Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-Spy.HTML.Fraud.gen/Win32 brontok.q


  • This topic is locked This topic is locked
39 replies to this topic

#1 anamika29501

anamika29501

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston,MA
  • Local time:12:17 AM

Posted 18 December 2008 - 05:24 PM

Hi,
I'm a total novice when it comes to posting here but love reading all the stuff here though...so,here goes my first attempt..and forgive me for any glaring omissions...

I've been having Norton Internet Security 2008 with Norton system works but I always suspected that it was not picking up everything.Which got confirmed after reading the posts in bleeping computer.So,as suggested by you,I had downloaded Spybot and Ad aware.used to update them and run them frequently..In the first scan itself,Spybot picked up a few entries including Brontok and when i clicked fixed,I thought it was all sorted..NAV was not very happy with these two additions.
Thus began the downward slide of my laptop.

My laptop seemed to crash frequently and blue screens with error messages like the following used to appear:

"A problem has been detected in Windows.It has been shut down to prevent further damage to your computer.If this is the first time you have seen this stop error screen,restart your computer.If this appears again,follow these steps.
1.Disable/uninstall any antivirus/disk defragmentation/backup utilities.
2.Check your hard drive configuration and check for any updated drivers.
3.Run CHKDSK/F to check for hard drive corruption and then restart your computer."

TECHNICAL INFO:
***Stop: 0x00000024(0x001902FE,0xF7AEEZC0,0XF7AEDFBC,0xF8385FB0)
****NTFS System-Address F8385FB0 base at F8304000,
Date stamp 48025be5

Beginning of physical dump memory.
Physical memory dump complete.
Contact your system administrator/technical support for assistance.

_____________________________________________________________________
on another occassion,after the laptop crashed,on trying to restart,
this would appear "INTERNAL HDD HARD ERROR"
________________________________________________________
On yet another time,the following came up when the laptop was rebooting after a crash

"Checking file system on C:
Type of file system is NTFS
Volume is dirty.

CHKDSK is verifying files(stage 1 of 3)
File verification completed
Deleting orphan file record segment 13393,13393,13394,13395,13396,13397,13398.13399
CHKDSK is verifying indexes(stage 2 of 3)
Deleting index entry $130 of file 2582


and finally the system would startup again..
I thought probably lack of space on my hard drive and the repeated crashes was because of the new installations.So I unistalled Adaware as it was occupying more space.(Please dont laugh at my logic)


The crashes continued but less frequently and I was careful not to open too many windows/itunes as these led to error messages saying "Kernel stacking"..Dunno what that meant but just just kept a low profile with my internet activities.
I kept diligently to regular updates from Windows and Norton in a bid to keep infections at bay.

CURRENT STATUS

4-5 days ago,i saw that there were warning icons from both windows and Norton on my task bar about unfinished updates n scans.I had been having difficulties getting to launch the Norton Internet Security since the last 3 days and error messages from the Norton Protection centre kept coming up along with failed Windows updates.
A message like the following would appear after a failed Windows update

BCCode : 77 BCP1 : 00000001 BCP2 : 00000000 BCP3 : 00000000
BCP4 : AA233C34 OSVer : 5_1_2600 SP : 3_0 Product : 768_1
The following files will be included in this error report
C:\DOCUME~1\Jappi\LOCALS~1\Temp\WER8f20.dir00\Mini101908-01.dmp
C:\DOCUME~1\Jappi\LOCALS~1\Temp\WER8f20.dir00\sysdata.xml
_____________________________________________
A view of the security history revealed that in the past few days there had been several intrusion attempts by the Symantec website itself and that Norton has blocked them.
It does not make sense that the ones protecting the system could turn against it.
Anyway, I had to finally seek assistance from the technical support staff at Symantec at around on 24/12/08.It was a nightmare with 4 different analysts through the support chat sessions through remote desktop logging tried unistalling,reinstalling their NIS on my laptop.Every time after they ran the removal tool,deleted the Symantec entried in regedit and rebooting,there were always some remnants left.They concluded that it might be an infection on my computer which was preventing the installationand concluded that I’ve to get another Antivirus program to see if there’s a virus because the Norton scan did not pick up anything. As a last step, he said that I should format my laptop. After 12 hours of this ordeal, I was exhausted and nowhere near the problem being resolved and finally gave up due to sheer frustration and fatigue..So,now i'm left with no product and I've fired a complaint to them.

I ran spybot just out of curiosity to see if it picked up anything..and just as i suspected, there were 4 entries like the following:

Win32.Brontok.q 3 entries Trojan C
Rightmedia 1 entry

Just when i clicked fix them,the laptop crashed again with the blue screen error message coming up again..
When i rebooted,i ran Spybot again and this time it said only
Win32.Brontok.q 1entry Trojan C

I wonder what happened to the other two..????I'm sure they are still lurking in some dirty corner giving me more grief..
My concerns from the entire fiasco as outlined above are,

1. I do regular scans and do live updates on a daily basis.So, why then if it is a virus attack, then why has NAV not detected it and fixed it?
2. Why did the security history show the attacks as coming from the Symantec site itself???
3. Now, I’m unable to get on to the Symantec chat support as the explorer window is getting disabled on its own.
4. Neither I’m able to re install the product through the download process with a valid product key.

I'm feeling frustrated,stranded and dead scared to browse.So,I've turned on windows firewall,defender and started my sytem in safe mode with networking and writing this to you..

PLEEEEASE will SOMEONE OF YOU EXPERTS HELP an agonised soul?
Waiting EAGERLY to hear some expert advice to sort this mess ASAP.
I've bought this DELL laptop three years ago.

SYSTEM INFO

SYSTEM=INSPIRON 6000
BIOS VERSION=A04(02/02/2005)

PROCESSOR INFO

Processor type=Pentium M
Memory =512 mb
Memory speed=400 Mhz
Memory channel mode=Dual
memory technology=DDRZ SDRAM

DEVICE INFO
Primary hard drive=60 gb HDD
Modular Bay device=DVD +/- RW
Video controller=Intel 915 GM graphics
_______________________________________________________
Thanks in advance
Sudha

PS:when i'm typing ,tphe cursor is going all over the text and i'm ending up typing bits and pieces here and there....Has my laptop lost it completely or is there hope???




__________________________________________________________________________
Logfile of random's system information tool 1.05 (written by random/random)
Run by Jappi at 2008-12-18 17:11:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (25%) free of 54 GB
Total RAM: 503 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:23, on 18/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jappi\Local Settings\Temporary Internet Files\Content.IE5\TVX0BYPU\RSIT[1].exe
C:\Program Files\trend micro\Jappi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NIS] "C:\Documents and Settings\Sudha\Local Settings\Temporary Internet Files\Content.IE5\Z1V9YB6B\NIS09EN[1].exe" /RELAUNCH /RUNONCE /NOPROMPT /PATH "C:\Program Files\Norton Internet Security"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://portal.morganstanley.com/llclient/s...01,SSL,CT=java+
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202117845875
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab
O16 - DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} (TerminalSvcsTCSX Control) - https://mydesk-hq01.morganstanley.com/prx/0...inalSvcsTCS.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://portal.morganstanley.com/dana-cache...perSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D1A014A-14A5-41C5-AC76-1F4ABBCC87F9}: Domain = ms.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9D6B028-B15D-4136-AA06-1374295E426A}: NameServer = 203.145.184.13,202.56.250.5
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5690 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (RAVISUDHA290500-Ravi).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-17 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-05 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-09 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NIS"=C:\Documents and Settings\Sudha\Local Settings\Temporary Internet Files\Content.IE5\Z1V9YB6B\NIS09EN[1].exe /RELAUNCH /RUNONCE /NOPROMPT /PATH C:\Program Files\Norton Internet Security []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2004-11-10 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-05 127035]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMX]
C:\Program Files\Dell\Media Experience\DMX.exe [2005-01-26 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-26 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-10-12 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2004-10-08 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2004-10-08 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NIS]
C:\Documents and Settings\Ravi\Desktop\NIS09EN.exe /RELAUNCH /RUNONCE /PATH C:\Program Files\Norton Internet Security []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSWosCheck]
C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-06-27 1449984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-06 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2008-04-22 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe /Startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-28 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\SONYHA~1\HOTSYNC.EXE [2001-05-31 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-12 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3
"S24EventMonitor"=2
"RegSrvc"=2
"WLANKEEPER"=2
"NICCONFIGSVC"=2
"NetCfgSvr"=2
"iPod Service"=3
"IDriverT"=3
"gusvc"=3
"EvtEng"=2
"Bonjour Service"=2
"Apple Mobile Device"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-10-08 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2002-08-02 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MS Remote Access\NetClient.exe"="C:\Program Files\MS Remote Access\NetClient.exe:*:Enabled:Network access client"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\WINDOWS\LMI4.tmp\lmi_rescue.exe"="C:\WINDOWS\LMI4.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Documents and Settings\Ravi\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Ravi\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Norton_Removal_Tool\SymNRT.exe"="C:\Norton_Removal_Tool\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Documents and Settings\Jappi\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Jappi\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-18 17:12:00 ----D---- C:\Program Files\trend micro
2008-12-18 17:11:55 ----DC---- C:\rsit
2008-12-17 09:21:49 ----D---- C:\Program Files\NortonInstaller
2008-12-16 11:03:37 ----D---- C:\Program Files\Windows Installer Clean Up
2008-12-15 22:37:50 ----DC---- C:\Norton_Removal_Tool
2008-12-15 22:36:47 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-15 17:02:03 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-12-15 17:01:58 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-12-15 16:45:51 ----D---- C:\Program Files\MSECACHE
2008-12-15 15:55:24 ----D---- C:\Documents and Settings\All Users\Application Data\NortonSystemWorks
2008-12-15 13:47:08 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-15 13:41:06 ----DC---- C:\NSS
2008-12-15 13:26:55 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-12-15 10:44:00 ----D---- C:\WINDOWS\LMI1F.tmp

======List of files/folders modified in the last 1 months======

2008-12-18 17:12:00 ----D---- C:\Program Files
2008-12-18 12:54:35 ----D---- C:\WINDOWS
2008-12-18 10:17:06 ----D---- C:\WINDOWS\system32
2008-12-18 10:12:36 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-18 10:11:59 ----D---- C:\Program Files\Google
2008-12-17 12:24:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-17 12:23:26 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-17 12:08:40 ----D---- C:\WINDOWS\Prefetch
2008-12-17 09:14:00 ----D---- C:\WINDOWS\Temp
2008-12-17 09:13:58 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt
2008-12-16 19:37:21 ----D---- C:\WINDOWS\system32\drivers
2008-12-16 19:37:21 ----D---- C:\Program Files\DivX
2008-12-16 19:35:00 ----SHD---- C:\WINDOWS\Installer
2008-12-16 08:57:53 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-15 23:06:37 ----D---- C:\WINDOWS\system32\config
2008-12-15 23:06:02 ----D---- C:\WINDOWS\system32\wbem
2008-12-15 23:06:02 ----D---- C:\WINDOWS\Registration
2008-12-15 23:05:22 ----D---- C:\WINDOWS\system32\Restore
2008-12-15 23:02:43 ----SHD---- C:\System Volume Information
2008-12-15 16:58:06 ----RASHC---- C:\boot.ini
2008-12-15 16:58:06 ----A---- C:\WINDOWS\win.ini
2008-12-15 16:58:06 ----A---- C:\WINDOWS\system.ini
2008-12-15 16:42:34 ----SHD---- C:\RECYCLER
2008-12-15 16:31:24 ----SD---- C:\WINDOWS\Tasks
2008-12-15 16:17:19 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-15 16:16:58 ----D---- C:\Documents and Settings
2008-12-15 16:06:39 ----D---- C:\WINDOWS\pss
2008-12-15 15:54:24 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-15 13:47:08 ----D---- C:\Program Files\Common Files
2008-12-12 20:20:08 ----D---- C:\WINDOWS\Minidump
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 08:40:24 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-05 11:17:15 ----A---- C:\WINDOWS\orun32.ini
2008-11-22 00:13:18 ----D---- C:\Program Files\Common Files\Real
2008-11-19 08:10:19 ----HD---- C:\WINDOWS\inf
2008-11-19 08:10:19 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R3 ABVPN2K;Net Firewall Miniport Interface; C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2002-09-11 170484]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
S1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 Tosrfcom;Tosrfcom; C:\WINDOWS\system32\drivers\Tosrfcom.sys [2004-10-04 62799]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-04-27 17056]
S2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-22 40480]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
S2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-05 25883]
S2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-05 34843]
S2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-05 4123]
S2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-05 2239]
S2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-05 86586]
S2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-05 15227]
S2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-05 6363]
S2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-05 98714]
S2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-05 100603]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-10-08 752093]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2004-09-15 271704]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-01-17 98304]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2004-11-16 50048]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-21 34816]
S3 USB_RNDIS_51;USB Remote NDIS Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys []
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys []
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys []
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys []
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-14 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-03 19456]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-13 69632]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S4 NetCfgSvr;Network Configuration Service; C:\PROGRA~1\MSREMO~1\NetCfgSv.EXE [2002-09-25 73728]
S4 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2004-11-11 356352]
S4 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
S4 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
S4 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S4 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2008-12-18 17:12:27

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe® Photoshop® Album Starter Edition 3.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ARTEuro-->MsiExec.exe /I{1D3C662A-F6C6-4767-A788-7AA43A9A1317}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Management Programs 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
Canon EOS Kiss REBEL 300D WIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{31A57C3E-30DD-421F-B5C7-974DACB0D05F}
Canon Internet Library for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6A0DBAA6-4FEC-41B7-858E-99EF59B9173C}
Canon PhotoRecord-->MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon Utilities File Viewer Utility 1.3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CheckIt Diagnostics-->MsiExec.exe /X{4B9B1B84-FEC0-46D5-BDB9-832565779422}
Clié Favorites-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A5B009A-4072-46A8-9BF9-3AD10C22962F}\setup.exe"
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
G15A922EN-->MsiExec.exe /X{77312684-D3DF-4E00-A583-813FF9FFB4FB}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Intellisync Lite-->C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\ISCLIE\DeIsL1.isu -cC:\PROGRA~1\ISCLIE\ILUNINST.DLL
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-09-06-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1} /l1033
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Web Components-->MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mobile PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MS Remote Access-->C:\PROGRA~1\MSREMO~1\NetUN.exe
MSRedist-->MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia Lifeblog 2.1-->MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver-->MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia N73 highlights-->MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}
Nokia Nseries Skin for Microsoft Windows Media Player-->MsiExec.exe /I{73E30715-9EC4-4DAE-BE67-64500AEB8012}
Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia themes for your device-->MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton SystemWorks Basic Edition-->MsiExec.exe /I{707D28BF-E145-4a9b-B97E-94FA586D05F3}
Norton SystemWorks-->MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton SystemWorks-->MsiExec.exe /I{FB55BB78-2BC2-43E9-80FF-517A8D1AE3AD}
Palm Desktop-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\setup.exe" Uninstall
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PictureGear 4.1Lite-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Sony\PictureGear4.1Lite\PG41LITE.isu" -c"C:\Program Files\Sony\PictureGear4.1Lite\PGCacheCleanUp.dll"
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 - ALL
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VeryPDF PDF2Word v3.0-->"C:\Program Files\VeryPDF PDF2Word v3.0\unins000.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Photos Easy Upload Tool 1v6-->C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropperUK.dll"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

System event log

Computer Name: RAVISUDHA290500
Event Code: 7036
Message: The Symantec Event Manager service entered the running state.

Record Number: 77870
Source Name: Service Control Manager
Time Written: 20081214091623.000000-300
Event Type: information
User:

Computer Name: RAVISUDHA290500
Event Code: 7036
Message: The Symantec Settings Manager service entered the running state.

Record Number: 77869
Source Name: Service Control Manager
Time Written: 20081214091622.000000-300
Event Type: information
User:

Computer Name: RAVISUDHA290500
Event Code: 7031
Message: The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Record Number: 77868
Source Name: Service Control Manager
Time Written: 20081214091619.000000-300
Event Type: error
User:

Computer Name: RAVISUDHA290500
Event Code: 7031
Message: The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.

Record Number: 77867
Source Name: Service Control Manager
Time Written: 20081214091619.000000-300
Event Type: error
User:

Computer Name: RAVISUDHA290500
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Sunday, December 14, 2008 at 10:00 AM:
- Security Update for Windows XP (KB954600)
- Security Update for Windows XP Service Pack 3 (KB952069)
- Cumulative Security Update for Internet Explorer 7 for Windows XP (KB958215)

Record Number: 77866
Source Name: Windows Update Agent
Time Written: 20081214091610.000000-300
Event Type: information
User:

Application event log

Computer Name: RAVISUDHA290500
Event Code: 3
Message:
Record Number: 2467
Source Name: NProtectService
Time Written: 20081125083342.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: RAVISUDHA290500
Event Code: 1
Message:
Record Number: 2466
Source Name: Bonjour Service
Time Written: 20081125083342.000000-300
Event Type: information
User:

Computer Name: RAVISUDHA290500
Event Code: 0
Message:
Record Number: 2465
Source Name: NetCfgSvr
Time Written: 20081125083338.000000-300
Event Type: information
User:

Computer Name: RAVISUDHA290500
Event Code: 35
Message:
Record Number: 2464
Source Name: ccSvcHst
Time Written: 20081125083338.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: RAVISUDHA290500
Event Code: 34
Message:
Record Number: 2463
Source Name: ccSvcHst
Time Written: 20081125083338.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0d08
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Attached Files


Edited by anamika29501, 18 December 2008 - 05:35 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 24 December 2008 - 09:48 PM

Hello.

Hi,
My problems have gone from bad to worse..
Now not only the kind of error messages have changed but since the past two days,I have not been able to start my laptop as the following error is now popping up

"Windows cannot start because the following file is missing or corrupt.
\system 32\hal.dll "

now i'm coming to a cybercafe in order to access the internet to check if there were any replies from you folks to my earlier post


http://www.bleepingcomputer.com/forums/t/187602/trojan-spyhtmlfraudgenwin32-brontokq/

PLEEEEEEEEEEASE HELP A DISTRESSED SOUL.A ton of thanks for making time to respond.
PS:I don't 've a Windows XP CD/a recovery CD as my Dell laptop came with Windows preloaded!!!

Do you have access to a CD burner and a blank CD? We could work with that as well.

With Regards,
The Panda

#3 anamika29501

anamika29501
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston,MA
  • Local time:12:17 AM

Posted 25 December 2008 - 12:48 PM

Hi
Thanks for getting back.A merry Xmas to you.
Yes,I've access to a Cd and CD burner at my friend's place.I'm all ears to hear the words of wisdom. :thumbsup:
Cheers and regards
Sudha

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 25 December 2008 - 08:35 PM

Hello.

That error sounds like what you get when your bootsector is missing, or damaged. Let's create a Recovery Console and fix it.

Create Recovery Console Disk
We will use the Windows Recovery Console to try to restore your machine.

Please download the RC.iso image file to your working computer's desktop.

Burn the image onto a CD. If you do not have a CD burning software, you can use IMGBurn.
---
Place the CD into the unbootable machine
Select "Recovery Console" or recovery mode.
Enter the Administrator's password if prompted.
When the RC is open, type: fixbmr <ENTER>
Type exit.
Remove the CD from the drive and see if it boots.

Tell me how it goes.

With Regards,
The Panda

#5 anamika29501

anamika29501
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston,MA
  • Local time:12:17 AM

Posted 26 December 2008 - 08:37 AM

Hi Panda,
I just want a bit of clarification.When the recovery console runs and fixes the errors,will it erase or format the data already there on my laptop?Because there's a lot of precious snaps and videos of my 3 year old daughter which I don't want to lose.I have not backed them up recently. :thumbsup: Is there a way around it??
Thanks and regards
Sudha

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 26 December 2008 - 09:35 PM

Hello.

No. The "fixmbr" command only repairs damaged bootsectors. It will not affect the other data on the disk :thumbsup: .

Are you looking for mainly, at this point, to recover your data, or to try to get the machine booting again? Obviously the second one will be the best result, but would it be okay with you if we just recovered data?

I would gladly try to help you with either option. If you want to try to restore the machine, then continue with what I gave in my previous post.

With Regards,
The Panda

#7 anamika29501

anamika29501
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston,MA
  • Local time:12:17 AM

Posted 28 December 2008 - 03:25 PM

Hi panda,
Burned Cd,tried recovery console..when i typed the fixmbr,there was ominous warning that the partition couldd be damaged..but i proceeded as u said..fixbmr did not sort it out..

so,tried bootcfg/rebuild which said that chkdsk needs to be performed as hard drive errors are preventg booting up..so typed chkdsk..it checked and said that it has detected and fixed errors..so,i typed exit..but rebooting is leading to the same error message of <Windows root>\system 32\hal.dll " missing.....

what do i do?what i'm worried is-has the trojan infection (that was the initial prob for which i had come to the forum)damaged the hard drive?after the chkdsk repaired the errors it said that 55608996 kilobytes total disk space of which only 14663332 kilobytes are available?does it mean that remaining data has gone for a toss?? :)
my head's spinning and am so worried about not ever seeing the data on my laptop let alone remove the virus..

Pleeeeeease give me a step by step of what else to do? :thumbsup:
waiting to hear from you,
thanks
cheers
sudha

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 28 December 2008 - 08:58 PM

Hello.

55608996 kilobytes total disk space of which only 14663332 kilobytes are available

That means there is 40945664kb of data on the disk.

worried about not ever seeing the data on my laptop let alone remove the virus..

We could try to copy the data off the harddrive using another bootable disk. First off all, what kind of data is this (pictures/video, or documents)

Please give me some time to look over how to proceed.

With Regards,
The Panda

#9 anamika29501

anamika29501
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston,MA
  • Local time:12:17 AM

Posted 28 December 2008 - 09:19 PM

hi hi
yes,the data is fotos,videos,documents and precious music that i've been compiling over the years.....i'll wait to hear from you.. :thumbsup:
cheers
sudha

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 28 December 2008 - 09:31 PM

Hello.

If you have a (hopefully large) flash drive that you can transfer data to, from the damaged machine..

You may have to plug in the flash drive before booting, or during when Knoppix is running. (I don't have a machine to test with at the moment.)

Download Knoppix 5.1.1 to your desktop.

From a working computer burn the image.

Now place this CD into the non-bootable system. Configure the system to boot from CD. You can usually do this by pressing F10, F11, or F12 (try all of them if unsure) to bring up configuration options, and select CDRom as your boot device. Some machines will automatically attempt boot from the CD if one is inserted.

When you see this screen,
Posted Image
Press enter, and wait for Knoppix to boot.
On Knoppix' desktop, you should see an icon for your hard disk (Looks like Posted Image.)
Right click your flash drive and select "Mount". After select "Change Read/Write Mode".

You should now be able to copy files over to the flash drive. The interface features are very similar to Windows.

With Regards,
The Panda

#11 anamika29501

anamika29501
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston,MA
  • Local time:12:17 AM

Posted 30 December 2008 - 10:50 PM

Hi Panda
managd to get hold of a Segate external hard drive.After booting from the linux cd,when i right clicked the device,i got an error mssg saying the following:
"Failed to mount '/dv/sdb1';operation not supported
Mount is denied cos NTFS is unclean.Choose one of the actions:
Boot windows and shut it down cleanly or if u have a removable device,click safely remove hardware before disconnecting it.

or
Run 'ntfsfix' on Linux unless you have Vista,then mount NTFS with the 'force' option read-write or with the 'ro' option only

or
Mount the NTFS volume with the "ro' option in read only mode.


What do i do?will choosing the ntsfix lead to data being rewritten/lost???i was wondring why when before all this happened,my laptop had indicated that i ws using 53 gb out of 60 gb space..but why the data now is in kilobytesinstead of gb?
tell me what am i missing here?what should i do?
thanks
sudha

#12 anamika29501

anamika29501
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston,MA
  • Local time:12:17 AM

Posted 31 December 2008 - 12:26 AM

Hi
could not mount the device...but i could see my files,pictures and videos in My documents in hard disk(sda2)...but it is not mounting citing the error message abt NTFS being unclean..(i had typed the full error message in my previous post)...
how to get this NTFS fix sorted?i'm waiting eagerly to hear from you as to how to proceed..
cheers and regards
sudha

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 31 December 2008 - 08:39 AM

Hello.

Please select:

Mount the NTFS volume with the "ro' option in read only mode.

This should allow access to the harddrive. We don't need to write anything to the disk, just read (copy) files off it.

Some programs use KB, other's use GB, some both. Nothing to worry about.

With Regards,
The Panda

#14 anamika29501

anamika29501
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Boston,MA
  • Local time:12:17 AM

Posted 31 December 2008 - 12:27 PM

tried to mount even yesterday in the RO mode..but it is not letting copy or drag the files saying there is no "write" permission for the device..chaged permissions to both read and write for the seagate device..but still not working...
This like a rollercoaster..i'm going between high and low..thought that the data had gone south,but to see it through knoppix again was such a pleasing sight..but again being stuck and not being able to get it off my hard drive..uurrrgh..

why is it not letting me copy..??? what is this ntfs fix?
Panda,all your wise thoughts and help is most appreciated..
cheers
sudha

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 31 December 2008 - 03:32 PM

Hello.

Plug your removable drive into the working computer.
Open My Computer and note the drive letter.
Click on Start>Run> type:

chkdsk x: /x

(Where the first "x" is the drive letter. The second is as you see it.)
Wait for chkdsk to finish on that drive.

Try copying files with Knoppix again onto that drive.

If we can't get the drive to work, it is possible we can use Knoppix's Internet browser to upload files. This will be slow, but it is a valid option. Is that computer's Internet connection speed high?

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users