WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93117 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Suspicious.Mystic

Started by MeNeedHelpz , Jan 01 2011 10:16 AM

Page 3 of 5
1
2
3
4
5

This topic is locked

62 replies to this topic

#31 MeNeedHelpz

Authentic Member

Authentic Member
35 posts

Posted 02 January 2011 - 03:20 PM

Heres the log. It detected 1 malicious rootkit item so i kept it on "cure". 2011/01/02 16:04:45.0703 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2011/01/02 16:04:45.0703 ================================================================================ 2011/01/02 16:04:45.0703 SystemInfo: 2011/01/02 16:04:45.0703 2011/01/02 16:04:45.0703 OS Version: 5.1.2600 ServicePack: 3.0 2011/01/02 16:04:45.0703 Product type: Workstation 2011/01/02 16:04:45.0703 ComputerName: ENZO 2011/01/02 16:04:45.0703 UserName: Jimmy 2011/01/02 16:04:45.0703 Windows directory: C:\WINDOWS 2011/01/02 16:04:45.0703 System windows directory: C:\WINDOWS 2011/01/02 16:04:45.0703 Processor architecture: Intel x86 2011/01/02 16:04:45.0703 Number of processors: 1 2011/01/02 16:04:45.0703 Page size: 0x1000 2011/01/02 16:04:45.0703 Boot type: Normal boot 2011/01/02 16:04:45.0703 ================================================================================ 2011/01/02 16:04:46.0125 Initialize success 2011/01/02 16:04:55.0093 ================================================================================ 2011/01/02 16:04:55.0093 Scan started 2011/01/02 16:04:55.0093 Mode: Manual; 2011/01/02 16:04:55.0093 ================================================================================ 2011/01/02 16:04:56.0765 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys 2011/01/02 16:04:56.0875 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys 2011/01/02 16:04:57.0218 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/01/02 16:04:57.0359 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/01/02 16:04:57.0593 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/01/02 16:04:57.0734 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/01/02 16:04:57.0953 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/01/02 16:04:58.0343 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\System32\ANIO.SYS 2011/01/02 16:04:58.0500 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/01/02 16:04:58.0640 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys 2011/01/02 16:04:59.0078 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/01/02 16:04:59.0265 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/01/02 16:04:59.0515 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/01/02 16:04:59.0656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/01/02 16:04:59.0734 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys 2011/01/02 16:04:59.0921 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/01/02 16:05:00.0156 BENDER (829c6c1707784262b559c67b07c59775) C:\WINDOWS\system32\drivers\bender.sys 2011/01/02 16:05:00.0500 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys 2011/01/02 16:05:00.0734 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/01/02 16:05:00.0906 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/01/02 16:05:01.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/01/02 16:05:01.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/01/02 16:05:01.0437 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/01/02 16:05:01.0750 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 2011/01/02 16:05:01.0984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/01/02 16:05:02.0140 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/01/02 16:05:02.0281 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/01/02 16:05:02.0375 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/01/02 16:05:02.0515 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/01/02 16:05:02.0640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/01/02 16:05:02.0734 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/01/02 16:05:02.0906 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/01/02 16:05:03.0000 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/01/02 16:05:03.0125 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/01/02 16:05:03.0250 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/01/02 16:05:03.0390 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/01/02 16:05:03.0515 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/01/02 16:05:03.0656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/01/02 16:05:04.0015 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/01/02 16:05:04.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/01/02 16:05:04.0500 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2011/01/02 16:05:04.0609 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/01/02 16:05:04.0687 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/01/02 16:05:04.0781 hamachi (14d11f508e649f1499bd32e145ba80cb) C:\WINDOWS\system32\DRIVERS\hamachi.sys 2011/01/02 16:05:04.0906 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/01/02 16:05:05.0062 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/01/02 16:05:05.0250 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/01/02 16:05:05.0406 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101231.001\IDSxpx86.sys 2011/01/02 16:05:05.0546 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/01/02 16:05:05.0640 InCDfs (471837ef80b9e54ff4829ad08e82e738) C:\WINDOWS\system32\drivers\InCDFs.sys 2011/01/02 16:05:05.0750 InCDPass (be5a51770311b286e67af6222c57865d) C:\WINDOWS\system32\drivers\InCDPass.sys 2011/01/02 16:05:05.0859 InCDrec (0cc8e8c247accd36ae6350e41c560104) C:\WINDOWS\system32\drivers\InCDrec.sys 2011/01/02 16:05:06.0000 incdrm (f5847a6d3b67d5745804e4bf1d220a36) C:\WINDOWS\system32\drivers\InCDRm.sys 2011/01/02 16:05:06.0218 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/01/02 16:05:06.0328 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/01/02 16:05:06.0421 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/01/02 16:05:06.0546 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/01/02 16:05:06.0625 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/01/02 16:05:06.0750 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/01/02 16:05:06.0906 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/01/02 16:05:07.0078 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/01/02 16:05:07.0218 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/01/02 16:05:07.0312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/01/02 16:05:07.0437 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/01/02 16:05:07.0609 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/01/02 16:05:07.0703 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/01/02 16:05:07.0812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/01/02 16:05:07.0937 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/01/02 16:05:08.0046 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/01/02 16:05:08.0203 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/01/02 16:05:08.0390 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/01/02 16:05:08.0546 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys 2011/01/02 16:05:08.0656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/01/02 16:05:08.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/01/02 16:05:08.0875 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/01/02 16:05:08.0984 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/01/02 16:05:09.0078 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/01/02 16:05:09.0156 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/01/02 16:05:09.0265 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/01/02 16:05:09.0375 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/01/02 16:05:09.0515 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110102.003\NAVENG.SYS 2011/01/02 16:05:09.0687 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110102.003\NAVEX15.SYS 2011/01/02 16:05:09.0890 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/01/02 16:05:10.0015 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/01/02 16:05:10.0109 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/01/02 16:05:10.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/01/02 16:05:10.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/01/02 16:05:10.0421 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/01/02 16:05:10.0578 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/01/02 16:05:10.0703 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/01/02 16:05:10.0890 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/01/02 16:05:11.0000 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 2011/01/02 16:05:11.0125 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/01/02 16:05:11.0312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/01/02 16:05:11.0437 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/01/02 16:05:11.0796 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/01/02 16:05:12.0140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/01/02 16:05:12.0218 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/01/02 16:05:12.0359 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2011/01/02 16:05:12.0484 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2011/01/02 16:05:12.0625 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2011/01/02 16:05:12.0750 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/01/02 16:05:12.0875 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 2011/01/02 16:05:12.0984 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 2011/01/02 16:05:13.0125 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys 2011/01/02 16:05:13.0296 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/01/02 16:05:13.0390 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/01/02 16:05:13.0484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/01/02 16:05:13.0609 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/01/02 16:05:13.0812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/01/02 16:05:13.0921 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/01/02 16:05:14.0375 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys 2011/01/02 16:05:14.0500 PnkBstrK (a32ef1b47f239fc91dbf5c02feaf573d) C:\WINDOWS\system32\drivers\PnkBstrK.sys 2011/01/02 16:05:14.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/01/02 16:05:14.0734 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/01/02 16:05:14.0875 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/01/02 16:05:14.0968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/01/02 16:05:15.0093 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/01/02 16:05:15.0390 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/01/02 16:05:15.0484 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/01/02 16:05:15.0593 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/01/02 16:05:15.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/01/02 16:05:15.0828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/01/02 16:05:15.0937 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/01/02 16:05:16.0078 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/01/02 16:05:16.0234 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/01/02 16:05:16.0421 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/01/02 16:05:16.0546 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/01/02 16:05:16.0703 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/01/02 16:05:16.0843 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/01/02 16:05:17.0140 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/01/02 16:05:17.0359 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/01/02 16:05:17.0546 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/01/02 16:05:17.0718 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS 2011/01/02 16:05:17.0937 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/01/02 16:05:18.0093 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/01/02 16:05:18.0203 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/01/02 16:05:18.0312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/01/02 16:05:18.0734 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2011/01/02 16:05:19.0156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/01/02 16:05:19.0296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/01/02 16:05:19.0406 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/01/02 16:05:19.0515 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/01/02 16:05:19.0625 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/01/02 16:05:19.0750 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys 2011/01/02 16:05:19.0937 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/01/02 16:05:20.0093 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/01/02 16:05:20.0234 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/01/02 16:05:20.0328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/01/02 16:05:20.0421 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/01/02 16:05:20.0515 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/01/02 16:05:20.0609 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/01/02 16:05:20.0781 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/01/02 16:05:20.0921 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/01/02 16:05:21.0015 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/01/02 16:05:21.0109 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/01/02 16:05:21.0234 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/01/02 16:05:21.0359 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/01/02 16:05:21.0484 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/01/02 16:05:21.0656 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/01/02 16:05:21.0859 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/01/02 16:05:21.0859 ================================================================================ 2011/01/02 16:05:21.0859 Scan finished 2011/01/02 16:05:21.0859 ================================================================================ 2011/01/02 16:05:21.0859 Detected object count: 1 2011/01/02 16:05:40.0296 \HardDisk1 - will be cured after reboot 2011/01/02 16:05:40.0296 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure 2011/01/02 16:05:43.0203 Deinitialize success

Advertisements

Register to Remove

#32 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 02 January 2011 - 08:37 PM

Hi

Please delete the copy of ComboFix that you have, download a fresh copy, rename it to iexplore > save it to your c:\ drive

try running it again from the c:\ drive

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#33 MeNeedHelpz

Authentic Member

Authentic Member
35 posts

Posted 03 January 2011 - 07:39 PM

It worked. Heres the report:

ComboFix 11-01-03.01 - Jimmy 01/03/2011 20:23:22.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1191 [GMT -5:00]
Running from: c:\documents and settings\Jimmy\Desktop\iexplorer.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Jimmy\Application Data\Local
c:\documents and settings\Jimmy\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Jimmy\Application Data\Local\Temp\DDM\Settings\open.php.ddr
c:\documents and settings\Jimmy\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Jimmy\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\open.php.ddp
c:\documents and settings\Jimmy\Application Data\PriceGong
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Jimmy\Application Data\PriceGong\Data\z.xml
C:\explorer.exe
c:\windows\struct~.ini
c:\windows\system32\Data
c:\windows\system32\ms.dll
c:\windows\winlogon.exe
C:\winlogon.exe

-- Previous Run --

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2010-12-04 to 2011-01-04 )))))))))))))))))))))))))))))))
.

2011-01-02 21:03 . 2011-01-02 21:03 -------- d-----w- c:\documents and settings\Jimmy\Application Data\Tific
2011-01-02 21:03 . 2011-01-02 21:03 -------- d-----w- c:\documents and settings\Jimmy\Local Settings\Application Data\Symantec
2011-01-02 04:03 . 2002-08-29 08:41 1004032 ----a-w- c:\windows\explorer.exe
2011-01-02 04:03 . 2002-08-29 08:41 1004032 ----a-w- c:\windows\explorer.bad
2011-01-02 04:03 . 2008-04-14 00:12 507904 ----a-w- c:\windows\system32\winlogon.exe
2011-01-02 04:03 . 2002-08-29 08:41 516608 ----a-w- c:\windows\winlogon.old
2011-01-02 04:03 . 2002-08-29 08:41 516608 ----a-w- c:\windows\winlogon.badd
2011-01-02 04:03 . 2002-08-29 08:41 516608 ----a-w- c:\windows\system32\Winlogon.oldd
2011-01-02 04:03 . 2002-08-29 08:41 516608 ----a-w- c:\windows\system32\winlogon.old
2010-12-30 04:16 . 2010-12-31 19:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-30 02:59 . 2001-08-17 18:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-12-30 02:59 . 2001-08-17 18:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-12-30 02:57 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-12-30 02:56 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-12-30 02:55 . 2001-08-18 03:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-12-30 02:54 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-12-30 02:54 . 2001-08-17 18:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-12-30 02:54 . 2008-04-14 00:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-12-30 02:54 . 2008-04-14 00:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-12-30 02:54 . 2001-08-17 18:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2010-12-30 02:54 . 2008-04-13 18:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-12-30 02:54 . 2001-08-18 03:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-12-30 02:54 . 2001-08-17 17:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-12-30 02:54 . 2001-08-17 18:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-12-30 02:54 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-12-30 02:54 . 2001-08-17 18:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-12-30 02:54 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-12-30 02:52 . 2001-08-17 18:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2010-12-30 02:51 . 2001-08-17 19:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2010-12-30 02:50 . 2001-08-17 17:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-12-30 02:49 . 2008-04-13 18:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2010-12-30 02:48 . 2001-08-17 18:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-12-30 02:47 . 2001-08-17 19:56 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2010-12-30 02:43 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-12-30 02:42 . 2008-04-13 18:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-12-30 02:42 . 2001-08-17 19:55 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2010-12-30 02:42 . 2001-08-17 19:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2010-12-30 02:42 . 2001-08-17 17:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2010-12-30 02:42 . 2001-08-17 19:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2010-12-30 02:42 . 2001-08-17 18:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2010-12-30 02:42 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-12-30 00:29 . 2010-12-30 00:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-23 01:06 . 2010-12-23 01:06 -------- d-----w- c:\program files\Xvid
2010-12-23 01:06 . 2008-12-14 01:01 77824 ----a-w- c:\windows\system32\xvid.ax
2010-12-23 01:06 . 2008-12-05 02:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-23 01:06 . 2008-12-05 02:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-21 03:43 . 2010-12-21 03:44 -------- d-----w- c:\documents and settings\Jimmy\Local Settings\Application Data\Ares
2010-12-18 02:00 . 2010-12-18 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2010-12-18 01:57 . 2010-12-18 01:57 -------- d-----w- c:\documents and settings\Jimmy\Local Settings\Application Data\Mozilla
2010-12-16 23:49 . 2010-12-16 23:51 -------- d-----w- c:\documents and settings\Jimmy\Local Settings\Application Data\Google
2010-12-16 23:49 . 2010-12-16 23:49 -------- d-----w- c:\documents and settings\Jimmy\Local Settings\Application Data\Deployment
2010-12-16 01:44 . 2010-12-21 11:19 -------- d-----w- c:\documents and settings\Jimmy\Application Data\DivX
2010-12-16 01:41 . 2010-12-16 01:41 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 19:34 . 2010-07-04 12:48 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-24 19:33 . 2010-07-04 16:35 214864 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-24 19:33 . 2010-07-04 12:47 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-18 18:12 . 2009-03-22 22:29 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-06 00:26 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-07-16 20:37 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2003-07-16 20:24 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2003-07-16 20:51 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 18:55 . 2010-11-29 04:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-11-29 04:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55 . 2010-11-29 04:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55 . 2010-11-29 04:55 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-11-29 04:55 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-11-29 04:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-11-29 04:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2009-03-23 01:22 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55 . 2009-03-23 01:22 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2004-08-04 07:56 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55 . 2004-08-04 05:29 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-16 17:04 . 2010-10-16 17:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 17:04 . 2010-10-16 17:04 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 17:04 . 2010-10-16 17:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 17:04 . 2010-10-16 17:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 17:04 . 2010-10-16 17:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 17:04 . 2010-10-16 17:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
.

------- Sigcheck -------

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2002-08-29 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"L06AXLRD_25653484"="d:\programs\Microsoft Student\Microsoft Student 2006 DVD\EDICT.EXE" [2005-06-03 301776]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Google Update"="c:\documents and settings\Jimmy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus XtremeG DWL-G520"="c:\drivers\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe" [2007-06-27 1327104]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2003-07-16 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 455168]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\programs\Nero8\New Folder\Nero 8\InCD\NBHGui.exe" [2007-08-04 2043688]
"InCD"="d:\programs\Nero8\New Folder\Nero 8\InCD\InCD.exe" [2007-08-04 1056552]
"NBKeyScan"="d:\programs\Nero8\New Folder\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-12-30 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Jimmy\\Desktop\\Folders\\Jimmy's Stuff\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"d:\\Jimmy\\Vindictus\\en-US\\NMService.exe"=
"d:\jimmy\Combat Arms\CombatArms.exe"= d:\jimmy\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"d:\jimmy\Combat Arms\Engine.exe"= d:\jimmy\Combat Arms\Engine.exe:*Enabled:Engine.exe
"d:\\Jimmy\\Combat Arms\\NMService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56775:TCP"= 56775:TCP:Pando Media Booster
"56775:UDP"= 56775:UDP:Pando Media Booster
"58045:TCP"= 58045:TCP:Pando Media Booster
"58045:UDP"= 58045:UDP:Pando Media Booster
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6991:TCP"= 6991:TCP:League of Legends Launcher
"6991:UDP"= 6991:UDP:League of Legends Launcher

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 6:21 PM 126392]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/22/2009 5:49 PM 547744]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [6/10/2009 7:12 PM 180480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/5/2010 9:57 PM 102448]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS --> c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 9:20 PM 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys --> c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS --> c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [?]
S2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;"c:\program files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe" --> c:\program files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe [?]
S2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;"c:\program files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe" --> c:\program files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe [?]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101231.001\IDSXpx86.sys [1/1/2011 10:12 AM 341944]
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-573735546-839522115-1005Core.job
- c:\documents and settings\Jimmy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 23:49]

2011-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-573735546-839522115-1005UA.job
- c:\documents and settings\Jimmy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 23:49]

2011-01-04 c:\windows\Tasks\User_Feed_Synchronization-{164954DE-EE48-4018-A184-9E30A67BEDEF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2011-01-03 c:\windows\Tasks\User_Feed_Synchronization-{F9B57BD8-EEA4-48F4-981A-C483EB12A1D6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1241404235&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-US
uInternet Settings,ProxyServer = http=127.0.0.1:59274
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {BB7E62CD-6811-470D-9265-9E7902F50605} - hxxp://ecdownload.moondo.com/17/patcher/moondoax.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Client\YontooIEClient.dll
HKCU-Run-core700extrasetup.exe - c:\documents and settings\Jimmy\Application Data\8D6CCE9AC69335523AED001A30207992\core700extrasetup.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{92606477-9366-4D3B-8AE3-6BE4B29727AB} - c:\program files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe
AddRemove-{EE3A1D30-B97D-4EC0-BA65-EEE4131ECA9A} - c:\program files\InstallShield Installation Information\{EE3A1D30-B97D-4EC0-BA65-EEE4131ECA9A}\setup.exe
AddRemove-uTorrent - c:\documents and settings\Jimmy\Desktop\Jimmy's Stuff\uTorrent.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-03 20:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-03 20:32:56
ComboFix-quarantined-files.txt 2011-01-04 01:32

Pre-Run: 9,203,650,560 bytes free
Post-Run: 9,149,583,360 bytes free

- - End Of File - - B2BCA10D02F4F5964F03576C64D5FE62

#34 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 03 January 2011 - 08:45 PM

Hi

Please do the following:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

FCopy::
c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe
c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\system32\dllcache\explorer.exe
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\dllcache\winlogon.exe 

File::
c:\windows\explorer.bad
c:\windows\winlogon.old
c:\windows\winlogon.badd
c:\windows\system32\Winlogon.oldd
c:\windows\system32\winlogon.old

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:59274

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#35 MeNeedHelpz

Authentic Member

Authentic Member
35 posts

Posted 04 January 2011 - 03:19 PM

OMG I have my desktop back. Thank you so much XD

Heres the log btw:

ComboFix 11-01-03.01 - Jimmy 01/04/2011 16:06:58.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1160 [GMT -5:00]
Running from: c:\documents and settings\Jimmy\Desktop\iexplorer.exe
Command switches used :: c:\documents and settings\Jimmy\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\explorer.bad"
"c:\windows\system32\winlogon.old"
"c:\windows\system32\Winlogon.oldd"
"c:\windows\winlogon.badd"
"c:\windows\winlogon.old"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\explorer.bad
c:\windows\system32\winlogon.old
c:\windows\system32\Winlogon.oldd
c:\windows\winlogon.badd
c:\windows\winlogon.old

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\system32\dllcache\explorer.exe
c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\dllcache\winlogon.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-04 to 2011-01-04 )))))))))))))))))))))))))))))))
.

2011-01-02 21:03 . 2011-01-02 21:03 -------- d-----w- c:\documents and settings\Jimmy\Application Data\Tific
2011-01-02 21:03 . 2011-01-02 21:03 -------- d-----w- c:\documents and settings\Jimmy\Local Settings\Application Data\Symantec
2011-01-02 04:03 . 2008-04-14 00:12 1033728 -c--a-w- c:\windows\system32\dllcache\explorer.exe
2011-01-02 04:03 . 2008-04-14 00:12 1033728 ----a-w- c:\windows\explorer.exe
2011-01-02 04:03 . 2008-04-14 00:12 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-12-30 04:16 . 2010-12-31 19:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-30 02:59 . 2001-08-17 18:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-12-30 02:59 . 2001-08-17 18:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2010-12-30 02:57 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-12-30 02:56 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-12-30 02:55 . 2001-08-18 03:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-12-30 02:54 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-12-30 02:54 . 2001-08-17 18:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-12-30 02:54 . 2008-04-14 00:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-12-30 02:54 . 2008-04-14 00:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-12-30 02:54 . 2001-08-17 18:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2010-12-30 02:54 . 2008-04-13 18:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-12-30 02:54 . 2001-08-18 03:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-12-30 02:54 . 2001-08-17 17:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-12-30 02:54 . 2001-08-17 18:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-12-30 02:54 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-12-30 02:54 . 2001-08-17 18:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-12-30 02:54 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-12-30 02:52 . 2001-08-17 18:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2010-12-30 02:51 . 2001-08-17 19:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2010-12-30 02:50 . 2001-08-17 17:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-12-30 02:49 . 2008-04-13 18:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2010-12-30 02:48 . 2001-08-17 18:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-12-30 02:47 . 2001-08-17 19:56 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2010-12-30 02:43 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-12-30 02:42 . 2008-04-13 18:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-12-30 02:42 . 2001-08-17 19:55 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2010-12-30 02:42 . 2001-08-17 19:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2010-12-30 02:42 . 2001-08-17 17:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2010-12-30 02:42 . 2001-08-17 19:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2010-12-30 02:42 . 2001-08-17 18:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2010-12-30 02:42 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-12-30 00:29 . 2010-12-30 00:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-23 01:06 . 2010-12-23 01:06 -------- d-----w- c:\program files\Xvid
2010-12-23 01:06 . 2008-12-14 01:01 77824 ----a-w- c:\windows\system32\xvid.ax
2010-12-23 01:06 . 2008-12-05 02:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-23 01:06 . 2008-12-05 02:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-21 03:43 . 2010-12-21 03:44 -------- d-----w- c:\documents and settings\Jimmy\Local Settings\Application Data\Ares
2010-12-18 02:00 . 2010-12-18 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2010-12-18 01:57 . 2010-12-18 01:57 -------- d-----w- c:\documents and settings\Jimmy\Local Settings\Application Data\Mozilla
2010-12-16 23:49 . 2010-12-16 23:51 -------- d-----w- c:\documents and settings\Jimmy\Local Settings\Application Data\Google
2010-12-16 23:49 . 2010-12-16 23:49 -------- d-----w- c:\documents and settings\Jimmy\Local Settings\Application Data\Deployment
2010-12-16 01:44 . 2010-12-21 11:19 -------- d-----w- c:\documents and settings\Jimmy\Application Data\DivX
2010-12-16 01:41 . 2010-12-16 01:41 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 19:34 . 2010-07-04 12:48 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-24 19:33 . 2010-07-04 16:35 214864 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-24 19:33 . 2010-07-04 12:47 214864 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-18 18:12 . 2009-03-22 22:29 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-06 00:26 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-07-16 20:37 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2003-07-16 20:24 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2003-07-16 20:51 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 18:55 . 2010-11-29 04:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-11-29 04:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55 . 2010-11-29 04:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55 . 2010-11-29 04:55 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-11-29 04:55 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-11-29 04:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-11-29 04:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2009-03-23 01:22 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55 . 2009-03-23 01:22 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2004-08-04 07:56 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55 . 2004-08-04 05:29 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-16 17:04 . 2010-10-16 17:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 17:04 . 2010-10-16 17:04 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 17:04 . 2010-10-16 17:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 17:04 . 2010-10-16 17:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 17:04 . 2010-10-16 17:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 17:04 . 2010-10-16 17:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-01-04_01.30.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-04 20:29 . 2011-01-04 20:29 16384 c:\windows\Temp\Perflib_Perfdata_198.dat
+ 2011-01-04 20:27 . 2011-01-04 20:27 16384 c:\windows\Temp\Perflib_Perfdata_148.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"L06AXLRD_25653484"="d:\programs\Microsoft Student\Microsoft Student 2006 DVD\EDICT.EXE" [2005-06-03 301776]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Google Update"="c:\documents and settings\Jimmy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus XtremeG DWL-G520"="c:\drivers\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe" [2007-06-27 1327104]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2003-07-16 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 455168]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\programs\Nero8\New Folder\Nero 8\InCD\NBHGui.exe" [2007-08-04 2043688]
"InCD"="d:\programs\Nero8\New Folder\Nero 8\InCD\InCD.exe" [2007-08-04 1056552]
"NBKeyScan"="d:\programs\Nero8\New Folder\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-12-30 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Jimmy\\Desktop\\Folders\\Jimmy's Stuff\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"d:\\Jimmy\\Vindictus\\en-US\\NMService.exe"=
"d:\jimmy\Combat Arms\CombatArms.exe"= d:\jimmy\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"d:\jimmy\Combat Arms\Engine.exe"= d:\jimmy\Combat Arms\Engine.exe:*Enabled:Engine.exe
"d:\\Jimmy\\Combat Arms\\NMService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56775:TCP"= 56775:TCP:Pando Media Booster
"56775:UDP"= 56775:UDP:Pando Media Booster
"58045:TCP"= 58045:TCP:Pando Media Booster
"58045:UDP"= 58045:UDP:Pando Media Booster
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6991:TCP"= 6991:TCP:League of Legends Launcher
"6991:UDP"= 6991:UDP:League of Legends Launcher

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 6:21 PM 126392]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/22/2009 5:49 PM 547744]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [6/10/2009 7:12 PM 180480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/5/2010 9:57 PM 102448]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS --> c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 9:20 PM 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys --> c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS --> c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [?]
S2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;"c:\program files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe" --> c:\program files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe [?]
S2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;"c:\program files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe" --> c:\program files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe [?]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101231.001\IDSXpx86.sys [1/1/2011 10:12 AM 341944]
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-573735546-839522115-1005Core.job
- c:\documents and settings\Jimmy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 23:49]

2011-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-573735546-839522115-1005UA.job
- c:\documents and settings\Jimmy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 23:49]

2011-01-04 c:\windows\Tasks\User_Feed_Synchronization-{164954DE-EE48-4018-A184-9E30A67BEDEF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2011-01-04 c:\windows\Tasks\User_Feed_Synchronization-{F9B57BD8-EEA4-48F4-981A-C483EB12A1D6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1241404235&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-US
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {BB7E62CD-6811-470D-9265-9E7902F50605} - hxxp://ecdownload.moondo.com/17/patcher/moondoax.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-04 16:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-04 16:15:41
ComboFix-quarantined-files.txt 2011-01-04 21:15
ComboFix2.txt 2011-01-04 01:32

Pre-Run: 9,193,402,368 bytes free
Post-Run: 9,178,697,728 bytes free

- - End Of File - - A7CAB5C44B9BB84C60143D58C8449309

#36 MeNeedHelpz

Authentic Member

Authentic Member
35 posts

Posted 04 January 2011 - 05:36 PM

Hmm, still some problems. Whenever i try to open a folder now, it goes to "search Results" (i can still use windows explorer). Also my Norton Firewall and A-V seem to be permanently disabled (whenever i try to enable them, i get a "one click support" message with error "3041,10001"). Also, when i clicked control panel in the start menu, i get the message ("Windows cannot create a shortcut here. Do you want to place the shortcut on the desktop instead?").

#37 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 04 January 2011 - 11:26 PM

Please do the following:

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

Note: You will need to use Internet explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#38 MeNeedHelpz

Authentic Member

Authentic Member
35 posts

Posted 05 January 2011 - 10:13 PM

Heres the MBAM log. Still scanning the ESET, will have that one by tomorrow. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5465 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/5/2011 2:42:29 PM mbam-log-2011-01-05 (14-42-29).txt Scan type: Quick scan Objects scanned: 164438 Time elapsed: 6 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\qnpn7rjv93lf (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\Jimmy\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. c:\documents and settings\Jimmy\my documents\downloads\limewiresetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. c:\WINDOWS\winlogon.bad (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#39 MeNeedHelpz

Authentic Member

Authentic Member
35 posts

Posted 05 January 2011 - 10:18 PM

Nvm, Scan just finished, Heres the List of threats file contents: C:\Qoobox\Quarantine\C\WINDOWS\system32\ms.dll.vir Win32/Bamital.DV trojan C:\System Volume Information\_restore{EC746D68-A88F-4205-81FF-C8FBF89025C2}\RP1\A0001056.exe Win32/Patched.GN trojan C:\System Volume Information\_restore{EC746D68-A88F-4205-81FF-C8FBF89025C2}\RP1\A0002138.exe Win32/Patched.GN trojan C:\System Volume Information\_restore{EC746D68-A88F-4205-81FF-C8FBF89025C2}\RP2\A0002349.exe Win32/Patched.GN trojan C:\System Volume Information\_restore{EC746D68-A88F-4205-81FF-C8FBF89025C2}\RP2\A0002350.exe Win32/Patched.GN trojan C:\System Volume Information\_restore{EC746D68-A88F-4205-81FF-C8FBF89025C2}\RP2\A0004425.exe Win32/Patched.GN trojan C:\System Volume Information\_restore{EC746D68-A88F-4205-81FF-C8FBF89025C2}\RP3\A0005466.exe Win32/Patched.GN trojan C:\System Volume Information\_restore{EC746D68-A88F-4205-81FF-C8FBF89025C2}\RP3\A0005467.exe Win32/Patched.GN trojan C:\System Volume Information\_restore{EC746D68-A88F-4205-81FF-C8FBF89025C2}\RP5\A0009930.dll Win32/Bamital.DV trojan

#40 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 05 January 2011 - 11:21 PM

Hi

Those items are either in quarantine or old system restore points which we will clean up shortly.

Please do the following:

P2P - I see you have P2P software ares installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Add or Remove Programs.

NEXT

Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image

Your Java is out of date.
Java™ 6 Update 20 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.

Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.

On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
- Applications and Applets
  Trace and Log Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

NEXT

Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Advertisements

Register to Remove

#41 MeNeedHelpz

Authentic Member

Authentic Member
35 posts

Posted 06 January 2011 - 10:04 PM

so currently, there is still the problem with the folder icons redirecting to "search results" page and the fact that control panel cannot be accessed from the start menu (must use run prompt). Heres the DDS log: DDS (Ver_10-12-12.02) - NTFSx86 Run by Jimmy at 20:57:49.76 on Thu 01/06/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.897 [GMT -5:00] AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Disabled* ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\Programs\Nero8\New Folder\Nero 8\InCD\InCDsrv.exe C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe D:\Programs\Nero8\New Folder\Nero 8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe C:\WINDOWS\system32\wscntfy.exe C:\Drivers\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe D:\Programs\Nero8\New Folder\Nero 8\InCD\NBHGui.exe D:\Programs\Nero8\New Folder\Nero 8\InCD\InCD.exe D:\Programs\Nero8\New Folder\Nero 8\Nero BackItUp\NBKeyScan.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Programs\Microsoft Student\Microsoft Student 2006 DVD\EDICT.EXE C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Documents and Settings\Jimmy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jimmy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jimmy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jimmy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\javaws.exe C:\Documents and Settings\Jimmy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Documents and Settings\Jimmy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Jimmy\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1241404235&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-US uInternet Settings,ProxyOverride = <local> uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL BHO: Encarta Web Companion Helper Object: {955be0b8-bc85-4caf-856e-8e0d8b610560} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime uRun: [L06AXLRD_25653484] "d:\programs\microsoft student\microsoft student 2006 dvd\EDICT.EXE" -m uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe" uRun: [Google Update] "c:\documents and settings\jimmy\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [D-Link AirPlus XtremeG DWL-G520] c:\drivers\d-link\airplus xtremeg dwl-g520\AirPlusCFG.exe mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [SecurDisc] d:\programs\nero8\new folder\nero 8\incd\NBHGui.exe mRun: [InCD] d:\programs\nero8\new folder\nero 8\incd\InCD.exe mRun: [NBKeyScan] "d:\programs\nero8\new folder\nero 8\nero backitup\NBKeyScan.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1010011 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237758770780 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245066177968 DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {BB7E62CD-6811-470D-9265-9E7902F50605} - hxxp://ecdownload.moondo.com/17/patcher/moondoax.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ============= SERVICES / DRIVERS =============== R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392] R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2009-3-22 547744] R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2009-6-10 180480] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-5 102448] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys --> c:\windows\system32\drivers\n360\0403000.005\SYMDS.SYS [?] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys --> c:\windows\system32\drivers\n360\0403000.005\SYMEFA.SYS [?] S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-22 691248] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys --> c:\windows\system32\drivers\n360\0403000.005\ccHPx86.sys [?] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys --> c:\windows\system32\drivers\n360\0403000.005\Ironx86.SYS [?] S2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;"c:\program files\solidworks\cosmos\floworks\bincfw\standaloneslv.exe" --> c:\program files\solidworks\cosmos\floworks\bincfw\StandAloneSlv.exe [?] S2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;"c:\program files\solidworks\cosmos\floworks\bincfw\standaloneslv.exe" --> c:\program files\solidworks\cosmos\floworks\bincfw\StandAloneSlv.exe [?] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110104.001\IDSXpx86.sys [2011-1-5 341944] S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110105.003\NAVENG.SYS [2011-1-5 86008] S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110105.003\NAVEX15.SYS [2011-1-5 1360760] =============== Created Last 30 ================ 2011-01-07 01:57:17 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-05 20:18:13 -------- d-----w- c:\program files\ESET 2011-01-05 19:34:44 -------- d-----w- c:\docume~1\jimmy\applic~1\Malwarebytes 2011-01-05 19:34:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-05 19:34:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-05 19:34:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-05 19:34:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-02 21:03:52 -------- d-----w- c:\docume~1\jimmy\applic~1\Tific 2011-01-02 21:03:50 -------- d-----w- c:\docume~1\jimmy\locals~1\applic~1\Symantec 2011-01-02 19:43:38 -------- d-sha-r- C:\cmdcons 2011-01-02 19:40:21 98816 ----a-w- c:\windows\sed.exe 2011-01-02 19:40:21 89088 ----a-w- c:\windows\MBR.exe 2011-01-02 19:40:21 256512 ----a-w- c:\windows\PEV.exe 2011-01-02 19:40:21 161792 ----a-w- c:\windows\SWREG.exe 2011-01-02 04:03:55 1033728 -c--a-w- c:\windows\system32\dllcache\explorer.exe 2011-01-02 04:03:55 1033728 ----a-w- c:\windows\explorer.exe 2011-01-02 04:03:23 507904 ----a-w- c:\windows\system32\winlogon.exe 2010-12-30 02:59:00 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys 2010-12-30 02:59:00 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys 2010-12-30 02:57:49 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys 2010-12-30 02:56:56 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys 2010-12-30 02:55:54 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll 2010-12-30 02:54:40 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys 2010-12-30 02:54:39 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys 2010-12-30 02:54:38 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll 2010-12-30 02:54:38 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys 2010-12-30 02:54:38 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe 2010-12-30 02:54:37 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys 2010-12-30 02:54:30 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll 2010-12-30 02:54:30 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys 2010-12-30 02:54:29 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys 2010-12-30 02:54:28 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys 2010-12-30 02:54:28 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys 2010-12-30 02:54:27 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys 2010-12-30 02:52:44 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys 2010-12-30 02:51:59 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll 2010-12-30 02:50:56 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys 2010-12-30 02:49:57 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys 2010-12-30 02:48:38 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys 2010-12-30 02:47:59 46464 -c--a-w- c:\windows\system32\dllcache\atibt829.sys 2010-12-30 02:43:14 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys 2010-12-30 02:42:59 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll 2010-12-30 02:42:59 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys 2010-12-30 02:42:58 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll 2010-12-30 02:42:58 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys 2010-12-30 02:42:57 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys 2010-12-30 02:42:57 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys 2010-12-30 02:42:35 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2010-12-23 01:06:35 815104 ----a-w- c:\windows\system32\xvidcore.dll 2010-12-23 01:06:35 77824 ----a-w- c:\windows\system32\xvid.ax 2010-12-23 01:06:35 180224 ----a-w- c:\windows\system32\xvidvfw.dll 2010-12-23 01:06:35 -------- d-----w- c:\program files\Xvid 2010-12-21 03:43:49 -------- d-----w- c:\docume~1\jimmy\locals~1\applic~1\Ares 2010-12-18 01:57:15 -------- d-----w- c:\docume~1\jimmy\locals~1\applic~1\Mozilla 2010-12-16 23:49:57 -------- d-----w- c:\docume~1\jimmy\locals~1\applic~1\Google 2010-12-16 23:49:35 -------- d-----w- c:\docume~1\jimmy\locals~1\applic~1\Deployment 2010-12-16 01:41:36 -------- d-----w- c:\program files\common files\DivX Shared ==================== Find3M ==================== 2010-11-29 04:56:07 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin 2010-11-29 04:56:07 1 ----a-w- c:\windows\system32\nvdrssel.bin 2010-11-29 04:55:59 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin 2010-11-24 19:33:14 214864 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-11-24 19:33:14 214864 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco32.dll 2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco32.dll 2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll 2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll 2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll 2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin 2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll 2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll 2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll 2010-10-16 17:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-10-16 17:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll 2010-10-16 17:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll 2010-10-16 17:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-10-16 17:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe 2010-10-16 17:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe ============= FINISH: 20:59:39.04 ===============

#42 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 07 January 2011 - 04:54 AM

Hi

I'd like to get a look at some registry keys

please do the following

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:reg
HKEY_CLASSES_ROOT\directory\shell /s
HKEY_CLASSES_ROOT\drive\shell /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#43 MeNeedHelpz

Authentic Member

Authentic Member
35 posts

Posted 07 January 2011 - 02:30 PM

Here it is: SystemLook 04.09.10 by jpshortstuff Log created at 15:29 on 07/01/2011 by Jimmy Administrator - Elevation successful ========== reg ========== [HKEY_CLASSES_ROOT\directory\shell] @="none" [HKEY_CLASSES_ROOT\directory\shell\find] "SuppressionPolicy"= 0x0000000080 (128) [HKEY_CLASSES_ROOT\directory\shell\find\command] @="%SystemRoot%\Explorer.exe" [HKEY_CLASSES_ROOT\directory\shell\find\ddeexec] @="[FindFolder("%l", %I)]" "NoActivateHandler"="" [HKEY_CLASSES_ROOT\directory\shell\find\ddeexec\application] @="Folders" [HKEY_CLASSES_ROOT\directory\shell\find\ddeexec\topic] @="AppProperties" [HKEY_CLASSES_ROOT\directory\shell\OneNote.Open] @="Open as Notebook in OneNote" [HKEY_CLASSES_ROOT\directory\shell\OneNote.Open\Command] @="C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"" [HKEY_CLASSES_ROOT\drive\shell] @="none" [HKEY_CLASSES_ROOT\drive\shell\find] "SuppressionPolicy"= 0x0000000080 (128) [HKEY_CLASSES_ROOT\drive\shell\find\command] @="%SystemRoot%\Explorer.exe" [HKEY_CLASSES_ROOT\drive\shell\find\ddeexec] @="[FindFolder("%l", %I)]" "NoActivateHandler"="" [HKEY_CLASSES_ROOT\drive\shell\find\ddeexec\application] @="Folders" [HKEY_CLASSES_ROOT\drive\shell\find\ddeexec\topic] @="AppProperties" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "HonorAutoRunSetting"= 0x0000000001 (1) "AllowLegacyWebView"= 0x0000000001 (1) "AllowUnhashedWebView"= 0x0000000001 (1) "NoDriveAutoRun"= 0x0003ffffff (67108863) "NoDriveTypeAutoRun"= 0x0000000143 (323) "NoDrives"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] (No values found) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"= 0x0000000143 (323) "NoDriveAutoRun"= 0x0003ffffff (67108863) "NoDrives"= 0x0000000000 (0) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] (No values found) -= EOF =-

#44 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 07 January 2011 - 04:02 PM

Hi

Those registry keys are as they should be

Try the Fix It button on this Microsoft site

let me know if that changes anything

http://support.micro...lder_diag/en-us

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#45 MeNeedHelpz

Authentic Member

Authentic Member
35 posts

Posted 08 January 2011 - 04:07 PM

When i try to run it, i get an error message saying : "Fix it troubleshooting cannot continue because an error occurred / This troubleshooter does not apply to this computer"

Body Background

skin color theme