Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan -- "Symantec Email Proxy" repeated popups


  • This topic is locked This topic is locked
9 replies to this topic

#1 123disfunctional!

123disfunctional!

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 26 June 2009 - 07:52 AM

Hello,
I've arrived after attempting multiple removals of one or more trojans affecting my computer. A pop up box repeatedly appears, labeled "Symantec" and telling me that 1 of 1 messages is being scanned. Then a centered popup box tells me that there is some Email Proxy Error and that the message, to some email address that I've never heard of could not be sent. Normally these messages come one after another, but of course, now that I want to desribe them in detail, they are no where to be found... :thumbup2:

I've run Avira a number of times, as well as Windows Defender and CCleaner to try to catch any remnants. Avira has found a number of trojans, with files named A0097036.exe, A0097037.sys, and A0097040.exe, but seems to be having trouble deleting them. Windows Defender thinks that my computer is functioning normally.

Thanks for your time and help. Yay volunteers!

Here's my DDS log file:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 8:06:57.20 on Fri 06/26/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.77 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\f.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\dldtcoms.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\matlab7\bin\win32\matlab.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\f.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k sys
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://qus7.hpwis.com/
mDefault_Search_URL = hxxp://srch-qus7.hpwis.com/
mSearch Page = hxxp://srch-qus7.hpwis.com/
mStart Page = hxxp://qus7.hpwis.com/
mSearch Bar = hxxp://srch-qus7.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://qus7.hpwis.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ccRegVfy] "c:\program files\common files\symantec shared\ccRegVfy.exe"
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [S3TRAY2] S3tray2.exe
mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [sysldtray] c:\windows\ld10.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_01-win.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {743E9AA5-7C44-43FF-9D51-FCB42163ABEE} = 66.174.95.44 66.174.92.14
Notify: igfxcui - igfxsrvc.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\4gp2fxsx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - localhost:8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\4gp2fxsx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJPI140_01.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R?2 6to4Alerter;IPv6 Helper Service 6to4Alerter;c:\windows\system32\f.exe service --> c:\windows\system32\f.exe service [?]
R?2 sys;sys;c:\windows\system32\svchost.exe -k sys [2003-4-10 14336]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-9 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-24 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-24 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-24 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-24 55640]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2002-11-14 317128]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
R2 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\Navapsvc.exe [2002-11-15 116336]
R2 SAVRTPEL;SAVRTPEL;c:\windows\system32\drivers\SAVRTPEL.SYS [2005-1-9 35552]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-28 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20041215.032\NAVENG.Sys [2004-12-16 72712]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20041215.032\NavEx15.Sys [2004-12-16 629544]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-2-23 33024]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-2-23 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-2-23 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-2-23 59904]
R3 SAVRT;SAVRT;c:\windows\system32\drivers\SAVRT.SYS [2005-1-9 235744]
S1 sysdrv;sysdrv;\??\c:\program files\sys\sys.sys --> c:\program files\sys\sys.sys [?]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2008-2-25 99568]
S2 lcacilq;lcacilq;\??\c:\windows\system32\drivers\loyjbqx.sys --> c:\windows\system32\drivers\loyjbqx.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-1-9 99352]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2004-8-27 15576]

=============== Created Last 30 ================

2009-06-26 07:17 <DIR> --d----- c:\program files\Trend Micro
2009-06-25 19:54 0 ac------ c:\windows\system32\dllcache\oledlg.dll.new
2009-06-25 13:02 6,553 a------- c:\windows\system32\spupdsvc.inf
2009-06-25 12:54 <DIR> --d----- c:\windows\system32\scripting
2009-06-25 12:54 <DIR> --d----- c:\windows\l2schemas
2009-06-25 12:54 <DIR> --d----- c:\windows\system32\en
2009-06-25 12:46 <DIR> --d----- c:\windows\network diagnostic
2009-06-25 12:44 1,374 a------- c:\windows\imsins.BAK
2009-06-24 21:00 <DIR> --d----- c:\program files\CCleaner
2009-06-24 20:36 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-24 20:36 <DIR> --d----- c:\program files\Avira
2009-06-24 20:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-24 19:20 <DIR> --d----- c:\windows\ERUNT
2009-06-23 18:30 <DIR> --d----- c:\program files\sys
2009-06-23 18:30 2 a------- c:\windows\010112010146118114.dat
2009-06-23 17:30 184 a------- c:\windows\22678h32.bat
2009-06-23 17:30 22,528 a---h--- c:\windows\system32\f.exe
2009-06-23 17:30 213,024 a------- c:\windows\system32\drivers\str.sys
2009-06-19 13:58 61,224 a------- c:\documents and settings\owner\GoToAssistDownloadHelper.exe
2009-06-02 22:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ThumbnailCache4R

==================== Find3M ====================

2009-06-25 12:59 79,179 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-09 20:17 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-09 20:16 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 00:46 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2003-01-25 06:30 32 ac-sh--- c:\windows\{432DC6F6-968D-4F5B-A15F-5FECE3F263AD}.dat
2003-01-25 06:30 32 ac-sh--- c:\windows\system32\{7A423CBA-2B8A-4A0B-AE91-B7E63A03AA63}.dat

============= FINISH: 8:08:55.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:33 AM

Posted 30 June 2009 - 09:51 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
First I would like to see a new log since alot could have changed since your origional post.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks

unite.jpg


#3 123disfunctional!

123disfunctional!
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 30 June 2009 - 10:16 PM

Hello Syler,
Thanks for attacking this with me.

I ran RSIT as you requested and these are the returned files:

1. LOG FILE

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-06-30 23:07:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 57 GB (81%) free of 71 GB
Total RAM: 479 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:05 PM, on 6/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\f.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\MATLAB7\webserver\bin\win32\matlabserver.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\matlab7\bin\win32\matlab.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\f.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus7.hpwis.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld10.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{743E9AA5-7C44-43FF-9D51-FCB42163ABEE}: NameServer = 66.174.95.44 66.174.92.14
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7291 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - c:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2002-10-16 114688]
"KBD"=C:\HP\KBD\KBD.EXE [2001-07-07 61440]
"StorageGuard"=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-06-18 155648]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2003-12-02 54296]
"ccRegVfy"=c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2003-12-02 58392]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-07-31 81920]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-05-22 188416]
"S3TRAY2"=C:\WINDOWS\system32\S3tray2.exe [2003-02-25 69632]
"dldtmon.exe"=C:\Program Files\Dell V305\dldtmon.exe [2008-06-24 668912]
"dldtamon"=C:\Program Files\Dell V305\dldtamon.exe [2008-06-24 16624]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-29 520024]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"sysldtray"=C:\windows\ld10.exe []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=nview.dll,nViewLoadHook []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2004-10-24 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2003-01-11 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
C:\PROGRA~1\MICROS~2\Office\FINDFAST.EXE [1997-07-11 111376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA.EXE [1997-07-11 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
C:\PROGRA~1\Quicken\bagent.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-10-16 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Program Files\Maple 9.5\jre\bin\java.exe"="C:\Program Files\Maple 9.5\jre\bin\java.exe:*:Enabled:java"
"C:\Program Files\Maple 9.5\bin.win\mserver.exe"="C:\Program Files\Maple 9.5\bin.win\mserver.exe:*:Enabled:mserver"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Dell V305\dldtamon.exe"="C:\Program Files\Dell V305\dldtamon.exe:*:Enabled:Dell Device Monitor"
"C:\Program Files\Dell V305\frun.exe"="C:\Program Files\Dell V305\frun.exe:*:Enabled:Dell Imaging Toolbox"
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Program Files\Dell V305\dldtmon.exe"="C:\Program Files\Dell V305\dldtmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\system32\dldtcoms.exe"="C:\WINDOWS\system32\dldtcoms.exe:*:Enabled:Lexmark Communications System"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\Dell V305\dldtlscn.exe"="C:\Program Files\Dell V305\dldtlscn.exe:*:Enabled: "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\Program Files\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.9.0.4937-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.9.0.4937-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldttime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldttime.exe:*:Disabled:Time Executable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-06-30 23:07:55 ----D---- C:\rsit
2009-06-26 07:17:26 ----D---- C:\Program Files\Trend Micro
2009-06-26 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-06-26 03:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-26 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-06-25 19:50:59 ----A---- C:\WINDOWS\OEWABLog.txt
2009-06-25 19:48:57 ----D---- C:\WINDOWS\Prefetch
2009-06-25 13:11:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-25 13:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-25 13:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-25 13:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-25 13:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-06-25 13:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-25 13:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-25 13:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-25 13:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-06-25 13:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-25 13:09:12 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-25 13:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-06-25 13:08:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-25 13:08:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-06-25 13:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-06-25 13:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-06-25 13:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-06-25 13:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-06-25 13:07:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-06-25 13:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-25 13:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-25 13:06:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-06-25 13:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-25 13:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-25 13:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-06-25 13:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2009-06-25 13:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-25 13:04:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-25 13:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-25 13:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-25 13:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-06-25 13:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-25 13:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-25 13:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-25 13:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-25 13:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-06-25 13:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-06-25 13:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-06-25 13:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-25 12:56:58 ----A---- C:\WINDOWS\setuplog.txt
2009-06-25 12:54:13 ----D---- C:\WINDOWS\system32\en-us
2009-06-25 12:54:11 ----D---- C:\WINDOWS\system32\scripting
2009-06-25 12:54:09 ----D---- C:\WINDOWS\l2schemas
2009-06-25 12:54:07 ----D---- C:\WINDOWS\system32\en
2009-06-25 12:46:25 ----D---- C:\WINDOWS\network diagnostic
2009-06-25 12:44:31 ----A---- C:\WINDOWS\imsins.BAK
2009-06-25 09:41:20 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-24 21:00:04 ----D---- C:\Program Files\CCleaner
2009-06-24 20:36:30 ----D---- C:\Program Files\Avira
2009-06-24 20:36:30 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-06-24 19:20:05 ----D---- C:\WINDOWS\ERUNT
2009-06-23 18:30:41 ----D---- C:\Program Files\sys
2009-06-23 17:30:29 ----A---- C:\WINDOWS\22678h32.bat
2009-06-23 17:30:23 ----AH---- C:\WINDOWS\system32\f.exe
2009-06-12 09:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-06-12 09:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB969897_0$
2009-06-12 09:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-12 09:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-06-12 09:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-06-02 22:10:07 ----D---- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R

======List of files/folders modified in the last 1 months======

2009-06-30 23:08:02 ----D---- C:\WINDOWS\Temp
2009-06-30 23:07:25 ----A---- C:\WINDOWS\ModemLog_PANTECH UM175.txt
2009-06-30 23:02:29 ----D---- C:\Program Files\Mozilla Firefox
2009-06-30 22:29:26 ----RASHDC---- C:\WINDOWS\system32\dllcache
2009-06-30 22:13:19 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-30 22:12:12 ----SD---- C:\WINDOWS\Tasks
2009-06-30 22:11:14 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-30 17:46:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-28 21:00:50 ----D---- C:\WINDOWS
2009-06-28 20:37:51 ----A---- C:\WINDOWS\win.ini
2009-06-26 07:17:26 ----RAD---- C:\Program Files
2009-06-26 03:01:44 ----HD---- C:\WINDOWS\inf
2009-06-26 03:01:40 ----D---- C:\WINDOWS\system32
2009-06-26 03:01:27 ----D---- C:\WINDOWS\WinSxS
2009-06-26 03:00:28 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-25 21:35:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-25 21:28:53 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-25 19:52:12 ----D---- C:\WINDOWS\Debug
2009-06-25 19:52:04 ----SHD---- C:\WINDOWS\Installer
2009-06-25 19:48:23 ----D---- C:\WINDOWS\system32\Setup
2009-06-25 19:48:23 ----D---- C:\WINDOWS\AppPatch
2009-06-25 19:48:23 ----D---- C:\Program Files\Messenger
2009-06-25 19:48:22 ----D---- C:\WINDOWS\system32\wbem
2009-06-25 19:48:21 ----RSD---- C:\WINDOWS\Fonts
2009-06-25 19:48:15 ----D---- C:\WINDOWS\system32\drivers
2009-06-25 13:08:02 ----D---- C:\WINDOWS\security
2009-06-25 12:55:08 ----D---- C:\WINDOWS\ServicePackFiles
2009-06-25 12:55:06 ----D---- C:\Program Files\Windows Media Player
2009-06-25 12:55:04 ----D---- C:\WINDOWS\Help
2009-06-25 12:54:39 ----D---- C:\WINDOWS\ime
2009-06-25 12:54:13 ----D---- C:\WINDOWS\system32\usmt
2009-06-25 12:54:10 ----D---- C:\Program Files\Internet Explorer
2009-06-25 12:54:06 ----D---- C:\WINDOWS\system32\bits
2009-06-25 12:54:06 ----D---- C:\WINDOWS\peernet
2009-06-25 12:54:05 ----D---- C:\Program Files\Movie Maker
2009-06-25 12:49:22 ----D---- C:\WINDOWS\system32\Restore
2009-06-25 12:49:22 ----D---- C:\WINDOWS\system32\npp
2009-06-25 12:49:21 ----D---- C:\WINDOWS\msagent
2009-06-25 12:49:19 ----D---- C:\WINDOWS\srchasst
2009-06-25 12:49:18 ----D---- C:\Program Files\NetMeeting
2009-06-25 12:49:16 ----D---- C:\WINDOWS\system32\Com
2009-06-25 12:49:12 ----D---- C:\Program Files\Windows NT
2009-06-25 12:49:12 ----D---- C:\Program Files\Outlook Express
2009-06-25 12:49:08 ----D---- C:\Program Files\Common Files\System
2009-06-25 12:48:45 ----AD---- C:\WINDOWS\system32\oobe
2009-06-25 12:48:42 ----D---- C:\WINDOWS\system
2009-06-25 12:44:29 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-25 12:44:18 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-06-25 12:38:02 ----D---- C:\WINDOWS\EHome
2009-06-24 22:34:28 ----D---- C:\WINDOWS\Minidump
2009-06-24 20:35:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-24 18:54:32 ----D---- C:\Documents and Settings
2009-06-23 18:20:15 ----A---- C:\WINDOWS\ModemLog_PANTECH UM175 #2.txt
2009-06-01 12:51:12 ----AC---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041215.032\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041215.032\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-11-20 9856]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-30 23808]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ; C:\WINDOWS\system32\DRIVERS\PTDUBus.sys [2008-08-10 33024]
R3 PTDUMdm;PANTECH UM175 Drivers; C:\WINDOWS\system32\DRIVERS\PTDUMdm.sys [2008-08-10 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port; C:\WINDOWS\system32\DRIVERS\PTDUVsp.sys [2008-08-10 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver; C:\WINDOWS\system32\DRIVERS\PTDUWWAN.sys [2008-08-10 59904]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2003-05-26 166912]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-10-25 91774]
S1 sysdrv;sysdrv; \??\C:\Program Files\sys\sys.sys []
S2 lcacilq;lcacilq; \??\C:\WINDOWS\system32\drivers\loyjbqx.sys []
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-10-25 71514]
S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-10-25 80283]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 Wdm1;USB Bridge Cable Driver; C:\WINDOWS\System32\Drivers\usbbc.sys [2001-11-09 15576]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 6to4Alerter;IPv6 Helper Service 6to4Alerter; C:\WINDOWS\system32\f.exe [2009-06-23 22528]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-11-14 317128]
R2 dldt_device;dldt_device; C:\WINDOWS\system32\dldtcoms.exe [2008-02-25 595184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-29 1029456]
R2 matlabserver;MATLAB Server; C:\MATLAB7\webserver\bin\win32\matlabserver.exe [2004-04-24 536576]
R2 navapsvc;Norton AntiVirus Auto Protect Service; c:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-15 116336]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2008-02-25 99568]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-12-12 65536]
S2 sys;sys; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ccPwdSvc;Symantec Password Validation Service; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-12-02 99352]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

-----------------EOF-----------------


2. INFO FILE

info.txt logfile of random's system information tool 1.06 2009-06-30 23:08:12

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x9 -L0x9anything
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dell V305-->C:\Program Files\Dell V305\Install\x86\Uninst.exe
Detto IntelliMover-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}\Setup.exe"
FileZilla Client 3.0.11-->C:\Program Files\FileZilla FTP Client\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 940c series (Remove only)-->C:\Program Files\hp deskjet 940c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=940c -huninstall
HTML-Kit-->"C:\Program Files\Chami\HTML-Kit\unins000.exe"
Intel® Extreme Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment Standard Edition v1.3.1_02-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.0_01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CF31609-270B-11D6-9445-000102308676}\Setup.exe" Anytext
Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
KBD-->C:\HP\KBD\KBD.EXE uninstalled
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MATLAB Family of Products Release 14-->C:\MATLAB7\uninstall\uninstall.exe C:\MATLAB7\
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office 97, Professional Edition-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NetLogo 3.0-->"C:\Program Files\NetLogo 3.0\UninstallerData\Uninstall NetLogo.exe"
Norton AntiVirus 2003-->MsiExec.exe /I{EDCD4CE3-DE92-49A9-87F9-FE09B2FBA16C}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
OLYMPUS CAMEDIA Master 4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.2
PANTECH UM175 Driver-->C:\Program Files\PANTECH\PANTECH UM175\PTDUUninstall.exe
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Simple Installer - Multilanguage Version-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->c:\program files\viewpoint\viewpoint experience technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
WildTangent Channel Manager-->C:\Program Files\WildTangent\DDC\DDCManager\Uninstall.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AntiVir Desktop
AV: Norton AntiVirus (disabled) (outdated)

======System event log======

Computer Name: KATE
Event Code: 7028
Message: The lcacilq Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 12
Source Name: Service Control Manager
Time Written: 20090623201810.000000-240
Event Type: error
User:

Computer Name: KATE
Event Code: 7028
Message: The lcacilq Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 11
Source Name: Service Control Manager
Time Written: 20090623201810.000000-240
Event Type: error
User:

Computer Name: KATE
Event Code: 7028
Message: The lcacilq Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 10
Source Name: Service Control Manager
Time Written: 20090623201728.000000-240
Event Type: error
User:

Computer Name: KATE
Event Code: 7000
Message: The dldtCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 9
Source Name: Service Control Manager
Time Written: 20090623201728.000000-240
Event Type: error
User:

Computer Name: KATE
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the dldtCATSCustConnectService service to connect.

Record Number: 8
Source Name: Service Control Manager
Time Written: 20090623201728.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: KATE
Event Code: 1001
Message: Detection of product '{CD1CD48D-7B18-4254-B43D-AEAB704AB063}', feature 'MailBox' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 47369
Source Name: MsiInstaller
Time Written: 20090220111715.000000-300
Event Type: warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: KATE
Event Code: 1004
Message: Detection of product '{CD1CD48D-7B18-4254-B43D-AEAB704AB063}', feature 'MailBox', component '{5CC2D105-DDDD-4EC4-8B74-750194E57B99}' failed. The resource 'HKEY_CURRENT_USER\Software\InstallShield\UpdateService\' does not exist.

Record Number: 47368
Source Name: MsiInstaller
Time Written: 20090220111715.000000-300
Event Type: warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: KATE
Event Code: 1001
Message: Detection of product '{CD1CD48D-7B18-4254-B43D-AEAB704AB063}', feature 'MailBox' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 47367
Source Name: MsiInstaller
Time Written: 20090220111715.000000-300
Event Type: warning
User: KATE\Owner

Computer Name: KATE
Event Code: 1004
Message: Detection of product '{CD1CD48D-7B18-4254-B43D-AEAB704AB063}', feature 'MailBox', component '{5CC2D105-DDDD-4EC4-8B74-750194E57B99}' failed. The resource 'HKEY_CURRENT_USER\Software\InstallShield\UpdateService\' does not exist.

Record Number: 47366
Source Name: MsiInstaller
Time Written: 20090220111715.000000-300
Event Type: warning
User: KATE\Owner

Computer Name: KATE
Event Code: 1001
Message: Detection of product '{CD1CD48D-7B18-4254-B43D-AEAB704AB063}', feature 'MailBox' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 47365
Source Name: MsiInstaller
Time Written: 20090220111715.000000-300
Event Type: warning
User: NT AUTHORITY\NETWORK SERVICE

=====Security event log=====

Computer Name: KATE
Event Code: 850
Message: A port was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Interface: All interfaces

Name: SMB over TCP

Port number: 445

Protocol: TCP

State: Enabled

Scope: Local subnet only

Record Number: 88355
Source Name: Security
Time Written: 20090623173909.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: KATE
Event Code: 850
Message: A port was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Interface: All interfaces

Name: NetBIOS Session Service

Port number: 139

Protocol: TCP

State: Enabled

Scope: Local subnet only

Record Number: 88354
Source Name: Security
Time Written: 20090623173909.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: KATE
Event Code: 850
Message: A port was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Interface: All interfaces

Name: NetBIOS Datagram Service

Port number: 138

Protocol: UDP

State: Enabled

Scope: Local subnet only

Record Number: 88353
Source Name: Security
Time Written: 20090623173909.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: KATE
Event Code: 850
Message: A port was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Interface: All interfaces

Name: NetBIOS Name Service

Port number: 137

Protocol: UDP

State: Enabled

Scope: Local subnet only

Record Number: 88352
Source Name: Security
Time Written: 20090623173909.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: KATE
Event Code: 849
Message: An application was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Name: Time Executable

Path: C:\WINDOWS\system32\spool\drivers\w32x86\3\dldttime.exe

State: Enabled

Scope: All subnets

Record Number: 88351
Source Name: Security
Time Written: 20090623173909.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor\services;C:\Program Files\Sonic\MyDVD;C:\MATLAB7\bin\win32;
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0800
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------


Cheers!

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:33 AM

Posted 01 July 2009 - 12:28 AM

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#5 123disfunctional!

123disfunctional!
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 02 July 2009 - 10:23 AM

Oh Boy.

I guess reformatting is the best option. As of right now I'm backing up the files and settings and whatnot and trying to locate an OS disk. Unfortunate but necessary.

Thanks again for your help.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:33 AM

Posted 02 July 2009 - 03:42 PM

Hi,

Yes it is unfortunate but it's the best option, sorry I couldn't be of more help, if you don't have anymore question
I will close this topic.

Regards
Syler

unite.jpg


#7 123disfunctional!

123disfunctional!
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 03 July 2009 - 11:01 AM

Hi Syler,

I do have one more question. I reformatted once yesterday and then Avira found two things. I reformatted again, thinking that maybe my firewall wasn't put up properly before I connected to the internet, and then Avira found the exact two problems again. Here's a section from the Avira log showing what it found and tried to do with it:

Beginning disinfection:
C:\hp\bin\CorelWP\src\Setup\bfix.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4ab68ca7.qua'!
C:\WINDOWS\system32\msCMTsrvc.exe
[DETECTION] Is the TR/Dldr.Presario Trojan
[NOTE] The file was moved to '4a908cb4.qua'!

I'm wondering if these things are actually malware or something that Avira should ignore. I ran DDS again (but didn't attach anything):


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 10:44:32.82 on Fri 07/03/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.190 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://qus7.hpwis.com/
uSearch Page = hxxp://srch-qus7.hpwis.com/
uDefault_Page_URL = hxxp://qus7.hpwis.com/
uDefault_Search_URL = hxxp://srch-qus7.hpwis.com/
uSearch Bar = hxxp://srch-qus7.hpwis.com/
mDefault_Page_URL = hxxp://qus7.hpwis.com/
mDefault_Search_URL = hxxp://srch-qus7.hpwis.com/
mSearch Page = hxxp://srch-qus7.hpwis.com/
mStart Page = hxxp://qus7.hpwis.com/
mSearch Bar = hxxp://srch-qus7.hpwis.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [nwiz] nwiz.exe /installquiet /keeploaded
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_01-win.cab
TCP: {559C0CC3-ADC1-461B-A532-40B9F358DCA4} = 66.174.95.44 69.78.96.14
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\czqc5phj.default\
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJPI140_01.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-2 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-2 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-2 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-2 55640]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-2 33024]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-2 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-2 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-2 59904]
S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\mscmtsrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]

=============== Created Last 30 ================

2009-07-03 10:35 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-07-02 23:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Verizon Wireless
2009-07-02 23:29 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-02 23:29 <DIR> --d----- c:\program files\Avira
2009-07-02 23:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-07-02 23:27 <DIR> --d----- c:\docume~1\owner\applic~1\Smith Micro
2009-07-02 23:24 319,456 a------- c:\windows\system32\DIFxAPI.dll
2009-07-02 23:24 77,824 a------- c:\windows\system32\PTDUwmcp.dll
2009-07-02 23:24 59,904 a------- c:\windows\system32\drivers\PTDUWWAN.sys
2009-07-02 23:24 41,344 a------- c:\windows\system32\drivers\PTDUMdm.sys
2009-07-02 23:24 39,936 a------- c:\windows\system32\drivers\PTDUVsp.sys
2009-07-02 23:24 33,024 a------- c:\windows\system32\drivers\PTDUBus.sys
2009-07-02 23:24 <DIR> --d----- c:\program files\PANTECH
2009-07-02 23:23 <DIR> --d----- c:\program files\Verizon Wireless
2009-07-02 23:20 <DIR> --d----- c:\program files\msn gaming zone
2009-07-02 23:19 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-07-02 23:12 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-02 23:12 316,640 a------- c:\windows\WMSysPr9.prx
2009-07-02 23:12 59,392 -------- c:\windows\system32\logman.exe
2009-07-02 23:12 9,216 -------- c:\windows\system32\proxycfg.exe
2009-07-02 23:12 1,229 -------- c:\windows\system32\wbem\wscenter.mof
2009-07-02 23:09 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-02 23:08 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2009-07-02 23:06 19,528 a------- c:\windows\002047_.tmp
2009-07-02 23:06 15,872 a------- c:\windows\system32\spupdsvc.exe
2009-07-02 23:04 <DIR> --d----- c:\windows\EHome
2009-07-02 22:58 4 a------- c:\windows\msoffice.ini
2009-07-02 22:40 3,474 a--shr-- c:\windows\system32\drivers\HP_P8654X-ABA S3000Z NA110_YC_Pres_QMX318S_E32NAheRED3 _4_IKM266-8235_S_V_BAM37312_T030317_WXH1_L409_M480_J82_7AMD_8Athlon XP 2000+_91.66_111C15811_N10EC8139_P_Z11C1044E_K_A11063059_U11063038_G53338D04.MRK
2009-07-02 22:39 <DIR> --d----- c:\program files\Musicmatch
2009-07-02 22:39 24,576 a------- c:\windows\system32\drivers\kbdclass.sys
2009-07-02 22:39 52,736 a------- c:\windows\system32\drivers\i8042prt.sys
2009-07-02 22:38 40,960 a------- c:\windows\AolCInUn.exe
2009-07-02 22:37 <DIR> --d----- c:\program files\Encarta Online
2009-07-02 22:32 145,792 a------- c:\windows\system32\drivers\portcls.sys
2009-07-02 22:32 130,048 a------- c:\windows\system32\ksproxy.ax
2009-07-02 22:32 60,288 a------- c:\windows\system32\drivers\drmk.sys
2009-07-02 22:32 4,096 a------- c:\windows\system32\ksuser.dll
2009-07-02 21:26 248 a------- c:\windows\system\hpsysdrv.dat
2009-07-02 21:24 <DIR> --d----- C:\i386
2009-07-02 21:15 <DIR> a-d--r-- C:\Program Files
2009-07-02 21:15 <DIR> a-d--r-- c:\documents and settings\all users\Documents
2009-07-02 21:15 <DIR> a-d--r-- c:\windows\Offline Web Pages
2009-07-02 21:13 <DIR> acdshr-- c:\windows\system32\dllcache
2009-07-02 20:29 <DIR> --d----- c:\windows\pss

==================== Find3M ====================

2009-07-02 23:14 79,179 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 10:44:55.51 ===============

-cheers, Kate

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:33 AM

Posted 03 July 2009 - 02:49 PM

Hi Kate,

These detections shouldn't be anything to worry about, they are just some rubbish that comes with HP computers, see here.
Your log looks fine to me, so I will close this topic if you have no more problems.

Syler

unite.jpg


#9 123disfunctional!

123disfunctional!
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 04 July 2009 - 11:33 AM

Thanks Syler!

Feel free to close the topic.

-Kate

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:33 AM

Posted 04 July 2009 - 04:34 PM

Your welcome.

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users