Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

comboFix log report... what now?

This is a discussion on comboFix log report... what now? within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I'm in the process of removing the trojan vundo. 1. I ran hijackthis 2. I ran ccleaner and saved log


Closed Thread
 
Thread Tools Search this Thread
Old 02-01-2010, 10:17 AM   #1
Guest
 
Join Date: Feb 2010
Posts: 2
OS:


Question

I'm in the process of removing the trojan vundo.

1. I ran hijackthis
2. I ran ccleaner and saved log file to my desktop
3. I ran combofix and prepared a log report.

I need help from here... anyone? I would greatly appreciate it.

Thanx
Rock-E is offline  
Sponsored Links
Advertisement
 
Old 02-01-2010, 11:49 AM   #2
Guest
 
Join Date: Feb 2010
Posts: 2
OS:



---------------------------------hijackThis Report-------------------------

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:20:33 PM, on 2/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 knocker
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: (no name) - {6BDB79AB-646F-4180-B667-283E1CE6C91D} - c:\windows\system32\fesjwyr.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [VAIO_Apps_Update] E:\VAIOUninstall\VAIOUninstall.EXE
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - https://edits.mywebsearch.com/toolbar...S_ZNxmk121IUUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - https://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - https://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1159686252453
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: lkrdmorn - fesjwyr.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 15798 bytes



------------------------ComboFix Report-----------------------------------

ComboFix 10-02-01.01 - Rodney Evans 02/01/2010 12:45:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.207 [GMT -5:00]
Running from: c:\documents and settings\Rodney Evans\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Keia\Application Data\Install.dat
c:\documents and settings\Keia\Local Settings\Application Data\{8EF44C77-8B57-48C9-A309-36C82FD19E16}
c:\documents and settings\Keia\Local Settings\Application Data\{8EF44C77-8B57-48C9-A309-36C82FD19E16}\chrome.manifest
c:\documents and settings\Keia\Local Settings\Application Data\{8EF44C77-8B57-48C9-A309-36C82FD19E16}\chrome\content\_cfg.js
c:\documents and settings\Keia\Local Settings\Application Data\{8EF44C77-8B57-48C9-A309-36C82FD19E16}\chrome\content\c.js
c:\documents and settings\Keia\Local Settings\Application Data\{8EF44C77-8B57-48C9-A309-36C82FD19E16}\chrome\content\overlay.xul
c:\documents and settings\Keia\Local Settings\Application Data\{8EF44C77-8B57-48C9-A309-36C82FD19E16}\install.rdf
c:\documents and settings\Rodney Evans\Local Settings\Application Data\{292C47A3-DE86-4606-A51F-11C095C87926}
c:\documents and settings\Rodney Evans\Local Settings\Application Data\{292C47A3-DE86-4606-A51F-11C095C87926}\chrome.manifest
c:\documents and settings\Rodney Evans\Local Settings\Application Data\{292C47A3-DE86-4606-A51F-11C095C87926}\chrome\content\_cfg.js
c:\documents and settings\Rodney Evans\Local Settings\Application Data\{292C47A3-DE86-4606-A51F-11C095C87926}\chrome\content\c.js
c:\documents and settings\Rodney Evans\Local Settings\Application Data\{292C47A3-DE86-4606-A51F-11C095C87926}\chrome\content\overlay.xul
c:\documents and settings\Rodney Evans\Local Settings\Application Data\{292C47A3-DE86-4606-A51F-11C095C87926}\install.rdf
C:\LOG.TXT
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\NPROTECT\00269309.
c:\recycler\NPROTECT\00326534.
c:\recycler\S-1-5-21-1129104598-3505460007-2405350716-500
c:\recycler\S-1-5-21-1844237615-1801674531-725345543-500
c:\recycler\S-1-5-21-2530520543-3370927767-832300917-500
c:\recycler\S-1-5-21-3050832978-363202024-3319799698-500
c:\recycler\S-1-5-21-4272853618-324874107-898760114-500
c:\windows\inewiqul.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\cgnhmow.dll
c:\windows\system32\Data
c:\windows\system32\drivers\filxbbhw.sys
c:\windows\system32\drivers\ldtijhgi.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fesjwyr.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\xfbcxyuc.dll
c:\windows\Tasks\At1.job
c:\recycler\NPROTECT . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FILXBBHW
-------\Legacy_MXQTSYWR
-------\Legacy_NPF
-------\Legacy_UACd.sys
-------\Service_filxbbhw
-------\Service_mxqtsywr
-------\Service_npf
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))
.

2010-02-01 17:23 . 2010-02-01 17:23 -------- d-----w- c:\program files\CCleaner
2010-02-01 17:13 . 2010-02-01 17:13 -------- d-----w- c:\program files\TrendMicro
2010-02-01 16:26 . 2010-02-01 16:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-01 16:23 . 2010-02-01 16:23 2272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-01 16:21 . 2010-02-01 16:21 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-01 16:21 . 2010-02-01 16:21 -------- d-----w- c:\program files\MSBuild
2010-02-01 16:21 . 2010-02-01 16:21 -------- d-----w- c:\program files\Reference Assemblies
2010-02-01 16:20 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-01 16:18 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-01 16:18 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-01 16:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-01 16:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-01 16:18 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-01 16:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-01 16:18 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-01 16:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-01 16:00 . 2010-02-01 16:00 -------- d-sh--w- c:\documents and settings\Rodney Evans\PrivacIE
2010-02-01 15:51 . 2010-02-01 15:51 -------- d-sh--w- c:\documents and settings\Rodney Evans\IETldCache
2010-02-01 15:47 . 2010-02-01 15:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-01 15:16 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-01 15:15 . 2010-02-01 15:17 -------- d-----w- c:\windows\ie8updates
2010-02-01 15:13 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-01 15:13 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-01 15:09 . 2010-02-01 15:13 -------- dc-h--w- c:\windows\ie8
2010-01-26 15:07 . 2010-01-26 15:07 -------- d-----r- c:\program files\Norton Support
2010-01-24 22:39 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-24 21:58 . 2010-01-24 21:58 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-01-24 18:44 . 2010-01-24 18:44 -------- d-----w- c:\program files\iPod
2010-01-24 18:43 . 2010-01-24 18:46 -------- d-----w- c:\program files\iTunes
2010-01-24 18:43 . 2010-01-24 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-24 17:45 . 2010-01-24 17:45 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-01-24 17:43 . 2010-01-24 17:43 -------- d-----w- c:\windows\system32\drivers\N360
2010-01-24 17:43 . 2010-01-24 17:44 -------- d-----w- c:\program files\Norton 360
2010-01-24 17:43 . 2010-01-24 17:43 -------- d-----w- c:\program files\Windows Sidebar
2010-01-24 17:00 . 2010-01-24 17:00 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2010-01-24 16:21 . 2010-01-24 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-01-24 16:06 . 2010-01-24 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-01-24 16:02 . 2010-01-24 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-24 16:02 . 2010-01-24 16:02 -------- d-----w- c:\program files\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 17:00 . 2006-10-01 04:47 53096 ----a-w- c:\documents and settings\Rodney Evans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-01 16:26 . 2006-10-27 23:19 -------- d-----w- c:\program files\Google
2010-02-01 15:41 . 2009-03-14 05:03 -------- d-----w- c:\program files\Yahoo!
2010-02-01 15:40 . 2003-12-04 19:05 -------- d-----w- c:\program files\Common Files\Real
2010-02-01 15:38 . 2003-12-04 19:07 -------- d-----w- c:\program files\Quicken
2010-01-24 22:25 . 2006-10-01 05:27 -------- d-----w- c:\program files\HP
2010-01-24 21:11 . 2006-12-25 19:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-24 20:38 . 2007-07-07 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-24 20:37 . 2006-12-25 17:57 -------- d-----w- c:\documents and settings\Rodney Evans\Application Data\Apple Computer
2010-01-24 18:44 . 2007-07-07 13:53 -------- d-----w- c:\program files\Common Files\Apple
2010-01-24 18:34 . 2003-12-04 19:01 -------- d-----w- c:\program files\QuickTime
2010-01-24 18:13 . 2008-12-27 18:14 -------- d-----w- c:\program files\Safari
2010-01-24 17:45 . 2006-10-01 04:53 -------- d-----w- c:\program files\Symantec
2010-01-24 17:45 . 2006-11-02 12:51 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-24 17:45 . 2006-11-02 12:51 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-24 17:45 . 2006-10-01 04:53 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-24 17:45 . 2006-10-01 04:53 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-24 17:45 . 2008-01-29 16:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-24 17:44 . 2008-01-29 17:02 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-01-24 17:05 . 2006-10-01 04:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-24 17:05 . 2005-05-21 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-21 19:14 . 2006-06-23 15:33 916480 ----a-w- c:\windows\system32\wininet.dll
2006-01-21 20:20 . 2006-01-21 20:12 938 ------w- c:\program files\WEBSTER.LOG
2006-01-21 20:12 . 2006-01-21 20:11 10236 ------w- c:\program files\DeIsL1.isu
2006-01-21 20:12 . 2006-01-21 20:12 222 ------w- c:\program files\UNinstal.ini
1999-07-12 21:25 . 2006-01-21 20:12 233472 ------w- c:\program files\WNW.EXE
1998-11-25 17:54 . 2006-01-21 20:12 160 ------w- c:\program files\VSSVER.SCC
1998-08-06 18:06 . 2006-01-21 20:12 4420 ------w- c:\program files\READDICT.TXT
1998-08-06 18:03 . 2006-01-21 20:12 4754 ------w- c:\program files\README.TXT
1997-08-13 14:46 . 2006-01-21 20:12 8628 ------w- c:\program files\WNW.GID
1997-08-13 14:46 . 2006-01-21 20:12 75970 ------w- c:\program files\WNW.HLP
1997-08-11 14:31 . 2006-01-21 20:12 3081075 ------w- c:\program files\MDUWIN95.EXE
1997-08-11 14:31 . 2006-01-21 20:12 527872 ------w- c:\program files\SPLASH.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-31 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="-" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-16 335872]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-24 1409024]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2007-04-10 1537640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-10-4 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [12/3/2003 12:23 PM 4736]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0305020.00B\SymEFA.sys [1/24/2010 12:45 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [1/24/2010 12:45 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [1/24/2010 12:45 PM 482432]
R1 DMICall;Sony DMI Call service;c:\windows\system32\drivers\DMICall.sys [12/4/2003 1:32 PM 3952]
R1 eeCtrl;Symantec Eraser Control driver;c:\program files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [10/4/2006 8:35 PM 371248]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL);c:\windows\system32\drivers\N360\0305020.00B\srtspx.sys [1/24/2010 12:45 PM 43696]
R2 Apple Mobile Device;Apple Mobile Device;c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [8/28/2009 7:42 PM 144672]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2/21/2008 5:02 PM 238968]
R2 BthServ;Bluetooth Support Service;c:\windows\system32\svchost.exe -k bthsvcs [12/3/2003 12:23 PM 14336]
R2 ehSched;Media Center Scheduler Service;c:\windows\eHome\ehsched.exe [11/12/2003 6:54 AM 84992]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [3/13/2009 9:56 PM 152984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/31/2010 10:34 PM 102448]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver;c:\windows\system32\drivers\L8042mou.Sys [10/4/2007 6:10 PM 63120]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;c:\windows\system32\drivers\LHidFilt.Sys [10/4/2007 6:10 PM 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;c:\windows\system32\drivers\LMouFilt.Sys [10/4/2007 6:10 PM 36880]
R3 LMouKE;SetPoint Mouse Filter Driver;c:\windows\system32\drivers\LMouKE.Sys [10/4/2007 6:10 PM 79120]
R3 smrt;Sony MPEG RealTime encoder board;c:\windows\system32\drivers\smrt.sys [12/3/2003 12:23 PM 772224]
R3 SRTSP;Symantec Real Time Storage Protection;c:\windows\system32\drivers\N360\0305020.00B\srtsp.sys [1/24/2010 12:45 PM 308272]
R3 SymIMMP;SymIMMP;c:\windows\system32\drivers\SymIM.sys [1/24/2010 12:45 PM 36400]
R3 Wdf01000;Wdf01000;c:\windows\system32\drivers\wdf01000.sys [11/2/2006 6:22 AM 492000]
S0 sbp2port;SBP-2 Transport/Protocol Bus Driver;c:\windows\system32\drivers\sbp2port.sys [10/4/2006 4:43 PM 43904]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys [1/31/2010 3:11 PM 329592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 11:26 AM 135664]
S2 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys --> c:\windows\system32\DRIVERS\portd2k.sys [?]
S3 BthEnum;Bluetooth Request Block Driver;c:\windows\system32\drivers\bthenum.sys [8/4/2004 1:10 AM 17024]
S3 BthPan;Bluetooth Device (Personal Area Network);c:\windows\system32\drivers\bthpan.sys [8/4/2004 12:58 AM 101120]
S3 BTHPORT;Bluetooth Port Driver;c:\windows\system32\drivers\bthport.sys [8/4/2004 1:10 AM 272128]
S3 BTHUSB;Bluetooth Radio USB Driver;c:\windows\system32\drivers\bthusb.sys [8/4/2004 1:10 AM 18944]
S3 cmvad;Linksys Wireless-G Music Bridge Interface;c:\windows\system32\drivers\cmudaxv.sys --> c:\windows\system32\drivers\cmudaxv.sys [?]
S3 HidIr;Microsoft Infrared HID Driver;c:\windows\system32\drivers\hidir.sys [7/30/2003 6:53 AM 19200]
S3 HSFHWICH;HSFHWICH;c:\windows\system32\DRIVERS\HSFHWICH.sys --> c:\windows\system32\DRIVERS\HSFHWICH.sys [?]
S3 IrBus;Infrared bus filter driver for eHome remote controls;c:\windows\system32\drivers\irbus.sys [7/30/2003 6:53 AM 46592]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver;c:\windows\system32\drivers\L8042Kbd.sys [10/4/2007 6:10 PM 20496]
S3 NdisIP;Microsoft TV/Video Connection;c:\windows\system32\drivers\ndisip.sys [12/3/2003 1:37 PM 10880]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys --> c:\windows\system32\Drivers\PCASp50.sys [?]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [10/22/2007 4:14 PM 39704]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);c:\windows\system32\drivers\rfcomm.sys [8/4/2004 1:10 AM 59136]
S3 SLIP;BDA Slip De-Framer;c:\windows\system32\drivers\slip.sys [12/3/2003 1:37 PM 11136]
S3 StillCam;Still Serial Digital Camera Driver;c:\windows\system32\drivers\serscan.sys [10/1/2006 12:38 AM 6784]
S3 SymIM;Symantec Network Security Intermediate Filter Service;c:\windows\system32\drivers\SymIM.sys [1/24/2010 12:45 PM 36400]
S3 SYMNDIS;Symantec Network Filter Driver;c:\windows\system32\drivers\N360\0305020.00B\symndis.sys [1/24/2010 12:45 PM 36400]
S3 usb_rndisx;USB RNDIS Adapter;c:\windows\system32\drivers\usb8023x.sys [8/4/2004 1:04 AM 12800]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [11/7/2007 1:19 PM 40448]
S3 wceusbsh;Windows CE USB Serial Host Driver;c:\windows\system32\drivers\wceusbsh.sys [10/5/2006 4:10 PM 104064]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FILXBBHW
*Deregistered* - filxbbhw
.
Contents of the 'Scheduled Tasks' folder

2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:26]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - https://edits.mywebsearch.com/toolbar...S_ZNxmk121IUUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-VAIO_Apps_Update - e:\vaiouninstall\VAIOUninstall.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-02-01 13:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SNDSrvc]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SYMTDI]
"ImagePath"="-"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1697141713-1257182038-815255373-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2372)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\HPZipm12.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
c:\program files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
c:\program files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-02-01 13:35:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-01 18:35

Pre-Run: 15,644,696,576 bytes free
Post-Run: 15,823,757,312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - DA58E435581A76592DBB0CD607F578C1
Rock-E is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:09 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts