0609 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/29 11:12:36.0828 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/29 11:12:37.0078 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys 2010/11/29 11:12:37.0296 Cdralw2k (18eb04a0dfd3ffae2ab736c3c1dfea34) C:\WINDOWS\system32\drivers\Cdralw2k.sys 2010/11/29 11:12:37.0531 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/29 11:12:37.0796 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys 2010/11/29 11:12:38.0203 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys 2010/11/29 11:12:38.0484 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys 2010/11/29 11:12:38.0765 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys 2010/11/29 11:12:39.0015 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys 2010/11/29 11:12:39.0265 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/29 11:12:39.0546 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2010/11/29 11:12:39.0796 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2010/11/29 11:12:40.0062 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/11/29 11:12:40.0281 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2010/11/29 11:12:40.0515 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys 2010/11/29 11:12:40.0750 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/29 11:12:41.0234 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys 2010/11/29 11:12:41.0453 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2010/11/29 11:12:41.0718 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/11/29 11:12:42.0062 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys 2010/11/29 11:12:42.0296 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2010/11/29 11:12:42.0562 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/29 11:12:42.0781 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/29 11:12:42.0984 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2010/11/29 11:12:43.0203 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/11/29 11:12:43.0421 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/11/29 11:12:43.0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/29 11:12:43.0890 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/29 11:12:44.0125 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2010/11/29 11:12:44.0390 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/11/29 11:12:44.0640 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/29 11:12:44.0875 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys 2010/11/29 11:12:45.0156 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/11/29 11:12:45.0406 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys 2010/11/29 11:12:45.0625 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2010/11/29 11:12:45.0890 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2010/11/29 11:12:46.0140 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2010/11/29 11:12:46.0390 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/29 11:12:46.0578 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/11/29 11:12:46.0765 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys 2010/11/29 11:12:46.0953 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/29 11:12:47.0171 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 2010/11/29 11:12:47.0437 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 2010/11/29 11:12:47.0656 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 2010/11/29 11:12:47.0875 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 2010/11/29 11:12:48.0125 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 2010/11/29 11:12:48.0359 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 2010/11/29 11:12:48.0593 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 2010/11/29 11:12:48.0828 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 2010/11/29 11:12:49.0203 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 2010/11/29 11:12:49.0453 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 2010/11/29 11:12:49.0750 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSxpx86.sys 2010/11/29 11:12:50.0000 ikhfile (f24866ee5c0819e9b1b58f2c00af078e) C:\WINDOWS\system32\drivers\ikhfile.sys 2010/11/29 11:12:50.0296 ikhlayer (9a2cff8e3ef0a35f23f544fab915c060) C:\WINDOWS\System32\drivers\ikhlayer.sys 2010/11/29 11:12:50.0531 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/29 11:12:50.0781 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys 2010/11/29 11:12:51.0203 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/11/29 11:12:51.0343 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/29 11:12:51.0515 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/11/29 11:12:51.0703 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/29 11:12:51.0859 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/29 11:12:52.0031 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/29 11:12:52.0140 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/29 11:12:52.0390 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/29 11:12:52.0546 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/29 11:12:52.0734 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys 2010/11/29 11:12:52.0875 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/29 11:12:53.0000 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/11/29 11:12:53.0140 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2010/11/29 11:12:53.0265 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/29 11:12:53.0421 l8042pr2 (80794cc09e6aea4c10ec35ae6ba86ad4) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys 2010/11/29 11:12:53.0812 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\drivers\lccfltr.sys 2010/11/29 11:12:54.0000 LHidFlt2 (9de00e4938d396384504af5ddcc45770) C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys 2010/11/29 11:12:54.0140 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINDOWS\system32\Drivers\LHidUsb.Sys 2010/11/29 11:12:54.0296 LKbdFlt2 (b3e69110fba2c07b634e6bf20fe9f9ac) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys 2010/11/29 11:12:54.0468 LMouFlt2 (6d8f6f74341d804a2552d5c6edc98cb9) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys 2010/11/29 11:12:54.0734 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys 2010/11/29 11:12:54.0875 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/29 11:12:55.0031 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2010/11/29 11:12:55.0203 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2010/11/29 11:12:55.0390 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/29 11:12:55.0531 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/11/29 11:12:55.0687 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/29 11:12:55.0859 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys 2010/11/29 11:12:56.0015 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/29 11:12:56.0187 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/29 11:12:56.0468 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2010/11/29 11:12:56.0687 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/29 11:12:56.0921 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/29 11:12:57.0187 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/29 11:12:57.0406 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/29 11:12:57.0562 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2010/11/29 11:12:58.0046 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101129.002\NAVENG.SYS 2010/11/29 11:12:58.0312 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101129.002\NAVEX15.SYS 2010/11/29 11:12:58.0609 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2010/11/29 11:12:58.0843 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/29 11:12:59.0062 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/29 11:12:59.0281 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/29 11:12:59.0500 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/29 11:12:59.0734 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/29 11:12:59.0968 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/29 11:13:00.0234 NMSCFG (847d6d775524fa5e58d851ddec566a12) C:\WINDOWS\system32\drivers\NMSCFG.SYS 2010/11/29 11:13:00.0468 NPDriver (57883a0c8ab1d93fce74d79b5fe8b4ff) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS 2010/11/29 11:13:00.0703 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2010/11/29 11:13:01.0000 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/29 11:13:01.0250 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/11/29 11:13:01.0734 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/11/29 11:13:02.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/29 11:13:02.0312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/29 11:13:02.0562 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys 2010/11/29 11:13:02.0906 P16X (e433c553d00d76fbc616294b60a7a530) C:\WINDOWS\system32\drivers\P16X.sys 2010/11/29 11:13:03.0187 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys 2010/11/29 11:13:03.0421 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys 2010/11/29 11:13:03.0671 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/11/29 11:13:03.0890 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/29 11:13:04.0093 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/29 11:13:04.0312 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/29 11:13:04.0671 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys 2010/11/29 11:13:04.0921 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/29 11:13:05.0765 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys 2010/11/29 11:13:06.0015 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys 2010/11/29 11:13:06.0250 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys 2010/11/29 11:13:06.0531 PnkBstrK (f4ba8e3e515a3dd9dd29a031d6f94e02) C:\WINDOWS\system32\drivers\PnkBstrK.sys 2010/11/29 11:13:06.0765 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/29 11:13:06.0984 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/11/29 11:13:07.0218 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/29 11:13:07.0437 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/29 11:13:07.0671 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys 2010/11/29 11:13:07.0890 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 2010/11/29 11:13:08.0140 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys 2010/11/29 11:13:08.0390 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys 2010/11/29 11:13:08.0625 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys 2010/11/29 11:13:08.0875 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys 2010/11/29 11:13:09.0140 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys 2010/11/29 11:13:09.0343 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/29 11:13:09.0625 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/29 11:13:09.0843 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/29 11:13:10.0093 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/29 11:13:10.0296 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/29 11:13:10.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/29 11:13:10.0765 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/11/29 11:13:11.0015 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/29 11:13:11.0234 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/29 11:13:11.0546 SDdriver (ac2e5fa94155bc0c4c7ab8f97e181f6f) C:\WINDOWS\system32\Drivers\sddriver.sys 2010/11/29 11:13:12.0000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/29 11:13:12.0171 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/29 11:13:12.0312 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/29 11:13:12.0468 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/11/29 11:13:12.0765 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys 2010/11/29 11:13:12.0937 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2010/11/29 11:13:13.0109 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys 2010/11/29 11:13:13.0390 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2010/11/29 11:13:13.0718 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2010/11/29 11:13:13.0937 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/29 11:13:14.0171 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys 2010/11/29 11:13:14.0453 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS 2010/11/29 11:13:14.0718 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS 2010/11/29 11:13:14.0953 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/29 11:13:15.0218 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/29 11:13:15.0406 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2010/11/29 11:13:15.0656 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys 2010/11/29 11:13:15.0906 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys 2010/11/29 11:13:16.0187 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS 2010/11/29 11:13:16.0437 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2010/11/29 11:13:16.0687 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS 2010/11/29 11:13:16.0921 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS 2010/11/29 11:13:17.0140 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys 2010/11/29 11:13:17.0187 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys 2010/11/29 11:13:17.0390 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\System32\drivers\symlcbrd.sys 2010/11/29 11:13:17.0640 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS 2010/11/29 11:13:17.0890 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS 2010/11/29 11:13:18.0140 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys 2010/11/29 11:13:18.0390 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys 2010/11/29 11:13:18.0625 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/29 11:13:18.0890 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/29 11:13:19.0156 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/29 11:13:19.0359 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/29 11:13:19.0562 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/29 11:13:19.0812 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys 2010/11/29 11:13:20.0109 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys 2010/11/29 11:13:20.0343 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2010/11/29 11:13:20.0609 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys 2010/11/29 11:13:20.0859 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 2010/11/29 11:13:21.0140 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys 2010/11/29 11:13:21.0375 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/11/29 11:13:21.0625 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/29 11:13:21.0843 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/29 11:13:22.0078 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/11/29 11:13:22.0546 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/11/29 11:13:22.0781 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/29 11:13:22.0984 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/29 11:13:23.0187 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2010/11/29 11:13:23.0406 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys 2010/11/29 11:13:23.0640 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys 2010/11/29 11:13:23.0875 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/29 11:13:24.0093 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/29 11:13:24.0296 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2010/11/29 11:13:24.0515 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/29 11:13:24.0765 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys 2010/11/29 11:13:25.0046 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys 2010/11/29 11:13:25.0328 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys 2010/11/29 11:13:25.0562 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys 2010/11/29 11:13:25.0796 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2010/11/29 11:13:26.0078 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/11/29 11:13:26.0484 ================================================================================ 2010/11/29 11:13:26.0484 Scan finished 2010/11/29 11:13:26.0484 ================================================================================

OK, I got it now.....I will run from another login....also I have a good chunk of time today to work this out...thxs

Not sure, will take your recommendation....remember the other Logins are ok.....only mine is messed up...

Here you go...just ran... 2010/11/29 08:29:43.0640 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56 2010/11/29 08:29:43.0640 ================================================================================ 2010/11/29 08:29:43.0640 SystemInfo: 2010/11/29 08:29:43.0640 2010/11/29 08:29:43.0640 OS Version: 5.1.2600 ServicePack: 2.0 2010/11/29 08:29:43.0640 Product type: Workstation 2010/11/29 08:29:43.0640 ComputerName: SAMSELMAIN 2010/11/29 08:29:43.0640 UserName: Dad 2010/11/29 08:29:43.0640 Windows directory: C:\WINDOWS 2010/11/29 08:29:43.0640 System windows directory: C:\WINDOWS 2010/11/29 08:29:43.0640 Processor architecture: Intel x86 2010/11/29 08:29:43.0640 Number of processors: 1 2010/11/29 08:29:43.0640 Page size: 0x1000 2010/11/29 08:29:43.0640 Boot type: Normal boot 2010/11/29 08:29:43.0640 ================================================================================ 2010/11/29 08:29:45.0875 Initialize success 2010/11/29 08:29:50.0343 ================================================================================ 2010/11/29 08:29:50.0343 Scan started 2010/11/29 08:29:50.0343 Mode: Manual; 2010/11/29 08:29:50.0343 ================================================================================ 2010/11/29 08:29:54.0171 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS 2010/11/29 08:29:54.0953 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/29 08:29:55.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/29 08:29:55.0906 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys 2010/11/29 08:29:57.0062 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2010/11/29 08:29:57.0281 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2010/11/29 08:29:57.0500 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/11/29 08:29:57.0718 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys 2010/11/29 08:29:59.0312 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys 2010/11/29 08:30:00.0046 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys 2010/11/29 08:30:00.0937 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys 2010/11/29 08:30:01.0656 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys 2010/11/29 08:30:02.0671 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys 2010/11/29 08:30:04.0093 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys 2010/11/29 08:30:05.0234 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys 2010/11/29 08:30:06.0031 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys 2010/11/29 08:30:06.0812 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys 2010/11/29 08:30:07.0937 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys 2010/11/29 08:30:09.0062 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2010/11/29 08:30:10.0375 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/29 08:30:10.0843 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/29 08:30:11.0234 ati2mtag (bf94a12f9d86b28fecf00b24b7129013) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/11/29 08:30:12.0281 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/29 08:30:13.0671 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/29 08:30:14.0468 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys 2010/11/29 08:30:14.0718 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/11/29 08:30:15.0687 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys 2010/11/29 08:30:16.0265 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys 2010/11/29 08:30:17.0125 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/29 08:30:17.0375 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys 2010/11/29 08:30:17.0812 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys 2010/11/29 08:30:18.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/29 08:30:19.0281 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/29 08:30:19.0515 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys 2010/11/29 08:30:20.0078 Cdralw2k (18eb04a0dfd3ffae2ab736c3c1dfea34) C:\WINDOWS\system32\drivers\Cdralw2k.sys 2010/11/29 08:30:20.0875 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/29 08:30:22.0359 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys 2010/11/29 08:30:22.0781 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys 2010/11/29 08:30:23.0578 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys 2010/11/29 08:30:24.0312 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys 2010/11/29 08:30:24.0968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys 2010/11/29 08:30:25.0593 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/29 08:30:25.0875 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2010/11/29 08:30:27.0265 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2010/11/29 08:30:27.0453 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/11/29 08:30:27.0781 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2010/11/29 08:30:28.0046 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys 2010/11/29 08:30:28.0703 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/29 08:30:29.0015 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys 2010/11/29 08:30:30.0296 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2010/11/29 08:30:30.0625 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/11/29 08:30:32.0078 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys 2010/11/29 08:30:33.0031 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2010/11/29 08:30:34.0390 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/29 08:30:34.0734 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/29 08:30:35.0078 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2010/11/29 08:30:35.0734 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/11/29 08:30:36.0750 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/11/29 08:30:36.0953 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/29 08:30:37.0718 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/29 08:30:37.0843 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2010/11/29 08:30:38.0750 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/11/29 08:30:39.0046 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/29 08:30:40.0484 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys 2010/11/29 08:30:41.0687 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/11/29 08:30:42.0984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys 2010/11/29 08:30:44.0234 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2010/11/29 08:30:44.0468 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2010/11/29 08:30:44.0687 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2010/11/29 08:30:44.0921 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/29 08:30:45.0125 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/11/29 08:30:46.0109 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys 2010/11/29 08:30:47.0187 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/29 08:30:48.0562 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys 2010/11/29 08:30:50.0093 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys 2010/11/29 08:30:51.0156 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys 2010/11/29 08:30:51.0750 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys 2010/11/29 08:30:52.0203 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys 2010/11/29 08:30:53.0421 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys 2010/11/29 08:30:53.0781 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys 2010/11/29 08:30:54.0906 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys 2010/11/29 08:30:55.0359 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys 2010/11/29 08:30:56.0265 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys 2010/11/29 08:30:57.0625 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSxpx86.sys 2010/11/29 08:30:59.0250 ikhfile (f24866ee5c0819e9b1b58f2c00af078e) C:\WINDOWS\system32\drivers\ikhfile.sys 2010/11/29 08:30:59.0484 ikhlayer (9a2cff8e3ef0a35f23f544fab915c060) C:\WINDOWS\System32\drivers\ikhlayer.sys 2010/11/29 08:31:00.0734 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/29 08:31:01.0343 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys 2010/11/29 08:31:02.0468 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/11/29 08:31:02.0718 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/29 08:31:04.0046 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/11/29 08:31:04.0968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/29 08:31:05.0953 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/29 08:31:07.0078 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/29 08:31:07.0265 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/29 08:31:08.0375 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/29 08:31:09.0546 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/29 08:31:09.0796 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys 2010/11/29 08:31:11.0093 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/29 08:31:12.0453 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/11/29 08:31:13.0578 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2010/11/29 08:31:13.0796 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/29 08:31:14.0203 l8042pr2 (80794cc09e6aea4c10ec35ae6ba86ad4) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys 2010/11/29 08:31:16.0046 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\drivers\lccfltr.sys 2010/11/29 08:31:16.0390 LHidFlt2 (9de00e4938d396384504af5ddcc45770) C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys 2010/11/29 08:31:16.0906 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINDOWS\system32\Drivers\LHidUsb.Sys 2010/11/29 08:31:18.0312 LKbdFlt2 (b3e69110fba2c07b634e6bf20fe9f9ac) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys 2010/11/29 08:31:19.0203 LMouFlt2 (6d8f6f74341d804a2552d5c6edc98cb9) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys 2010/11/29 08:31:19.0828 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys 2010/11/29 08:31:20.0765 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/29 08:31:21.0578 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2010/11/29 08:31:21.0812 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2010/11/29 08:31:22.0531 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/29 08:31:23.0171 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/11/29 08:31:24.0140 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/29 08:31:24.0343 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys 2010/11/29 08:31:25.0437 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/29 08:31:25.0671 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/29 08:31:25.0921 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2010/11/29 08:31:26.0078 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/29 08:31:26.0578 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/29 08:31:27.0593 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/29 08:31:28.0578 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/29 08:31:28.0765 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2010/11/29 08:31:29.0078 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101128.002\NAVENG.SYS 2010/11/29 08:31:29.0390 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101128.002\NAVEX15.SYS 2010/11/29 08:31:29.0750 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2010/11/29 08:31:29.0921 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/29 08:31:30.0812 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/29 08:31:31.0859 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/29 08:31:32.0265 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/29 08:31:32.0640 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/29 08:31:32.0765 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/29 08:31:33.0328 NMSCFG (847d6d775524fa5e58d851ddec566a12) C:\WINDOWS\system32\drivers\NMSCFG.SYS 2010/11/29 08:31:34.0375 NPDriver (57883a0c8ab1d93fce74d79b5fe8b4ff) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS 2010/11/29 08:31:34.0656 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2010/11/29 08:31:35.0046 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/29 08:31:35.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/11/29 08:31:36.0859 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/11/29 08:31:37.0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/29 08:31:38.0984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/29 08:31:40.0359 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys 2010/11/29 08:31:41.0843 P16X (e433c553d00d76fbc616294b60a7a530) C:\WINDOWS\system32\drivers\P16X.sys 2010/11/29 08:31:42.0625 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys 2010/11/29 08:31:43.0734 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys 2010/11/29 08:31:44.0656 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/11/29 08:31:45.0500 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/29 08:31:46.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/29 08:31:47.0296 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/29 08:31:47.0640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys 2010/11/29 08:31:48.0640 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/29 08:31:49.0843 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys 2010/11/29 08:31:50.0875 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys 2010/11/29 08:31:51.0937 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys 2010/11/29 08:31:53.0312 PnkBstrK (f4ba8e3e515a3dd9dd29a031d6f94e02) C:\WINDOWS\system32\drivers\PnkBstrK.sys 2010/11/29 08:31:54.0187 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/29 08:31:54.0640 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/11/29 08:31:55.0953 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/29 08:31:57.0281 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/29 08:31:58.0343 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys 2010/11/29 08:31:59.0031 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 2010/11/29 08:31:59.0171 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys 2010/11/29 08:32:00.0015 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys 2010/11/29 08:32:00.0859 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys 2010/11/29 08:32:01.0218 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys 2010/11/29 08:32:01.0593 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys 2010/11/29 08:32:02.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/29 08:32:03.0203 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/29 08:32:04.0296 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/29 08:32:05.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/29 08:32:06.0468 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/29 08:32:06.0671 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/29 08:32:07.0781 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/11/29 08:32:08.0687 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/29 08:32:08.0875 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/29 08:32:10.0109 SDdriver (ac2e5fa94155bc0c4c7ab8f97e181f6f) C:\WINDOWS\system32\Drivers\sddriver.sys 2010/11/29 08:32:10.0406 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/29 08:32:10.0531 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/29 08:32:11.0296 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/29 08:32:12.0750 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/11/29 08:32:13.0421 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys 2010/11/29 08:32:14.0875 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2010/11/29 08:32:15.0171 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys 2010/11/29 08:32:16.0406 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2010/11/29 08:32:16.0906 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2010/11/29 08:32:17.0171 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/29 08:32:17.0406 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys 2010/11/29 08:32:18.0968 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS 2010/11/29 08:32:19.0312 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS 2010/11/29 08:32:19.0687 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/29 08:32:19.0953 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/29 08:32:20.0453 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2010/11/29 08:32:20.0750 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys 2010/11/29 08:32:21.0812 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys 2010/11/29 08:32:22.0953 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS 2010/11/29 08:32:23.0296 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2010/11/29 08:32:23.0531 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS 2010/11/29 08:32:23.0828 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS 2010/11/29 08:32:24.0093 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys 2010/11/29 08:32:24.0218 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys 2010/11/29 08:32:24.0421 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\System32\drivers\symlcbrd.sys 2010/11/29 08:32:24.0781 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS 2010/11/29 08:32:25.0093 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS 2010/11/29 08:32:25.0453 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys 2010/11/29 08:32:25.0765 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys 2010/11/29 08:32:26.0187 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/29 08:32:26.0390 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/29 08:32:26.0781 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/29 08:32:27.0015 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/29 08:32:27.0140 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/29 08:32:28.0031 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys 2010/11/29 08:32:29.0046 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys 2010/11/29 08:32:29.0187 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2010/11/29 08:32:29.0828 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys 2010/11/29 08:32:30.0937 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 2010/11/29 08:32:31.0218 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys 2010/11/29 08:32:32.0093 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/11/29 08:32:32.0265 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/29 08:32:33.0531 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/29 08:32:34.0046 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/11/29 08:32:34.0156 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/11/29 08:32:35.0046 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/29 08:32:35.0156 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/29 08:32:36.0140 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2010/11/29 08:32:37.0593 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys 2010/11/29 08:32:38.0484 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys 2010/11/29 08:32:38.0796 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/29 08:32:39.0125 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/29 08:32:40.0078 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2010/11/29 08:32:40.0328 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/29 08:32:40.0718 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys 2010/11/29 08:32:41.0781 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys 2010/11/29 08:32:42.0156 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys 2010/11/29 08:32:43.0125 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys 2010/11/29 08:32:43.0953 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2010/11/29 08:32:45.0437 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/11/29 08:32:47.0046 ================================================================================ 2010/11/29 08:32:47.0046 Scan finished 2010/11/29 08:32:47.0046 ================================================================================

Hmmm...it remains hidden......

Sorry to report no luck.... The program ran successfully, (4 successfully run mgs (or 5), re boot (shut down and start up) ran a little bit longer......I tested other accounts they have icons.....

Ok, then what do I do with this info? thxs

No......I get a standard explorer view of My Documents directory. Now I need to vent. As I mentioned I have some development background and now only "know enough to be dangerous"....what I can't understand is virus aside we are only talking what is an equivalent of a presentation layer unless Bill Gates rocket science is involved. Can someone provide a hint as to what the complication is? I have read renaming explorer.exe or creating a new account (my other 4 work fine, even through the clean up process) but those are band aids. Next steps? thanks

Sorry about this....neither recommendation helped...when you asked for the copy to the desktop, of course that is the issue....my desktop icons do not display.....the new icon is in the directory, but does not display... On the Control Panel change....no security item in the drop down... we are not progressing

OK.....but first a quick question....I'm not the brightest bulb on this, but know enough to be dangerous..... For the latest instructions, what is the difference between the 1st step (which requires download, more processes ect) and the 2nd, which is pretty easy..... Part of me is wondering why not just create a new "Dads" account....other than it still leaves the issue in place...I would rather fix..... Will be away from the PC for a couple days (Thanksgiving travel)......will hit in 2 days... Again thanks for your attention!

Ran Combo.....here is the result log......desktop skin changed to a previously used pic about 4 years ago....still no icons..... ComboFix 10-11-24.01 - Dad 11/24/2010 20:09:44.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.584 [GMT -5:00] Running from: c:\documents and settings\Dad\My Documents\Downloads\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Greg\greg 2007 summer report C .doc c:\program files\INSTALL.LOG c:\program files\version.txt c:\windows\bobsaver.exe c:\windows\bobsaver.scr c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\patch.exe c:\windows\system32\Data c:\windows\system32\Thumbs.db c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((( Files Created from 2010-10-25 to 2010-11-25 ))))))))))))))))))))))))))))))) . 2010-11-25 00:47 . 2010-11-25 00:50 -------- dc----w- C:\32788R22FWJFW 2010-11-21 12:34 . 2010-11-21 12:34 -------- d-----w- c:\documents and settings\Mom2\Local Settings\Application Data\AOL Toolbar 2010-11-15 10:19 . 2010-11-15 10:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL 2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Toolbar 2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\program files\Common Files\Software Update Utility 2010-11-15 04:12 . 2010-11-15 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP 2010-11-15 04:10 . 2010-11-15 04:21 -------- d-----w- c:\program files\AOL 9.5 2010-11-15 04:10 . 2010-11-15 04:18 -------- d-----w- c:\program files\Common Files\aolshare 2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install AOL Communicator 2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install Winamp 2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install ICQ 2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\AOL Instant Messenger 2010-11-14 16:22 . 2010-11-14 16:22 -------- d-----w- c:\program files\Learn2.com . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-24 23:46 . 2010-01-07 00:30 41856 ----a-w- c:\windows\system32\drivers\imapi.sys 2010-11-24 04:39 . 2006-10-27 18:33 963 -c-ha-w- c:\windows\win.tmp 2010-11-18 02:28 . 2009-03-06 03:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-11-18 02:28 . 2007-04-04 00:35 214520 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-11-18 02:19 . 2007-04-04 00:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2006-04-05 16:26 . 2006-09-23 21:46 233472 -c--a-w- c:\program files\ShellEnglishLC.dll 2006-04-05 16:26 . 2006-09-23 21:46 36864 -c--a-w- c:\program files\ShellDLLResEnglish.dll 2006-04-05 16:26 . 2006-09-23 21:46 483328 -c--a-w- c:\program files\Shell2EnglishLC.dll 2006-04-05 16:26 . 2006-09-23 21:46 208896 -c--a-w- c:\program files\ShellLC.dll 2006-04-05 16:26 . 2006-09-23 21:46 114688 -c--a-w- c:\program files\RTFCtrl.dll 2006-04-05 16:26 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXExHand.dll 2006-04-05 16:24 . 2006-09-23 21:46 45056 -c--a-w- c:\program files\DMUtilsResEnglish.dll 2006-04-05 16:24 . 2006-09-23 21:46 184320 -c--a-w- c:\program files\DMUtils.dll 2006-04-05 16:23 . 2006-09-23 21:46 86016 -c--a-w- c:\program files\DMTutorialResEnglish.dll 2006-04-05 16:23 . 2006-09-23 21:46 90112 -c--a-w- c:\program files\DMTutorial.dll 2006-04-05 16:22 . 2006-09-23 21:46 159744 -c--a-w- c:\program files\DMSetupResEnglish.dll 2006-04-05 16:22 . 2006-09-23 21:46 303104 -c--a-w- c:\program files\DMSetup.dll 2006-04-05 16:21 . 2006-09-23 21:46 118784 -c--a-w- c:\program files\ODIFCopy.dll 2006-04-05 16:21 . 2006-09-23 21:46 98304 -c--a-w- c:\program files\ODIMan.dll 2006-04-05 16:21 . 2006-09-23 21:46 20480 -c--a-w- c:\program files\DMInfoResEnglish.dll 2006-04-05 16:20 . 2006-09-23 21:46 151552 -c--a-w- c:\program files\DMInfo.dll 2006-04-05 16:19 . 2006-09-23 21:46 3497984 -c--a-w- c:\program files\ODIJump.dll 2006-04-05 16:19 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODICtrl.dll 2006-04-05 16:19 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\ODIFrmt.dll 2006-04-05 16:18 . 2006-09-23 21:46 61440 -c--a-w- c:\program files\CDEject.exe 2006-04-05 16:18 . 2006-09-23 21:46 49152 ----a-w- c:\program files\DataLifeguard.exe 2006-04-05 16:18 . 2006-09-23 21:46 266240 -c--a-w- c:\program files\ShellDLL.dll 2006-04-05 16:17 . 2006-09-23 21:46 139264 -c--a-w- c:\program files\ODIPart.dll 2006-04-05 16:16 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODIDev.dll 2006-04-05 16:16 . 2006-09-23 21:46 49152 -c--a-w- c:\program files\Scsilib.dll 2006-04-05 16:15 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\mxdlgsup.dll 2006-04-05 16:15 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXPM.dll 2004-12-08 14:50 . 2004-12-08 14:50 2112103 -c--a-w- c:\program files\BHODemon20Setup_2020.exe 2004-12-02 13:24 . 2004-12-02 13:22 16706160 -c--a-w- c:\program files\AdbeRdr60_enu_full.exe 2004-12-02 13:22 . 2004-12-02 13:22 6811656 -c--a-w- c:\program files\psa201se_us.exe 2003-04-03 12:47 . 2003-04-03 12:47 1684194 -c--a-w- c:\program files\SpamNet1.0Beta9.exe 2003-02-18 01:31 . 2003-02-18 01:31 2430662 -c--a-w- c:\program files\spybotsd11.exe 2003-02-09 03:10 . 2003-02-09 03:10 37376 -c-ha-w- c:\program files\iblock.exe 2003-01-17 04:22 . 2003-01-17 04:22 3781808 -c-ha-w- c:\program files\zaSetup_1001.exe 2003-01-11 15:07 . 2003-01-11 14:41 8839120 -c-ha-w- c:\program files\AcroReader51_ENU.exe 2003-01-11 14:41 . 2003-01-11 04:22 13736688 -c-ha-w- c:\program files\AcroReader51_ENU_full.exe 2000-03-13 16:13 . 2006-09-23 21:46 509984 -c--a-w- c:\program files\50comupd.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856] "AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2010-03-23 29520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-12 192512] "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-25 290816] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2007-09-18 25472] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "HostManager"="c:\program files\Common Files\AOL\1188076909\ee\AOLSoftware.exe" [2010-02-10 41800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 152952] "Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-12-11 2115728] c:\documents and settings\Dad\Start Menu\Programs\Startup\ HotSync Manager.LNK - c:\program files\Palm\Hotsync.exe [2004-6-9 471040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-2-2 28672] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-12-22 45056] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-2-13 169472] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2002-04-10 20:44 679936 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-24 10:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "Camera Detector"=c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "f:\\America Online 9.0\\waol.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\cod2mp_s.exe"= "c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"= "c:\\Program Files\\Palm\\Hotsync.exe"= "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\Common Files\\AOL\\1188076909\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.5\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 135664] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632] S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101123.001\IDSxpx86.sys [2010-10-19 341880] S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640] S2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2005-11-04 95832] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2010-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37] 2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37] 2010-11-01 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job - c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 12:22] . . ------- Supplementary Scan ------- . uLocal Page = C:\WINDOWSabout.htm uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = about:blank mStart Page = about:blank mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:6522 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Trusted Zone: finefind.net DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\46d37nqd.dad\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-LDM - \Program\BackWeb-8876480.exe Notify-WebCheck - c:\windows\system32\jt4607hse.dll SafeBoot-klmdb.sys MSConfigStartUp-AOL Fast Start - c:\program files\America Online 9.0a\AOL.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-24 20:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\windows\TEMP\mc23.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005) @Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005) @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(968) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(7204) c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\System32\CTsvcCDA.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Spyware Doctor\sdhelp.exe c:\progra~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE c:\windows\wanmpsvc.exe c:\windows\System32\MsPMSPSv.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\AOL 9.5\waol.exe c:\program files\AOL 9.5\shellmon.exe . ************************************************************************** . Completion time: 2010-11-24 21:06:46 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-25 02:06 Pre-Run: 10,800,365,568 bytes free Post-Run: 11,493,785,600 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect - - End Of File - - 9492ACEDEB9CCB61F7A4CFA316804CFE

Ran TDSSkiller again.....log was clean...no issues.....rebooted..... Same result..... Hmmmm

Was hit and ran MWB. Running XP Pro SP2. Of 5 Users on this PC, all desktop images are ok, 1 (mine) has partial toolbar, however no desktop icons. They do reside in the proper file. Researching solutions, there must be something easier for this fix, other than creating another user account. Here is the MWB log. Any help is appreciated! Mark Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5173 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 11/23/2010 12:03:24 AM mbam-log-2010-11-23 (00-03-24).txt Scan type: Quick scan Objects scanned: 224419 Time elapsed: 22 minute(s), 19 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: C:\Documents and Settings\Dad\Local Settings\Temp\UwfwpsmjuX.exe (Trojan.Agent) -> Unloaded process successfully. C:\Documents and Settings\Dad\Local Settings\Temp\7867468.exe (Rogue.FakeHDD.Gen) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uwfwpsmjux.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7867468 (Rogue.FakeHDD.Gen) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Dad\Local Settings\Temp\UwfwpsmjuX.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Dad\Local Settings\Temp\7867468.exe (Rogue.FakeHDD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Dad\Local Settings\Temp\SSGLtVnAlN.dll (Trojan.FakeMS) -> Delete on reboot.