Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

backdoor.tidserv, small.CA


  • This topic is locked This topic is locked
18 replies to this topic

#1 ClickJ

ClickJ

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 21 December 2008 - 12:38 AM

Hi,
I hope someone here can help me, I've run into some major problems with my
computer.


First off, I am running Windows XP, SP2. For antivirus, I am using AT&T Yahoo!
Online Protection, which includes Norton Antivirus, Antispyware, and Personal
Firewall (definitions are up-to-date).


I ended up with a virus last night - got lots of messages from Norton that
appeared to be blocking outbound emails, and it also made my CPU usage go up to
100% for several minutes until I shut it off. Took forever to get to the
desktop after logging in so I started in Safe Mode.
Norton found the backdoor.tidserv virus on my computer, and even after removal,
finds it every time I do a scan on startup. Tried following some online removal
directions of deleting registry keys, but they weren't there - I assumed Norton
got rid of them.


After getting rid of the virus I found that my computer did load to the desktop
out of safe mode if I waited forever - but then as soon as the desktop is loaded
a box pops up saying that my computer will restart in 60 seconds. It also says
something like:
The shutdown was initiated by NT AUTHORITY SYSTEM.
C:\windows\system32\services.exe terminated unexpectedly with status code
-1073741819.
I have also done some research on this and have not found a solution.


In between writing this I tried booting normally again to use the "shutdown -a"
technique and this time the box did not come up (I didn't even have to use
that), however after a couple of minutes my comptuer froze. I also got several
"such-and-such encountered and error, send an error report" messages (they said
they occurred between 5-6am). One of the error reports brought me to one of
MS's pages that said it was caused by the win32/small.CA virus. A Norton scan
never picked that up, and it's the first time I've seen it.


I have read some things on the internet about viruses blocking websites that may
contain virus removal tools...I've been able to get to most websites but there
are some times when a certain site/page won't load - this site, for example, I have to access on another computer (along with anything to do with ComboFix, etc.).

I am now also starting to receive pop-up ads, even when I do not have a web browser open.


--------------------
info.txt logfile of random's system information tool 1.05

2008-12-20 00:22:26

======Uninstall list======

-->"C:\Program Files\Common Files\Symantec

Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5

AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec /X{AC434EC8-B3CC-4003-92C1-0AE751CCFEB5}
-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.d

ll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.d

ll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.d

ll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.d

ll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.d

ll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall

132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0015-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0016-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0018-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0019-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-001A-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-001B-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-001F-0409-0000-0000000FF1CE} /uninstall

{3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-001F-040C-0000-0000000FF1CE} /uninstall

{430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-001F-0C0A-0000-0000000FF1CE} /uninstall

{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0044-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-006E-0409-0000-0000000FF1CE} /uninstall

{FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-00A1-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-00BA-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0114-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0115-0409-0000-0000000FF1CE} /uninstall

{FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{90120000-0117-0409-0000-0000000FF1CE} /uninstall

{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package

{91120000-002E-0000-0000-0000000FF1CE} /uninstall

{BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe

/I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 10

ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10

Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe

/I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced Audio FX Engine-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.d

ll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9

/remove
Advanced Video FX Engine-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.d

ll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9

/remove
AGEIA PhysX v7.06.26-->MsiExec.exe

/X{AC434EC8-B3CC-4003-92C1-0AE751CCFEB5}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe

/I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe

/I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AT&T Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AutoHotkey 1.0.47.06-->C:\Program Files\AutoHotkey\uninst.exe
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AXIS Media Control Embedded-->rundll32 "C:\Program Files\Axis

Communications\AXIS Media Control

Embedded\AxisMediaControlEmb.dll",UninstallMe
Battlefield 2™-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.d

ll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9

-removeonly
BF2 G15 Mod 1.2-->"C:\Program Files\BF2G15Mod\icons\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Management Programs-->MsiExec.exe

/X{177D1318-3E4B-4A7C-A300-AC4E21BE090B}
Bus Driver 1.0-->C:\Program Files\Bus Driver\uninst.exe
Call of Duty® 4 - Modern Warfare™-->C:\Program

Files\InstallShield Installation

Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe

-runfromtemp -l0x0409
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CDDRV_Installer-->MsiExec.exe

/I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Compatibility Pack for the 2007 Office system-->MsiExec.exe

/X{90120000-0020-0409-0000-0000000FF1CE}
Consumer Complete Care Services Agreement-->MsiExec.exe

/X{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}
Deadliest Catch Alaskan Storm-->"C:\Program Files\Deadliest Catch

Alaskan Storm\uninstall.exe"
Dell DataSafe Online-->MsiExec.exe

/I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Support Center-->MsiExec.exe

/X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "C:\Program

Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Center-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.d

ll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9

/remove
Dell Webcam Manager-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.d

ll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9

/remove
Demo Virtual EVE-->MsiExec.exe

/X{4F9902F1-D910-4CE4-BAD1-D3A8C1B12B2A}
Documentation & Support Launcher-->MsiExec.exe

/X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Drum Controller Standard Tuning Kit-->C:\Program

Files\InstallShield Installation

Information\{FC8A7918-D65D-440C-9596-C88185E8DCA4}\setup.exe

-runfromtemp -l0x0409
Express Burn-->C:\Program Files\NCH Swift

Sound\ExpressBurn\uninst.exe
Express Rip-->C:\Program Files\NCH Swift

Sound\ExpressRip\uninst.exe
Games, Music, & Photos Launcher-->MsiExec.exe

/X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Toolbar for Internet Explorer-->MsiExec.exe

/I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program

files\google\googletoolbar2.dll"
GoToAssist 8.0.0.514-->C:\Program

Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"
High Definition Audio Driver Package -

KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.ex

e
HijackThis 2.0.2-->"C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP

(KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.ex

e"
Hotfix for Windows XP

(KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.ex

e"
HP Deskjet D2500 Printer Driver Software 10.0 Rel .3-->C:\Program

Files\HP\Digital

Imaging\{89998BCF-F415-468a-8282-CB042765A26F}\setup\hpzscr01.exe

-datfile hphscr25.dat -onestop
HP Image Zone 4.0-->C:\Program Files\HP\Digital

Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe

/X{457791C5-D702-4143-A7B2-2744BE9573F2}
Intel® PROSet/Wireless

Software-->C:\WINDOWS\Installer\iProInst.exe
IntelliSonic Speech Enhancement-->MsiExec.exe

/X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
Internet Service Offers Launcher-->MsiExec.exe

/X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe

/I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe

/I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 11-->MsiExec.exe

/X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe

/I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe

/I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Laptop Integrated Webcam Driver (1.03.02.0719)

-->C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin

OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Law and Order: Justice is Served-->C:\Program Files\Ubisoft\Law and

Order Justice is Served\uninst.exe
Live! Cam Avatar Creator-->C:\Program Files\InstallShield

Installation

Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe

-runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation

Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe

-runfromtemp -l0x0009 -removeonly /remove
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program

Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe

/X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech GamePanel Software 2.02-->MsiExec.exe

/X{0523EAF4-402C-4435-A0DA-13C40193D811}
Logitech Registration-->MsiExec.exe

/I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->C:\Program Files\InstallShield Installation

Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe

-runfromtemp -l0x0009 -removeonly
Macromedia Dreamweaver MX-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetu

p "C:\Program Files\InstallShield Installation

Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9

mmUninstall
Macromedia Extension Manager-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetu

p "C:\Program Files\InstallShield Installation

Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9

mmUninstall
Macromedia Fireworks MX-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetu

p "C:\Program Files\InstallShield Installation

Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9

UNINSTALL
Macromedia Flash MX-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetu

p "C:\Program Files\InstallShield Installation

Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9

UNINSTALL
Macromedia FreeHand MX-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetu

p "C:\Program Files\InstallShield Installation

Information\{8B4AE751-7055-4518-87B0-E148A8D50D0A}\Setup.exe" -l0x9

UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes'

Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MediaDirect-->C:\Program Files\InstallShield Installation

Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe

-runfromtemp -l0x0009 -cluninstall
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix

(KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\

hotfix.exe"

"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M9283

66Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X

{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe

/X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework

2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET

Framework 2.0\install.exe
Microsoft ActiveSync-->MsiExec.exe

/I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Kernel-Mode Driver Framework Feature Pack

1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe

/X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English)

2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe

/X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe

/X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English)

2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe

/X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe

/X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe

/X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe

/X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe

/X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe

/X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe

/X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe

/X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe

/X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe

/X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English)

2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007-->"C:\Program Files\Common

Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe"

/uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007-->MsiExec.exe

/X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe

/X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe

/X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe

/X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft redistributable runtime DLLs VS2005

SP1(x86)-->MsiExec.exe /I{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}
Microsoft redistributable runtime DLLs VS2005(x86)-->MsiExec.exe

/I{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office

programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe

/X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe

/X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla

Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe

/I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe

/I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe

/I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MSXML4.0 redistributable-->MsiExec.exe

/I{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}
Musicmatch for Windows Media Player-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.d

ll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9

remove
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Norton AntiVirus-->MsiExec.exe

/X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security-->MsiExec.exe

/I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe

/I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe

/I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe

/I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe

/I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OutlookAddinSetup-->MsiExec.exe

/I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Photosmart 320,370,7400,8100,8400 Series-->C:\Program

Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe

-datfile hphscr01.dat
Prism Video Converter-->C:\Program Files\NCH

Software\Prism\uninst.exe
QualxServ Service Agreement-->MsiExec.exe

/X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickSet-->C:\Program Files\InstallShield Installation

Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe

-runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Roxio Creator Audio-->MsiExec.exe

/I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe

/I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe

/I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\Documents and Settings\All Users\Application

Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x

{09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe

/I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe

/I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe

/I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe

/I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SAP GUI 7.10-->"C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe"

/uninstall

/product="ECL710+GUI710TWEAK+BW350+KW710+GUI710ISHMED+SAPGUI710"

/TitleComponent:"SAPGUI710" /IgnoreMissingProducts
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for 2007 Microsoft Office System

(KB951550)-->msiexec /package

{91120000-002E-0000-0000-0000000FF1CE} /uninstall

{B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System

(KB951944)-->msiexec /package

{91120000-002E-0000-0000-0000000FF1CE} /uninstall

{797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System

(KB958439)-->msiexec /package

{91120000-002E-0000-0000-0000000FF1CE} /uninstall

{6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007

(KB958437)-->msiexec /package

{91120000-002E-0000-0000-0000000FF1CE} /uninstall

{648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007

(KB950130)-->msiexec /package

{91120000-002E-0000-0000-0000000FF1CE} /uninstall

{F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007

(KB951338)-->msiexec /package

{91120000-002E-0000-0000-0000000FF1CE} /uninstall

{558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007

(KB950114)-->msiexec /package

{91120000-002E-0000-0000-0000000FF1CE} /uninstall

{F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007

(KB954326)-->msiexec /package

{91120000-002E-0000-0000-0000000FF1CE} /uninstall

{5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007

(KB956828)-->msiexec /package

{91120000-002E-0000-0000-0000000FF1CE} /uninstall

{885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec

/package {91120000-002E-0000-0000-0000000FF1CE} /uninstall

{4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training

(KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.ex

e"
Security Update for Windows Media Player

(KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spunins

t.exe"
Security Update for Windows XP

(KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuni

nst.exe"
Security Update for Windows XP

(KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.ex

e"
Security Update for Windows XP

(KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.ex

e"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartSound Quicktracks

Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.ex

e /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Switch Sound File Converter-->C:\Program Files\NCH Swift

Sound\Switch\uninst.exe
System Requirements Lab-->C:\Program

Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak Overlay BETA 2 (#63)-->"C:\Program

Files\TSO\uninstall.exe"
uberOptions 4.60.4-->C:\Program

Files\Logitech\SetPoint\uberOptions\uninst.exe
Ulead VideoStudio 9.0-->RunDll32

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dl

l,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{88F92798-59AB-474F-B40D-1EC5F782F7EE}\setup.exe" -l0x9
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec

/package {91120000-002E-0000-0000-0000000FF1CE} /uninstall

{4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package

{91120000-002E-0000-0000-0000000FF1CE} /uninstall

{A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec

/package {91120000-002E-0000-0000-0000000FF1CE} /uninstall

{79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP

(KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.ex

e"
Update for Windows XP

(KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.ex

e"
Update for Windows XP

(KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.ex

e"
Update for Windows XP

(KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.ex

e"
Update for Windows XP

(KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.ex

e"
Update for Windows XP

(KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.ex

e"
Update for Windows XP

(KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.ex

e"
Update for Windows XP

(KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.ex

e"
Update for Windows XP

(KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.ex

e"
Update for Windows XP

(KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.ex

e"
Update for Windows XP

(KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.ex

e"
Update for Windows XP

(KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuni

nst.exe"
Update for Windows XP

(KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.ex

e"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media

Player\mtsAxInstaller.exe /u
WIDCOMM Bluetooth Software-->MsiExec.exe

/X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Live installer-->MsiExec.exe

/X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe

/X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe

/I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime-->"C:\Program Files\Windows Media

Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix -

KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media

Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe

/I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Hotfix -

KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix -

KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix -

KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix -

KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
XoftSpySE-->C:\Program Files\XoftSpySE\uninstall.exe

======Security center information======

AV: Norton Security Online (outdated)
FW: Norton Security Online

System event log

Computer Name: JASON
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the stopped state.

Record Number: 17934
Source Name: Service Control Manager
Time Written: 20091218002445.000000-300
Event Type: information
User:

Computer Name: JASON
Event Code: 7036
Message: The LiveUpdate service entered the stopped state.

Record Number: 17933
Source Name: Service Control Manager
Time Written: 20091217232932.000000-300
Event Type: information
User:

Computer Name: JASON
Event Code: 7036
Message: The LiveUpdate service entered the running state.

Record Number: 17932
Source Name: Service Control Manager
Time Written: 20091217232833.000000-300
Event Type: information
User:

Computer Name: JASON
Event Code: 7035
Message: The LiveUpdate service was successfully sent a start

control.

Record Number: 17931
Source Name: Service Control Manager
Time Written: 20091217232833.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: JASON
Event Code: 7035
Message: The INSTB32 service was successfully sent a start control.

Record Number: 17930
Source Name: Service Control Manager
Time Written: 20091217215502.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: JASON
Event Code: 35
Message: The 'ccSetMgr' service has started.

Record Number: 7937
Source Name: ccSvcHst
Time Written: 20081103110307.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: JASON
Event Code: 34
Message: The 'ccSetMgr' service is starting.

Record Number: 7936
Source Name: ccSvcHst
Time Written: 20081103110307.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: JASON
Event Code: 101
Message: Information Level: success

The next run has been

scheduled to occur at approximately 1:20 AM.

Record Number: 7935
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081102213846.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: JASON
Event Code: 101
Message: Information Level: success

Automatic LiveUpdate has

terminated.

Record Number: 7934
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081102213846.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: JASON
Event Code: 101
Message: Information Level: success

Scheduler launched Automatic

LiveUpdate.

Record Number: 7933
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081102213744.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbe

m;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program

Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program

Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead

Systems\MPEG
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6,

GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio

Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------






----------------------------------------
Logfile of random's system information tool 1.05 (written by random/random)
Run by Jason Mach at 2008-12-20 00:22:17
Microsoft Windows XP Professional Service Pack 2
System drive C: has 105 GB (72%) free of 147 GB
Total RAM: 3262 MB (90% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:23 AM, on 12/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jason Mach\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jason Mach.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080515
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080515
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {d65a711b-85e4-76ea-1cf4-696b1c390f1d} - {d1f093c1-b696-4fc1-ae67-4e58b117a56d} - C:\WINDOWS\system32\upmlgz.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/38.05/57...0/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://games.bigfishgames.com/en_cinematyc...inematycoon.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://www.putfile.com/includes/ImageUploader4-5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec Eraser Service (erasersvc10824) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: rpcnetp - Unknown owner - C:\WINDOWS\System32\rpcnetp.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11460 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\HP Usg Daily FY04.job
C:\WINDOWS\tasks\Norton Security Online - Run Full System Scan - Jason Mach.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1f093c1-b696-4fc1-ae67-4e58b117a56d}]
C:\WINDOWS\system32\upmlgz.dll [2008-12-19 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-05-19 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-07-17 851968]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-09 8527872]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2008-01-09 86016]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-01-09 81920]
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2007-08-28 36864]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-07-25 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-07-25 974848]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 1228800]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-07-17 405504]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
"YOP"=C:\PROGRA~1\Yahoo!\YOP\yop.exe [2007-10-26 509224]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"osCheck"=C:\PROGRA~1\Symantec\osCheck.exe [2007-01-14 771704]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"Launch LgDevAgt"=C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2007-12-13 346648]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2007-12-13 2051096]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe [2004-04-06 172032]
"HPHUPD06"=C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-06 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2004-06-06 659456]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-16 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-15 68856]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
C:\Dell\E-Center\EULALauncher.exe [2008-02-28 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-15 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason Mach^Start Menu^Programs^Startup^Product Registration.lnk]
C:\PROGRA~1\COMMON~1\LOGISH~1\eReg\SetPoint\eReg.exe [2007-04-09 3036688]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-05-15 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\digital imaging\bin\hpqtra08.exe"="C:\Program Files\HP\digital imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\digital imaging\bin\hposid01.exe"="C:\Program Files\HP\digital imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\digital imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\digital imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-12-19 04:33:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-19 04:25:19 ----A---- C:\WINDOWS\system32\f76a3f84-.txt
2009-12-19 04:15:22 ----A---- C:\p2hhr.bat
2009-12-19 04:14:09 ----A---- C:\WINDOWS\system32\ddcBRiIY.dll
2009-12-19 03:09:12 ----D---- C:\Program Files\EVE Interactive
2008-12-20 00:22:17 ----D---- C:\rsit
2008-12-19 23:43:45 ----A---- C:\WINDOWS\system32\CF23581.exe
2008-12-19 23:43:43 ----A---- C:\Bug.txt
2008-12-19 16:40:51 ----D---- C:\Program Files\Trend Micro
2008-12-19 16:24:47 ----D---- C:\Avenger
2008-12-19 16:24:47 ----A---- C:\avenger.txt
2008-12-19 06:02:33 ----D---- C:\Documents and Settings\Jason Mach\Application Data\Malwarebytes
2008-12-19 06:02:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-19 06:02:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-19 05:38:30 ----D---- C:\Program Files\XoftSpySE
2008-12-19 05:18:23 ----A---- C:\WINDOWS\system32\upmlgz.dll
2008-12-19 05:18:21 ----A---- C:\WINDOWS\system32\drjfuiva.dll
2008-12-19 05:14:37 ----D---- C:\WINDOWS\LastGood
2008-12-18 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-16 22:36:58 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-16 22:36:58 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-16 22:36:58 ----A---- C:\WINDOWS\system32\java.exe
2008-12-16 22:36:58 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-16 06:23:26 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-16 06:23:20 ----D---- C:\Program Files\Windows Live
2008-12-16 06:23:08 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-12-13 01:45:04 ----A---- C:\WINDOWS\system32\lfpng13n.dll
2008-12-12 22:15:08 ----D---- C:\Program Files\AutoHotkey
2008-12-11 04:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 04:53:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 04:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-11 04:51:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 04:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 15:42:45 ----D---- C:\Documents and Settings\Jason Mach\Application Data\Logitech
2008-12-10 15:42:28 ----D---- C:\Documents and Settings\Jason Mach\Application Data\Leadertech
2008-12-10 15:42:27 ----D---- C:\Program Files\Common Files\LogiShared
2008-12-10 15:40:09 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2008-12-10 15:39:30 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-12-10 15:39:30 ----A---- C:\WINDOWS\KHALMNPR.Exe
2008-12-10 15:39:04 ----A---- C:\WINDOWS\system32\KemXML.dll
2008-12-10 15:39:04 ----A---- C:\WINDOWS\system32\KemWnd.dll
2008-12-10 15:39:04 ----A---- C:\WINDOWS\system32\KemUtil.dll
2008-12-10 15:39:04 ----A---- C:\WINDOWS\system32\kemutb.dll
2008-12-10 15:38:40 ----D---- C:\Program Files\Common Files\Logitech
2008-12-10 15:37:57 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-12-08 18:06:17 ----D---- C:\Program Files\Deadliest Catch Alaskan Storm
2008-11-21 17:38:21 ----D---- C:\Documents and Settings\Jason Mach\Application Data\Ulead Systems
2008-11-21 17:37:11 ----D---- C:\WINDOWS\system32\Quicktime
2008-11-21 17:37:11 ----D---- C:\Program Files\SmartSound Software
2008-11-21 17:37:11 ----D---- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-11-21 17:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-11-21 17:36:22 ----D---- C:\Program Files\Windows Media Components
2008-11-21 17:35:44 ----D---- C:\Program Files\Common Files\Ulead Systems
2008-11-21 17:35:43 ----D---- C:\Program Files\Ulead Systems
2008-11-21 17:35:43 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems

======List of files/folders modified in the last 1 months======

2009-12-19 04:26:35 ----D---- C:\Program Files\FireworksExtravaganza_at
2009-12-19 04:25:10 ----HD---- C:\Config.Msi
2009-12-19 04:25:10 ----D---- C:\Program Files\Dell
2009-12-19 04:25:09 ----SHD---- C:\WINDOWS\Installer
2009-12-19 04:23:51 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-12-19 04:23:15 ----D---- C:\WINDOWS\Prefetch
2009-12-19 04:14:19 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-19 04:14:02 ----A---- C:\WINDOWS\system32\svchost.exe
2009-12-19 02:54:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-18 16:28:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-18 16:16:52 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-12-18 16:16:41 ----D---- C:\Program Files\Symantec
2009-12-18 16:13:59 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-19 23:43:50 ----D---- C:\WINDOWS\system32
2008-12-19 23:32:08 ----D---- C:\Program Files\Mozilla Firefox
2008-12-19 23:21:52 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-19 23:13:02 ----D---- C:\WINDOWS\Temp
2008-12-19 23:12:59 ----D---- C:\WINDOWS\system32\drivers
2008-12-19 23:12:19 ----A---- C:\WINDOWS\system32\rpcnetp.exe
2008-12-19 16:40:51 ----RD---- C:\Program Files
2008-12-19 16:29:22 ----D---- C:\WINDOWS
2008-12-19 16:29:08 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2008-12-19 16:29:08 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2008-12-19 16:28:26 ----A---- C:\WINDOWS\system32\rpcnetp.dll
2008-12-19 16:28:26 ----A---- C:\WINDOWS\system32\rpcnet.dll
2008-12-19 05:50:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-19 05:38:32 ----SD---- C:\WINDOWS\Tasks
2008-12-18 03:00:59 ----HD---- C:\WINDOWS\inf
2008-12-18 03:00:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 22:36:39 ----D---- C:\Program Files\Java
2008-12-16 06:25:48 ----SD---- C:\Documents and Settings\Jason Mach\Application Data\Microsoft
2008-12-16 06:25:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-16 06:25:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-16 06:25:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-16 06:23:26 ----D---- C:\Program Files\Common Files
2008-12-14 03:51:04 ----D---- C:\Documents and Settings\Jason Mach\Application Data\Skype
2008-12-14 01:49:12 ----D---- C:\Documents and Settings\Jason Mach\Application Data\skypePM
2008-12-12 22:40:51 ----RASH---- C:\boot.ini
2008-12-12 22:40:51 ----A---- C:\WINDOWS\win.ini
2008-12-12 22:40:51 ----A---- C:\WINDOWS\system.ini
2008-12-12 22:40:48 ----D---- C:\WINDOWS\pss
2008-12-12 22:15:08 ----D---- C:\WINDOWS\SHELLNEW
2008-12-12 12:33:23 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 04:54:03 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-11 04:53:28 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 04:53:06 ----D---- C:\Program Files\Internet Explorer
2008-12-10 15:40:37 ----D---- C:\WINDOWS\WinSxS
2008-12-10 15:39:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-10 15:38:44 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2008-12-10 15:38:42 ----D---- C:\Program Files\Logitech
2008-12-10 15:38:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-08 18:06:17 ----D---- C:\WINDOWS\system32\DirectX
2008-11-21 17:36:22 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-07-17 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-17 56832]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-07-17 37376]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-07-17 161792]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-12 2211456]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-07-17 202912]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-20 58240]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-10-03 187952]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-05-15 21393]
S2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
S3 DXEC02;DXEC02; C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 103168]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 INSTB32;INSTB32; \??\C:\WINDOWS\TEMP\INSTB32.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\NAVEX15.SYS []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-01-09 7453408]
S3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
S3 physX32;physX32; C:\WINDOWS\system32\DRIVERS\physX32.sys [2007-06-26 117888]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2007-05-03 78720]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2007-05-03 12032]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2007-05-03 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-07-17 1222840]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-10-03 12848]
S3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-10-03 146096]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-10-03 39984]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20081213.001\SymIDSCo.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-10-03 35120]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-10-03 27696]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
S2 erasersvc10824;Symantec Eraser Service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
S2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-16 152984]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2009-12-19 14336]
S2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-07-20 475136]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-09 155716]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2009-12-19 14336]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-05-30 66872]
S2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
S2 rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2008-09-18 47104]
S2 rpcnetp;rpcnetp; C:\WINDOWS\System32\rpcnetp.exe [2008-12-19 17408]
S2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-07-25 987136]
S2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2007-07-17 94208]
S2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-07-25 294912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-05-15 16680]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-15 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 ISPwdSvc;Symantec IS Password Validation; C:\PROGRA~1\Symantec\isPwdSvc.exe [2007-01-14 80504]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-26 1174664]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------




I also installed MalwareBytes and have run it several times; it found between 20
and 30 errors the first couple of times but I could not complete the removal
because my computer would not stay on long enough for it to run out of Safe
Mode. However, I just did another scan and it only found 2 errors, both of
which were fixed. Not sure if it will be of any help but here's my most recent MalwareBytes logfile - I figured it would be better to provide too much information than too little!


----------------------------
Malwarebytes' Anti-Malware 1.31
Database version: 1525
Windows 5.1.2600 Service Pack 2
12/19/2008 4:50:17 PM
mbam-log-2008-12-19 (16-50-17).txt
Scan type: Quick Scan
Objects scanned: 63920
Time elapsed: 4 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and
deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) ->
Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
----------------------------------------------------




I would really appreciate any help with this - it has slowed my computer to
barely a crawl and I would rather not have to use my computer in safe mode
indefinately! I don't really want to reformat as I do not have the discs here
with me - I'm on Christmas break.
If you need any other information let me know - thanks a lot for your help!

BC AdBot (Login to Remove)

 


#2 ClickJ

ClickJ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 28 December 2008 - 12:09 AM

I was recently able to boot my computer normally without the "shutdown in 60 seconds" popup; however I could not run any antivirus software, or MalwareBytes. HJT was about the only thing I was able to run.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:41 PM

Posted 28 December 2008 - 04:08 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 ClickJ

ClickJ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 28 December 2008 - 05:42 PM

Thanks for the reply! Here is the DDS log:



DDS (Version 1.1.0) - NTFSx86
Run by Jason Mach at 17:17:50.45 on Sat 12/27/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3262.2644 [GMT -5:00]

AV: Norton Security Online *On-access scanning enabled* (Outdated)
FW: Norton Security Online *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\BF2G15Mod\BF2 LCD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Jason Mach\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080515
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080515
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: {d65a711b-85e4-76ea-1cf4-696b1c390f1d}: {d1f093c1-b696-4fc1-ae67-4e58b117a56d} - c:\windows\system32\upmlgz.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\progra~1\symantec\osCheck.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jasonm~1\applic~1\mozilla\firefox\profiles\2z6q7y9e.default\
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

============= SERVICES / DRIVERS ===============

R?2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2007-1-10 108648]
R2 erasersvc10824;Symantec Eraser Service;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2007-1-10 108648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-2 99376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-5-15 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-5-15 7424]
R3 physX32;physX32;c:\windows\system32\drivers\physX32.sys [2008-5-15 117888]
S2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2007-1-10 108648]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-5-21 24652]
S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081219.005\NAVENG.SYS [2009-12-18 89104]
S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081219.005\NAVEX15.SYS [2009-12-18 876112]
S3 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" [2008-5-26 1174664]

=============== Created Last 30 ================

2008-12-22 02:01 268 a---h--- C:\sqmdata02.sqm
2008-12-22 02:01 244 a---h--- C:\sqmnoopt02.sqm
2008-12-21 02:06 2,332,368 a------- c:\windows\system\d3dx9_29.dll
2008-12-21 02:06 348,160 a------- c:\windows\system\msvcr71.dll
2008-12-21 02:06 143,360 a------- c:\windows\system\vh202.DLL
2008-12-21 02:06 <DIR> --d----- c:\program files\Act-3D
2008-12-21 02:02 <DIR> --d----- c:\program files\Virtual Hottie 2
2008-12-19 23:43 388,608 a------- c:\windows\system32\CF23581.exe
2008-12-19 16:40 <DIR> --d----- c:\program files\Trend Micro
2008-12-19 06:02 <DIR> --d----- c:\docume~1\jasonm~1\applic~1\Malwarebytes
2008-12-19 06:02 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-19 06:02 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 06:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 06:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-19 05:50 <DIR> --d----- c:\documents and settings\jason mach\.housecall6.6
2008-12-19 05:48 664 a------- c:\windows\system32\d3d9caps.dat
2008-12-19 05:18 135,168 a------- c:\windows\system32\upmlgz.dll
2008-12-19 05:18 135,168 a------- c:\windows\system32\drjfuiva.dll
2008-12-16 22:36 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-16 15:07 268 a---h--- C:\sqmdata00.sqm
2008-12-16 15:07 244 a---h--- C:\sqmnoopt00.sqm
2008-12-16 06:25 <DIR> --d----- c:\documents and settings\jason mach\Contacts
2008-12-16 06:23 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-12-13 01:45 159,744 a------- c:\windows\system32\lfpng13n.dll
2008-12-12 22:15 <DIR> --d----- c:\program files\AutoHotkey
2008-12-10 15:42 <DIR> --d----- c:\program files\common files\LogiShared
2008-12-10 15:40 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-10 15:40 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-10 15:39 1,419,024 a------- c:\windows\system32\WdfCoInstaller01005.dll
2008-12-10 15:39 56,080 a------- c:\windows\KHALMNPR.Exe
2008-12-10 15:39 36,112 a------- c:\windows\system32\drivers\LMouFilt.Sys
2008-12-10 15:39 34,832 a------- c:\windows\system32\drivers\LHidFilt.Sys
2008-12-10 15:39 163,840 a------- c:\windows\system32\kemutb.dll
2008-12-10 15:39 135,168 a------- c:\windows\system32\KemUtil.dll
2008-12-10 15:39 110,592 a------- c:\windows\system32\KemWnd.dll
2008-12-10 15:39 69,632 a------- c:\windows\system32\KemXML.dll
2008-12-10 15:38 <DIR> --d----- c:\program files\common files\Logitech
2008-12-08 18:06 <DIR> --d----- c:\program files\Deadliest Catch Alaskan Storm

==================== Find3M ====================

2008-12-27 17:15 17,408 a------- c:\windows\system32\rpcnetp.exe
2008-12-27 17:15 47,104 a------- c:\windows\system32\rpcnet.dll
2008-12-22 01:28 17,408 a------- c:\windows\system32\rpcnetp.dll
2008-12-12 12:33 3,060,224 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 11:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 04:45 18,432 -------- c:\windows\system32\dllcache\iedw.exe
2008-10-12 23:56 183,128 a------- c:\windows\system32\PnkBstrB.exe
2008-10-03 14:34 625,032 a------- c:\windows\system32\SymNeti.dll
2008-10-03 14:34 242,056 a------- c:\windows\system32\SymRedir.dll
2008-10-03 05:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 05:15 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-10-02 17:36 32,256 a------- c:\windows\system32\identprv.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-29 21:18 157,272 a------- c:\windows\hphins25.dat
2008-05-23 20:19 22,328 a------- c:\docume~1\jasonm~1\applic~1\PnkBstrK.sys
2008-05-20 01:27 1,844 a------- c:\docume~1\jasonm~1\applic~1\install.dat
2008-05-15 09:54 74 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 17:18:23.12 ===============



Also, I was unable to disable my antivirus. I use the free Norton suite provided by AT&T, and my computer will not let me into the settings to disable anything. I assume it is not working anyway as I have not been able to do a scan (except in safe mode - I did the DDS scan after booting up normally) since my computer became infected.

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 29 December 2008 - 01:18 AM

Hello there,

You mentioned ComboFix early on, in your first post. Were you able to download and run it? I see you also got MBAM.....can you update it and have a run with it also?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 ClickJ

ClickJ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 29 December 2008 - 06:15 PM

Here is my ComboFix log - I was able to run both of these programs, I just had to change the name of the .exe file so that the virus wouldn't block them from running.


-------------------------------
ComboFix 08-12-20.03 - Jason Mach 2008-12-28 17:11:02.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3262.2997 [GMT -5:00]
Running from: c:\documents and settings\Jason Mach\Desktop\abc.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\system~1\applic~1\install.dat
c:\windows\system32\drivers\TDSSmxoe.sys
c:\windows\system32\drjfuiva.dll
c:\windows\system32\TDSScbqp.log
c:\windows\system32\TDSSciou.dll
c:\windows\system32\TDSSfpmp.log
c:\windows\system32\TDSSmqxt.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSoitu.dll
c:\windows\system32\TDSSosvn.dll
c:\windows\system32\TDSSpqlt.dat
c:\windows\system32\upmlgz.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_icf


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2009-12-19 04:15 . 2009-12-19 04:15 46 --a------ C:\p2hhr.bat
2009-12-19 04:14 . 2009-12-19 04:14 58,368 --a------ c:\windows\system32\ddcBRiIY.dll
2009-12-19 04:14 . 2009-12-19 04:14 2 --a------ C:\-62260395
2009-12-19 03:49 . 2009-12-19 03:49 0 --a------ C:\nowy_00001.avi
2009-12-19 03:49 . 2009-12-19 03:49 0 --a------ C:\nowy.avi
2009-12-19 03:09 . 2009-12-19 03:09 <DIR> d-------- c:\program files\EVE Interactive
2009-12-18 16:28 . 2009-12-18 16:28 268 --ah----- C:\sqmdata01.sqm
2009-12-18 16:28 . 2009-12-18 16:28 244 --ah----- C:\sqmnoopt01.sqm
2009-12-18 16:16 . 2008-07-30 17:42 23,888 --a------ c:\windows\system32\drivers\COH_Mon.sys
2009-12-18 16:16 . 2008-07-30 17:28 10,537 --a------ c:\windows\system32\drivers\COH_Mon.cat
2009-12-18 16:16 . 2008-07-30 17:28 706 --a------ c:\windows\system32\drivers\COH_Mon.inf
2008-12-27 23:35 . 2008-12-27 23:35 268 --ah----- C:\sqmdata03.sqm
2008-12-27 23:35 . 2008-12-27 23:35 244 --ah----- C:\sqmnoopt03.sqm
2008-12-22 02:01 . 2008-12-22 02:01 268 --ah----- C:\sqmdata02.sqm
2008-12-22 02:01 . 2008-12-22 02:01 244 --ah----- C:\sqmnoopt02.sqm
2008-12-21 02:06 . 2008-12-21 02:06 <DIR> d-------- c:\program files\Act-3D
2008-12-21 02:06 . 2006-08-17 00:18 2,332,368 --a------ c:\windows\system\d3dx9_29.dll
2008-12-21 02:06 . 2003-02-21 13:42 348,160 --a------ c:\windows\system\msvcr71.dll
2008-12-21 02:06 . 2006-08-08 12:08 143,360 --a------ c:\windows\system\vh202.DLL
2008-12-21 02:02 . 2008-12-21 02:02 <DIR> d-------- c:\program files\Virtual Hottie 2
2008-12-21 01:57 . 2008-12-21 01:57 <DIR> d-------- c:\program files\7-Zip
2008-12-20 00:22 . 2008-12-20 00:22 <DIR> d-------- C:\rsit
2008-12-19 16:40 . 2008-12-19 16:40 <DIR> d-------- c:\program files\Trend Micro
2008-12-19 06:02 . 2008-12-19 06:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 06:02 . 2008-12-19 06:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 06:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 06:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-19 05:50 . 2008-12-19 05:51 <DIR> d-------- c:\documents and settings\Jason Mach\.housecall6.6
2008-12-19 05:48 . 2008-12-21 02:26 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-16 22:36 . 2008-12-16 22:36 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-16 15:07 . 2008-12-16 15:07 268 --ah----- C:\sqmdata00.sqm
2008-12-16 15:07 . 2008-12-16 15:07 244 --ah----- C:\sqmnoopt00.sqm
2008-12-16 06:25 . 2008-12-17 04:35 <DIR> d-------- c:\documents and settings\Jason Mach\Contacts
2008-12-16 06:23 . 2008-12-16 06:25 <DIR> d-------- c:\program files\Windows Live
2008-12-16 06:23 . 2008-12-16 06:24 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-16 06:23 . 2008-12-16 06:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-13 01:45 . 2003-11-04 15:11 159,744 --a------ c:\windows\system32\lfpng13n.dll
2008-12-12 22:15 . 2008-12-12 22:15 <DIR> d-------- c:\program files\AutoHotkey
2008-12-10 15:42 . 2008-12-10 15:42 <DIR> d-------- c:\program files\Common Files\LogiShared
2008-12-10 15:40 . 2008-12-10 15:40 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-10 15:40 . 2008-12-10 15:40 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-10 15:39 . 2007-04-11 15:33 1,419,024 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2008-12-10 15:39 . 2007-04-23 04:00 163,840 --a------ c:\windows\system32\kemutb.dll
2008-12-10 15:39 . 2007-04-23 04:00 135,168 --a------ c:\windows\system32\KemUtil.dll
2008-12-10 15:39 . 2007-04-23 04:00 110,592 --a------ c:\windows\system32\KemWnd.dll
2008-12-10 15:39 . 2007-04-23 04:00 69,632 --a------ c:\windows\system32\KemXML.dll
2008-12-10 15:39 . 2007-04-11 15:32 56,080 --a------ c:\windows\KHALMNPR.Exe
2008-12-10 15:39 . 2007-04-11 15:32 36,112 --a------ c:\windows\system32\drivers\LMouFilt.Sys
2008-12-10 15:39 . 2007-04-11 15:32 34,832 --a------ c:\windows\system32\drivers\LHidFilt.Sys
2008-12-10 15:38 . 2008-12-10 15:39 <DIR> d-------- c:\program files\Common Files\Logitech
2008-12-10 15:37 . 2008-12-10 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-12-08 18:06 . 2008-12-08 18:11 <DIR> d-------- c:\program files\Deadliest Catch Alaskan Storm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 09:26 --------- d-----w c:\program files\FireworksExtravaganza_at
2009-12-19 09:25 --------- d-----w c:\program files\Dell
2009-12-19 09:23 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-12-19 07:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-12-18 21:16 --------- d-----w c:\program files\Symantec
2009-12-18 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-12-18 21:13 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-12-18 21:13 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-18 21:13 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-17 03:36 --------- d-----w c:\program files\Java
2008-12-11 09:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-10 20:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 20:38 --------- d-----w c:\program files\Logitech
2008-12-10 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2008-11-21 22:38 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-21 22:37 --------- d-----w c:\program files\SmartSound Software
2008-11-21 22:37 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-21 22:37 --------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2008-11-21 22:36 --------- d-----w c:\program files\Windows Media Components
2008-11-21 22:36 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-11-21 22:35 --------- d-----w c:\program files\Ulead Systems
2008-11-21 00:01 --------- d--ha-w c:\documents and settings\All Users\Application Data\GTek
2008-11-19 01:54 --------- d-----w c:\program files\iTunes
2008-11-19 01:54 --------- d-----w c:\program files\iPod
2008-11-19 01:54 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-19 01:53 --------- d-----w c:\program files\Bonjour
2008-11-19 01:53 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-19 01:52 --------- d-----w c:\program files\QuickTime
2008-11-19 01:52 --------- d-----w c:\program files\Common Files\Apple
2008-11-19 01:51 --------- d-----w c:\program files\Apple Software Update
2008-11-07 00:57 --------- d-----w c:\program files\Activision
2008-11-02 04:43 --------- d-----w c:\program files\AIM6
2008-11-02 04:43 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-02 04:43 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-18 00:05 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-18 00:05 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-18 00:05 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-18 00:05 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-18 00:05 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-05-15 14:54 74 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-15 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-17 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-09 8527872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-09 81920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 346648]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-06 659456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz"="nwiz.exe" [2008-01-09 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-01-09 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-17 c:\windows\stsystra.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-10 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-15 10:10 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=upmlgz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jason Mach^Start Menu^Programs^Startup^Product Registration.lnk]
path=c:\documents and settings\Jason Mach\Start Menu\Programs\Startup\Product Registration.lnk
backup=c:\windows\pss\Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2008-02-28 13:18 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-02 15:07 133104 c:\documents and settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 12:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-15 10:02 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S2 EraserSvc10824;Symantec Eraser Service;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-01-10 108648]
S2 rpcnetp;rpcnetp;c:\windows\System32\rpcnetp.exe [2008-05-21 17408]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-05-21 24652]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-05-15 235520]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-05-15 7424]
S3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2008-05-15 117888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-28 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 15:07]

2008-12-27 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-06 23:53]

2008-12-16 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Jason Mach.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]
.
- - - - ORPHANS REMOVED - - - -

BHO-{d1f093c1-b696-4fc1-ae67-4e58b117a56d} - c:\windows\system32\upmlgz.dll
HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080515
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Jason Mach\Application Data\Mozilla\Firefox\Profiles\2z6q7y9e.default\
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 17:16:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2008-12-28 17:18:09 - machine was rebooted [Jason Mach]
ComboFix-quarantined-files.txt 2008-12-28 22:18:07

Pre-Run: 109,961,162,752 bytes free
Post-Run: 110,553,579,520 bytes free

292 --- E O F --- 2008-12-18 08:01:00

---------------------------------------



Here's another MBAM log, which I just completed:

------------------------------------------
Malwarebytes' Anti-Malware 1.31
Database version: 1565
Windows 5.1.2600 Service Pack 2

12/28/2008 6:02:16 PM
mbam-log-2008-12-28 (18-02-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 140748
Time elapsed: 24 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\drjfuiva.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSmqxt.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqh.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoitu.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSosvn.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\upmlgz.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmxoe.sys.vir (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0040758.sys (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0040759.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0040760.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0040761.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0040762.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0040777.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP194\A0040778.dll (Trojan.Vundo) -> No action taken.

-------------------------------------


These were both done in Safe Mode.

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 30 December 2008 - 04:04 PM

Hello,

Nasty old rootkit. :thumbsup: What MBAM found is benign now, but still some things to do.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Please post that log in your reply and we'll get rid of what's left on your system. How is it running?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 ClickJ

ClickJ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 31 December 2008 - 12:15 AM

Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:23 AM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\BF2G15Mod\BF2 LCD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080515
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/38.05/57...0/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://games.bigfishgames.com/en_cinematyc...inematycoon.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://www.putfile.com/includes/ImageUploader4-5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: upmlgz.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec Eraser Service (EraserSvc10824) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14580 bytes




------------------------------------------------
My system is running a lot better right now than it has been for some reason (Norton still finds a virus when I scan in Safe Mode and I haven't done anything else really) - it still takes forever to load the desktop and Norton still won't scan in normal mode. But I am able to visit all websites now (antivirus-related sites are no longer blocked) and when I click on a link in a Google search it takes me to that page instead of a pop-up ad related to my search term.

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 31 December 2008 - 12:49 AM

Hello,

That's good to know. :thumbsup: Thanks for the HijackThis log! If you would, please, have another run with ComboFix and post the report to be sure nothing was left behind. Then we'll use HijackThis to speed your computer up, and we'll look into the Norton problem if it still exists when we're done.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 ClickJ

ClickJ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 31 December 2008 - 03:28 AM

Here's the ComboFix log:



ComboFix 08-12-30.02 - Jason Mach 2008-12-30 1:37:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3262.2597 [GMT -5:00]
Running from: c:\documents and settings\Jason Mach\Desktop\ComboFix.exe
AV: Norton Security Online *On-access scanning enabled* (Outdated)
FW: Norton Security Online *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\install.dat
c:\documents and settings\Jason Mach\Application Data\Install.dat
c:\windows\system32\ddcBRiIY.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2009-12-19 04:40 . 2009-12-19 04:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-12-19 04:15 . 2009-12-19 04:15 46 --a------ C:\p2hhr.bat
2009-12-19 04:14 . 2009-12-19 04:14 2 --a------ C:\-62260395
2009-12-19 03:49 . 2009-12-19 03:49 0 --a------ C:\nowy_00001.avi
2009-12-19 03:49 . 2009-12-19 03:49 0 --a------ C:\nowy.avi
2009-12-19 03:09 . 2009-12-19 03:09 <DIR> d-------- c:\program files\EVE Interactive
2009-12-18 16:28 . 2009-12-18 16:28 268 --ah----- C:\sqmdata01.sqm
2009-12-18 16:28 . 2009-12-18 16:28 244 --ah----- C:\sqmnoopt01.sqm
2009-12-18 16:16 . 2008-07-30 17:42 23,888 --a------ c:\windows\system32\drivers\COH_Mon.sys
2009-12-18 16:16 . 2008-07-30 17:28 10,537 --a------ c:\windows\system32\drivers\COH_Mon.cat
2009-12-18 16:16 . 2008-07-30 17:28 706 --a------ c:\windows\system32\drivers\COH_Mon.inf
2008-12-30 01:34 . 2008-12-30 01:35 <DIR> d-------- C:\abc
2008-12-30 00:06 . 2008-12-30 00:21 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-27 23:35 . 2008-12-27 23:35 268 --ah----- C:\sqmdata03.sqm
2008-12-27 23:35 . 2008-12-27 23:35 244 --ah----- C:\sqmnoopt03.sqm
2008-12-22 02:01 . 2008-12-22 02:01 268 --ah----- C:\sqmdata02.sqm
2008-12-22 02:01 . 2008-12-22 02:01 244 --ah----- C:\sqmnoopt02.sqm
2008-12-21 02:06 . 2008-12-21 02:06 <DIR> d-------- c:\program files\Act-3D
2008-12-21 02:06 . 2006-08-17 00:18 2,332,368 --a------ c:\windows\system\d3dx9_29.dll
2008-12-21 02:06 . 2003-02-21 13:42 348,160 --a------ c:\windows\system\msvcr71.dll
2008-12-21 02:06 . 2006-08-08 12:08 143,360 --a------ c:\windows\system\vh202.DLL
2008-12-21 02:02 . 2008-12-21 02:02 <DIR> d-------- c:\program files\Virtual Hottie 2
2008-12-21 01:57 . 2008-12-21 01:57 <DIR> d-------- c:\program files\7-Zip
2008-12-20 00:22 . 2008-12-20 00:22 <DIR> d-------- C:\rsit
2008-12-19 16:40 . 2008-12-19 16:40 <DIR> d-------- c:\program files\Trend Micro
2008-12-19 06:02 . 2008-12-19 06:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 06:02 . 2008-12-19 06:02 <DIR> d-------- c:\documents and settings\Jason Mach\Application Data\Malwarebytes
2008-12-19 06:02 . 2008-12-19 06:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 06:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 06:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-19 05:50 . 2008-12-19 05:51 <DIR> d-------- c:\documents and settings\Jason Mach\.housecall6.6
2008-12-19 05:48 . 2008-12-21 02:26 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-16 22:36 . 2008-12-16 22:36 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-16 15:07 . 2008-12-16 15:07 268 --ah----- C:\sqmdata00.sqm
2008-12-16 15:07 . 2008-12-16 15:07 244 --ah----- C:\sqmnoopt00.sqm
2008-12-16 06:25 . 2008-12-17 04:35 <DIR> d-------- c:\documents and settings\Jason Mach\Contacts
2008-12-16 06:23 . 2008-12-16 06:25 <DIR> d-------- c:\program files\Windows Live
2008-12-16 06:23 . 2008-12-16 06:24 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-16 06:23 . 2008-12-16 06:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-13 01:45 . 2003-11-04 15:11 159,744 --a------ c:\windows\system32\lfpng13n.dll
2008-12-12 22:15 . 2008-12-12 22:15 <DIR> d-------- c:\program files\AutoHotkey
2008-12-10 15:42 . 2008-12-10 15:42 <DIR> d-------- c:\program files\Common Files\LogiShared
2008-12-10 15:42 . 2008-12-10 15:42 <DIR> d-------- c:\documents and settings\Jason Mach\Application Data\Logitech
2008-12-10 15:42 . 2008-12-10 15:42 <DIR> d-------- c:\documents and settings\Jason Mach\Application Data\Leadertech
2008-12-10 15:40 . 2008-12-10 15:40 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-10 15:40 . 2008-12-10 15:40 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-10 15:39 . 2007-04-11 15:33 1,419,024 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2008-12-10 15:39 . 2007-04-23 04:00 163,840 --a------ c:\windows\system32\kemutb.dll
2008-12-10 15:39 . 2007-04-23 04:00 135,168 --a------ c:\windows\system32\KemUtil.dll
2008-12-10 15:39 . 2007-04-23 04:00 110,592 --a------ c:\windows\system32\KemWnd.dll
2008-12-10 15:39 . 2007-04-23 04:00 69,632 --a------ c:\windows\system32\KemXML.dll
2008-12-10 15:39 . 2007-04-11 15:32 56,080 --a------ c:\windows\KHALMNPR.Exe
2008-12-10 15:39 . 2007-04-11 15:32 36,112 --a------ c:\windows\system32\drivers\LMouFilt.Sys
2008-12-10 15:39 . 2007-04-11 15:32 34,832 --a------ c:\windows\system32\drivers\LHidFilt.Sys
2008-12-10 15:38 . 2008-12-10 15:39 <DIR> d-------- c:\program files\Common Files\Logitech
2008-12-10 15:37 . 2008-12-10 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-12-08 18:06 . 2008-12-08 18:11 <DIR> d-------- c:\program files\Deadliest Catch Alaskan Storm
2008-11-23 15:14 . 2004-08-03 23:10 51,328 --a------ c:\windows\system32\drivers\msdv.sys
2008-11-23 15:14 . 2004-08-03 23:10 51,328 --a------ c:\windows\system32\dllcache\msdv.sys
2008-11-23 15:14 . 2004-08-03 23:10 48,128 --a------ c:\windows\system32\drivers\61883.sys
2008-11-23 15:14 . 2004-08-03 23:10 48,128 --a------ c:\windows\system32\dllcache\61883.sys
2008-11-23 15:14 . 2004-08-03 23:10 38,912 --a------ c:\windows\system32\drivers\avc.sys
2008-11-23 15:14 . 2004-08-03 23:10 38,912 --a------ c:\windows\system32\dllcache\avc.sys
2008-11-21 17:38 . 2008-11-21 17:38 <DIR> d-------- c:\documents and settings\Jason Mach\Application Data\Ulead Systems
2008-11-21 17:37 . 2008-11-21 17:37 <DIR> d-------- c:\windows\system32\Quicktime
2008-11-21 17:37 . 2008-11-21 17:37 <DIR> d-------- c:\program files\SmartSound Software
2008-11-21 17:37 . 2008-11-21 17:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2008-11-21 17:36 . 2008-11-21 17:36 <DIR> d-------- c:\program files\Windows Media Components
2008-11-21 17:36 . 2008-11-21 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\QuickTime
2008-11-21 17:35 . 2008-11-21 17:35 <DIR> d-------- c:\program files\Ulead Systems
2008-11-21 17:35 . 2008-11-21 17:37 <DIR> d-------- c:\program files\Common Files\Ulead Systems
2008-11-21 17:35 . 2008-11-21 17:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-18 20:54 . 2008-11-18 20:54 <DIR> d-------- c:\program files\iPod
2008-11-18 20:53 . 2008-11-18 20:54 <DIR> d-------- c:\program files\iTunes
2008-11-18 20:53 . 2008-11-18 20:53 <DIR> d-------- c:\program files\Bonjour
2008-11-18 20:53 . 2008-11-18 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-18 20:52 . 2008-11-18 20:52 <DIR> d-------- c:\program files\QuickTime
2008-11-18 20:51 . 2008-11-18 20:51 <DIR> d-------- c:\program files\Apple Software Update
2008-11-18 20:50 . 2008-10-01 13:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-11-06 20:18 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-11-06 20:18 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-11-01 23:43 . 2008-11-01 23:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 09:26 --------- d-----w c:\program files\FireworksExtravaganza_at
2009-12-19 09:25 --------- d-----w c:\program files\Dell
2009-12-19 09:23 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-12-19 09:14 14,336 ----a-w c:\windows\system32\svchost.exe
2009-12-19 09:14 14,336 ----a-w c:\windows\system32\dllcache\svchost.exe
2009-12-19 07:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-12-18 21:16 --------- d-----w c:\program files\Symantec
2009-12-18 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-12-18 21:13 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-12-18 21:13 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-12-18 21:13 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-18 21:13 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-30 05:03 47,104 ----a-w c:\windows\system32\rpcnet.dll
2008-12-30 05:03 17,408 ----a-w c:\windows\system32\rpcnetp.exe
2008-12-30 05:03 17,408 ----a-w c:\windows\system32\rpcnetp.dll
2008-12-17 03:36 --------- d-----w c:\program files\Java
2008-12-14 08:51 --------- d-----w c:\documents and settings\Jason Mach\Application Data\Skype
2008-12-14 06:49 --------- d-----w c:\documents and settings\Jason Mach\Application Data\skypePM
2008-12-12 17:33 3,060,224 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 09:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-10 20:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 20:38 --------- d-----w c:\program files\Logitech
2008-12-10 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2008-11-21 00:01 --------- d--ha-w c:\documents and settings\All Users\Application Data\GTek
2008-11-19 03:27 --------- d-----w c:\documents and settings\Jason Mach\Application Data\Apple Computer
2008-11-19 01:53 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-19 01:52 --------- d-----w c:\program files\Common Files\Apple
2008-11-07 00:57 --------- d-----w c:\program files\Activision
2008-11-02 04:43 --------- d-----w c:\program files\AIM6
2008-11-02 04:43 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45 18,432 ------w c:\windows\system32\dllcache\iedw.exe
2008-10-13 04:56 183,128 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-03 19:34 625,032 ----a-w c:\windows\system32\SymNeti.dll
2008-10-03 19:34 242,056 ----a-w c:\windows\system32\SymRedir.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-10-02 22:36 32,256 ----a-w c:\windows\system32\identprv.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-19 03:39 47,104 ----a-w c:\windows\system32\rpcnet.exe
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-05-24 01:19 22,328 ----a-w c:\documents and settings\Jason Mach\Application Data\PnkBstrK.sys
2008-11-18 00:05 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-18 00:05 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-18 00:05 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-18 00:05 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-18 00:05 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-05-15 14:54 74 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( snapshot@2008-12-28_17.17.50.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-30 05:03:37 16,384 ----atw c:\windows\temp\Perflib_Perfdata_2a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-15 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Google Update"="c:\documents and settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-17 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-09 8527872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-09 81920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 346648]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-06 659456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz"="nwiz.exe" [2008-01-09 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-01-09 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-17 c:\windows\stsystra.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Mouse_shiftctrlclick_macros.ahk [2007-10-22 578]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-10 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-15 10:10 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=upmlgz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jason Mach^Start Menu^Programs^Startup^Product Registration.lnk]
path=c:\documents and settings\Jason Mach\Start Menu\Programs\Startup\Product Registration.lnk
backup=c:\windows\pss\Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2008-02-28 13:18 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-02 15:07 133104 c:\documents and settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 12:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-15 10:02 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-05-21 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-05-15 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-05-15 7424]
R3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2008-05-15 117888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-30 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 15:07]

2008-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1478657868-1945099570-997056472-1005.job
- c:\documents and settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 15:07]

2008-12-27 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-06 23:53]

2008-12-16 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Jason Mach.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080515
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Jason Mach\Application Data\Mozilla\Firefox\Profiles\2z6q7y9e.default\
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 01:39:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2008-12-30 1:40:26
ComboFix-quarantined-files.txt 2008-12-30 06:39:59
ComboFix2.txt 2008-12-28 22:18:10

Pre-Run: 106,336,673,792 bytes free
Post-Run: 106,337,206,272 bytes free

344 --- E O F --- 2008-12-18 08:01:00


-----------------------------------------

Also, I scanned my computer with Norton in Safe Mode, and it no longer found the backdoor virus. Just out of curiosity, which steps that you had me do would have gotten rid of some of this stuff? I thought all I was doing was generating log files?

Thanks!

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 31 December 2008 - 03:34 AM

Hi there,

The ComboFix also removes a lot of bad things. HijackThis has the capability to fix and remove things, but we haven't done that yet so it was all ComboFix for now. :thumbsup: I'll be back in a little bit with the next steps. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 31 December 2008 - 03:48 AM

Hi,

This will get rid of an orphaned entry, and help with the speed of your computer:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O20 - AppInit_DLLs: upmlgz.dll


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
C:\p2hhr.bat
C:\-62260395


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

How is it running now please? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 ClickJ

ClickJ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 31 December 2008 - 05:38 PM

New ComboFix:

ComboFix 08-12-30.02 - Jason Mach 2008-12-30 15:40:05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3262.2753 [GMT -5:00]
Running from: c:\documents and settings\Jason Mach\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jason Mach\Desktop\CFScript.txt
AV: Norton Security Online *On-access scanning enabled* (Outdated)
FW: Norton Security Online *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\-62260395
C:\p2hhr.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-62260395
C:\p2hhr.bat

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2009-12-19 04:40 . 2009-12-19 04:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-12-19 03:49 . 2009-12-19 03:49 0 --a------ C:\nowy_00001.avi
2009-12-19 03:49 . 2009-12-19 03:49 0 --a------ C:\nowy.avi
2009-12-19 03:09 . 2009-12-19 03:09 <DIR> d-------- c:\program files\EVE Interactive
2009-12-18 16:28 . 2009-12-18 16:28 268 --ah----- C:\sqmdata01.sqm
2009-12-18 16:28 . 2009-12-18 16:28 244 --ah----- C:\sqmnoopt01.sqm
2009-12-18 16:16 . 2008-07-30 17:42 23,888 --a------ c:\windows\system32\drivers\COH_Mon.sys
2009-12-18 16:16 . 2008-07-30 17:28 10,537 --a------ c:\windows\system32\drivers\COH_Mon.cat
2009-12-18 16:16 . 2008-07-30 17:28 706 --a------ c:\windows\system32\drivers\COH_Mon.inf
2008-12-30 01:34 . 2008-12-30 01:35 <DIR> d-------- C:\abc
2008-12-30 00:06 . 2008-12-30 00:21 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-27 23:35 . 2008-12-27 23:35 268 --ah----- C:\sqmdata03.sqm
2008-12-27 23:35 . 2008-12-27 23:35 244 --ah----- C:\sqmnoopt03.sqm
2008-12-22 02:01 . 2008-12-22 02:01 268 --ah----- C:\sqmdata02.sqm
2008-12-22 02:01 . 2008-12-22 02:01 244 --ah----- C:\sqmnoopt02.sqm
2008-12-21 02:06 . 2008-12-21 02:06 <DIR> d-------- c:\program files\Act-3D
2008-12-21 02:06 . 2006-08-17 00:18 2,332,368 --a------ c:\windows\system\d3dx9_29.dll
2008-12-21 02:06 . 2003-02-21 13:42 348,160 --a------ c:\windows\system\msvcr71.dll
2008-12-21 02:06 . 2006-08-08 12:08 143,360 --a------ c:\windows\system\vh202.DLL
2008-12-21 02:02 . 2008-12-21 02:02 <DIR> d-------- c:\program files\Virtual Hottie 2
2008-12-21 01:57 . 2008-12-21 01:57 <DIR> d-------- c:\program files\7-Zip
2008-12-20 00:22 . 2008-12-20 00:22 <DIR> d-------- C:\rsit
2008-12-19 16:40 . 2008-12-19 16:40 <DIR> d-------- c:\program files\Trend Micro
2008-12-19 06:02 . 2008-12-19 06:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 06:02 . 2008-12-19 06:02 <DIR> d-------- c:\documents and settings\Jason Mach\Application Data\Malwarebytes
2008-12-19 06:02 . 2008-12-19 06:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 06:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 06:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-19 05:50 . 2008-12-19 05:51 <DIR> d-------- c:\documents and settings\Jason Mach\.housecall6.6
2008-12-19 05:48 . 2008-12-21 02:26 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-16 22:36 . 2008-12-16 22:36 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-16 15:07 . 2008-12-16 15:07 268 --ah----- C:\sqmdata00.sqm
2008-12-16 15:07 . 2008-12-16 15:07 244 --ah----- C:\sqmnoopt00.sqm
2008-12-16 06:25 . 2008-12-17 04:35 <DIR> d-------- c:\documents and settings\Jason Mach\Contacts
2008-12-16 06:23 . 2008-12-16 06:25 <DIR> d-------- c:\program files\Windows Live
2008-12-16 06:23 . 2008-12-16 06:24 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-16 06:23 . 2008-12-16 06:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-13 01:45 . 2003-11-04 15:11 159,744 --a------ c:\windows\system32\lfpng13n.dll
2008-12-12 22:15 . 2008-12-12 22:15 <DIR> d-------- c:\program files\AutoHotkey
2008-12-10 15:42 . 2008-12-10 15:42 <DIR> d-------- c:\program files\Common Files\LogiShared
2008-12-10 15:42 . 2008-12-10 15:42 <DIR> d-------- c:\documents and settings\Jason Mach\Application Data\Logitech
2008-12-10 15:42 . 2008-12-10 15:42 <DIR> d-------- c:\documents and settings\Jason Mach\Application Data\Leadertech
2008-12-10 15:40 . 2008-12-10 15:40 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-10 15:40 . 2008-12-10 15:40 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-10 15:39 . 2007-04-11 15:33 1,419,024 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2008-12-10 15:39 . 2007-04-23 04:00 163,840 --a------ c:\windows\system32\kemutb.dll
2008-12-10 15:39 . 2007-04-23 04:00 135,168 --a------ c:\windows\system32\KemUtil.dll
2008-12-10 15:39 . 2007-04-23 04:00 110,592 --a------ c:\windows\system32\KemWnd.dll
2008-12-10 15:39 . 2007-04-23 04:00 69,632 --a------ c:\windows\system32\KemXML.dll
2008-12-10 15:39 . 2007-04-11 15:32 56,080 --a------ c:\windows\KHALMNPR.Exe
2008-12-10 15:39 . 2007-04-11 15:32 36,112 --a------ c:\windows\system32\drivers\LMouFilt.Sys
2008-12-10 15:39 . 2007-04-11 15:32 34,832 --a------ c:\windows\system32\drivers\LHidFilt.Sys
2008-12-10 15:38 . 2008-12-10 15:39 <DIR> d-------- c:\program files\Common Files\Logitech
2008-12-10 15:37 . 2008-12-10 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-12-08 18:06 . 2008-12-08 18:11 <DIR> d-------- c:\program files\Deadliest Catch Alaskan Storm
2008-11-23 15:14 . 2004-08-03 23:10 51,328 --a------ c:\windows\system32\drivers\msdv.sys
2008-11-23 15:14 . 2004-08-03 23:10 51,328 --a------ c:\windows\system32\dllcache\msdv.sys
2008-11-23 15:14 . 2004-08-03 23:10 48,128 --a------ c:\windows\system32\drivers\61883.sys
2008-11-23 15:14 . 2004-08-03 23:10 48,128 --a------ c:\windows\system32\dllcache\61883.sys
2008-11-23 15:14 . 2004-08-03 23:10 38,912 --a------ c:\windows\system32\drivers\avc.sys
2008-11-23 15:14 . 2004-08-03 23:10 38,912 --a------ c:\windows\system32\dllcache\avc.sys
2008-11-21 17:38 . 2008-11-21 17:38 <DIR> d-------- c:\documents and settings\Jason Mach\Application Data\Ulead Systems
2008-11-21 17:37 . 2008-11-21 17:37 <DIR> d-------- c:\windows\system32\Quicktime
2008-11-21 17:37 . 2008-11-21 17:37 <DIR> d-------- c:\program files\SmartSound Software
2008-11-21 17:37 . 2008-11-21 17:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2008-11-21 17:36 . 2008-11-21 17:36 <DIR> d-------- c:\program files\Windows Media Components
2008-11-21 17:36 . 2008-11-21 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\QuickTime
2008-11-21 17:35 . 2008-11-21 17:35 <DIR> d-------- c:\program files\Ulead Systems
2008-11-21 17:35 . 2008-11-21 17:37 <DIR> d-------- c:\program files\Common Files\Ulead Systems
2008-11-21 17:35 . 2008-11-21 17:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-18 20:54 . 2008-11-18 20:54 <DIR> d-------- c:\program files\iPod
2008-11-18 20:53 . 2008-11-18 20:54 <DIR> d-------- c:\program files\iTunes
2008-11-18 20:53 . 2008-11-18 20:53 <DIR> d-------- c:\program files\Bonjour
2008-11-18 20:53 . 2008-11-18 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-18 20:52 . 2008-11-18 20:52 <DIR> d-------- c:\program files\QuickTime
2008-11-18 20:51 . 2008-11-18 20:51 <DIR> d-------- c:\program files\Apple Software Update
2008-11-18 20:50 . 2008-10-01 13:01 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-11-06 20:18 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-11-06 20:18 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-11-01 23:43 . 2008-11-01 23:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 09:26 --------- d-----w c:\program files\FireworksExtravaganza_at
2009-12-19 09:25 --------- d-----w c:\program files\Dell
2009-12-19 09:23 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-12-19 09:14 14,336 ----a-w c:\windows\system32\svchost.exe
2009-12-19 09:14 14,336 ----a-w c:\windows\system32\dllcache\svchost.exe
2009-12-19 07:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-12-18 21:16 --------- d-----w c:\program files\Symantec
2009-12-18 21:16 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-12-18 21:13 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-12-18 21:13 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-12-18 21:13 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-18 21:13 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-30 20:35 47,104 ----a-w c:\windows\system32\rpcnet.dll
2008-12-30 20:35 17,408 ----a-w c:\windows\system32\rpcnetp.exe
2008-12-30 20:23 17,408 ----a-w c:\windows\system32\rpcnetp.dll
2008-12-17 03:36 --------- d-----w c:\program files\Java
2008-12-14 08:51 --------- d-----w c:\documents and settings\Jason Mach\Application Data\Skype
2008-12-14 06:49 --------- d-----w c:\documents and settings\Jason Mach\Application Data\skypePM
2008-12-12 17:33 3,060,224 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 09:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-10 20:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 20:38 --------- d-----w c:\program files\Logitech
2008-12-10 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2008-11-21 00:01 --------- d--ha-w c:\documents and settings\All Users\Application Data\GTek
2008-11-19 03:27 --------- d-----w c:\documents and settings\Jason Mach\Application Data\Apple Computer
2008-11-19 01:53 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-19 01:52 --------- d-----w c:\program files\Common Files\Apple
2008-11-07 00:57 --------- d-----w c:\program files\Activision
2008-11-02 04:43 --------- d-----w c:\program files\AIM6
2008-11-02 04:43 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45 18,432 ------w c:\windows\system32\dllcache\iedw.exe
2008-10-13 04:56 183,128 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-03 19:34 625,032 ----a-w c:\windows\system32\SymNeti.dll
2008-10-03 19:34 242,056 ----a-w c:\windows\system32\SymRedir.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-10-02 22:36 32,256 ----a-w c:\windows\system32\identprv.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-19 03:39 47,104 ----a-w c:\windows\system32\rpcnet.exe
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-05-24 01:19 22,328 ----a-w c:\documents and settings\Jason Mach\Application Data\PnkBstrK.sys
2008-11-18 00:05 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-18 00:05 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-18 00:05 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-18 00:05 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-18 00:05 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-05-15 14:54 74 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( snapshot@2008-12-28_17.17.50.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-30 20:35:43 16,384 ----atw c:\windows\temp\Perflib_Perfdata_178.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-15 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"Google Update"="c:\documents and settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-17 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-09 8527872]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 346648]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-06 659456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"NVHotkey"="nvHotkey.dll" [2008-01-09 c:\windows\system32\nvhotkey.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Mouse_shiftctrlclick_macros.ahk [2007-10-22 578]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-10 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-15 10:10 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jason Mach^Start Menu^Programs^Startup^Product Registration.lnk]
path=c:\documents and settings\Jason Mach\Start Menu\Programs\Startup\Product Registration.lnk
backup=c:\windows\pss\Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2008-02-28 13:18 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-02 15:07 133104 c:\documents and settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 12:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-15 10:02 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-05-21 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-05-15 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-05-15 7424]
R3 physX32;physX32;c:\windows\system32\DRIVERS\physX32.sys [2008-05-15 117888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-30 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 15:07]

2008-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1478657868-1945099570-997056472-1005.job
- c:\documents and settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 15:07]

2008-12-27 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-06 23:53]

2008-12-16 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Jason Mach.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080515
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Jason Mach\Application Data\Mozilla\Firefox\Profiles\2z6q7y9e.default\
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 15:42:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2008-12-30 15:43:44
ComboFix-quarantined-files.txt 2008-12-30 20:43:19
ComboFix2.txt 2008-12-30 06:40:27
ComboFix3.txt 2008-12-28 22:18:10

Pre-Run: 106,353,831,936 bytes free
Post-Run: 106,349,019,136 bytes free

332 --- E O F --- 2008-12-18 08:01:00


---------------------------------------








New HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:18 PM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\BF2G15Mod\BF2 LCD.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080515
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jason Mach\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/38.05/57...0/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://games.bigfishgames.com/en_cinematyc...inematycoon.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://www.putfile.com/includes/ImageUploader4-5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13143 bytes

----------------------------




Internet and everything is working fine now, Norton still doesn't run - do you have recommendations for an antivirus program? We don't even have SBC anymore and I was thinking about getting a different AV program. My computer seems to perform fine for games, but I am unable to open Office documents. I can open the programs but when I try to open actual documents the program locks up and has to be forced closed - I assume this has to do with the virus scanning in Office, as it locks up when the status shows that it's scanning for viruses. Also, my computer is still very slow to boot up. After I enter my password to login to Windows, it says "loading user settings" or whatever for a bit, and then it displays my wallpaper and stays there for about 3 minutes. During this time, the HDD indicator light stops blinking and the disc in the drive stops spinning. Then after about 3 minutes, the HDD light starts flashing again and the disc spins again, it's almost like my computer stops working for those couple of minutes before the desktop loads.

Edited by ClickJ, 01 January 2009 - 01:22 PM.


#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 02 January 2009 - 07:50 PM

Hello,

I would recommend either Avira OR Avast. I use Avira (AntiVir). Both are free and top ranked, even among the paid AntiVirus programs. To get rid of Norton totally, since it leaves a huge mess with a typical uninstallation, please run the following tool:

The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006/2007/2008 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Let me know how you come out. :thumbsup:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 ClickJ

ClickJ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 03 January 2009 - 02:12 PM

Thanks for the links! I decided to install Avast. Looks like Norton was the problem with booting up and opening Office documents - everything worked fine after I got rid of it.

Avast did find two virus files: Win32 Trojan-gen {other}

Found it in two different locations and I deleted it, I don't know if that's something I should worry about.

Other than that it looks like my computer is back to normal - are there any other logs I should post?

Thank you so much! I really appreciate it - I thought my computer was toast...I do hate reformatting.

Thanks again, have a great new year!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users