Jump to content

Desktop icons (display) missing


mswind18
 Share

Recommended Posts

Was hit and ran MWB.

Running XP Pro SP2.

Of 5 Users on this PC, all desktop images are ok, 1 (mine) has partial toolbar, however no desktop icons. They do reside in the proper file. Researching solutions, there must be something easier for this fix, other than creating another user account.

Here is the MWB log. Any help is appreciated!

Mark

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5173

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

11/23/2010 12:03:24 AM

mbam-log-2010-11-23 (00-03-24).txt

Scan type: Quick scan

Objects scanned: 224419

Time elapsed: 22 minute(s), 19 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

C:\Documents and Settings\Dad\Local Settings\Temp\UwfwpsmjuX.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Documents and Settings\Dad\Local Settings\Temp\7867468.exe (Rogue.FakeHDD.Gen) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uwfwpsmjux.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7867468 (Rogue.FakeHDD.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Dad\Local Settings\Temp\UwfwpsmjuX.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dad\Local Settings\Temp\7867468.exe (Rogue.FakeHDD.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Dad\Local Settings\Temp\SSGLtVnAlN.dll (Trojan.FakeMS) -> Delete on reboot.

Link to post
Share on other sites

B)

5 users and who gets infected?

C:\Documents and Settings\Dad :D

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

-_-

5 users and who gets infected?

C:\Documents and Settings\Dad :angry:

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Ran Combo.....here is the result log......desktop skin changed to a previously used pic about 4 years ago....still no icons.....

ComboFix 10-11-24.01 - Dad 11/24/2010 20:09:44.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.584 [GMT -5:00]

Running from: c:\documents and settings\Dad\My Documents\Downloads\ComboFix.exe

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Greg\greg 2007 summer report C .doc

c:\program files\INSTALL.LOG

c:\program files\version.txt

c:\windows\bobsaver.exe

c:\windows\bobsaver.scr

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\patch.exe

c:\windows\system32\Data

c:\windows\system32\Thumbs.db

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

((((((((((((((((((((((((( Files Created from 2010-10-25 to 2010-11-25 )))))))))))))))))))))))))))))))

.

2010-11-25 00:47 . 2010-11-25 00:50 -------- dc----w- C:\32788R22FWJFW

2010-11-21 12:34 . 2010-11-21 12:34 -------- d-----w- c:\documents and settings\Mom2\Local Settings\Application Data\AOL Toolbar

2010-11-15 10:19 . 2010-11-15 10:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL

2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Toolbar

2010-11-15 04:16 . 2010-11-15 04:16 -------- d-----w- c:\program files\Common Files\Software Update Utility

2010-11-15 04:12 . 2010-11-15 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP

2010-11-15 04:10 . 2010-11-15 04:21 -------- d-----w- c:\program files\AOL 9.5

2010-11-15 04:10 . 2010-11-15 04:18 -------- d-----w- c:\program files\Common Files\aolshare

2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install AOL Communicator

2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install Winamp

2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\Install ICQ

2010-11-14 16:23 . 2010-11-14 16:23 -------- dc----w- C:\AOL Instant Messenger

2010-11-14 16:22 . 2010-11-14 16:22 -------- d-----w- c:\program files\Learn2.com

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-24 23:46 . 2010-01-07 00:30 41856 ----a-w- c:\windows\system32\drivers\imapi.sys

2010-11-24 04:39 . 2006-10-27 18:33 963 -c-ha-w- c:\windows\win.tmp

2010-11-18 02:28 . 2009-03-06 03:49 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr

2010-11-18 02:28 . 2007-04-04 00:35 214520 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-11-18 02:19 . 2007-04-04 00:35 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2006-04-05 16:26 . 2006-09-23 21:46 233472 -c--a-w- c:\program files\ShellEnglishLC.dll

2006-04-05 16:26 . 2006-09-23 21:46 36864 -c--a-w- c:\program files\ShellDLLResEnglish.dll

2006-04-05 16:26 . 2006-09-23 21:46 483328 -c--a-w- c:\program files\Shell2EnglishLC.dll

2006-04-05 16:26 . 2006-09-23 21:46 208896 -c--a-w- c:\program files\ShellLC.dll

2006-04-05 16:26 . 2006-09-23 21:46 114688 -c--a-w- c:\program files\RTFCtrl.dll

2006-04-05 16:26 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXExHand.dll

2006-04-05 16:24 . 2006-09-23 21:46 45056 -c--a-w- c:\program files\DMUtilsResEnglish.dll

2006-04-05 16:24 . 2006-09-23 21:46 184320 -c--a-w- c:\program files\DMUtils.dll

2006-04-05 16:23 . 2006-09-23 21:46 86016 -c--a-w- c:\program files\DMTutorialResEnglish.dll

2006-04-05 16:23 . 2006-09-23 21:46 90112 -c--a-w- c:\program files\DMTutorial.dll

2006-04-05 16:22 . 2006-09-23 21:46 159744 -c--a-w- c:\program files\DMSetupResEnglish.dll

2006-04-05 16:22 . 2006-09-23 21:46 303104 -c--a-w- c:\program files\DMSetup.dll

2006-04-05 16:21 . 2006-09-23 21:46 118784 -c--a-w- c:\program files\ODIFCopy.dll

2006-04-05 16:21 . 2006-09-23 21:46 98304 -c--a-w- c:\program files\ODIMan.dll

2006-04-05 16:21 . 2006-09-23 21:46 20480 -c--a-w- c:\program files\DMInfoResEnglish.dll

2006-04-05 16:20 . 2006-09-23 21:46 151552 -c--a-w- c:\program files\DMInfo.dll

2006-04-05 16:19 . 2006-09-23 21:46 3497984 -c--a-w- c:\program files\ODIJump.dll

2006-04-05 16:19 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODICtrl.dll

2006-04-05 16:19 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\ODIFrmt.dll

2006-04-05 16:18 . 2006-09-23 21:46 61440 -c--a-w- c:\program files\CDEject.exe

2006-04-05 16:18 . 2006-09-23 21:46 49152 ----a-w- c:\program files\DataLifeguard.exe

2006-04-05 16:18 . 2006-09-23 21:46 266240 -c--a-w- c:\program files\ShellDLL.dll

2006-04-05 16:17 . 2006-09-23 21:46 139264 -c--a-w- c:\program files\ODIPart.dll

2006-04-05 16:16 . 2006-09-23 21:46 176128 -c--a-w- c:\program files\ODIDev.dll

2006-04-05 16:16 . 2006-09-23 21:46 49152 -c--a-w- c:\program files\Scsilib.dll

2006-04-05 16:15 . 2006-09-23 21:46 94208 -c--a-w- c:\program files\mxdlgsup.dll

2006-04-05 16:15 . 2006-09-23 21:46 102400 -c--a-w- c:\program files\MXPM.dll

2004-12-08 14:50 . 2004-12-08 14:50 2112103 -c--a-w- c:\program files\BHODemon20Setup_2020.exe

2004-12-02 13:24 . 2004-12-02 13:22 16706160 -c--a-w- c:\program files\AdbeRdr60_enu_full.exe

2004-12-02 13:22 . 2004-12-02 13:22 6811656 -c--a-w- c:\program files\psa201se_us.exe

2003-04-03 12:47 . 2003-04-03 12:47 1684194 -c--a-w- c:\program files\SpamNet1.0Beta9.exe

2003-02-18 01:31 . 2003-02-18 01:31 2430662 -c--a-w- c:\program files\spybotsd11.exe

2003-02-09 03:10 . 2003-02-09 03:10 37376 -c-ha-w- c:\program files\iblock.exe

2003-01-17 04:22 . 2003-01-17 04:22 3781808 -c-ha-w- c:\program files\zaSetup_1001.exe

2003-01-11 15:07 . 2003-01-11 14:41 8839120 -c-ha-w- c:\program files\AcroReader51_ENU.exe

2003-01-11 14:41 . 2003-01-11 04:22 13736688 -c-ha-w- c:\program files\AcroReader51_ENU_full.exe

2000-03-13 16:13 . 2006-09-23 21:46 509984 -c--a-w- c:\program files\50comupd.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856]

"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2010-03-23 29520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-12-12 192512]

"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-25 290816]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2007-09-18 25472]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"HostManager"="c:\program files\Common Files\AOL\1188076909\ee\AOLSoftware.exe" [2010-02-10 41800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-08-23 152952]

"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-12-11 2115728]

c:\documents and settings\Dad\Start Menu\Programs\Startup\

HotSync Manager.LNK - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2007-2-2 28672]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-12-22 45056]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-2-13 169472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk

backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

2002-04-10 20:44 679936 -c--a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-06-24 10:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

"Camera Detector"=c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"f:\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Activision\\Call of Duty 2\\cod2mp_s.exe"=

"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=

"c:\\Program Files\\Palm\\Hotsync.exe"=

"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Common Files\\AOL\\1188076909\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.5\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 135664]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]

S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]

S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101123.001\IDSxpx86.sys [2010-10-19 341880]

S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]

S2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2005-11-04 95832]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

.

Contents of the 'Scheduled Tasks' folder

2010-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 15:37]

2010-11-01 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job

- c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 12:22]

.

.

------- Supplementary Scan -------

.

uLocal Page = C:\WINDOWSabout.htm

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = about:blank

mStart Page = about:blank

mSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: finefind.net

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB

FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\46d37nqd.dad\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-LDM - \Program\BackWeb-8876480.exe

Notify-WebCheck - c:\windows\system32\jt4607hse.dll

SafeBoot-klmdb.sys

MSConfigStartUp-AOL Fast Start - c:\program files\America Online 9.0a\AOL.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-24 20:45

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\c:\windows\TEMP\mc23.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3013870458-1111066612-3762109593-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005)

@Allowed: (Read) (S-1-5-21-3013870458-1111066612-3762109593-1005)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7204)

c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll

c:\program files\Microsoft Office\OFFICE11\msohev.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\windows\System32\CTsvcCDA.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Spyware Doctor\sdhelp.exe

c:\progra~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

c:\windows\wanmpsvc.exe

c:\windows\System32\MsPMSPSv.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\AOL 9.5\waol.exe

c:\program files\AOL 9.5\shellmon.exe

.

**************************************************************************

.

Completion time: 2010-11-24 21:06:46 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-25 02:06

Pre-Run: 10,800,365,568 bytes free

Post-Run: 11,493,785,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 9492ACEDEB9CCB61F7A4CFA316804CFE

Link to post
Share on other sites

Please disable this program and leave it disabled until we are finished.

SPYBOT TEATIMER

  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done.
  • (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

Next:

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove:

Viewpoint

Logitech\Desktop Messenger

Next:

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

If still no Icons:

1. Click Start, and then click Control Panel.

2. Double-click Display, click the Desktop tab, and then click Customize Desktop.

3. Select Restore Defaults

1. Click Start, and then click Control Panel.

2. Double-click Display, click the Desktop tab, and then click Customize Desktop.

then click the web tab, then under the web pages to display on your desktop

if it has "security" you uncheck this and delete

Link to post
Share on other sites

OK.....but first a quick question....I'm not the brightest bulb on this, but know enough to be dangerous..... -_-

For the latest instructions, what is the difference between the 1st step (which requires download, more processes ect) and the 2nd, which is pretty easy.....

Part of me is wondering why not just create a new "Dads" account....other than it still leaves the issue in place...I would rather fix.....

Will be away from the PC for a couple days (Thanksgiving travel)......will hit in 2 days...

Again thanks for your attention!

Link to post
Share on other sites

Sorry about this....neither recommendation helped...when you asked for the copy to the desktop, of course that is the issue....my desktop icons do not display.....the new icon is in the directory, but does not display...

On the Control Panel change....no security item in the drop down...

we are not progressing

Link to post
Share on other sites

Start Task Manager

To start Task Manager, take any of the following actions:

Press CTRL+ALT+DELETE, and then click Task Manager.

Press CTRL+SHIFT+ESC.

click File > New Task > copy/paste the following command into the run box explorer.exe > OK

Did your desktop icons appear?

Link to post
Share on other sites

No......I get a standard explorer view of My Documents directory.

Now I need to vent. As I mentioned I have some development background and now only "know enough to be dangerous"....what I can't understand is virus aside we are only talking what is an equivalent of a presentation layer unless Bill Gates rocket science is involved. Can someone provide a hint as to what the complication is? I have read renaming explorer.exe or creating a new account (my other 4 work fine, even through the clean up process) but those are band aids.

Next steps?

thanks

Link to post
Share on other sites

Beings we can't get combofix to work from the desktop, we can try this:

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

  • Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  • Then save the file as "fixme.bat".
  • In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
    @ECHO OFF
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
    netsh int ip reset resetlog.txt
    netsh winsock reset catalog


  • On Windows XP you can double-click the file to run it.
  • On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  • This will flash a black DOS box very quickly and go away, this is normal.
  • Restart your computer now.

Let me know if that worked.

Link to post
Share on other sites

It's doing a good job of hiding.

1. Click Start, and then click Control Panel.

2. Double-click Display, click the Desktop tab, and then click Customize Desktop.

3. Select Restore Defaults

1. Click Start, and then click Control Panel.

2. Double-click Display, click the Desktop tab, and then click Customize Desktop.

then click the web tab, then under the web pages to display on your desktop

if it has "security" you uncheck this and delete

Link to post
Share on other sites

Here you go...just ran...

2010/11/29 08:29:43.0640 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56

2010/11/29 08:29:43.0640 ================================================================================

2010/11/29 08:29:43.0640 SystemInfo:

2010/11/29 08:29:43.0640

2010/11/29 08:29:43.0640 OS Version: 5.1.2600 ServicePack: 2.0

2010/11/29 08:29:43.0640 Product type: Workstation

2010/11/29 08:29:43.0640 ComputerName: SAMSELMAIN

2010/11/29 08:29:43.0640 UserName: Dad

2010/11/29 08:29:43.0640 Windows directory: C:\WINDOWS

2010/11/29 08:29:43.0640 System windows directory: C:\WINDOWS

2010/11/29 08:29:43.0640 Processor architecture: Intel x86

2010/11/29 08:29:43.0640 Number of processors: 1

2010/11/29 08:29:43.0640 Page size: 0x1000

2010/11/29 08:29:43.0640 Boot type: Normal boot

2010/11/29 08:29:43.0640 ================================================================================

2010/11/29 08:29:45.0875 Initialize success

2010/11/29 08:29:50.0343 ================================================================================

2010/11/29 08:29:50.0343 Scan started

2010/11/29 08:29:50.0343 Mode: Manual;

2010/11/29 08:29:50.0343 ================================================================================

2010/11/29 08:29:54.0171 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

2010/11/29 08:29:54.0953 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/29 08:29:55.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/11/29 08:29:55.0906 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

2010/11/29 08:29:57.0062 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2010/11/29 08:29:57.0281 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2010/11/29 08:29:57.0500 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/11/29 08:29:57.0718 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

2010/11/29 08:29:59.0312 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

2010/11/29 08:30:00.0046 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

2010/11/29 08:30:00.0937 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

2010/11/29 08:30:01.0656 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

2010/11/29 08:30:02.0671 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys

2010/11/29 08:30:04.0093 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys

2010/11/29 08:30:05.0234 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

2010/11/29 08:30:06.0031 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

2010/11/29 08:30:06.0812 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

2010/11/29 08:30:07.0937 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

2010/11/29 08:30:09.0062 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2010/11/29 08:30:10.0375 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/29 08:30:10.0843 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/29 08:30:11.0234 ati2mtag (bf94a12f9d86b28fecf00b24b7129013) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/11/29 08:30:12.0281 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/29 08:30:13.0671 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/29 08:30:14.0468 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys

2010/11/29 08:30:14.0718 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/29 08:30:15.0687 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys

2010/11/29 08:30:16.0265 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

2010/11/29 08:30:17.0125 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/29 08:30:17.0375 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys

2010/11/29 08:30:17.0812 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

2010/11/29 08:30:18.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/29 08:30:19.0281 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/29 08:30:19.0515 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2010/11/29 08:30:20.0078 Cdralw2k (18eb04a0dfd3ffae2ab736c3c1dfea34) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2010/11/29 08:30:20.0875 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/29 08:30:22.0359 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys

2010/11/29 08:30:22.0781 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

2010/11/29 08:30:23.0578 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

2010/11/29 08:30:24.0312 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

2010/11/29 08:30:24.0968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

2010/11/29 08:30:25.0593 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/29 08:30:25.0875 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/29 08:30:27.0265 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/29 08:30:27.0453 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/29 08:30:27.0781 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/29 08:30:28.0046 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

2010/11/29 08:30:28.0703 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/29 08:30:29.0015 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys

2010/11/29 08:30:30.0296 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/11/29 08:30:30.0625 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2010/11/29 08:30:32.0078 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2010/11/29 08:30:33.0031 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2010/11/29 08:30:34.0390 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/29 08:30:34.0734 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/11/29 08:30:35.0078 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/29 08:30:35.0734 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/11/29 08:30:36.0750 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/29 08:30:36.0953 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/29 08:30:37.0718 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/29 08:30:37.0843 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys

2010/11/29 08:30:38.0750 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/11/29 08:30:39.0046 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/29 08:30:40.0484 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys

2010/11/29 08:30:41.0687 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/29 08:30:42.0984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

2010/11/29 08:30:44.0234 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/11/29 08:30:44.0468 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/11/29 08:30:44.0687 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/11/29 08:30:44.0921 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/29 08:30:45.0125 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/11/29 08:30:46.0109 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys

2010/11/29 08:30:47.0187 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/29 08:30:48.0562 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2010/11/29 08:30:50.0093 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2010/11/29 08:30:51.0156 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2010/11/29 08:30:51.0750 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2010/11/29 08:30:52.0203 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2010/11/29 08:30:53.0421 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2010/11/29 08:30:53.0781 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2010/11/29 08:30:54.0906 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2010/11/29 08:30:55.0359 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2010/11/29 08:30:56.0265 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2010/11/29 08:30:57.0625 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101124.002\IDSxpx86.sys

2010/11/29 08:30:59.0250 ikhfile (f24866ee5c0819e9b1b58f2c00af078e) C:\WINDOWS\system32\drivers\ikhfile.sys

2010/11/29 08:30:59.0484 ikhlayer (9a2cff8e3ef0a35f23f544fab915c060) C:\WINDOWS\System32\drivers\ikhlayer.sys

2010/11/29 08:31:00.0734 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/29 08:31:01.0343 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

2010/11/29 08:31:02.0468 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/11/29 08:31:02.0718 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/29 08:31:04.0046 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/29 08:31:04.0968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/29 08:31:05.0953 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/29 08:31:07.0078 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/29 08:31:07.0265 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/29 08:31:08.0375 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/29 08:31:09.0546 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/29 08:31:09.0796 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys

2010/11/29 08:31:11.0093 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/29 08:31:12.0453 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/11/29 08:31:13.0578 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/29 08:31:13.0796 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/29 08:31:14.0203 l8042pr2 (80794cc09e6aea4c10ec35ae6ba86ad4) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys

2010/11/29 08:31:16.0046 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\drivers\lccfltr.sys

2010/11/29 08:31:16.0390 LHidFlt2 (9de00e4938d396384504af5ddcc45770) C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys

2010/11/29 08:31:16.0906 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINDOWS\system32\Drivers\LHidUsb.Sys

2010/11/29 08:31:18.0312 LKbdFlt2 (b3e69110fba2c07b634e6bf20fe9f9ac) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys

2010/11/29 08:31:19.0203 LMouFlt2 (6d8f6f74341d804a2552d5c6edc98cb9) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys

2010/11/29 08:31:19.0828 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys

2010/11/29 08:31:20.0765 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/29 08:31:21.0578 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/29 08:31:21.0812 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2010/11/29 08:31:22.0531 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/29 08:31:23.0171 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/29 08:31:24.0140 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/29 08:31:24.0343 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

2010/11/29 08:31:25.0437 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/29 08:31:25.0671 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/29 08:31:25.0921 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/29 08:31:26.0078 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/29 08:31:26.0578 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/29 08:31:27.0593 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/29 08:31:28.0578 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/29 08:31:28.0765 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/29 08:31:29.0078 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101128.002\NAVENG.SYS

2010/11/29 08:31:29.0390 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101128.002\NAVEX15.SYS

2010/11/29 08:31:29.0750 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/29 08:31:29.0921 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/29 08:31:30.0812 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/29 08:31:31.0859 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/29 08:31:32.0265 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/29 08:31:32.0640 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/29 08:31:32.0765 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/29 08:31:33.0328 NMSCFG (847d6d775524fa5e58d851ddec566a12) C:\WINDOWS\system32\drivers\NMSCFG.SYS

2010/11/29 08:31:34.0375 NPDriver (57883a0c8ab1d93fce74d79b5fe8b4ff) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS

2010/11/29 08:31:34.0656 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/29 08:31:35.0046 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/29 08:31:35.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/29 08:31:36.0859 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/11/29 08:31:37.0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/29 08:31:38.0984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/29 08:31:40.0359 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys

2010/11/29 08:31:41.0843 P16X (e433c553d00d76fbc616294b60a7a530) C:\WINDOWS\system32\drivers\P16X.sys

2010/11/29 08:31:42.0625 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys

2010/11/29 08:31:43.0734 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2010/11/29 08:31:44.0656 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/11/29 08:31:45.0500 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/29 08:31:46.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/29 08:31:47.0296 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/29 08:31:47.0640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys

2010/11/29 08:31:48.0640 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/11/29 08:31:49.0843 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

2010/11/29 08:31:50.0875 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

2010/11/29 08:31:51.0937 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys

2010/11/29 08:31:53.0312 PnkBstrK (f4ba8e3e515a3dd9dd29a031d6f94e02) C:\WINDOWS\system32\drivers\PnkBstrK.sys

2010/11/29 08:31:54.0187 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/29 08:31:54.0640 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/11/29 08:31:55.0953 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/29 08:31:57.0281 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/29 08:31:58.0343 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys

2010/11/29 08:31:59.0031 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2010/11/29 08:31:59.0171 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

2010/11/29 08:32:00.0015 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

2010/11/29 08:32:00.0859 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

2010/11/29 08:32:01.0218 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

2010/11/29 08:32:01.0593 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

2010/11/29 08:32:02.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/29 08:32:03.0203 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/29 08:32:04.0296 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/29 08:32:05.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/29 08:32:06.0468 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/29 08:32:06.0671 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/29 08:32:07.0781 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/29 08:32:08.0687 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/29 08:32:08.0875 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/29 08:32:10.0109 SDdriver (ac2e5fa94155bc0c4c7ab8f97e181f6f) C:\WINDOWS\system32\Drivers\sddriver.sys

2010/11/29 08:32:10.0406 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/29 08:32:10.0531 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/11/29 08:32:11.0296 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/11/29 08:32:12.0750 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/29 08:32:13.0421 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys

2010/11/29 08:32:14.0875 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2010/11/29 08:32:15.0171 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

2010/11/29 08:32:16.0406 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2010/11/29 08:32:16.0906 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/29 08:32:17.0171 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/29 08:32:17.0406 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys

2010/11/29 08:32:18.0968 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS

2010/11/29 08:32:19.0312 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS

2010/11/29 08:32:19.0687 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/29 08:32:19.0953 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/29 08:32:20.0453 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/29 08:32:20.0750 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

2010/11/29 08:32:21.0812 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

2010/11/29 08:32:22.0953 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS

2010/11/29 08:32:23.0296 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2010/11/29 08:32:23.0531 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS

2010/11/29 08:32:23.0828 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS

2010/11/29 08:32:24.0093 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys

2010/11/29 08:32:24.0218 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys

2010/11/29 08:32:24.0421 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\System32\drivers\symlcbrd.sys

2010/11/29 08:32:24.0781 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS

2010/11/29 08:32:25.0093 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS

2010/11/29 08:32:25.0453 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

2010/11/29 08:32:25.0765 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

2010/11/29 08:32:26.0187 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/29 08:32:26.0390 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/29 08:32:26.0781 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/29 08:32:27.0015 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/29 08:32:27.0140 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/29 08:32:28.0031 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

2010/11/29 08:32:29.0046 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

2010/11/29 08:32:29.0187 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/29 08:32:29.0828 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

2010/11/29 08:32:30.0937 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/29 08:32:31.0218 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/11/29 08:32:32.0093 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/29 08:32:32.0265 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/29 08:32:33.0531 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/29 08:32:34.0046 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/29 08:32:34.0156 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/29 08:32:35.0046 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/29 08:32:35.0156 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/29 08:32:36.0140 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/11/29 08:32:37.0593 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys

2010/11/29 08:32:38.0484 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys

2010/11/29 08:32:38.0796 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/29 08:32:39.0125 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/29 08:32:40.0078 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2010/11/29 08:32:40.0328 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/29 08:32:40.0718 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys

2010/11/29 08:32:41.0781 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys

2010/11/29 08:32:42.0156 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys

2010/11/29 08:32:43.0125 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys

2010/11/29 08:32:43.0953 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2010/11/29 08:32:45.0437 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/29 08:32:47.0046 ================================================================================

2010/11/29 08:32:47.0046 Scan finished

2010/11/29 08:32:47.0046 ================================================================================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.