Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 KregL

KregL

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 06 December 2008 - 03:34 PM

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-12-06 14:30:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 87 GB (74%) free of 117 GB
Total RAM: 495 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:00 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iowatelecom.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Iowa Telecommunications
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.iowatelecom.net
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146703725578
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe

--
End of file - 6720 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Ad-Aware SE Personal.job
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\Disk Cleanup.job
C:\WINNT\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\IPSBHO.DLL [2008-10-11 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe []
"IgfxTray"=C:\WINNT\System32\igfxtray.exe [2003-11-18 155648]
"HotKeysCmds"=C:\WINNT\System32\hkcmd.exe [2003-11-18 118784]
"Gateway Ink Monitor"=C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe [2003-11-05 303180]
"EPSON Stylus C84 Series"=C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 EPSON Stylus C84 Series /O5 LPT1: /M Stylus C84 []
"DSLAGENTEXE"=dslagent.exe []
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2003-03-26 684032]
"UserFaultCheck"=C:\WINNT\system32\dumprep 0 -u []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-06-02 267048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2004-05-12 1038336]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2003-11-18 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{260930fd-69f6-11d8-93d4-806d6172696f}]
shell\AutoRun\command - D:\SetupAssistant.exe


======List of files/folders created in the last 3 months======

2008-12-06 14:30:47 ----D---- C:\rsit
2008-12-06 14:03:44 ----D---- C:\Program Files\Trend Micro
2008-12-06 13:05:17 ----D---- C:\Program Files\My Faster PC
2008-12-06 12:57:39 ----A---- C:\WINNT\system32\javaws.exe
2008-12-06 12:57:38 ----A---- C:\WINNT\system32\javaw.exe
2008-12-06 12:57:38 ----A---- C:\WINNT\system32\java.exe
2008-12-06 12:25:08 ----D---- C:\Program Files\RegistryFix7
2008-11-13 11:11:51 ----HDC---- C:\WINNT\$NtUninstallKB957097$
2008-11-13 11:08:10 ----HDC---- C:\WINNT\$NtUninstallKB954459$
2008-11-13 11:03:09 ----HDC---- C:\WINNT\$NtUninstallKB955069$
2008-11-11 05:39:25 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-10-24 10:01:38 ----HDC---- C:\WINNT\$NtUninstallKB958644$
2008-10-20 19:00:55 ----A---- C:\WINNT\system32\deploytk.dll
2008-10-16 10:13:35 ----HDC---- C:\WINNT\$NtUninstallKB956803$
2008-10-16 10:13:13 ----HDC---- C:\WINNT\$NtUninstallKB956391$
2008-10-16 10:12:52 ----HDC---- C:\WINNT\$NtUninstallKB957095$
2008-10-16 10:07:47 ----HDC---- C:\WINNT\$NtUninstallKB954211$
2008-10-16 10:07:13 ----HDC---- C:\WINNT\$NtUninstallKB956841$
2008-10-16 10:01:50 ----HDC---- C:\WINNT\$NtUninstallKB956390$
2008-10-11 09:51:47 ----A---- C:\WINNT\system32\S32EVNT1.DLL
2008-10-11 09:50:56 ----D---- C:\Program Files\Windows Sidebar
2008-10-11 06:56:47 ----D---- C:\WINNT\E80F62FF5D3C4A1984099721F2928206.TMP
2008-10-11 06:46:55 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-10-11 06:46:10 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-11 06:35:40 ----D---- C:\Program Files\NortonInstaller
2008-10-11 06:35:40 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-10 10:01:48 ----HDC---- C:\WINNT\$NtUninstallKB938464$

======List of files/folders modified in the last 3 months======

2008-12-06 14:31:00 ----D---- C:\WINNT\Prefetch
2008-12-06 14:03:44 ----AD---- C:\Program Files
2008-12-06 13:38:39 ----D---- C:\Program Files\Mozilla Firefox
2008-12-06 13:17:00 ----A---- C:\WINNT\SchedLgU.Txt
2008-12-06 13:14:17 ----D---- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-12-06 13:14:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-06 13:04:38 ----D---- C:\Program Files\Desktop Alert
2008-12-06 13:03:49 ----AD---- C:\WINNT\Temp
2008-12-06 12:58:51 ----SHD---- C:\WINNT\Installer
2008-12-06 12:58:50 ----HD---- C:\Config.Msi
2008-12-06 12:57:39 ----D---- C:\WINNT\system32
2008-12-06 12:57:16 ----D---- C:\Program Files\Java
2008-12-06 12:45:27 ----D---- C:\WINNT\system32\CatRoot2
2008-11-23 13:39:02 ----AD---- C:\WINNT
2008-11-23 12:00:06 ----D---- C:\WINNT\WinSxS
2008-11-23 11:58:12 ----D---- C:\Program Files\Windows Live
2008-11-23 11:53:12 ----D---- C:\Program Files\PopCap Games
2008-11-23 11:49:05 ----A---- C:\WINNT\ka.ini
2008-11-23 11:49:02 ----HD---- C:\WINNT\inf
2008-11-23 11:08:38 ----D---- C:\Program Files\Microsoft Picture It! PhotoPub
2008-11-23 11:08:19 ----D---- C:\WINNT\Help
2008-11-23 11:08:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-18 11:08:11 ----RSHD---- C:\WINNT\system32\dllcache
2008-11-15 10:58:39 ----D---- C:\WINNT\system32\CatRoot
2008-11-13 11:12:13 ----D---- C:\WINNT\system32\drivers
2008-11-13 11:11:17 ----HD---- C:\WINNT\$hf_mig$
2008-11-13 11:08:54 ----A---- C:\WINNT\imsins.BAK
2008-11-05 19:28:31 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2008-11-03 18:10:25 ----A---- C:\WINNT\system32\MRT.exe
2008-11-01 10:42:56 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-10-26 10:51:15 ----RSD---- C:\WINNT\Fonts
2008-10-16 15:53:48 ----D---- C:\WINNT\system32\wbem
2008-10-16 14:13:40 ----A---- C:\WINNT\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINNT\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINNT\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINNT\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINNT\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINNT\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINNT\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINNT\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINNT\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINNT\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINNT\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINNT\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINNT\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINNT\system32\mucltui.dll
2008-10-16 10:11:45 ----A---- C:\WINNT\win.ini
2008-10-15 16:27:27 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-10-15 16:26:09 ----DC---- C:\WINNT\system32\DRVSTORE
2008-10-15 16:23:00 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-15 16:11:59 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-15 10:34:24 ----A---- C:\WINNT\system32\netapi32.dll
2008-10-11 09:52:32 ----SHD---- C:\System Volume Information
2008-10-11 09:51:48 ----D---- C:\Program Files\Symantec
2008-10-11 09:51:47 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-11 07:09:36 ----D---- C:\WINNT\Minidump
2008-10-11 07:07:06 ----D---- C:\Program Files\Norton AntiVirus
2008-10-11 06:56:39 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-11 06:52:48 ----AD---- C:\Program Files\Common Files
2008-10-11 06:51:42 ----SD---- C:\WINNT\Tasks
2008-09-09 19:14:56 ----N---- C:\WINNT\system32\msxml6.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINNT\System32\Drivers\NAV\1001000.021\BHDrvx86.sys [2008-11-04 255536]
R1 ccHP;Symantec Hash Provider; C:\WINNT\System32\Drivers\NAV\1001000.021\ccHPx86.sys [2008-10-11 362544]
R1 Cdr4_xp;Cdr4_xp; C:\WINNT\system32\drivers\Cdr4_xp.sys [2005-09-07 44288]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2005-09-07 24960]
R1 cdudf_xp;cdudf_xp; C:\WINNT\system32\drivers\cdudf_xp.sys [2003-03-26 241280]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081203.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pwd_2k;pwd_2k; C:\WINNT\system32\drivers\pwd_2k.sys [2003-03-26 144250]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINNT\System32\Drivers\NAV\1001000.021\SRTSPX.SYS [2008-11-04 43696]
R1 SYMTDI;SYMTDI; C:\WINNT\System32\Drivers\NAV\1001000.021\SYMTDI.SYS [2008-10-11 198192]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINNT\system32\drivers\UdfReadr_xp.sys [2003-03-26 206464]
R2 ASCTRM;ASCTRM; C:\WINNT\system32\drivers\ASCTRM.sys [2004-01-08 8552]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-11-20 122110]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-11-20 99002]
R3 aeaudio;aeaudio; C:\WINNT\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 dvd_2K;dvd_2K; C:\WINNT\system32\drivers\dvd_2K.sys [2003-03-26 25930]
R3 E100B;Intel® PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 Eplpdx02;Eplpdx02; \??\C:\WINNT\System32\Drivers\EPLPDX02.SYS []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2003-11-20 95579]
R3 IntelC51;IntelC51; C:\WINNT\System32\DRIVERS\IntelC51.sys [2003-07-16 1075685]
R3 IntelC52;IntelC52; C:\WINNT\System32\DRIVERS\IntelC52.sys [2003-07-16 481305]
R3 IntelC53;IntelC53; C:\WINNT\System32\DRIVERS\IntelC53.sys [2003-07-16 50805]
R3 mohfilt;mohfilt; C:\WINNT\System32\DRIVERS\mohfilt.sys [2003-07-16 31440]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081206.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081206.003\NAVEX15.SYS []
R3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2003-03-18 542976]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINNT\System32\Drivers\NAV\1001000.021\SRTSP.SYS [2008-11-04 306736]
R3 SYMDNS;SYMDNS; C:\WINNT\System32\Drivers\NAV\1001000.021\SYMDNS.SYS [2008-10-11 12976]
R3 SymEvent;SymEvent; \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINNT\System32\Drivers\NAV\1001000.021\SYMFW.SYS [2008-10-11 89904]
R3 SYMIDS;SYMIDS; C:\WINNT\System32\Drivers\NAV\1001000.021\SYMIDS.SYS [2008-10-11 34608]
R3 SymIMMP;SymIMMP; C:\WINNT\system32\DRIVERS\SymIM.sys [2008-10-11 35888]
R3 SYMNDIS;SYMNDIS; C:\WINNT\System32\Drivers\NAV\1001000.021\SYMNDIS.SYS [2008-10-11 37424]
R3 SYMREDRV;SYMREDRV; C:\WINNT\System32\Drivers\NAV\1001000.021\SYMREDRV.SYS [2008-10-11 24752]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 glauiad;DQ USB IAD LAN Modem; C:\WINNT\system32\DRIVERS\glauiad.sys [2002-10-10 29059]
S3 mmc_2K;mmc_2K; C:\WINNT\system32\drivers\mmc_2K.sys [2003-03-26 30662]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINNT\system32\drivers\PalmUSBD.sys [2004-04-13 16509]
S3 QCDonner;Logitech QuickCam Express; C:\WINNT\System32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINNT\System32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINNT\system32\DRIVERS\SymIM.sys [2008-10-11 35888]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINNT\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-23 243064]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe [2008-11-04 115560]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINNT\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:48 PM

Posted 16 December 2008 - 09:09 AM

We apologize for the delay in responding to your request for help. We are volunteer staff at Bleeping Computer and get overwhelmed at times with the large number of users seeking help. We are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate your letting us know. If not, please perform the following steps so we can have a look at the current condition of your computer. If you have not done so, include a description of your problem along with any steps you may have performed so far.

When you have completed the steps below, a staff member will review the log and provide instructions for you to get your computer clean and free of malware.

Thanks and we apologize for the delay.

We need to see current information on what is happening in your computer. Please perform the following scan:
  • Please download DDS by sUBs from one of the following links. Save it to your desktop.
  • After downloading the tool:
  • Double click on the DDS icon, allow it to run. Please note: If the scan fails to run, you may have to disable any script protection running.
  • A small box, which gives an explanation about the tool, will open. No input is needed, the scan is running.
  • Notepad will open with the results, click No to the Optional_Scan.
  • Follow the instructions that pop up for posting the results.
  • Close the program window and delete the program from your desktop.
  • Enable your antivirus and anti-spyware protection.
  • Reconnect to the Internet.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:48 PM

Posted 21 December 2008 - 02:35 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users