mswind18
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mswind18
-
-
This should be a little embarrassing after all this:
Mastershake; you are on the right track.......I found this before your post...
"" To resolve this behavior, turn on the Show Desktop Icons feature:
1. Right-click the desktop.
2. Point to Arrange Icons By.
3. Click Show Desktop Icons. ""
Fixed
Sorry to interject.Did you try this.
Right-Click->View->Show Desktop Icons
-
No luck still.
-
Sorry about that forgot to post...here it is...
ComboFix 10-11-28.05 - Dad 11/29/2010 15:02:07.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.407 [GMT -5:00]
Running from: c:\documents and settings\Dad\My Documents\Downloads\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
.
2010-11-21 12:34 . 2010-11-21 12:34 -------- d-----w- c:\documents and settings\Mom2\Local Settings\Application Data\AOL Toolbar
2010-11-15 10:19 . 2010-11-15 10:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Toolbar
2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-11-15 04:12 . 2010-11-15 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2010-11-15 04:10 . 2010-11-15 04:21 -------- d-----w- c:\program files\AOL 9.5
2010-11-15 04:10 . 2010-11-15 04:18 -------- d-----w- c:\program files\Common Files\aolshare
2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install AOL Communicator
2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install Winamp
2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install ICQ
2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\AOL Instant Messenger
2010-11-14 16:22 . 2010-11-14 16:22 -------- d-----w- c:\program files\Learn2.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 15:29 . 2009-03-06 03:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-29 15:29 . 2007-04-04 00:35 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-29 15:22 . 2007-04-04 00:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-24 23:46 . 2010-01-07 00:30 41856 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-11-24 04:39 . 2006-10-27 18:33 963 -c-ha-w- c:\windows\win.tmp
2006-04-05 16:26 . 2006-09-23 21:46 233472 -c--a-w- c:\program files\ShellEnglishLC.dll
2006-04-05 16:26 . 2006-09-23 21:46 36864 -c--a-w- c:\program files\ShellDLLResEnglish.dll
2006-04-05 16:26 . 2006-09-23 21:46 483328 -c--a-w- c:\program files\Shell2EnglishLC.dll
2006-04-05 16:26 . 2006-09-23 21:46 208896 -c--a-w- c:\program files\ShellLC.dll
2006-04-05 16:26 . 2006-09-23 21:46 114688 -c--a-w- c:\program files\RTFCtrl.dll
2006-04-05 16:26 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXExHand.dll
2006-04-05 16:24 . 2006-09-23 21:46 45056 -c--a-w- c:\program files\DMUtilsResEnglish.dll
2006-04-05 16:24 . 2006-09-23 21:46 184320 -c--a-w- c:\program files\DMUtils.dll
2006-04-05 16:23 . 2006-09-23 21:46 86016 -c--a-w- c:\program files\DMTutorialResEnglish.dll
2006-04-05 16:23 . 2006-09-23 21:46 90112 -c--a-w- c:\program files\DMTutorial.dll
2006-04-05 16:22 . 2006-09-23 21:46 159744 -c--a-w- c:\program files\DMSetupResEnglish.dll
2006-04-05 16:22 . 2006-09-23 21:46 303104 -c--a-w- c:\program files\DMSetup.dll
2006-04-05 16:21 . 2006-09-23 21:46 118784 -c--a-w- c:\program files\ODIFCopy.dll
2006-04-05 16:21 . 2006-09-23 21:46 98304 -c--a-w- c:\program files\ODIMan.dll
2006-04-05 16:21 . 2006-09-23 21:46 20480 -c--a-w- c:\program files\DMInfoResEnglish.dll
2006-04-05 16:20 . 2006-09-23 21:46 151552 -c--a-w- c:\program files\DMInfo.dll
2006-04-05 16:19 . 2006-09-23 21:46 3497984 -c--a-w- c:\program files\ODIJump.dll
2006-04-05 16:19 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODICtrl.dll
2006-04-05 16:19 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\ODIFrmt.dll
2006-04-05 16:18 . 2006-09-23 21:46 61440 -c--a-w- c:\program files\CDEject.exe
2006-04-05 16:18 . 2006-09-23 21:46 49152 ----a-w- c:\program files\DataLifeguard.exe
2006-04-05 16:18 . 2006-09-23 21:46 266240 -c--a-w- c:\program files\ShellDLL.dll
2006-04-05 16:17 . 2006-09-23 21:46 139264 -c--a-w- c:\program files\ODIPart.dll
2006-04-05 16:16 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODIDev.dll
2006-04-05 16:16 . 2006-09-23 21:46 49152 -c--a-w- c:\program files\Scsilib.dll
2006-04-05 16:15 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\mxdlgsup.dll
2006-04-05 16:15 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXPM.dll
2004-12-08 14:50 . 2004-12-08 14:50 2112103 -c--a-w- c:\program files\BHODemon20Setup_2020.exe
2004-12-02 13:24 . 2004-12-02 13:22 16706160 -c--a-w- c:\program files\AdbeRdr60_enu_full.exe
2004-12-02 13:22 . 2004-12-02 13:22 6811656 -c--a-w- c:\program files\psa201se_us.exe
2003-04-03 12:47 . 2003-04-03 12:47 1684194 -c--a-w- c:\program files\SpamNet1.0Beta9.exe
2003-02-18 01:31 . 2003-02-18 01:31 2430662 -c--a-w- c:\program files\spybotsd11.exe
2003-02-09 03:10 . 2003-02-09 03:10 37376 -c-ha-w- c:\program files\iblock.exe
2003-01-17 04:22 . 2003-01-17 04:22 3781808 -c-ha-w- c:\program files\zaSetup_1001.exe
2003-01-11 15:07 . 2003-01-11 14:41 8839120 -c-ha-w- c:\program files\AcroReader51_ENU.exe
2003-01-11 14:41 . 2003-01-11 04:22 13736688 -c-ha-w- c:\program files\AcroReader51_ENU_full.exe
2000-03-13 16:13 . 2006-09-23 21:46 509984 -c--a-w- c:\program files\50comupd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2010-03-23 29520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-12 192512]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-25 290816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2007-09-18 25472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1188076909\ee\AOLSoftware.exe" [2010-02-10 41800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 152952]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-12-11 2115728]
c:\documents and settings\Dad\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-2-2 28672]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-12-22 45056]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-04-10 20:44 679936 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-24 10:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Camera Detector"=c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\cod2mp_s.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\1188076909\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 135664]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSxpx86.sys [2010-10-19 341880]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2005-11-04 95832]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK
*Deregistered* - klmd25
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2010-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37]
2010-11-01 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 12:22]
.
.
------- Supplementary Scan -------
.
uLocal Page = C:\WINDOWSabout.htm
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mLocal Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: finefind.net
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\46d37nqd.dad\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\46d37nqd.dad\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-29 15:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc23.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005)
@Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(43068)
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\System32\shdoclc.dll
c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-29 16:49:15
ComboFix-quarantined-files.txt 2010-11-29 21:48
ComboFix2.txt 2010-11-29 18:49
ComboFix3.txt 2010-11-25 02:07
Pre-Run: 11,900,088,320 bytes free
Post-Run: 12,105,166,848 bytes free
- - End Of File - - C71348CEEB57BEFF015A165E85AF5CEE
-
Here is the report from the affected account....this also took longer than the one I ran the other day (for the first time)....
-
I was getting nervous.....started the program and it seemed the"creating report" part was running too long....certainly not as long in my (the problem) directory....so I stopped and ran again...and just let it run.....report finally appeared (attached) also note I think I did not run combofix as you requested earlier today from the problem account....should I run again?
Here is from a good account.
ComboFix 10-11-28.05 - Mom2 11/29/2010 12:32:26.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.314 [GMT -5:00]
Running from: c:\documents and settings\Dad\My Documents\Downloads\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
.
2010-11-29 16:08 . 2010-11-29 16:08 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\AOL Toolbar
2010-11-29 16:03 . 2010-11-29 16:03 -------- d-----w- c:\documents and settings\Greg\Application Data\Malwarebytes
2010-11-21 12:34 . 2010-11-21 12:34 -------- d-----w- c:\documents and settings\Mom2\Local Settings\Application Data\AOL Toolbar
2010-11-15 10:19 . 2010-11-15 10:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Toolbar
2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-11-15 04:12 . 2010-11-15 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2010-11-15 04:10 . 2010-11-15 04:21 -------- d-----w- c:\program files\AOL 9.5
2010-11-15 04:10 . 2010-11-15 04:18 -------- d-----w- c:\program files\Common Files\aolshare
2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install AOL Communicator
2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install Winamp
2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install ICQ
2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\AOL Instant Messenger
2010-11-14 16:22 . 2010-11-14 16:22 -------- d-----w- c:\program files\Learn2.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 15:29 . 2009-03-06 03:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-29 15:29 . 2007-04-04 00:35 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-29 15:22 . 2007-04-04 00:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-24 23:46 . 2010-01-07 00:30 41856 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-11-24 04:39 . 2006-10-27 18:33 963 -c-ha-w- c:\windows\win.tmp
2006-04-05 16:26 . 2006-09-23 21:46 233472 -c--a-w- c:\program files\ShellEnglishLC.dll
2006-04-05 16:26 . 2006-09-23 21:46 36864 -c--a-w- c:\program files\ShellDLLResEnglish.dll
2006-04-05 16:26 . 2006-09-23 21:46 483328 -c--a-w- c:\program files\Shell2EnglishLC.dll
2006-04-05 16:26 . 2006-09-23 21:46 208896 -c--a-w- c:\program files\ShellLC.dll
2006-04-05 16:26 . 2006-09-23 21:46 114688 -c--a-w- c:\program files\RTFCtrl.dll
2006-04-05 16:26 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXExHand.dll
2006-04-05 16:24 . 2006-09-23 21:46 45056 -c--a-w- c:\program files\DMUtilsResEnglish.dll
2006-04-05 16:24 . 2006-09-23 21:46 184320 -c--a-w- c:\program files\DMUtils.dll
2006-04-05 16:23 . 2006-09-23 21:46 86016 -c--a-w- c:\program files\DMTutorialResEnglish.dll
2006-04-05 16:23 . 2006-09-23 21:46 90112 -c--a-w- c:\program files\DMTutorial.dll
2006-04-05 16:22 . 2006-09-23 21:46 159744 -c--a-w- c:\program files\DMSetupResEnglish.dll
2006-04-05 16:22 . 2006-09-23 21:46 303104 -c--a-w- c:\program files\DMSetup.dll
2006-04-05 16:21 . 2006-09-23 21:46 118784 -c--a-w- c:\program files\ODIFCopy.dll
2006-04-05 16:21 . 2006-09-23 21:46 98304 -c--a-w- c:\program files\ODIMan.dll
2006-04-05 16:21 . 2006-09-23 21:46 20480 -c--a-w- c:\program files\DMInfoResEnglish.dll
2006-04-05 16:20 . 2006-09-23 21:46 151552 -c--a-w- c:\program files\DMInfo.dll
2006-04-05 16:19 . 2006-09-23 21:46 3497984 -c--a-w- c:\program files\ODIJump.dll
2006-04-05 16:19 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODICtrl.dll
2006-04-05 16:19 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\ODIFrmt.dll
2006-04-05 16:18 . 2006-09-23 21:46 61440 -c--a-w- c:\program files\CDEject.exe
2006-04-05 16:18 . 2006-09-23 21:46 49152 ----a-w- c:\program files\DataLifeguard.exe
2006-04-05 16:18 . 2006-09-23 21:46 266240 -c--a-w- c:\program files\ShellDLL.dll
2006-04-05 16:17 . 2006-09-23 21:46 139264 -c--a-w- c:\program files\ODIPart.dll
2006-04-05 16:16 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODIDev.dll
2006-04-05 16:16 . 2006-09-23 21:46 49152 -c--a-w- c:\program files\Scsilib.dll
2006-04-05 16:15 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\mxdlgsup.dll
2006-04-05 16:15 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXPM.dll
2004-12-08 14:50 . 2004-12-08 14:50 2112103 -c--a-w- c:\program files\BHODemon20Setup_2020.exe
2004-12-02 13:24 . 2004-12-02 13:22 16706160 -c--a-w- c:\program files\AdbeRdr60_enu_full.exe
2004-12-02 13:22 . 2004-12-02 13:22 6811656 -c--a-w- c:\program files\psa201se_us.exe
2003-04-03 12:47 . 2003-04-03 12:47 1684194 -c--a-w- c:\program files\SpamNet1.0Beta9.exe
2003-02-18 01:31 . 2003-02-18 01:31 2430662 -c--a-w- c:\program files\spybotsd11.exe
2003-02-09 03:10 . 2003-02-09 03:10 37376 -c-ha-w- c:\program files\iblock.exe
2003-01-17 04:22 . 2003-01-17 04:22 3781808 -c-ha-w- c:\program files\zaSetup_1001.exe
2003-01-11 15:07 . 2003-01-11 14:41 8839120 -c-ha-w- c:\program files\AcroReader51_ENU.exe
2003-01-11 14:41 . 2003-01-11 04:22 13736688 -c-ha-w- c:\program files\AcroReader51_ENU_full.exe
2000-03-13 16:13 . 2006-09-23 21:46 509984 -c--a-w- c:\program files\50comupd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="\Program\BackWeb-8876480.exe" [bU]
"SpokeSysTray"="c:\program files\Spoke Client\SpokeSysTray.exe" [2008-08-11 1875920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-12 192512]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-25 290816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2007-09-18 25472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1188076909\ee\AOLSoftware.exe" [2010-02-10 41800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 152952]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-12-11 2115728]
c:\documents and settings\Dad\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-2-2 28672]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-12-22 45056]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-04-10 20:44 679936 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-24 10:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Camera Detector"=c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\cod2mp_s.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\1188076909\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 135664]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSxpx86.sys [2010-10-19 341880]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2005-11-04 95832]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK
*Deregistered* - klmd25
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2010-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37]
2010-11-01 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 12:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dellnet.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mLocal Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = hxxp://localhost;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\Mom2\Application Data\Mozilla\Firefox\Profiles\nusav8en.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\Mom2\Application Data\Mozilla\Firefox\Profiles\nusav8en.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-29 12:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc23.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005)
@Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(29564)
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-29 13:48:54
ComboFix-quarantined-files.txt 2010-11-29 18:48
ComboFix2.txt 2010-11-25 02:07
Pre-Run: 12,074,573,824 bytes free
Post-Run: 12,042,928,128 bytes free
- - End Of File - - 646C70035D6DBD164ACB54A29851041E
-
This is from another account....nothing abnormal found
2010/11/29 11:12:21.0390 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/11/29 11:12:21.0390 ================================================================================
2010/11/29 11:12:21.0390 SystemInfo:
2010/11/29 11:12:21.0390
2010/11/29 11:12:21.0390 OS Version: 5.1.2600 ServicePack: 2.0
2010/11/29 11:12:21.0390 Product type: Workstation
2010/11/29 11:12:21.0390 ComputerName: SAMSELMAIN
2010/11/29 11:12:21.0390 UserName: Mom2
2010/11/29 11:12:21.0390 Windows directory: C:\WINDOWS
2010/11/29 11:12:21.0390 System windows directory: C:\WINDOWS
2010/11/29 11:12:21.0390 Processor architecture: Intel x86
2010/11/29 11:12:21.0390 Number of processors: 1
2010/11/29 11:12:21.0390 Page size: 0x1000
2010/11/29 11:12:21.0390 Boot type: Normal boot
2010/11/29 11:12:21.0390 ================================================================================
2010/11/29 11:12:23.0234 Initialize success
2010/11/29 11:12:26.0062 ================================================================================
2010/11/29 11:12:26.0062 Scan started
2010/11/29 11:12:26.0062 Mode: Manual;
2010/11/29 11:12:26.0062 ================================================================================
2010/11/29 11:12:29.0125 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/11/29 11:12:29.0359 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/29 11:12:29.0578 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/29 11:12:29.0843 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/11/29 11:12:30.0109 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/11/29 11:12:30.0328 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/11/29 11:12:30.0578 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/29 11:12:31.0109 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/11/29 11:12:31.0296 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/11/29 11:12:31.0468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/11/29 11:12:31.0640 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/11/29 11:12:31.0828 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/11/29 11:12:31.0984 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/11/29 11:12:32.0171 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/11/29 11:12:32.0343 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/11/29 11:12:32.0546 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/11/29 11:12:32.0750 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/11/29 11:12:32.0937 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/11/29 11:12:33.0109 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/11/29 11:12:33.0281 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/29 11:12:33.0390 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/29 11:12:33.0718 ati2mtag (bf94a12f9d86b28fecf00b24b7129013) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/29 11:12:34.0203 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/29 11:12:34.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/29 11:12:34.0734 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2010/11/29 11:12:34.0921 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/29 11:12:35.0171 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2010/11/29 11:12:35.0609 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/11/29 11:12:35.0859 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/29 11:12:36.0078 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
2010/11/29 11:12:36.0359 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/11/29 11:12:36.0609 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/29 11:12:36.0828 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/29 11:12:37.0078 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/11/29 11:12:37.0296 Cdralw2k (18eb04a0dfd3ffae2ab736c3c1dfea34) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/11/29 11:12:37.0531 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/29 11:12:37.0796 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/11/29 11:12:38.0203 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/11/29 11:12:38.0484 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/11/29 11:12:38.0765 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/11/29 11:12:39.0015 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/11/29 11:12:39.0265 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/29 11:12:39.0546 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/29 11:12:39.0796 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/29 11:12:40.0062 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/29 11:12:40.0281 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/29 11:12:40.0515 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/11/29 11:12:40.0750 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/29 11:12:41.0234 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/11/29 11:12:41.0453 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/29 11:12:41.0718 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/29 11:12:42.0062 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/11/29 11:12:42.0296 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/29 11:12:42.0562 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/29 11:12:42.0781 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/29 11:12:42.0984 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/29 11:12:43.0203 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/29 11:12:43.0421 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/29 11:12:43.0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/29 11:12:43.0890 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/29 11:12:44.0125 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/29 11:12:44.0390 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/29 11:12:44.0640 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/29 11:12:44.0875 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys
2010/11/29 11:12:45.0156 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/29 11:12:45.0406 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/11/29 11:12:45.0625 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/29 11:12:45.0890 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/29 11:12:46.0140 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/29 11:12:46.0390 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/29 11:12:46.0578 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/29 11:12:46.0765 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/11/29 11:12:46.0953 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/29 11:12:47.0171 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/11/29 11:12:47.0437 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/11/29 11:12:47.0656 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/11/29 11:12:47.0875 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/11/29 11:12:48.0125 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/11/29 11:12:48.0359 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/11/29 11:12:48.0593 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/11/29 11:12:48.0828 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/11/29 11:12:49.0203 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/11/29 11:12:49.0453 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/11/29 11:12:49.0750 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSxpx86.sys
2010/11/29 11:12:50.0000 ikhfile (f24866ee5c0819e9b1b58f2c00af078e) C:\WINDOWS\system32\drivers\ikhfile.sys
2010/11/29 11:12:50.0296 ikhlayer (9a2cff8e3ef0a35f23f544fab915c060) C:\WINDOWS\System32\drivers\ikhlayer.sys
2010/11/29 11:12:50.0531 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/29 11:12:50.0781 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/11/29 11:12:51.0203 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/29 11:12:51.0343 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/29 11:12:51.0515 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/29 11:12:51.0703 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/29 11:12:51.0859 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/29 11:12:52.0031 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/29 11:12:52.0140 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/29 11:12:52.0390 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/29 11:12:52.0546 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/29 11:12:52.0734 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
2010/11/29 11:12:52.0875 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/29 11:12:53.0000 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/29 11:12:53.0140 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/29 11:12:53.0265 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/29 11:12:53.0421 l8042pr2 (80794cc09e6aea4c10ec35ae6ba86ad4) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
2010/11/29 11:12:53.0812 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\drivers\lccfltr.sys
2010/11/29 11:12:54.0000 LHidFlt2 (9de00e4938d396384504af5ddcc45770) C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
2010/11/29 11:12:54.0140 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2010/11/29 11:12:54.0296 LKbdFlt2 (b3e69110fba2c07b634e6bf20fe9f9ac) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
2010/11/29 11:12:54.0468 LMouFlt2 (6d8f6f74341d804a2552d5c6edc98cb9) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
2010/11/29 11:12:54.0734 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/11/29 11:12:54.0875 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/29 11:12:55.0031 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/29 11:12:55.0203 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/29 11:12:55.0390 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/29 11:12:55.0531 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/29 11:12:55.0687 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/29 11:12:55.0859 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/11/29 11:12:56.0015 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/29 11:12:56.0187 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/29 11:12:56.0468 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/29 11:12:56.0687 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/29 11:12:56.0921 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/29 11:12:57.0187 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/29 11:12:57.0406 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/29 11:12:57.0562 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/29 11:12:58.0046 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101129.002\NAVENG.SYS
2010/11/29 11:12:58.0312 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101129.002\NAVEX15.SYS
2010/11/29 11:12:58.0609 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/29 11:12:58.0843 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/29 11:12:59.0062 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/29 11:12:59.0281 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/29 11:12:59.0500 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/29 11:12:59.0734 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/29 11:12:59.0968 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/29 11:13:00.0234 NMSCFG (847d6d775524fa5e58d851ddec566a12) C:\WINDOWS\system32\drivers\NMSCFG.SYS
2010/11/29 11:13:00.0468 NPDriver (57883a0c8ab1d93fce74d79b5fe8b4ff) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
2010/11/29 11:13:00.0703 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/29 11:13:01.0000 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/29 11:13:01.0250 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/29 11:13:01.0734 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/29 11:13:02.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/29 11:13:02.0312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/29 11:13:02.0562 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/29 11:13:02.0906 P16X (e433c553d00d76fbc616294b60a7a530) C:\WINDOWS\system32\drivers\P16X.sys
2010/11/29 11:13:03.0187 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/11/29 11:13:03.0421 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2010/11/29 11:13:03.0671 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/29 11:13:03.0890 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/29 11:13:04.0093 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/29 11:13:04.0312 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/29 11:13:04.0671 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2010/11/29 11:13:04.0921 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/29 11:13:05.0765 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/11/29 11:13:06.0015 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/11/29 11:13:06.0250 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2010/11/29 11:13:06.0531 PnkBstrK (f4ba8e3e515a3dd9dd29a031d6f94e02) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2010/11/29 11:13:06.0765 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/29 11:13:06.0984 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/29 11:13:07.0218 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/29 11:13:07.0437 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/29 11:13:07.0671 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/11/29 11:13:07.0890 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/11/29 11:13:08.0140 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/11/29 11:13:08.0390 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/11/29 11:13:08.0625 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/11/29 11:13:08.0875 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/11/29 11:13:09.0140 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/11/29 11:13:09.0343 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/29 11:13:09.0625 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/29 11:13:09.0843 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/29 11:13:10.0093 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/29 11:13:10.0296 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/29 11:13:10.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/29 11:13:10.0765 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/29 11:13:11.0015 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/29 11:13:11.0234 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/29 11:13:11.0546 SDdriver (ac2e5fa94155bc0c4c7ab8f97e181f6f) C:\WINDOWS\system32\Drivers\sddriver.sys
2010/11/29 11:13:12.0000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/29 11:13:12.0171 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/29 11:13:12.0312 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/29 11:13:12.0468 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/29 11:13:12.0765 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/11/29 11:13:12.0937 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/11/29 11:13:13.0109 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/11/29 11:13:13.0390 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/11/29 11:13:13.0718 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/29 11:13:13.0937 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/29 11:13:14.0171 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
2010/11/29 11:13:14.0453 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
2010/11/29 11:13:14.0718 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
2010/11/29 11:13:14.0953 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/29 11:13:15.0218 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/29 11:13:15.0406 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/29 11:13:15.0656 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/11/29 11:13:15.0906 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/11/29 11:13:16.0187 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
2010/11/29 11:13:16.0437 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/29 11:13:16.0687 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
2010/11/29 11:13:16.0921 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
2010/11/29 11:13:17.0140 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/11/29 11:13:17.0187 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/11/29 11:13:17.0390 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\System32\drivers\symlcbrd.sys
2010/11/29 11:13:17.0640 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
2010/11/29 11:13:17.0890 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2010/11/29 11:13:18.0140 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/11/29 11:13:18.0390 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/11/29 11:13:18.0625 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/29 11:13:18.0890 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/29 11:13:19.0156 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/29 11:13:19.0359 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/29 11:13:19.0562 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/29 11:13:19.0812 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/11/29 11:13:20.0109 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/11/29 11:13:20.0343 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/29 11:13:20.0609 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/11/29 11:13:20.0859 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/29 11:13:21.0140 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/29 11:13:21.0375 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/29 11:13:21.0625 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/29 11:13:21.0843 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/29 11:13:22.0078 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/29 11:13:22.0546 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/29 11:13:22.0781 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/29 11:13:22.0984 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/29 11:13:23.0187 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/29 11:13:23.0406 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/11/29 11:13:23.0640 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/11/29 11:13:23.0875 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/29 11:13:24.0093 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/29 11:13:24.0296 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/29 11:13:24.0515 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/29 11:13:24.0765 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
2010/11/29 11:13:25.0046 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
2010/11/29 11:13:25.0328 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
2010/11/29 11:13:25.0562 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
2010/11/29 11:13:25.0796 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/11/29 11:13:26.0078 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/29 11:13:26.0484 ================================================================================
2010/11/29 11:13:26.0484 Scan finished
2010/11/29 11:13:26.0484 ================================================================================
-
OK, I got it now.....I will run from another login....also I have a good chunk of time today to work this out...thxs
-
Not sure, will take your recommendation....remember the other Logins are ok.....only mine is messed up...
-
Here you go...just ran...
2010/11/29 08:29:43.0640 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/11/29 08:29:43.0640 ================================================================================
2010/11/29 08:29:43.0640 SystemInfo:
2010/11/29 08:29:43.0640
2010/11/29 08:29:43.0640 OS Version: 5.1.2600 ServicePack: 2.0
2010/11/29 08:29:43.0640 Product type: Workstation
2010/11/29 08:29:43.0640 ComputerName: SAMSELMAIN
2010/11/29 08:29:43.0640 UserName: Dad
2010/11/29 08:29:43.0640 Windows directory: C:\WINDOWS
2010/11/29 08:29:43.0640 System windows directory: C:\WINDOWS
2010/11/29 08:29:43.0640 Processor architecture: Intel x86
2010/11/29 08:29:43.0640 Number of processors: 1
2010/11/29 08:29:43.0640 Page size: 0x1000
2010/11/29 08:29:43.0640 Boot type: Normal boot
2010/11/29 08:29:43.0640 ================================================================================
2010/11/29 08:29:45.0875 Initialize success
2010/11/29 08:29:50.0343 ================================================================================
2010/11/29 08:29:50.0343 Scan started
2010/11/29 08:29:50.0343 Mode: Manual;
2010/11/29 08:29:50.0343 ================================================================================
2010/11/29 08:29:54.0171 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/11/29 08:29:54.0953 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/29 08:29:55.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/29 08:29:55.0906 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/11/29 08:29:57.0062 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/11/29 08:29:57.0281 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/11/29 08:29:57.0500 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/29 08:29:57.0718 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/11/29 08:29:59.0312 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/11/29 08:30:00.0046 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/11/29 08:30:00.0937 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/11/29 08:30:01.0656 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/11/29 08:30:02.0671 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/11/29 08:30:04.0093 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/11/29 08:30:05.0234 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/11/29 08:30:06.0031 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/11/29 08:30:06.0812 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/11/29 08:30:07.0937 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/11/29 08:30:09.0062 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/11/29 08:30:10.0375 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/29 08:30:10.0843 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/29 08:30:11.0234 ati2mtag (bf94a12f9d86b28fecf00b24b7129013) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/29 08:30:12.0281 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/29 08:30:13.0671 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/29 08:30:14.0468 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2010/11/29 08:30:14.0718 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/29 08:30:15.0687 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2010/11/29 08:30:16.0265 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/11/29 08:30:17.0125 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/29 08:30:17.0375 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
2010/11/29 08:30:17.0812 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/11/29 08:30:18.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/29 08:30:19.0281 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/29 08:30:19.0515 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/11/29 08:30:20.0078 Cdralw2k (18eb04a0dfd3ffae2ab736c3c1dfea34) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/11/29 08:30:20.0875 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/29 08:30:22.0359 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/11/29 08:30:22.0781 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/11/29 08:30:23.0578 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/11/29 08:30:24.0312 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/11/29 08:30:24.0968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/11/29 08:30:25.0593 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/29 08:30:25.0875 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/29 08:30:27.0265 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/29 08:30:27.0453 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/29 08:30:27.0781 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/29 08:30:28.0046 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/11/29 08:30:28.0703 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/29 08:30:29.0015 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/11/29 08:30:30.0296 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/29 08:30:30.0625 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/29 08:30:32.0078 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/11/29 08:30:33.0031 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/29 08:30:34.0390 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/29 08:30:34.0734 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/29 08:30:35.0078 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/29 08:30:35.0734 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/29 08:30:36.0750 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/29 08:30:36.0953 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/29 08:30:37.0718 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/29 08:30:37.0843 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/29 08:30:38.0750 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/29 08:30:39.0046 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/29 08:30:40.0484 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys
2010/11/29 08:30:41.0687 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/29 08:30:42.0984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/11/29 08:30:44.0234 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/29 08:30:44.0468 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/29 08:30:44.0687 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/29 08:30:44.0921 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/29 08:30:45.0125 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/29 08:30:46.0109 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/11/29 08:30:47.0187 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/29 08:30:48.0562 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/11/29 08:30:50.0093 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/11/29 08:30:51.0156 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/11/29 08:30:51.0750 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/11/29 08:30:52.0203 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/11/29 08:30:53.0421 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/11/29 08:30:53.0781 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/11/29 08:30:54.0906 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/11/29 08:30:55.0359 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/11/29 08:30:56.0265 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/11/29 08:30:57.0625 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSxpx86.sys
2010/11/29 08:30:59.0250 ikhfile (f24866ee5c0819e9b1b58f2c00af078e) C:\WINDOWS\system32\drivers\ikhfile.sys
2010/11/29 08:30:59.0484 ikhlayer (9a2cff8e3ef0a35f23f544fab915c060) C:\WINDOWS\System32\drivers\ikhlayer.sys
2010/11/29 08:31:00.0734 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/29 08:31:01.0343 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/11/29 08:31:02.0468 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/29 08:31:02.0718 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/29 08:31:04.0046 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/29 08:31:04.0968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/29 08:31:05.0953 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/29 08:31:07.0078 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/29 08:31:07.0265 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/29 08:31:08.0375 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/29 08:31:09.0546 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/29 08:31:09.0796 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
2010/11/29 08:31:11.0093 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/29 08:31:12.0453 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/29 08:31:13.0578 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/29 08:31:13.0796 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/29 08:31:14.0203 l8042pr2 (80794cc09e6aea4c10ec35ae6ba86ad4) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
2010/11/29 08:31:16.0046 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\drivers\lccfltr.sys
2010/11/29 08:31:16.0390 LHidFlt2 (9de00e4938d396384504af5ddcc45770) C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
2010/11/29 08:31:16.0906 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2010/11/29 08:31:18.0312 LKbdFlt2 (b3e69110fba2c07b634e6bf20fe9f9ac) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
2010/11/29 08:31:19.0203 LMouFlt2 (6d8f6f74341d804a2552d5c6edc98cb9) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
2010/11/29 08:31:19.0828 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/11/29 08:31:20.0765 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/29 08:31:21.0578 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/29 08:31:21.0812 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/29 08:31:22.0531 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/29 08:31:23.0171 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/29 08:31:24.0140 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/29 08:31:24.0343 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/11/29 08:31:25.0437 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/29 08:31:25.0671 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/29 08:31:25.0921 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/29 08:31:26.0078 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/29 08:31:26.0578 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/29 08:31:27.0593 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/29 08:31:28.0578 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/29 08:31:28.0765 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/29 08:31:29.0078 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101128.002\NAVENG.SYS
2010/11/29 08:31:29.0390 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101128.002\NAVEX15.SYS
2010/11/29 08:31:29.0750 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/29 08:31:29.0921 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/29 08:31:30.0812 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/29 08:31:31.0859 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/29 08:31:32.0265 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/29 08:31:32.0640 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/29 08:31:32.0765 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/29 08:31:33.0328 NMSCFG (847d6d775524fa5e58d851ddec566a12) C:\WINDOWS\system32\drivers\NMSCFG.SYS
2010/11/29 08:31:34.0375 NPDriver (57883a0c8ab1d93fce74d79b5fe8b4ff) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
2010/11/29 08:31:34.0656 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/29 08:31:35.0046 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/29 08:31:35.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/29 08:31:36.0859 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/29 08:31:37.0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/29 08:31:38.0984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/29 08:31:40.0359 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/29 08:31:41.0843 P16X (e433c553d00d76fbc616294b60a7a530) C:\WINDOWS\system32\drivers\P16X.sys
2010/11/29 08:31:42.0625 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/11/29 08:31:43.0734 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2010/11/29 08:31:44.0656 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/29 08:31:45.0500 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/29 08:31:46.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/29 08:31:47.0296 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/29 08:31:47.0640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2010/11/29 08:31:48.0640 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/29 08:31:49.0843 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/11/29 08:31:50.0875 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/11/29 08:31:51.0937 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2010/11/29 08:31:53.0312 PnkBstrK (f4ba8e3e515a3dd9dd29a031d6f94e02) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2010/11/29 08:31:54.0187 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/29 08:31:54.0640 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/29 08:31:55.0953 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/29 08:31:57.0281 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/29 08:31:58.0343 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/11/29 08:31:59.0031 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/11/29 08:31:59.0171 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/11/29 08:32:00.0015 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/11/29 08:32:00.0859 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/11/29 08:32:01.0218 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/11/29 08:32:01.0593 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/11/29 08:32:02.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/29 08:32:03.0203 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/29 08:32:04.0296 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/29 08:32:05.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/29 08:32:06.0468 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/29 08:32:06.0671 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/29 08:32:07.0781 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/29 08:32:08.0687 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/29 08:32:08.0875 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/29 08:32:10.0109 SDdriver (ac2e5fa94155bc0c4c7ab8f97e181f6f) C:\WINDOWS\system32\Drivers\sddriver.sys
2010/11/29 08:32:10.0406 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/29 08:32:10.0531 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/29 08:32:11.0296 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/29 08:32:12.0750 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/29 08:32:13.0421 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/11/29 08:32:14.0875 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/11/29 08:32:15.0171 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/11/29 08:32:16.0406 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/11/29 08:32:16.0906 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/29 08:32:17.0171 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/29 08:32:17.0406 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
2010/11/29 08:32:18.0968 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
2010/11/29 08:32:19.0312 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
2010/11/29 08:32:19.0687 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/29 08:32:19.0953 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/29 08:32:20.0453 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/29 08:32:20.0750 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/11/29 08:32:21.0812 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/11/29 08:32:22.0953 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
2010/11/29 08:32:23.0296 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/29 08:32:23.0531 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
2010/11/29 08:32:23.0828 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
2010/11/29 08:32:24.0093 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/11/29 08:32:24.0218 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2010/11/29 08:32:24.0421 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\System32\drivers\symlcbrd.sys
2010/11/29 08:32:24.0781 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
2010/11/29 08:32:25.0093 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2010/11/29 08:32:25.0453 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/11/29 08:32:25.0765 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/11/29 08:32:26.0187 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/29 08:32:26.0390 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/29 08:32:26.0781 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/29 08:32:27.0015 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/29 08:32:27.0140 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/29 08:32:28.0031 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/11/29 08:32:29.0046 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/11/29 08:32:29.0187 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/29 08:32:29.0828 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/11/29 08:32:30.0937 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/29 08:32:31.0218 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/29 08:32:32.0093 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/29 08:32:32.0265 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/29 08:32:33.0531 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/29 08:32:34.0046 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/29 08:32:34.0156 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/29 08:32:35.0046 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/29 08:32:35.0156 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/29 08:32:36.0140 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/29 08:32:37.0593 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/11/29 08:32:38.0484 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/11/29 08:32:38.0796 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/29 08:32:39.0125 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/29 08:32:40.0078 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/29 08:32:40.0328 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/29 08:32:40.0718 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
2010/11/29 08:32:41.0781 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
2010/11/29 08:32:42.0156 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
2010/11/29 08:32:43.0125 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
2010/11/29 08:32:43.0953 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/11/29 08:32:45.0437 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/29 08:32:47.0046 ================================================================================
2010/11/29 08:32:47.0046 Scan finished
2010/11/29 08:32:47.0046 ================================================================================
-
Hmmm...it remains hidden......
-
Sorry to report no luck....
The program ran successfully, (4 successfully run mgs (or 5), re boot (shut down and start up) ran a little bit longer......I tested other accounts they have icons.....
-
Ok, then what do I do with this info?
thxs
I don't know if this is running under the other accounts or not, but these Proxy settings get added by infectors.uInternet Settings,ProxyServer = http=127.0.0.1:6522
-
No......I get a standard explorer view of My Documents directory.
Now I need to vent. As I mentioned I have some development background and now only "know enough to be dangerous"....what I can't understand is virus aside we are only talking what is an equivalent of a presentation layer unless Bill Gates rocket science is involved. Can someone provide a hint as to what the complication is? I have read renaming explorer.exe or creating a new account (my other 4 work fine, even through the clean up process) but those are band aids.
Next steps?
thanks
-
Sorry about this....neither recommendation helped...when you asked for the copy to the desktop, of course that is the issue....my desktop icons do not display.....the new icon is in the directory, but does not display...
On the Control Panel change....no security item in the drop down...
we are not progressing
-
OK.....but first a quick question....I'm not the brightest bulb on this, but know enough to be dangerous.....
For the latest instructions, what is the difference between the 1st step (which requires download, more processes ect) and the 2nd, which is pretty easy.....
Part of me is wondering why not just create a new "Dads" account....other than it still leaves the issue in place...I would rather fix.....
Will be away from the PC for a couple days (Thanksgiving travel)......will hit in 2 days...
Again thanks for your attention!
-
Ran Combo.....here is the result log......desktop skin changed to a previously used pic about 4 years ago....still no icons.....
ComboFix 10-11-24.01 - Dad 11/24/2010 20:09:44.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.584 [GMT -5:00]
Running from: c:\documents and settings\Dad\My Documents\Downloads\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Greg\greg 2007 summer report C .doc
c:\program files\INSTALL.LOG
c:\program files\version.txt
c:\windows\bobsaver.exe
c:\windows\bobsaver.scr
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\patch.exe
c:\windows\system32\Data
c:\windows\system32\Thumbs.db
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
((((((((((((((((((((((((( Files Created from 2010-10-25 to 2010-11-25 )))))))))))))))))))))))))))))))
.
2010-11-25 00:47 . 2010-11-25 00:50 -------- dc----w- C:\32788R22FWJFW
2010-11-21 12:34 . 2010-11-21 12:34 -------- d-----w- c:\documents and settings\Mom2\Local Settings\Application Data\AOL Toolbar
2010-11-15 10:19 . 2010-11-15 10:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Toolbar
2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-11-15 04:12 . 2010-11-15 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2010-11-15 04:10 . 2010-11-15 04:21 -------- d-----w- c:\program files\AOL 9.5
2010-11-15 04:10 . 2010-11-15 04:18 -------- d-----w- c:\program files\Common Files\aolshare
2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install AOL Communicator
2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install Winamp
2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install ICQ
2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\AOL Instant Messenger
2010-11-14 16:22 . 2010-11-14 16:22 -------- d-----w- c:\program files\Learn2.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 23:46 . 2010-01-07 00:30 41856 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-11-24 04:39 . 2006-10-27 18:33 963 -c-ha-w- c:\windows\win.tmp
2010-11-18 02:28 . 2009-03-06 03:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-18 02:28 . 2007-04-04 00:35 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-18 02:19 . 2007-04-04 00:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2006-04-05 16:26 . 2006-09-23 21:46 233472 -c--a-w- c:\program files\ShellEnglishLC.dll
2006-04-05 16:26 . 2006-09-23 21:46 36864 -c--a-w- c:\program files\ShellDLLResEnglish.dll
2006-04-05 16:26 . 2006-09-23 21:46 483328 -c--a-w- c:\program files\Shell2EnglishLC.dll
2006-04-05 16:26 . 2006-09-23 21:46 208896 -c--a-w- c:\program files\ShellLC.dll
2006-04-05 16:26 . 2006-09-23 21:46 114688 -c--a-w- c:\program files\RTFCtrl.dll
2006-04-05 16:26 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXExHand.dll
2006-04-05 16:24 . 2006-09-23 21:46 45056 -c--a-w- c:\program files\DMUtilsResEnglish.dll
2006-04-05 16:24 . 2006-09-23 21:46 184320 -c--a-w- c:\program files\DMUtils.dll
2006-04-05 16:23 . 2006-09-23 21:46 86016 -c--a-w- c:\program files\DMTutorialResEnglish.dll
2006-04-05 16:23 . 2006-09-23 21:46 90112 -c--a-w- c:\program files\DMTutorial.dll
2006-04-05 16:22 . 2006-09-23 21:46 159744 -c--a-w- c:\program files\DMSetupResEnglish.dll
2006-04-05 16:22 . 2006-09-23 21:46 303104 -c--a-w- c:\program files\DMSetup.dll
2006-04-05 16:21 . 2006-09-23 21:46 118784 -c--a-w- c:\program files\ODIFCopy.dll
2006-04-05 16:21 . 2006-09-23 21:46 98304 -c--a-w- c:\program files\ODIMan.dll
2006-04-05 16:21 . 2006-09-23 21:46 20480 -c--a-w- c:\program files\DMInfoResEnglish.dll
2006-04-05 16:20 . 2006-09-23 21:46 151552 -c--a-w- c:\program files\DMInfo.dll
2006-04-05 16:19 . 2006-09-23 21:46 3497984 -c--a-w- c:\program files\ODIJump.dll
2006-04-05 16:19 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODICtrl.dll
2006-04-05 16:19 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\ODIFrmt.dll
2006-04-05 16:18 . 2006-09-23 21:46 61440 -c--a-w- c:\program files\CDEject.exe
2006-04-05 16:18 . 2006-09-23 21:46 49152 ----a-w- c:\program files\DataLifeguard.exe
2006-04-05 16:18 . 2006-09-23 21:46 266240 -c--a-w- c:\program files\ShellDLL.dll
2006-04-05 16:17 . 2006-09-23 21:46 139264 -c--a-w- c:\program files\ODIPart.dll
2006-04-05 16:16 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODIDev.dll
2006-04-05 16:16 . 2006-09-23 21:46 49152 -c--a-w- c:\program files\Scsilib.dll
2006-04-05 16:15 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\mxdlgsup.dll
2006-04-05 16:15 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXPM.dll
2004-12-08 14:50 . 2004-12-08 14:50 2112103 -c--a-w- c:\program files\BHODemon20Setup_2020.exe
2004-12-02 13:24 . 2004-12-02 13:22 16706160 -c--a-w- c:\program files\AdbeRdr60_enu_full.exe
2004-12-02 13:22 . 2004-12-02 13:22 6811656 -c--a-w- c:\program files\psa201se_us.exe
2003-04-03 12:47 . 2003-04-03 12:47 1684194 -c--a-w- c:\program files\SpamNet1.0Beta9.exe
2003-02-18 01:31 . 2003-02-18 01:31 2430662 -c--a-w- c:\program files\spybotsd11.exe
2003-02-09 03:10 . 2003-02-09 03:10 37376 -c-ha-w- c:\program files\iblock.exe
2003-01-17 04:22 . 2003-01-17 04:22 3781808 -c-ha-w- c:\program files\zaSetup_1001.exe
2003-01-11 15:07 . 2003-01-11 14:41 8839120 -c-ha-w- c:\program files\AcroReader51_ENU.exe
2003-01-11 14:41 . 2003-01-11 04:22 13736688 -c-ha-w- c:\program files\AcroReader51_ENU_full.exe
2000-03-13 16:13 . 2006-09-23 21:46 509984 -c--a-w- c:\program files\50comupd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2010-03-23 29520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-12 192512]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-25 290816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2007-09-18 25472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1188076909\ee\AOLSoftware.exe" [2010-02-10 41800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 152952]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-12-11 2115728]
c:\documents and settings\Dad\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-2-2 28672]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-12-22 45056]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-2-13 169472]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-04-10 20:44 679936 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-24 10:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Camera Detector"=c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\cod2mp_s.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\1188076909\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 135664]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101123.001\IDSxpx86.sys [2010-10-19 341880]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2005-11-04 95832]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2010-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37]
2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37]
2010-11-01 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 12:22]
.
.
------- Supplementary Scan -------
.
uLocal Page = C:\WINDOWSabout.htm
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: finefind.net
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\46d37nqd.dad\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-LDM - \Program\BackWeb-8876480.exe
Notify-WebCheck - c:\windows\system32\jt4607hse.dll
SafeBoot-klmdb.sys
MSConfigStartUp-AOL Fast Start - c:\program files\America Online 9.0a\AOL.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 20:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc23.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005)
@Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(7204)
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Doctor\sdhelp.exe
c:\progra~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
c:\windows\wanmpsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\AOL 9.5\waol.exe
c:\program files\AOL 9.5\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-11-24 21:06:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-25 02:06
Pre-Run: 10,800,365,568 bytes free
Post-Run: 11,493,785,600 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
- - End Of File - - 9492ACEDEB9CCB61F7A4CFA316804CFE
-
Ran TDSSkiller again.....log was clean...no issues.....rebooted.....
Same result.....
Hmmmm
-
5 users and who gets infected?
C:\Documents and Settings\Dad
Please don't attach the scan results, use Copy/Paste
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.
Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
You might want to print these instructions out.
Please download ATF Cleaner by Atribune.
-
Was hit and ran MWB.
Running XP Pro SP2.
Of 5 Users on this PC, all desktop images are ok, 1 (mine) has partial toolbar, however no desktop icons. They do reside in the proper file. Researching solutions, there must be something easier for this fix, other than creating another user account.
Here is the MWB log. Any help is appreciated!
Mark
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5173
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
11/23/2010 12:03:24 AM
mbam-log-2010-11-23 (00-03-24).txt
Scan type: Quick scan
Objects scanned: 224419
Time elapsed: 22 minute(s), 19 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
C:\Documents and Settings\Dad\Local Settings\Temp\UwfwpsmjuX.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Dad\Local Settings\Temp\7867468.exe (Rogue.FakeHDD.Gen) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uwfwpsmjux.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7867468 (Rogue.FakeHDD.Gen) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Dad\Local Settings\Temp\UwfwpsmjuX.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dad\Local Settings\Temp\7867468.exe (Rogue.FakeHDD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dad\Local Settings\Temp\SSGLtVnAlN.dll (Trojan.FakeMS) -> Delete on reboot.
Desktop icons (display) missing
in Resolved Malware Removal Logs
Posted
You're right....however it was a couple days ago, I may have fat fingered the process, don't remember.....
Will do the clean up recommendations!
Thanks for your help and patience!
mark