HiJack this report

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

HiJack this report am I infected

#1 Jewelleria

Member

Group: Members
Posts: 69
Joined: 28-June 09

Posted 29 June 2009 - 05:01 PM

Referred here from: http://www.bleepingcomputer.com/forums/topic237411.html ~ OB

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:40 PM, on 6/29/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Users\Mackie19\Desktop\ProcessExplorer\procexp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iecc.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; .NET CLR 3.5.30729; WinNT-PAI 16.06.2009)" -"http://www.girlsgogames.com/game/Girly-Trends-3D.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7372 bytes

This post has been edited by Orange Blossom: 29 June 2009 - 11:09 PM

#2 fireman4it

Bleepin' Fireman

Group: Malware Response Team
Posts: 7,703
Joined: 24-May 08
Gender:Male
Location:Bement, ILL

Posted 02 July 2009 - 08:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click

#3 Jewelleria

Member

Group: Members
Posts: 69
Joined: 28-June 09

Posted 07 July 2009 - 02:45 AM

I was trying to disable norton and I ran this program. Then when I tried to rerun, it said that you only need to run it once. sorry. If it's no ggod let me know and I will start all over.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Mackie19 at 2:02:30.07 on Tue 07/07/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.921 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mackie19\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.iecc.edu/
uWindow Title = Internet Explorer provided by Dell
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [VistaStartMenu] "c:\program files\vista start menu\VistaStartMenu.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; .NET CLR 3.5.30729; WinNT-PAI 16.06.2009)" -"http://www.girlsgogames.com/game/Girly-Trends-3D.html"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-5-12 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-5-12 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-5-12 482352]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090703.001\IDSvix86.sys [2009-7-6 292912]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-5-12 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-15 101936]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1005000.087\symndisv.sys [2009-5-12 39984]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-5-31 33176]

=============== Created Last 30 ================

2009-07-06 23:30 691 a------- c:\users\mackie19\appdata\roaming\GetValue.vbs
2009-07-06 23:30 35 a------- c:\users\mackie19\appdata\roaming\SetValue.bat
2009-07-06 23:26 2,528 a------- c:\windows\system32\tmp.reg
2009-07-06 01:00 12 a------- c:\windows\system32\settings.dat
2009-07-05 20:13 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-01 20:11 <DIR> --d----- c:\users\mackie19\appdata\roaming\BlamGames
2009-07-01 09:34 <DIR> --d----- c:\users\mackie19\appdata\roaming\Vista Start Menu
2009-07-01 09:34 <DIR> --d----- c:\program files\Vista Start Menu
2009-06-29 16:48 <DIR> --d----- c:\program files\Trend Micro
2009-06-29 15:47 <DIR> --d----- c:\program files\Free Offers from Freeze.com
2009-06-28 22:49 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-06-28 22:49 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-06-28 22:49 <DIR> --d----- c:\users\mackie19\appdata\roaming\SUPERAntiSpyware.com
2009-06-28 22:49 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-28 22:46 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-27 18:55 <DIR> --d----- c:\program files\Build in Time
2009-06-27 14:20 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 14:20 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-27 14:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-27 10:11 <DIR> --d----- c:\program files\Debugging Tools for Windows (x86)
2009-06-25 20:30 <DIR> --d----- c:\users\mackie19\appdata\roaming\Malwarebytes
2009-06-25 20:30 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-25 20:30 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-25 18:28 <DIR> --d----- c:\program files\Driver Checker
2009-06-22 23:22 <DIR> --d----- c:\programdata\HipSoft
2009-06-22 23:22 <DIR> --d----- c:\progra~2\HipSoft
2009-06-22 17:29 376 a------- c:\windows\ODBC.INI
2009-06-22 00:21 <DIR> --d----- c:\users\mackie19\appdata\roaming\Boomzap
2009-06-20 01:09 <DIR> --d----- c:\programdata\WildTangent
2009-06-20 01:09 <DIR> --d----- c:\progra~2\WildTangent
2009-06-19 00:35 <DIR> --d----- c:\users\mackie19\appdata\roaming\panoramik
2009-06-17 23:14 <DIR> --d----- c:\programdata\Sandlot Games
2009-06-17 23:14 <DIR> --d----- c:\progra~2\Sandlot Games
2009-06-16 21:16 <DIR> --d----- c:\programdata\Oberon Games
2009-06-16 21:16 <DIR> --d----- c:\progra~2\Oberon Games
2009-06-16 01:16 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-16 00:22 <DIR> --d----- c:\users\mackie19\appdata\roaming\Artogon
2009-06-16 00:03 <DIR> --d----- c:\program files\common files\Uninstall
2009-06-15 17:28 <DIR> --d----- c:\programdata\Go Go Gourmet
2009-06-15 17:28 <DIR> --d----- c:\progra~2\Go Go Gourmet
2009-06-13 19:11 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-13 19:11 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-13 19:11 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-13 19:11 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-13 19:11 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-09 21:45 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-09 00:27 <DIR> --d----- c:\users\mackie19\appdata\roaming\Bigfish 3 Days Zoo Mystery
2009-06-08 13:26 <DIR> --d----- c:\programdata\Slapdash Games
2009-06-08 13:26 <DIR> --d----- c:\progra~2\Slapdash Games
2009-06-07 21:47 <DIR> --d----- c:\programdata\Mean Hamster
2009-06-07 21:47 <DIR> --d----- c:\progra~2\Mean Hamster

==================== Find3M ====================

2009-07-07 00:25 1,164 a------- c:\users\mackie19\appdata\roaming\wklnhst.dat
2009-06-03 22:52 174 a--sh--- c:\program files\desktop.ini
2009-06-03 22:48 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-03 22:48 86,016 a------- c:\windows\inf\infstor.dat
2009-06-03 22:48 51,200 a------- c:\windows\inf\infpub.dat
2009-06-03 22:42 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-03 22:29 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-06-03 22:29 82,432 a------- c:\windows\system32\axaltocm.dll
2009-05-30 01:12 4,096 a------- c:\windows\d3dx.dat
2009-05-12 12:40 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-12 12:40 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-12 12:40 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-12 12:40 25,136 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-05-12 03:14 269,312 a------- c:\windows\system32\es.dll
2009-05-12 03:13 2,048 a------- c:\windows\system32\tzres.dll
2009-05-12 03:12 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-05-12 03:12 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-12 03:12 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-12 03:09 2,927,104 a------- c:\windows\explorer.exe
2009-05-12 03:05 6,656 a------- c:\windows\system32\kbd106n.dll
2009-05-12 03:05 988,216 a------- c:\windows\system32\winload.exe
2009-05-12 03:05 927,288 a------- c:\windows\system32\winresume.exe
2009-05-12 03:05 378,368 a------- c:\windows\system32\srcore.dll
2009-05-12 03:05 318,464 a------- c:\windows\system32\rstrui.exe
2009-05-12 03:05 40,960 a------- c:\windows\system32\srclient.dll
2009-05-12 03:05 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-05-12 03:05 19,000 a------- c:\windows\system32\kd1394.dll
2009-05-12 03:05 14,848 a------- c:\windows\system32\srdelayed.exe
2009-05-12 03:05 615,992 a------- c:\windows\system32\ci.dll
2009-05-12 03:03 441,400 a------- c:\windows\system32\drivers\ksecdd.sys
2009-05-12 03:03 72,704 a------- c:\windows\system32\secur32.dll
2009-05-12 03:03 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-05-12 03:03 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-12 03:03 24,064 a------- c:\windows\system32\amxread.dll
2009-05-12 03:03 13,824 a------- c:\windows\system32\apilogen.dll
2009-05-12 03:03 9,728 a------- c:\windows\system32\lsass.exe
2009-05-11 15:41 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-11 15:41 272,896 a------- c:\windows\system32\polstore.dll
2009-05-11 15:41 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-11 15:41 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-11 15:40 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-05-11 15:40 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-05-11 15:40 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-11 15:38 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-11 15:37 296,960 a------- c:\windows\system32\gdi32.dll
2009-05-11 15:36 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-11 15:36 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-05-11 15:36 38,912 a------- c:\windows\system32\xolehlp.dll
2009-05-11 15:34 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-11 15:34 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-11 15:34 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-05-11 15:34 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-11 15:34 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-11 15:34 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-05-11 15:34 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-11 15:34 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-05-11 15:34 1,695,744 a------- c:\windows\system32\gameux.dll
2009-05-11 15:34 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-11 15:33 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-05-11 15:33 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-11 15:16 96,760 a------- c:\windows\system32\dfshim.dll
2009-05-11 15:16 41,984 a------- c:\windows\system32\netfxperf.dll
2009-05-11 15:16 282,112 a------- c:\windows\system32\mscoree.dll
2009-05-11 15:16 158,720 a------- c:\windows\system32\mscorier.dll
2009-05-11 15:16 83,968 a------- c:\windows\system32\mscories.dll
2009-05-11 14:57 1,314,816 a------- c:\windows\system32\quartz.dll
2009-05-11 13:35 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-05-11 13:35 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-05-11 13:35 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-05-11 13:34 443,392 a------- c:\windows\system32\win32spl.dll
2009-05-11 13:34 37,888 a------- c:\windows\system32\printcom.dll
2009-05-11 13:34 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-05-11 13:34 14,848 a------- c:\windows\system32\wshrm.dll
2009-05-11 13:30 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-05-11 13:28 268,288 a------- c:\windows\system32\schannel.dll
2009-05-11 13:28 2,868,736 a------- c:\windows\system32\mf.dll
2009-05-11 13:27 98,816 a------- c:\windows\system32\mfps.dll
2009-05-11 13:27 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-05-11 13:27 24,576 a------- c:\windows\system32\mfpmp.exe
2009-05-11 13:27 2,048 a------- c:\windows\system32\mferror.dll
2009-05-11 13:27 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-05-11 13:27 94,720 a------- c:\windows\system32\logagent.exe
2009-05-11 13:25 738,304 a------- c:\windows\system32\inetcomm.dll
2009-05-11 13:25 84,480 a------- c:\windows\system32\INETRES.dll
2009-05-11 13:24 1,645,568 a------- c:\windows\system32\connect.dll
2009-05-11 13:20 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-05-11 13:20 2,048 a------- c:\windows\system32\msxml6r.dll
2009-05-09 00:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 00:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-08 12:50 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-05-08 12:49 83,456 a------- c:\windows\system32\wudriver.dll
2009-05-08 12:49 162,064 a------- c:\windows\system32\wuwebv.dll
2009-05-08 12:49 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-23 07:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 06:55 2,033,152 a------- c:\windows\system32\win32k.sys
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20:21 A------- 287,440 c:\windows\inf\perflib\0000\perfi.dat
2007-10-29 00:17 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 2:04:21.00 ===============
Hope the zipped attachment came with it. I'm a ditz sometimes.

Attached File(s)

ATTACH.zip (1.66K)
Number of downloads: 0

#4 thewall

Forum Addict

Group: Malware Response Team
Posts: 6,414
Joined: 19-June 07
Gender:Male
Location:Florida

Posted 10 July 2009 - 08:55 AM

Hello Jewelleria :thumbup2:

Welcome to the BC HijackThis Log and Analysis forum. Sorry about your wait, but I will be assisting you in cleaning up your system from here on out.

I ask that you refrain from running tools other than those we suggest while we are performing the clean-up. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I need to get a little different look at your system so please perform the following:

Download GMER Rootkit Scanner from here to your desktop.

Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries [/QUOTE]

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

When completed please post both both logs fromGMER as well as the one fromESET.

Please do not post any logs as an attachment unless asked to do so.

Thanks,

thewall

If I have helped you then please consider donating so I can continue the fight against malware

All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 Jewelleria

Member

Group: Members
Posts: 69
Joined: 28-June 09

Posted 10 July 2009 - 03:13 PM

I ran the ESET scanner and it couldn't find anything wrong with the computer. I tried to use the GMER and it acted funny. It kept not finishing, so I kept retrying. The only thing I could end up saving was this. I'm not sure if this came from my computer or if this is the programs that the GMER was running. It never did finish that I saw. I hadto go to an appt. for an hour and came back. Windows said that the program wasn't responding and would check for a solution. It did that twice. The third time I tried to run this program, It had a blue screen that said my system was crashing. twice I did this. Each time I shut the computer off by hand and returned it on and everything was ok.

I am going to turn my Norton security back on and wait awhile and retry again I guess.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-10 12:45:52
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

SSDT 8D749048 ZwAlertResumeThread
SSDT 8D749A88 ZwAlertThread
SSDT 873DBD28 ZwAllocateVirtualMemory
SSDT 87239890 ZwAlpcConnectPort
SSDT 8D74C0D8 ZwAssignProcessToJobObject
SSDT 8D74D008 ZwCreateMutant
SSDT 8D74DDD0 ZwCreateSymbolicLinkObject
SSDT 872CC390 ZwCreateThread
SSDT 8D74C2F8 ZwDebugActiveProcess
SSDT 873DBF40 ZwDuplicateObject
SSDT 873DB688 ZwFreeVirtualMemory
SSDT 8D74B988 ZwImpersonateAnonymousToken
SSDT 8D74A048 ZwImpersonateThread
SSDT 8718CFD0 ZwLoadDriver
SSDT 873DB528 ZwMapViewOfSection
SSDT 8D74B048 ZwOpenEvent
SSDT 873DA1D0 ZwOpenProcess
SSDT 8728AB68 ZwOpenProcessToken
SSDT 8D74C4C0 ZwOpenSection
SSDT 873DA0C0 ZwOpenThread
SSDT 8D74DF80 ZwProtectVirtualMemory
SSDT 87219D70 ZwResumeThread
SSDT 87342048 ZwSetContextThread
SSDT 873DB290 ZwSetInformationProcess
SSDT 8D74C3B8 ZwSetSystemInformation
SSDT 8D74C580 ZwSuspendProcess
SSDT 873DD048 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8D0A1DF0]
SSDT 873DC048 ZwTerminateThread
SSDT 8728D5E8 ZwUnmapViewOfSection
SSDT 873DB998 ZwWriteVirtualMemory
SSDT 8D74DEA0 ZwCreateThreadEx

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

I'll check back later.

#6 Jewelleria

Member

Group: Members
Posts: 69
Joined: 28-June 09

Posted 10 July 2009 - 03:19 PM

I opened options button and tried to push track and it said error.

#7 Jewelleria

Member

Group: Members
Posts: 69
Joined: 28-June 09

Posted 10 July 2009 - 03:58 PM

GMER finished and said they could not find any system modifications. If we can't find anything wrong with the computer then go ahead and close the subject if you want.

The problem is my computer keeps shutting itself off. I am going to be going back to nursing school in August and it even shuts itself off when I have been in the middle of a paper. I have been off all summer, so it has been doing this for a long time.
Norton security says it is something to do with C:\system32\services.exe. They have this down for a medium security risk, and maybe there shutting the computer off. I do not even know what this services.exe is, but I have looked it up on the computer before just under system32 services.exe and there are so many things this could be and it is hard to tell who I was reading from.
My computer is not that old I bought it to go to school in 2007, at the end of the year. I use it to do homework and play a few games, I do not understand why all the problems. I would just like it to stay running. If we can't find anything then I'll just have to deal with it and do my homework at college.
Thanks so much.

#8 thewall

Forum Addict

Group: Malware Response Team
Posts: 6,414
Joined: 19-June 07
Gender:Male
Location:Florida

Posted 11 July 2009 - 08:43 AM

Let's try something else:

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

If I have helped you then please consider donating so I can continue the fight against malware

All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 Jewelleria

Member

Group: Members
Posts: 69
Joined: 28-June 09

Posted 11 July 2009 - 03:58 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mackie19 at 2009-07-11 15:30:07
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 174 GB (76%) free of 228 GB
Total RAM: 1982 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:09, on 7/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Mackie19\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mackie19.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iecc.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; .NET CLR 3.5.30729; WinNT-PAI 16.06.2009)" -"http://www.girlsgogames.com/game/Girly-Trends-3D.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5922 bytes

======Scheduled tasks folder======

C:\Windows\tasks\ErrorSmart System Startup.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Mackie19.job
C:\Windows\tasks\PAV.job
C:\Windows\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [2009-05-12 372592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL [2009-05-12 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-09 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [2009-05-12 372592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-15 4390912]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-03 92704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-03 13535776]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
"dscactivate"=c:\dell\dsca.exe [2007-07-30 16384]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-09 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-06-23 1830128]
"VistaStartMenu"=C:\Program Files\Vista Start Menu\VistaStartMenu.exe [2009-04-13 2171392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-07-11 15:24:45 ----D---- C:\rsit
2009-07-10 15:00:47 ----D---- C:\Windows\Minidump
2009-07-09 19:28:17 ----D---- C:\Program Files\Microsoft
2009-07-09 19:25:47 ----A---- C:\Windows\system32\javaws.exe
2009-07-09 19:25:47 ----A---- C:\Windows\system32\javaw.exe
2009-07-09 19:25:47 ----A---- C:\Windows\system32\java.exe
2009-07-09 19:25:47 ----A---- C:\Windows\system32\deploytk.dll
2009-07-09 19:24:41 ----D---- C:\Program Files\Java
2009-07-09 19:15:34 ----SHD---- C:\Config.Msi
2009-07-06 23:30:04 ----A---- C:\Users\Mackie19\AppData\Roaming\SetValue.bat
2009-07-06 23:30:04 ----A---- C:\Users\Mackie19\AppData\Roaming\GetValue.vbs
2009-07-06 23:26:08 ----A---- C:\Windows\system32\tmp.txt
2009-07-06 23:26:05 ----A---- C:\rapport.txt
2009-07-06 01:29:30 ----A---- C:\RootRepeal report 07-06-09 (01-29-30).txt
2009-07-02 14:09:55 ----D---- C:\Users\Mackie19\AppData\Roaming\PlayFirst
2009-07-01 20:11:33 ----D---- C:\Users\Mackie19\AppData\Roaming\BlamGames
2009-07-01 09:34:57 ----D---- C:\Users\Mackie19\AppData\Roaming\Vista Start Menu
2009-07-01 09:34:44 ----D---- C:\Program Files\Vista Start Menu
2009-06-29 16:48:53 ----D---- C:\Program Files\Trend Micro
2009-06-29 15:47:23 ----D---- C:\Program Files\7-Zip
2009-06-28 22:49:46 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-06-28 22:49:21 ----D---- C:\Users\Mackie19\AppData\Roaming\SUPERAntiSpyware.com
2009-06-28 22:49:21 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-28 22:46:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-27 18:55:46 ----D---- C:\Program Files\Build in Time
2009-06-27 14:20:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-27 10:11:41 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
2009-06-25 20:30:47 ----D---- C:\Users\Mackie19\AppData\Roaming\Malwarebytes
2009-06-25 20:30:41 ----D---- C:\ProgramData\Malwarebytes
2009-06-25 18:28:24 ----D---- C:\Program Files\Driver Checker
2009-06-22 17:29:53 ----A---- C:\Windows\ODBC.INI
2009-06-22 00:21:38 ----D---- C:\Users\Mackie19\AppData\Roaming\Boomzap
2009-06-19 00:35:25 ----D---- C:\Users\Mackie19\AppData\Roaming\panoramik
2009-06-16 02:18:08 ----A---- C:\Windows\ntbtlog.txt
2009-06-16 01:16:36 ----D---- C:\Windows\system32\EventProviders
2009-06-16 00:22:37 ----D---- C:\Users\Mackie19\AppData\Roaming\Artogon
2009-06-16 00:03:47 ----D---- C:\Program Files\Common Files\Uninstall
2009-06-13 19:11:14 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-13 19:11:14 ----A---- C:\Windows\system32\EncDec.dll

======List of files/folders modified in the last 1 months======

2009-07-11 15:30:04 ----D---- C:\Windows\Temp
2009-07-11 15:25:00 ----D---- C:\Windows\Prefetch
2009-07-11 15:07:59 ----D---- C:\Windows\System32
2009-07-11 15:07:58 ----D---- C:\Windows\inf
2009-07-11 15:07:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-10 16:39:04 ----SHD---- C:\System Volume Information
2009-07-10 15:00:47 ----D---- C:\Windows
2009-07-10 13:57:42 ----D---- C:\Program Files
2009-07-10 10:45:52 ----SD---- C:\Windows\Downloaded Program Files
2009-07-09 23:57:59 ----SHD---- C:\Windows\Installer
2009-07-09 19:28:21 ----SD---- C:\ProgramData\Microsoft
2009-07-09 19:15:41 ----D---- C:\Program Files\Common Files
2009-07-07 21:25:17 ----HD---- C:\ProgramData
2009-07-07 21:19:04 ----RD---- C:\ProgramData\blg
2009-07-06 16:11:20 ----D---- C:\Windows\system32\catroot2
2009-07-06 01:20:59 ----D---- C:\Windows\system32\drivers
2009-07-05 12:16:11 ----D---- C:\Program Files\Microsoft Office
2009-07-05 12:16:11 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-05 12:16:09 ----D---- C:\Program Files\Common Files\System
2009-07-05 12:16:00 ----D---- C:\Windows\ShellNew
2009-07-03 08:45:16 ----D---- C:\Program Files\My Tribe
2009-07-01 23:15:32 ----D---- C:\BigFishGamesCache
2009-06-25 21:31:36 ----D---- C:\Windows\Tasks
2009-06-24 16:59:40 ----D---- C:\Windows\Microsoft.NET
2009-06-24 16:56:55 ----D---- C:\Windows\winsxs
2009-06-24 16:56:54 ----D---- C:\Program Files\Internet Explorer
2009-06-24 04:55:48 ----D---- C:\Windows\system32\catroot
2009-06-22 18:12:36 ----RSD---- C:\Windows\Fonts
2009-06-22 17:42:14 ----A---- C:\Windows\win.ini
2009-06-22 17:35:16 ----D---- C:\Windows\system32\Tasks
2009-06-22 17:31:57 ----SD---- C:\Users\Mackie19\AppData\Roaming\Microsoft
2009-06-22 17:27:19 ----D---- C:\Windows\Help
2009-06-22 17:24:20 ----D---- C:\Windows\system
2009-06-17 20:38:49 ----D---- C:\Users\Mackie19\AppData\Roaming\Meridian93
2009-06-16 10:28:22 ----D---- C:\Windows\system32\wbem
2009-06-16 10:27:16 ----D---- C:\Program Files\Microsoft Works
2009-06-16 10:26:43 ----D---- C:\Windows\system32\sysprep
2009-06-16 10:26:43 ----D---- C:\Windows\system32\spool
2009-06-16 10:26:43 ----D---- C:\Windows\system32\SLUI
2009-06-16 10:26:43 ----D---- C:\Windows\system32\setup
2009-06-16 10:26:43 ----D---- C:\Windows\system32\ras
2009-06-16 10:26:42 ----D---- C:\Windows\system32\oobe
2009-06-16 10:26:42 ----D---- C:\Windows\system32\migwiz
2009-06-16 10:26:40 ----D---- C:\Windows\system32\migration
2009-06-16 10:26:40 ----D---- C:\Windows\system32\ias
2009-06-16 10:26:40 ----D---- C:\Windows\system32\en-US
2009-06-16 10:26:40 ----D---- C:\Windows\system32\en
2009-06-16 10:26:39 ----RSD---- C:\Windows\Media
2009-06-16 10:26:39 ----RD---- C:\Windows\Offline Web Pages
2009-06-16 10:26:38 ----D---- C:\Windows\ehome
2009-06-16 10:26:38 ----D---- C:\Program Files\Windows Sidebar
2009-06-16 10:26:38 ----D---- C:\Program Files\Windows Mail
2009-06-16 10:26:38 ----D---- C:\Program Files\Windows Journal
2009-06-16 10:26:38 ----D---- C:\Program Files\Windows Defender
2009-06-16 10:26:37 ----D---- C:\Windows\registration
2009-06-16 10:26:37 ----D---- C:\Program Files\Windows Collaboration
2009-06-16 10:26:37 ----D---- C:\Program Files\Movie Maker
2009-06-16 10:26:37 ----D---- C:\Program Files\Common Files\Services
2009-06-16 01:32:56 ----D---- C:\Windows\Logs
2009-06-14 03:12:35 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\Windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [2009-05-12 258608]
R1 ccHP;Symantec Hash Provider; \??\C:\Windows\system32\drivers\NIS\1005000.087\ccHPx86.sys [2009-05-12 482352]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-05-12 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090709.001\IDSvix86.sys [2009-05-12 292912]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\Windows\system32\drivers\NIS\1005000.087\SRTSPX.SYS [2009-05-12 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-05-12 25136]
R1 SYMTDI;Symantec Network Dispatch Driver; \??\C:\Windows\system32\drivers\NIS\1005000.087\SYMTDI.SYS [2009-05-12 217392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-05-15 101936]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-10-18 258048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-15 1744928]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.006\NAVENG.SYS [2009-05-15 89104]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.006\NAVEX15.SYS [2009-05-15 876144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-15 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-03 7460320]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
R3 SRTSP;Symantec Real Time Storage Protection; \??\C:\Windows\system32\drivers\NIS\1005000.087\SRTSP.SYS [2009-05-12 307760]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-05-12 124464]
R3 SYMFW;Symantec Network Filter Driver; \??\C:\Windows\system32\drivers\NIS\1005000.087\SYMFW.SYS [2009-05-12 89776]
R3 SYMNDISV;Symantec Network Filter Driver; \??\C:\Windows\system32\drivers\NIS\1005000.087\SYMNDISV.SYS [2009-05-12 39984]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-05-12 115560]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-03 118784]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-07-11 15:25:35

======Uninstall list======

7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AOL Install-->MsiExec.exe /I{2357B8BC-88C9-4A72-818C-050CC4EB0778}
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Build in Time-->"C:\Program Files\Build in Time\ReflexiveArcade\unins000.exe"
Conexant D850 PCI V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Debugging Tools for Windows (x86)-->MsiExec.exe /I{300A2961-B2B5-4889-9CB9-5C2A570D08AD}
Dell System Customization Wizard-->MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Internet Service Offers Launcher-->MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My Tribe-->"C:\Program Files\My Tribe\ReflexiveArcade\unins000.exe"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.5.0.135\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIANetworkDiagnostic-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EFAD4066-CAF3-4B27-9669-12EED352C376}
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Vista Start Menu 3.15-->"C:\Program Files\Vista Start Menu\unins000.exe"

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security
AS: Windows Defender
AS: SUPERAntiSpyware
AS: Norton Internet Security

======System event log======

Computer Name: Mackie19-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 71479
Source Name: Service Control Manager
Time Written: 20090711015157.000000-000
Event Type: Error
User:

Computer Name: Mackie19-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 71561
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090711045218.514721-000
Event Type: Error
User:

Computer Name: Mackie19-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 71599
Source Name: Service Control Manager
Time Written: 20090711045358.000000-000
Event Type: Error
User:

Computer Name: Mackie19-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 71710
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090711200335.614122-000
Event Type: Error
User:

Computer Name: Mackie19-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 71748
Source Name: Service Control Manager
Time Written: 20090711200515.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Mackie19-PC
Event Code: 10010
Message: Application 'C:\Program Files\Internet Explorer\iexplore.exe' (pid 2204) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 10085
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090710044418.532719-000
Event Type: Warning
User: Mackie19-PC\Mackie19

Computer Name: Mackie19-PC
Event Code: 10010
Message: Application 'C:\Program Files\Internet Explorer\iexplore.exe' (pid 3488) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 10086
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090710044418.532719-000
Event Type: Warning
User: Mackie19-PC\Mackie19

Computer Name: Mackie19-PC
Event Code: 10010
Message: Application 'C:\Program Files\Internet Explorer\iexplore.exe' (pid 3684) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 10097
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090710045631.623519-000
Event Type: Warning
User: Mackie19-PC\Mackie19

Computer Name: Mackie19-PC
Event Code: 1010
Message: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.
Record Number: 10164
Source Name: Microsoft-Windows-Perflib
Time Written: 20090710164352.000000-000
Event Type: Error
User:

Computer Name: Mackie19-PC
Event Code: 1000
Message: Faulting application w2jrkvt8.exe, version 1.0.15.14972, time stamp 0x49f73740, faulting module w2jrkvt8.exe, version 1.0.15.14972, time stamp 0x49f73740, exception code 0xc0000005, fault offset 0x0000c4b1, process id 0xae8, application start time 0x01ca0197ea914eec.
Record Number: 10211
Source Name: Application Error
Time Written: 20090710195509.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Mackie19-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 21916
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711202528.837722-000
Event Type: Audit Failure
User:

Computer Name: Mackie19-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 21917
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711202528.868922-000
Event Type: Audit Failure
User:

Computer Name: Mackie19-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 21918
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711202528.900122-000
Event Type: Audit Failure
User:

Computer Name: Mackie19-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 21919
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711202528.946922-000
Event Type: Audit Failure
User:

Computer Name: Mackie19-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 21920
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711202528.978122-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-07-11 15:25:35

======Uninstall list======

7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AOL Install-->MsiExec.exe /I{2357B8BC-88C9-4A72-818C-050CC4EB0778}
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Build in Time-->"C:\Program Files\Build in Time\ReflexiveArcade\unins000.exe"
Conexant D850 PCI V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Debugging Tools for Windows (x86)-->MsiExec.exe /I{300A2961-B2B5-4889-9CB9-5C2A570D08AD}
Dell System Customization Wizard-->MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Internet Service Offers Launcher-->MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My Tribe-->"C:\Program Files\My Tribe\ReflexiveArcade\unins000.exe"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.5.0.135\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIANetworkDiagnostic-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EFAD4066-CAF3-4B27-9669-12EED352C376}
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Vista Start Menu 3.15-->"C:\Program Files\Vista Start Menu\unins000.exe"

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security
AS: Windows Defender
AS: SUPERAntiSpyware
AS: Norton Internet Security

======System event log======

Computer Name: Mackie19-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 71479
Source Name: Service Control Manager
Time Written: 20090711015157.000000-000
Event Type: Error
User:

Computer Name: Mackie19-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 71561
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090711045218.514721-000
Event Type: Error
User:

Computer Name: Mackie19-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 71599
Source Name: Service Control Manager
Time Written: 20090711045358.000000-000
Event Type: Error
User:

Computer Name: Mackie19-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 71710
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090711200335.614122-000
Event Type: Error
User:

Computer Name: Mackie19-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 71748
Source Name: Service Control Manager
Time Written: 20090711200515.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Mackie19-PC
Event Code: 10010
Message: Application 'C:\Program Files\Internet Explorer\iexplore.exe' (pid 2204) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 10085
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090710044418.532719-000
Event Type: Warning
User: Mackie19-PC\Mackie19

Computer Name: Mackie19-PC
Event Code: 10010
Message: Application 'C:\Program Files\Internet Explorer\iexplore.exe' (pid 3488) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 10086
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090710044418.532719-000
Event Type: Warning
User: Mackie19-PC\Mackie19

Computer Name: Mackie19-PC
Event Code: 10010
Message: Application 'C:\Program Files\Internet Explorer\iexplore.exe' (pid 3684) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 10097
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090710045631.623519-000
Event Type: Warning
User: Mackie19-PC\Mackie19

Computer Name: Mackie19-PC
Event Code: 1010
Message: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.
Record Number: 10164
Source Name: Microsoft-Windows-Perflib
Time Written: 20090710164352.000000-000
Event Type: Error
User:

Computer Name: Mackie19-PC
Event Code: 1000
Message: Faulting application w2jrkvt8.exe, version 1.0.15.14972, time stamp 0x49f73740, faulting module w2jrkvt8.exe, version 1.0.15.14972, time stamp 0x49f73740, exception code 0xc0000005, fault offset 0x0000c4b1, process id 0xae8, application start time 0x01ca0197ea914eec.
Record Number: 10211
Source Name: Application Error
Time Written: 20090710195509.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Mackie19-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 21916
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711202528.837722-000
Event Type: Audit Failure
User:

Computer Name: Mackie19-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 21917
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711202528.868922-000
Event Type: Audit Failure
User:

Computer Name: Mackie19-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 21918
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711202528.900122-000
Event Type: Audit Failure
User:

Computer Name: Mackie19-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 21919
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711202528.946922-000
Event Type: Audit Failure
User:

Computer Name: Mackie19-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 21920
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711202528.978122-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

#10 thewall

Forum Addict

Group: Malware Response Team
Posts: 6,414
Joined: 19-June 07
Gender:Male
Location:Florida

Posted 11 July 2009 - 05:21 PM

Quote

Norton security says it is something to do with C:\system32\services.exe. They have this down for a medium security risk, and maybe there shutting the computer off. I do not even know what this services.exe is, but I have looked it up on the computer before just under system32 services.exe and there are so many things this could be and it is hard to tell who I was reading from.

I would like to know more about this. Services.exe can be both good or bad depending on several things. Can you tell me what Norton does with this when it detects it? In other words does it delete it or quarantine it? Any other info you could give me may prove helpful in trying to track it down.

If I have helped you then please consider donating so I can continue the fight against malware

All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 Jewelleria

Member

Group: Members
Posts: 69
Joined: 28-June 09

Posted 12 July 2009 - 12:41 AM

I do not know to much about where to look anywhere else on Norton except for the front page. Anyway what I see is as follows

Actor: C:\Windows\System32\services.exe
PID 656
Target: C:\ProgramFiles\Norton Internet Sercurity\Engine\16.5.0.135\cc.SvcHst.exe
Target PID 2396
Action: Access Thread Data
Reaction: Unauthorized Access logged
It says no action available for this item.
Medium severity

This is the only thing that Norton keeps saying over and over. My computer has slowed down shutting itself off. Yesterday was the last time and Norton recorded this.

I don't know if any of this stuff matters, but here is what I know.
Parent to services= Wininit.exe PID 612
Parent to Wininet.exe = non-existant> PID 548
I found this out from Process explorer and it also said user denied access, which is me.

In the task manager if you look at services.exe( the reason you don't see it is because the running processes that you see are in Mackie19 and there is a SYSTEM that is a user to my computer, I have to assume that it is suppoed to be there)
Anyway services.exe in the process tab under user name it is the SYSTEM. Under description tab it just says Services.
If you put up the properties tab it says that this is a microsoft program. Every other microsoft program under description tab says microsoft. This one just says services.

Thats what I know about that. There is something wrong or Norton wouldn't even acknowledge it. They are not doing anything that I see except I just noticed that is when the computer bleeps off, and then I turn it back on by hand that message is there under history.

One other thing I noticed in the task manager is that there are 2 programs with the same name csrss.exe that won't show properties, won't open file location, user name is SYSTEM, early when I wrote down memory for these 2 processes there was 1,184K and 1,532K in the memory and now they both say 972K for memory. I don't know if this is anything or not, I just thought it to be strange, all the other things in task manager will open and show properties or open file location.

I had two other things if you don't mind. I noticed a PAV.job file in this last scan. Is this associated with the rogue virus I had a couple of weeks ago.

And lastly is this list that says uninstall list need to be uninstalled because if it does I will do it. There is really nothing on this computer that can't be replaced another time. I like my games but. Thanks so much for your help.

#12 Jewelleria

Member

Group: Members
Posts: 69
Joined: 28-June 09

Posted 12 July 2009 - 01:13 AM

I will stop looking at this report right after one more question. Sorry
The last scan says under enviroment variables on the bottom
"username" =SYSTEM
Is SYSTEM supposed to be using my computer. It is in location where you have the people that are supposed to use your computer. Administrator. I didn't put it there.
There is also another user called trusted installer, but it is only on certain files under security tab, and then users. When I try to take these off it says I don't have permission to.

Thanks, last ditch attempt of trying to find out what is going on with this crazy computer.
Like I said it has slowed down shutting itself off and several antispyware programs find nothing that I can read. I can only read some of them though. Thanks alot.

#13 thewall

Forum Addict

Group: Malware Response Team
Posts: 6,414
Joined: 19-June 07
Gender:Male
Location:Florida

Posted 12 July 2009 - 08:27 AM

System is supposed to be there in your processes. This is normal. I don't see anything else out of the ordinary from what you are describing.

Did Norton come with your computer or did you install it at a later date? Also along the time you started having problems did you make any changes you can recall such as adding or taking off programs?

This post has been edited by thewall: 12 July 2009 - 08:29 AM
Reason for edit: To remove instructions

If I have helped you then please consider donating so I can continue the fight against malware

All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#14 Jewelleria

Member

Group: Members
Posts: 69
Joined: 28-June 09

Posted 12 July 2009 - 11:02 AM

Norton came with the pc and then I had it updated to Norton Sec. 2009. It tells you what sites are infected with an x or a check. I think my computer seems to be running alot better after cleaning it once with atf and then again with another program that you had me run recently I had to push a two and then enter. I can't remember the name. Anyway The computer colors got brighter and the clarity was sharper. It has only shut off once since. Thanks so much for all of your help. If I have anymore trouble I'll let you know. Thanks alot.
Barb

#15 thewall

Forum Addict

Group: Malware Response Team
Posts: 6,414
Joined: 19-June 07
Gender:Male
Location:Florida

Posted 12 July 2009 - 11:39 AM

Your welcome although I really wish we could have cleared it all up. The reason I asked you about the Norton was it crossed my mind there may be something wrong with it. This happens with AV programs at times and you either have to reinstall them or replace with another.

I wish you the very best of luck in with your nursing program. :thumbup2:

My daughter just graduated from nursing school this past May and she was so excited a couple of weeks ago when she called and told me she had passed her state exam. She is married and has two young children and was about worn out when she finally finished up. There is nothing easy about those schools but the rewards are well worth the effort.

Let's do some last bit of housecleaning and I have a few suggestions for the future:

Uninstalling GMER:

for XP
Start ---> Run, copy/paste C:\WINDOWS\gmer_uninstall.cmd in the Run window and click Okay

for Vista, the command needs to be run from a command prompt with elevated permissions.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented

Disable and Enable System Restore. - You should disable and enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and enable system restore here: Windows Vista System Restore Guide

Re-enable system restore with instructions from tutorial above.
Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications
Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
Install a-squared Free & update and scan with it regularly
a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
Finally, this is very important. It is absolutely essential to keep all of your security programs up to date

If you have any other questions or issues feel free to ask as I will be checking back on this topic.

Other than that if there is nothing else I can do for you then I wish you good luck in the future and thank you for using our forum.

thewall

If I have helped you then please consider donating so I can continue the fight against malware

All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you