View Full Version : Various malware,and a redirecter to boot
Its been a long while since I had any problems but I have caught a couple programs I could use some help with. When I boot up, I get a Windows Internet Explorer message stating file cannot be found, IE still works though, and if I use Google I get a redirect to various sites, kevinsmoneytree, findstuff, etc. After my laptop is running a short while I will get a Generic Hosts Process for Win32 Services shutdown message, and after that its not much use as it will not really respond even to shutting down.
After running ERUNT per the FAQs I downloaded DDS and here follows the log. I also have HijackThis, Revo, Spybot of course, Inherit and possibly a couple other tools onboard if needed. Thanks for any help, Rob
DDS (Ver_10-12-12.02) - NTFSx86
Run by R at 11:21:51.86 on Mon 01/17/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.307 [GMT -6:00]
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\AOL\1170845904\ee\AOLSoftware.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\R\Desktop\AntiTools\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = localhost
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Universal Installer] "c:\program files\comcastui\universal installer\uinstaller.exe" /fromrun /starthidden
uRun: [Desktop Software] "c:\program files\comcastui\universal installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HostManager] c:\program files\common files\aol\1170845904\ee\AOLSoftware.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2011-1-15 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2011-1-15 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2011-1-15 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2011-1-15 116784]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2011-1-15 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-13 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110114.002\IDSXpx86.sys [2011-1-15 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110116.003\NAVENG.SYS [2011-1-16 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110116.003\NAVEX15.SYS [2011-1-16 1360760]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2008-2-23 54400]
S3 VAGUSB;VAGUSB.SYS USB Driver;c:\windows\system32\drivers\VAGUSB.sys [2005-12-15 34639]
=============== Created Last 30 ================
2011-01-15 16:38:15 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys
2011-01-15 16:38:15 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
2011-01-15 16:38:15 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
2011-01-15 16:38:15 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
2011-01-15 16:38:14 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
2011-01-15 16:38:14 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
2011-01-15 16:38:14 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
2011-01-15 16:38:13 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
2011-01-15 16:36:13 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
2011-01-14 05:11:15 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-14 05:11:15 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-01-14 05:10:41 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-14 05:10:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-14 05:10:41 -------- d-----w- c:\program files\Symantec
2011-01-14 05:10:41 -------- d-----w- c:\program files\common files\Symantec Shared
2011-01-14 05:09:53 -------- d-----w- c:\windows\system32\drivers\N360
2011-01-14 05:09:50 -------- d-----w- c:\program files\Norton Security Suite
2011-01-14 04:48:48 -------- d-----w- c:\program files\NortonInstaller
2011-01-14 04:48:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2011-01-14 04:36:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2011-01-10 02:22:09 54016 ----a-w- c:\windows\system32\drivers\vtfgqhjt.sys
2011-01-10 02:12:25 -------- d-----w- c:\docume~1\r\applic~1\VSRevoGroup
2010-12-19 17:17:34 0 ----a-w- c:\windows\Apuzagelewizute.bin
2010-12-19 17:17:30 -------- d-----w- c:\docume~1\r\locals~1\applic~1\{09A871FE-4921-4679-ADBB-80320BFCDB26}
2010-12-19 08:20:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\dLcGe06501
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-08 01:59:27 7518 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK4032GSX rev.AS212D -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F53555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f597b0]; MOV EAX, [0x86f5982c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86F91AB8]
3 CLASSPNP[0xF753DFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000075[0x86F277A8]
5 ACPI[0xF73D4620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86F37D98]
\Driver\atapi[0x86F62988] -> IRP_MJ_CREATE -> 0x86F53555
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x100; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSW ; JMP FAR 0x0:0x62c; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK4032GSX_______________________AS212D__#5&19c84639&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86F5339B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
============= FINISH: 11:24:05.91 ===============
shelf life
2011-01-21, 00:14
hi Rob13,
Based on the log you should not be using this computer until its clean. Make sure it has no Internet connectivity. If your not sure how to do this then power it off. If you still need help reply back.
I do still need help and I don't really keep any personal info on the computer like passwords or accounts. Its turned off right now and today I am using a computer at work. Thanks for the assist and let me know what direction to go with this.
shelf life
2011-01-22, 00:30
Ok. We will get two downloads to use. The first to remove the rootkit and the second for any secondary malware as the packages are often bundled together.
Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.
Once the scan completes you can click the continue button.
"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."
"After clicking Next, the utility applies selected actions and outputs the result.
"A reboot might require after disinfection."
A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)
Please post the log report
Next:
Please download the free version of Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
I already had Malware onboard do I updated it and ran this log as follows. I will download the other program and run it next.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5567
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
1/21/2011 9:37:25 PM
mbam-log-2011-01-21 (21-37-25).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 217964
Time elapsed: 1 hour(s), 8 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Downloaded and ran TDSS, it found one infection and cured it. I rebooted as directed and ran it again, found no infection this time. This logfile is from the first run showing the infection.
2011/01/21 21:52:15.0609 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/21 21:52:15.0609 ================================================================================
2011/01/21 21:52:15.0609 SystemInfo:
2011/01/21 21:52:15.0609
2011/01/21 21:52:15.0609 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/21 21:52:15.0609 Product type: Workstation
2011/01/21 21:52:15.0609 ComputerName: 1BRR9A1
2011/01/21 21:52:15.0609 UserName: R
2011/01/21 21:52:15.0609 Windows directory: C:\WINDOWS
2011/01/21 21:52:15.0609 System windows directory: C:\WINDOWS
2011/01/21 21:52:15.0609 Processor architecture: Intel x86
2011/01/21 21:52:15.0609 Number of processors: 1
2011/01/21 21:52:15.0609 Page size: 0x1000
2011/01/21 21:52:15.0609 Boot type: Normal boot
2011/01/21 21:52:15.0609 ================================================================================
2011/01/21 21:52:16.0609 Initialize success
2011/01/21 21:52:58.0781 ================================================================================
2011/01/21 21:52:58.0781 Scan started
2011/01/21 21:52:58.0781 Mode: Manual;
2011/01/21 21:52:58.0781 ================================================================================
2011/01/21 21:52:59.0781 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/21 21:52:59.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/21 21:52:59.0937 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/21 21:53:00.0031 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/21 21:53:00.0187 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/21 21:53:00.0296 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/21 21:53:00.0375 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/21 21:53:00.0421 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/21 21:53:00.0484 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/21 21:53:00.0640 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/21 21:53:00.0718 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/21 21:53:00.0765 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/21 21:53:00.0859 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/21 21:53:00.0921 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/21 21:53:00.0984 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/21 21:53:01.0125 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/01/21 21:53:01.0203 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/21 21:53:01.0281 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/21 21:53:01.0328 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/21 21:53:01.0359 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/21 21:53:01.0437 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/01/21 21:53:01.0578 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/21 21:53:01.0687 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/21 21:53:01.0796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/21 21:53:01.0875 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/21 21:53:01.0968 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/01/21 21:53:02.0109 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/01/21 21:53:02.0171 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/21 21:53:02.0390 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys
2011/01/21 21:53:02.0593 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/21 21:53:02.0656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/21 21:53:02.0750 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys
2011/01/21 21:53:02.0828 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/21 21:53:03.0015 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/21 21:53:03.0078 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/21 21:53:03.0125 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/21 21:53:03.0203 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/21 21:53:03.0281 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/21 21:53:03.0312 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/21 21:53:03.0390 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/21 21:53:03.0562 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/21 21:53:03.0609 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/21 21:53:03.0703 DcCam (30e4c5de753616ba1243a05a4ff5aad2) C:\WINDOWS\system32\DRIVERS\DcCam.sys
2011/01/21 21:53:03.0765 DcFpoint (a444074caaccc2e794d2e5f93d2679ee) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
2011/01/21 21:53:03.0843 DCFS2K (6e770432a09617ca74cb0525edf06ef3) C:\WINDOWS\system32\drivers\dcfs2k.sys
2011/01/21 21:53:03.0890 DcLps (89977377aa94d71c1dde3a82d23223cc) C:\WINDOWS\system32\DRIVERS\DcLps.sys
2011/01/21 21:53:04.0093 DcPTP (ce0ae71bb5a092d5bb0b298d5bc7a208) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
2011/01/21 21:53:04.0171 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/21 21:53:04.0250 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/21 21:53:04.0328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/21 21:53:04.0390 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/21 21:53:04.0546 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/21 21:53:04.0625 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/21 21:53:04.0687 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/21 21:53:04.0734 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/01/21 21:53:04.0781 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/01/21 21:53:04.0953 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/01/21 21:53:05.0140 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/01/21 21:53:05.0218 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/21 21:53:05.0375 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/21 21:53:05.0453 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/21 21:53:05.0671 Exportit (80fb249def6f5a157b531349e71cc6ac) C:\WINDOWS\system32\DRIVERS\exportit.sys
2011/01/21 21:53:05.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/21 21:53:05.0828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/21 21:53:05.0875 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/21 21:53:05.0937 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/21 21:53:06.0031 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/21 21:53:06.0187 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/21 21:53:06.0250 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/21 21:53:06.0312 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/21 21:53:06.0390 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/21 21:53:06.0437 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/21 21:53:06.0515 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/21 21:53:06.0578 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/21 21:53:06.0812 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/01/21 21:53:06.0906 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/01/21 21:53:07.0015 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/21 21:53:07.0093 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/21 21:53:07.0265 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/21 21:53:07.0328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/21 21:53:07.0468 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/21 21:53:07.0750 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110120.001\IDSxpx86.sys
2011/01/21 21:53:07.0937 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/21 21:53:08.0031 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/21 21:53:08.0062 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/21 21:53:08.0125 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/21 21:53:08.0187 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/21 21:53:08.0234 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/21 21:53:08.0281 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/21 21:53:08.0421 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/21 21:53:08.0515 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/21 21:53:08.0578 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/21 21:53:08.0640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/21 21:53:08.0687 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/21 21:53:08.0765 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/21 21:53:08.0906 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/21 21:53:09.0109 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/21 21:53:09.0203 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/01/21 21:53:09.0265 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/21 21:53:09.0328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/21 21:53:09.0468 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/21 21:53:09.0515 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/21 21:53:09.0593 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/21 21:53:09.0656 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/21 21:53:09.0765 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/21 21:53:09.0859 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/21 21:53:10.0000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/21 21:53:10.0078 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/21 21:53:10.0125 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/21 21:53:10.0187 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/21 21:53:10.0250 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/21 21:53:10.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/21 21:53:10.0531 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110121.019\NAVENG.SYS
2011/01/21 21:53:10.0671 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110121.019\NAVEX15.SYS
2011/01/21 21:53:10.0921 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/21 21:53:10.0984 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/21 21:53:11.0015 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/21 21:53:11.0062 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/21 21:53:11.0140 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/21 21:53:11.0187 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/21 21:53:11.0234 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/21 21:53:11.0343 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/21 21:53:11.0531 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\WINDOWS\system32\drivers\nmwcdc.sys
2011/01/21 21:53:11.0609 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2011/01/21 21:53:11.0687 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\WINDOWS\system32\drivers\nmwcd.sys
2011/01/21 21:53:11.0750 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2011/01/21 21:53:11.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/21 21:53:12.0187 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/21 21:53:12.0250 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/21 21:53:12.0406 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/21 21:53:12.0609 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/21 21:53:12.0640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/21 21:53:12.0718 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/21 21:53:12.0812 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/01/21 21:53:12.0875 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/21 21:53:12.0921 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/21 21:53:12.0984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/21 21:53:13.0125 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/21 21:53:13.0203 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/21 21:53:13.0281 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/21 21:53:13.0468 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/21 21:53:13.0500 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/21 21:53:13.0593 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/21 21:53:13.0640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/21 21:53:13.0671 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/21 21:53:13.0718 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/21 21:53:13.0781 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/21 21:53:13.0953 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/21 21:53:14.0015 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/21 21:53:14.0046 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/21 21:53:14.0109 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/21 21:53:14.0156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/21 21:53:14.0234 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/21 21:53:14.0312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/21 21:53:14.0453 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/21 21:53:14.0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/21 21:53:14.0531 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/21 21:53:14.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/21 21:53:14.0656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/21 21:53:14.0734 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/21 21:53:14.0843 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/01/21 21:53:14.0984 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/01/21 21:53:15.0062 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/01/21 21:53:15.0156 RT-USB (6e5ff1febe4ee1b65c8a708285c4db65) C:\WINDOWS\system32\drivers\RT-USB.sys
2011/01/21 21:53:15.0296 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/01/21 21:53:15.0375 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/21 21:53:15.0593 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/21 21:53:15.0656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/21 21:53:15.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/21 21:53:15.0812 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/21 21:53:15.0859 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/21 21:53:15.0937 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/21 21:53:16.0140 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/21 21:53:16.0265 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS
2011/01/21 21:53:16.0328 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS
2011/01/21 21:53:16.0421 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/21 21:53:16.0593 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/01/21 21:53:16.0625 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/01/21 21:53:16.0750 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/21 21:53:16.0890 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/21 21:53:17.0093 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/21 21:53:17.0156 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/21 21:53:17.0203 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/21 21:53:17.0328 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS
2011/01/21 21:53:17.0515 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS
2011/01/21 21:53:17.0578 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/01/21 21:53:17.0703 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS
2011/01/21 21:53:17.0781 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS
2011/01/21 21:53:18.0015 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/21 21:53:18.0078 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/21 21:53:18.0171 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/21 21:53:18.0250 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/21 21:53:18.0359 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/21 21:53:18.0546 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/21 21:53:18.0609 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/21 21:53:18.0687 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/21 21:53:18.0765 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/01/21 21:53:18.0796 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/01/21 21:53:18.0843 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/01/21 21:53:18.0921 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/01/21 21:53:18.0953 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/01/21 21:53:18.0984 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/01/21 21:53:19.0015 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/01/21 21:53:19.0062 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/01/21 21:53:19.0125 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/01/21 21:53:19.0203 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/21 21:53:19.0390 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/21 21:53:19.0437 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/21 21:53:19.0531 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/21 21:53:19.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/21 21:53:19.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/21 21:53:19.0687 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/21 21:53:19.0750 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/21 21:53:19.0937 VAGUSB (07a83a2e070357075c2056810c67c9e4) C:\WINDOWS\system32\Drivers\VAGUSB.sys
2011/01/21 21:53:20.0203 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/21 21:53:20.0531 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/21 21:53:20.0578 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/21 21:53:20.0640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/21 21:53:20.0703 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/21 21:53:20.0781 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/01/21 21:53:21.0015 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/21 21:53:21.0140 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/21 21:53:21.0234 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/01/21 21:53:21.0328 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/01/21 21:53:21.0546 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/21 21:53:21.0625 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/21 21:53:21.0734 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/21 21:53:21.0734 ================================================================================
2011/01/21 21:53:21.0734 Scan finished
2011/01/21 21:53:21.0734 ================================================================================
2011/01/21 21:53:21.0765 Detected object count: 1
2011/01/21 21:54:25.0078 \HardDisk0 - will be cured after reboot
2011/01/21 21:54:25.0078 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/21 21:54:44.0859 Deinitialize success
shelf life
2011-01-22, 22:52
ok so far so good. We will get one more download to use. Its called combofix, there is a guide to read first before you use it. Read through the guide then apply the directions on your own machine:
Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Sorry for the delay in my reply, I have downloaded and run ComboFix now and heres the log from it.
ComboFix 11-01-23.07 - R 01/24/2011 10:43:06.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.444 [GMT -6:00]
Running from: c:\documents and settings\R\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\R\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\R\Application Data\Adobe\plugs
c:\documents and settings\R\Local Settings\Application Data\{09A871FE-4921-4679-ADBB-80320BFCDB26}
c:\documents and settings\R\Local Settings\Application Data\{09A871FE-4921-4679-ADBB-80320BFCDB26}\chrome.manifest
c:\documents and settings\R\Local Settings\Application Data\{09A871FE-4921-4679-ADBB-80320BFCDB26}\chrome\content\_cfg.js
c:\documents and settings\R\Local Settings\Application Data\{09A871FE-4921-4679-ADBB-80320BFCDB26}\chrome\content\overlay.xul
c:\documents and settings\R\Local Settings\Application Data\{09A871FE-4921-4679-ADBB-80320BFCDB26}\install.rdf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NATIONAL2.0
((((((((((((((((((((((((( Files Created from 2010-12-24 to 2011-01-24 )))))))))))))))))))))))))))))))
.
2011-01-17 16:55 . 2011-01-17 16:55 -------- d-----w- c:\program files\ERUNT
2011-01-14 05:11 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-14 05:11 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-01-14 05:10 . 2011-01-14 05:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-14 05:10 . 2011-01-14 05:10 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-14 05:10 . 2011-01-14 05:10 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-14 05:10 . 2011-01-14 05:10 -------- d-----w- c:\program files\Symantec
2011-01-14 05:09 . 2011-01-15 17:03 -------- d-----w- c:\windows\system32\drivers\N360
2011-01-14 05:09 . 2011-01-14 05:09 -------- d-----w- c:\program files\Norton Security Suite
2011-01-14 05:09 . 2011-01-14 05:09 -------- d-----w- c:\program files\Windows Sidebar
2011-01-14 04:48 . 2011-01-14 04:48 -------- d-----w- c:\program files\NortonInstaller
2011-01-14 04:36 . 2011-01-14 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-01-12 02:28 . 2011-01-12 02:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-01-10 02:22 . 2011-01-10 02:22 54016 ----a-w- c:\windows\system32\drivers\vtfgqhjt.sys
2011-01-10 02:12 . 2011-01-10 02:12 -------- d-----w- c:\documents and settings\R\Application Data\VSRevoGroup
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 00:09 . 2009-10-06 14:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-10-06 14:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2005-08-16 09:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2005-08-16 09:18 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2005-08-16 09:18 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 09:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-08-16 09:18 290048 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-06 839680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HostManager"="c:\program files\Common Files\AOL\1170845904\ee\AOLSoftware.exe" [2008-06-24 41824]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 229376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-10 24576]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170845904\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [1/15/2011 10:38 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [1/15/2011 10:38 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/21/2011 8:45 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [1/15/2011 10:38 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [1/15/2011 10:38 AM 116784]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [1/15/2011 10:36 AM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/13/2011 11:23 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110120.001\IDSXpx86.sys [1/21/2011 8:46 PM 341944]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2/23/2008 4:00 AM 54400]
S3 VAGUSB;VAGUSB.SYS USB Driver;c:\windows\system32\drivers\VAGUSB.sys [12/15/2005 8:27 AM 34639]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = localhost
Trusted Zone: musicmatch.com\online
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 10:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(912)
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(824)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\ScsiAccess.EXE
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\windows\stsystra.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2011-01-24 10:59:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-24 16:59
Pre-Run: 16,677,695,488 bytes free
Post-Run: 16,571,043,840 bytes free
- - End Of File - - 2CED5932FD151F3C7DA17864E9182AA2
shelf life
2011-01-25, 00:14
hi,
No problem. That all looks good to me.
You can remove combofix like this;
start>run (classic start menu) and type in
combofix /uninstall
click ok or enter
note the space after the x and before the /
You can delete the tdsskiller icon from your desktop.
Note the free version of malwarebytes must be updated manually and a scan started manaully. Its good practice to keep it updated even if you dont scan with it that much.
You can make a new restore point, the how and the why:
One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
Since you had a rootkit, my rootkit disclaimer:
You had a rootkit on your machine. Rootkits hide malicious files and components from traditional antivirus/antimalware software. They bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a reformat/reinstall of Windows.
The best source for information on how to do this would be the computer manufacturers website.
And last some info to help you remain malware free:
10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:
10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:
1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?
7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.
8) Install and understand the *limitations* of a software firewall.
9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Or see a slide show Here (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing) and do it yourself. How to harden FireFox. (http://threatpost.com/en_us/slideshow/How-to-configure-Mozilla-Firefox-for-secure-surfing?utm_source=Second+Sidebar&utm_medium=Featured+Slideshows&utm_campaign=Configure+Mozilla+Firefox) for safer surfing.
10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file?
More info/tips with pictures, links below
Happy Safe Surfing.
Thanks for everything, I did have one more question. I reset a system restore point, and still when I boot up I get a popup that Windows Explorer cannot find file or folder. Is this a sign of malware or something else?
shelf life
2011-01-30, 04:18
Looks like I missed a file. Get a new copy of combofix and run it the same way you did before. Post the combofix log in your reply. We will use it to remove a file.
You can get the download link in the guide:
Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
The actual popup is Windows Explorer, and the message is Cannot find 'file://'. Make sure the path or Internet address is correct. I ran another Combofix and the log is as follows.
ComboFix 11-01-23.07 - R 01/29/2011 20:39:23.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.452 [GMT -6:00]
Running from: c:\documents and settings\R\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
.
2011-01-30 01:56 . 2011-01-30 01:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-01-29 01:59 . 2011-01-29 01:59 -------- d-sh--w- c:\documents and settings\R\PrivacIE
2011-01-25 03:28 . 2011-01-25 03:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-01-25 03:26 . 2011-01-25 03:26 -------- d-sh--w- c:\documents and settings\R\IETldCache
2011-01-25 03:16 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-01-25 03:09 . 2010-11-06 00:26 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-01-25 03:09 . 2010-11-06 00:26 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-25 03:09 . 2010-11-06 00:26 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-25 03:06 . 2011-01-25 03:08 -------- dc-h--w- c:\windows\ie8
2011-01-17 16:55 . 2011-01-17 16:55 -------- d-----w- c:\program files\ERUNT
2011-01-14 05:11 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-14 05:11 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-01-14 05:10 . 2011-01-14 05:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-14 05:10 . 2011-01-14 05:10 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-14 05:10 . 2011-01-14 05:10 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-14 05:10 . 2011-01-14 05:10 -------- d-----w- c:\program files\Symantec
2011-01-14 05:09 . 2011-01-15 17:03 -------- d-----w- c:\windows\system32\drivers\N360
2011-01-14 05:09 . 2011-01-14 05:09 -------- d-----w- c:\program files\Norton Security Suite
2011-01-14 05:09 . 2011-01-14 05:09 -------- d-----w- c:\program files\Windows Sidebar
2011-01-14 04:48 . 2011-01-14 04:48 -------- d-----w- c:\program files\NortonInstaller
2011-01-14 04:36 . 2011-01-14 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-01-12 02:28 . 2011-01-12 02:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-01-10 02:22 . 2011-01-10 02:22 54016 ----a-w- c:\windows\system32\drivers\vtfgqhjt.sys
2011-01-10 02:12 . 2011-01-10 02:12 -------- d-----w- c:\documents and settings\R\Application Data\VSRevoGroup
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 00:09 . 2009-10-06 14:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-10-06 14:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2005-08-16 09:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2005-08-16 09:18 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-08-16 09:18 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-08-16 09:18 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 09:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-01-24_16.55.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-30 02:31 . 2011-01-30 02:31 16384 c:\windows\temp\Perflib_Perfdata_2bc.dat
+ 2011-01-30 02:30 . 2011-01-30 02:30 16384 c:\windows\temp\Perflib_Perfdata_24c.dat
+ 2005-08-17 02:06 . 2009-01-08 00:21 26144 c:\windows\system32\spupdsvc.exe
+ 2008-09-30 19:18 . 2009-01-08 00:20 16928 c:\windows\system32\spmsg.dll
+ 2005-08-16 09:18 . 2009-03-08 10:31 46592 c:\windows\system32\pngfilt.dll
- 2006-06-29 14:05 . 2006-06-29 14:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 14:05 . 2009-01-08 00:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-28 23:59 . 2006-06-28 23:59 24576 c:\windows\system32\nlsdl.dll
+ 2006-06-28 23:59 . 2009-01-08 00:20 24576 c:\windows\system32\nlsdl.dll
+ 2005-08-16 09:18 . 2009-03-08 10:31 48128 c:\windows\system32\mshtmler.dll
- 2005-08-16 09:18 . 2007-08-14 00:01 48128 c:\windows\system32\mshtmler.dll
+ 2005-08-16 09:18 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
- 2005-08-16 09:18 . 2007-08-14 00:32 45568 c:\windows\system32\mshta.exe
+ 2005-08-16 09:18 . 2009-03-08 10:31 45568 c:\windows\system32\mshta.exe
+ 2007-08-14 00:36 . 2009-03-08 10:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-14 00:54 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
+ 2005-08-16 09:18 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2005-08-16 09:18 . 2009-03-08 10:32 94720 c:\windows\system32\inseng.dll
+ 2005-08-16 09:18 . 2009-03-08 10:31 34816 c:\windows\system32\imgutil.dll
+ 2007-08-14 00:39 . 2009-03-08 10:32 36864 c:\windows\system32\ieudinit.exe
+ 2005-08-16 09:18 . 2009-03-08 10:32 71680 c:\windows\system32\iesetup.dll
+ 2005-08-16 09:18 . 2009-03-08 10:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 14:05 . 2009-01-08 00:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 14:05 . 2006-06-29 14:05 26112 c:\windows\system32\idndl.dll
+ 2007-08-14 00:36 . 2009-03-08 10:31 59904 c:\windows\system32\icardie.dll
+ 2006-05-10 05:25 . 2009-03-08 10:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-14 00:01 . 2007-08-14 00:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-14 00:01 . 2009-03-08 10:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-05-10 05:25 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-14 00:32 . 2007-08-14 00:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-08-14 00:32 . 2009-03-08 10:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-03-02 05:24 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 00:44 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-05-10 05:25 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2009-03-08 10:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-14 00:36 . 2009-03-08 10:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-14 00:39 . 2009-03-08 10:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-14 00:39 . 2009-03-08 10:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2008-03-02 05:24 . 2009-03-08 10:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-14 00:18 . 2009-03-08 10:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-06-29 16:12 . 2009-03-08 10:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-14 00:39 . 2009-03-08 10:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2005-08-16 09:18 . 2009-03-08 10:33 18944 c:\windows\system32\corpol.dll
+ 2005-08-16 09:18 . 2009-03-08 10:32 72704 c:\windows\system32\admparse.dll
+ 2011-01-25 03:11 . 2009-03-08 10:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-01-25 03:11 . 2009-03-08 10:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2011-01-25 03:11 . 2009-03-08 10:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2011-01-25 03:15 . 2009-03-08 10:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2011-01-25 03:15 . 2009-03-08 10:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2011-01-25 03:07 . 2009-03-08 20:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 44544 c:\windows\ie8\pngfilt.dll
+ 2011-01-25 03:06 . 2007-08-14 00:01 48128 c:\windows\ie8\mshtmler.dll
+ 2011-01-25 03:06 . 2007-08-14 00:32 45568 c:\windows\ie8\mshta.exe
+ 2011-01-25 03:06 . 2007-08-14 00:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2011-01-25 03:06 . 2010-11-06 00:34 52224 c:\windows\ie8\msfeedsbs.dll
+ 2011-01-25 03:06 . 2007-08-14 00:44 40960 c:\windows\ie8\licmgr10.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 27648 c:\windows\ie8\jsproxy.dll
+ 2011-01-25 03:06 . 2007-08-14 00:39 92672 c:\windows\ie8\inseng.dll
+ 2011-01-25 03:06 . 2007-08-14 00:36 36352 c:\windows\ie8\imgutil.dll
+ 2011-01-25 03:06 . 2007-08-14 00:39 55296 c:\windows\ie8\iesetup.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 44544 c:\windows\ie8\iernonce.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 78336 c:\windows\ie8\ieencode.dll
+ 2011-01-25 03:06 . 2010-11-03 12:24 70656 c:\windows\ie8\ie4uinit.exe
+ 2011-01-25 03:06 . 2010-11-06 00:34 63488 c:\windows\ie8\icardie.dll
+ 2011-01-25 03:06 . 2007-08-14 00:18 60416 c:\windows\ie8\hmmapi.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 17408 c:\windows\ie8\corpol.dll
+ 2011-01-25 03:06 . 2007-08-14 00:39 71680 c:\windows\ie8\admparse.dll
+ 2011-01-25 03:16 . 2009-03-08 10:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll
- 2008-03-02 05:20 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2008-03-02 05:20 . 2009-01-08 00:21 121856 c:\windows\system32\xmllite.dll
+ 2007-08-14 00:45 . 2009-03-08 10:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2005-08-16 09:18 . 2009-03-08 10:34 236544 c:\windows\system32\webcheck.dll
+ 2005-08-16 09:18 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
+ 2005-08-16 09:18 . 2009-03-08 10:34 105984 c:\windows\system32\url.dll
- 2005-08-16 09:18 . 2010-11-06 00:34 105984 c:\windows\system32\url.dll
+ 2005-08-16 09:18 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
+ 2005-08-16 09:18 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
+ 2005-08-16 09:18 . 2009-03-08 10:34 193536 c:\windows\system32\msrating.dll
- 2005-08-16 09:18 . 2007-08-14 00:54 156160 c:\windows\system32\msls31.dll
+ 2005-08-16 09:18 . 2009-03-08 10:22 156160 c:\windows\system32\msls31.dll
+ 2007-08-14 00:54 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
+ 2009-01-08 00:20 . 2009-01-08 00:20 265720 c:\windows\system32\msdbg2.dll
+ 2005-08-16 09:18 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2007-08-14 00:54 . 2009-03-08 10:22 164352 c:\windows\system32\ieui.dll
+ 2005-08-16 09:18 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
+ 2005-08-16 09:18 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 18:27 . 2009-03-08 10:11 445952 c:\windows\system32\ieapfltr.dll
+ 2005-08-16 09:18 . 2009-03-08 10:32 163840 c:\windows\system32\ieakui.dll
+ 2005-08-16 09:18 . 2009-03-08 10:33 229376 c:\windows\system32\ieaksie.dll
+ 2005-08-16 09:18 . 2009-03-08 10:33 125952 c:\windows\system32\ieakeng.dll
+ 2005-08-16 09:18 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
+ 2005-08-16 09:18 . 2009-03-08 10:31 216064 c:\windows\system32\dxtrans.dll
+ 2005-08-16 09:18 . 2009-03-08 10:31 348160 c:\windows\system32\dxtmsft.dll
+ 2006-05-10 05:25 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-14 00:54 . 2009-03-08 10:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2006-09-18 14:15 . 2009-03-08 10:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-14 00:44 . 2009-03-08 10:34 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-14 00:44 . 2010-11-06 00:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-08 00:20 . 2009-01-08 00:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2007-08-14 00:44 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-05-10 05:25 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:25 . 2009-03-08 10:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2007-08-14 00:54 . 2007-08-14 00:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-08-14 00:54 . 2009-03-08 10:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2008-03-02 05:24 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
+ 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-14 00:43 . 2009-03-08 20:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2006-05-10 05:25 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 00:39 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-03-02 05:24 . 2009-03-08 10:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-13 23:56 . 2009-03-08 10:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-14 00:39 . 2009-03-08 10:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-14 00:39 . 2009-03-08 10:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 00:39 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-05-10 05:25 . 2009-03-08 10:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:25 . 2009-03-08 10:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-14 00:39 . 2009-03-08 10:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2005-08-16 09:18 . 2009-03-08 10:32 128512 c:\windows\system32\advpack.dll
+ 2011-01-25 03:11 . 2009-03-08 10:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2011-01-25 03:11 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2011-01-25 03:11 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2011-01-25 03:11 . 2009-03-08 10:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2011-01-25 03:11 . 2009-03-08 10:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-01-25 03:11 . 2009-03-08 10:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2011-01-25 03:11 . 2009-03-08 10:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-01-25 03:11 . 2009-03-08 10:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2011-01-25 03:11 . 2009-03-08 10:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-01-25 03:11 . 2009-03-08 20:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2011-01-25 03:11 . 2009-03-08 10:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-01-30 00:16 . 2009-03-08 10:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2011-01-30 00:16 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2011-01-30 00:16 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2011-01-30 00:16 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2011-01-30 00:16 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2011-01-30 00:16 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2011-01-30 00:15 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2011-01-30 00:15 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2011-01-30 00:15 . 2009-03-08 10:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2011-01-25 03:16 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll
+ 2011-01-25 03:16 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe
+ 2011-01-25 03:18 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2011-01-25 03:19 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2011-01-25 03:19 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2011-01-25 03:18 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2011-01-25 03:18 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2011-01-25 03:15 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2011-01-25 03:15 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2011-01-25 03:15 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2011-01-25 03:15 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2011-01-25 03:15 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2011-01-25 03:06 . 2010-11-06 00:34 832512 c:\windows\ie8\wininet.dll
+ 2011-01-25 03:06 . 2007-08-14 00:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2011-01-25 03:06 . 2010-11-06 00:34 233472 c:\windows\ie8\webcheck.dll
+ 2011-01-25 03:06 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2011-01-25 03:06 . 2010-03-09 11:09 430080 c:\windows\ie8\vbscript.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 105984 c:\windows\ie8\url.dll
+ 2011-01-25 03:07 . 2009-01-08 00:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2011-01-25 03:07 . 2009-01-08 00:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-01-25 03:06 . 2006-09-06 23:43 213216 c:\windows\ie8\spuninst.exe
+ 2011-01-25 03:06 . 2010-11-06 00:34 102912 c:\windows\ie8\occache.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 671232 c:\windows\ie8\mstime.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 193024 c:\windows\ie8\msrating.dll
+ 2011-01-25 03:06 . 2007-08-14 00:54 156160 c:\windows\ie8\msls31.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 478208 c:\windows\ie8\mshtmled.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 468480 c:\windows\ie8\msfeeds.dll
+ 2011-01-25 03:06 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
+ 2011-01-25 03:06 . 2010-10-18 11:07 634648 c:\windows\ie8\iexplore.exe
+ 2011-01-25 03:06 . 2007-08-14 00:54 180736 c:\windows\ie8\ieui.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 268288 c:\windows\ie8\iertutil.dll
+ 2011-01-25 03:06 . 2007-08-14 00:54 287744 c:\windows\ie8\ieproxy.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 192512 c:\windows\ie8\iepeers.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 384512 c:\windows\ie8\iedkcs32.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 380928 c:\windows\ie8\ieapfltr.dll
+ 2011-01-25 03:06 . 2010-10-18 11:06 161792 c:\windows\ie8\ieakui.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 230400 c:\windows\ie8\ieaksie.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 153088 c:\windows\ie8\ieakeng.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 214528 c:\windows\ie8\dxtrans.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 347136 c:\windows\ie8\dxtmsft.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 124928 c:\windows\ie8\advpack.dll
+ 2005-08-16 09:18 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
+ 2005-08-16 09:18 . 2010-11-06 00:26 5959168 c:\windows\system32\mshtml.dll
+ 2007-08-14 00:34 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2007-02-12 22:10 . 2009-02-07 03:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2006-05-10 05:25 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-08 00:20 . 2009-01-08 00:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-05-19 15:06 . 2010-11-06 00:26 5959168 c:\windows\system32\dllcache\mshtml.dll
+ 2008-03-02 05:24 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2008-03-02 05:24 . 2009-02-07 03:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-08 00:20 . 2009-01-08 00:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2011-01-25 03:11 . 2009-03-08 10:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-01-25 03:11 . 2009-03-08 10:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2011-01-25 03:11 . 2009-03-08 10:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 1168384 c:\windows\ie8\urlmon.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 3604480 c:\windows\ie8\mshtml.dll
+ 2011-01-25 03:06 . 2010-11-06 00:34 6075904 c:\windows\ie8\ieframe.dll
+ 2011-01-25 03:06 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2006-05-24 19:17 . 2011-01-04 23:20 37403080 c:\windows\system32\MRT.exe
+ 2007-08-14 00:54 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
+ 2008-03-02 05:24 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-01-25 03:11 . 2009-03-08 10:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-01-25 03:18 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
+ 2011-01-25 03:15 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-06 839680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HostManager"="c:\program files\Common Files\AOL\1170845904\ee\AOLSoftware.exe" [2008-06-24 41824]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 229376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-10 24576]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170845904\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [1/15/2011 10:38 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [1/15/2011 10:38 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/21/2011 8:45 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [1/15/2011 10:38 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [1/15/2011 10:38 AM 116784]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [1/15/2011 10:36 AM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/13/2011 11:23 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110128.003\IDSXpx86.sys [1/28/2011 8:07 PM 341944]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2/23/2008 4:00 AM 54400]
S3 VAGUSB;VAGUSB.SYS USB Driver;c:\windows\system32\drivers\VAGUSB.sys [12/15/2005 8:27 AM 34639]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = localhost
Trusted Zone: musicmatch.com\online
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 20:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
shelf life
2011-01-30, 15:51
I get a popup that Windows Explorer cannot find file or folder. Is this a sign of malware or something else?
It could be but most likely the malware itself has already been removed and this is just a leftover. It also may not be malware related.
Cannot find 'file://'
Go to start>Programs>Startup and see if there is a reference to any software under the start up group.
We will use combofix to remove a file. Before you use it please disable your AV and any running antimalware including Tea timer.
Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:
File::
c:\windows\system32\drivers\vtfgqhjt.sys
Driver::
vtfgqhjt.sys
Name the Notepad file CFScript.txt and Save it to your desktop.
Now locate the file you just saved (CFScript.txt) and the combofix icon, both on your desktop.
Using your mouse drag the CFScript.txt right on top of the combofix icon and release, combofix will run and produce a new log.
Please post the new combofix log
Under Startup there is a program called Digital Line Detection. Going to run the Combofix now, thanks for the help again.
Almost as soon as I dropped the text on Combofix, I got a popup about pev.exe has encountered a problem and needs to close from Microsoft. It wouldnt allow me to copy and paste the error report but the file name is
bcd7_appcompat.txt. Here is the new Combofix log
ComboFix 11-01-23.07 - R 01/30/2011 11:09:59.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.464 [GMT -6:00]
Running from: c:\documents and settings\R\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\R\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
- REDUCED FUNCTIONALITY MODE -
FILE ::
"c:\windows\system32\drivers\vtfgqhjt.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\vtfgqhjt.sys
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
.
2011-01-30 17:06 . 2011-01-30 17:07 -------- d-----r- C:\32788R22FWJFW
2011-01-30 01:56 . 2011-01-30 01:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-01-29 01:59 . 2011-01-29 01:59 -------- d-sh--w- c:\documents and settings\R\PrivacIE
2011-01-25 03:28 . 2011-01-25 03:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-01-25 03:26 . 2011-01-25 03:26 -------- d-sh--w- c:\documents and settings\R\IETldCache
2011-01-25 03:16 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-01-25 03:09 . 2010-11-06 00:26 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-01-25 03:09 . 2010-11-06 00:26 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-25 03:09 . 2010-11-06 00:26 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-25 03:06 . 2011-01-25 03:08 -------- dc-h--w- c:\windows\ie8
2011-01-17 16:55 . 2011-01-17 16:55 -------- d-----w- c:\program files\ERUNT
2011-01-14 05:11 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-14 05:11 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-01-14 05:10 . 2011-01-14 05:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-14 05:10 . 2011-01-14 05:10 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-14 05:10 . 2011-01-14 05:10 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-14 05:10 . 2011-01-14 05:10 -------- d-----w- c:\program files\Symantec
2011-01-14 05:09 . 2011-01-15 17:03 -------- d-----w- c:\windows\system32\drivers\N360
2011-01-14 05:09 . 2011-01-14 05:09 -------- d-----w- c:\program files\Norton Security Suite
2011-01-14 05:09 . 2011-01-14 05:09 -------- d-----w- c:\program files\Windows Sidebar
2011-01-14 04:48 . 2011-01-14 04:48 -------- d-----w- c:\program files\NortonInstaller
2011-01-14 04:36 . 2011-01-14 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-01-12 02:28 . 2011-01-12 02:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-01-10 02:12 . 2011-01-10 02:12 -------- d-----w- c:\documents and settings\R\Application Data\VSRevoGroup
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 00:09 . 2009-10-06 14:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-10-06 14:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2005-08-16 09:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2005-08-16 09:18 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-08-16 09:18 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-08-16 09:18 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 09:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
((((((((((((((((((((((((((((( SnapShot_2011-01-30_02.47.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-30 16:49 . 2011-01-30 16:49 16384 c:\windows\temp\Perflib_Perfdata_2a8.dat
+ 2011-01-30 16:48 . 2011-01-30 16:48 16384 c:\windows\temp\Perflib_Perfdata_25c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-06 839680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HostManager"="c:\program files\Common Files\AOL\1170845904\ee\AOLSoftware.exe" [2008-06-24 41824]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 229376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-10 24576]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170845904\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [1/15/2011 10:38 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [1/15/2011 10:38 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [1/21/2011 8:45 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [1/15/2011 10:38 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [1/15/2011 10:38 AM 116784]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [1/15/2011 10:36 AM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/13/2011 11:23 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110128.003\IDSXpx86.sys [1/28/2011 8:07 PM 341944]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2/23/2008 4:00 AM 54400]
S3 VAGUSB;VAGUSB.SYS USB Driver;c:\windows\system32\drivers\VAGUSB.sys [12/15/2005 8:27 AM 34639]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = localhost
Trusted Zone: musicmatch.com\online
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-30 11:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(912)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-01-30 11:15:40
ComboFix-quarantined-files.txt 2011-01-30 17:15
ComboFix2.txt 2011-01-30 02:50
ComboFix3.txt 2011-01-24 16:59
Pre-Run: 17,041,145,856 bytes free
Post-Run: 17,016,389,632 bytes free
- - End Of File - - D0D73F900BE2D7058904A1D7F35876CE
shelf life
2011-01-31, 02:55
It looks like combofix ran ok despite the error, the .sys file was removed.
you can try CCleaner for the Cannot find 'file://. You can keep and use it. It is the only "registry cleaner" as they are called that i would use. It also removes temp files.
link here (http://www.piriform.com/ccleaner/download). You will see where it says 'buy online and download", just look a little farther down and you will see two links for the free download. Use one of those to download.
There is a quick tour of the software here (http://www.piriform.com/ccleaner/help).
Once installed:
Click on the registry icon, then scan for issues. After the scan click on fix selected issues, you will have a option of saving before the changes are applied, its a just in case. If everything appears ok after the changes are applied you can delete the backup. Lets see if that solves the problem.
I loaded and ran CCleaner, did a restart and got the same popup. My computer did seem to load faster, could this popup be from some issue other than malware I should look into?
shelf life
2011-02-01, 01:30
It could be a leftover harmless malware (the malware has been removed) issue or it may have another cause. Has it recently showed up? Have you uninstalled any software lately?
As best I can remember, this popup arrived around the time of a malware attack. I have not un installed anything lately other than what we directed in this thread.
shelf life
2011-02-02, 02:48
Lets see what a traditional hjt log shows. go here (http://free.antivirus.com/hijackthis/) and download hjt, v.2.0.4. There are guides on how to generate a log file in the questions below the link. Please post the hjt log.
Ok I downloaded and installed the newest version, and here is the logfile. Close to the end with a 016 beginning is something about Mcafee, which I no longer use or supposedly have onboard.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:53:44 PM, on 2/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\1170845904\ee\AOLSoftware.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170845904\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10382 bytes
shelf life
2011-02-03, 00:11
Looks like the attachment i uploaded?
Try this, but first disable Spybots Teatimer, these directions are slightly old but it should be close:
Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
next:
start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"
O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden
reboot computer.
Same popup but different message. Its word for word what I posted above as to content. I'll give this a run now.
And yet another success story. Following your last directions after reboot no message popped up, so I think its fixed. I appreciate the help, thanks.
shelf life
2011-02-04, 22:19
ok good. your welcome. You can remove combofix with the combofix /uninstall, like you did before. You can also uninstall HJT if you want to. Happy safe surfing.