Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

protection system virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 thatdudebaker

thatdudebaker

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 01 September 2009 - 05:06 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-09-01 18:01:20
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 51 GB (34%) free of 147 GB
Total RAM: 895 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:42 PM, on 9/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscsvc32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\program files\Bigfix\bigfix.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3644
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3644
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3644
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=W3644
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [isCfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Protection System] "C:\Program Files\Protection System\psystem.exe" -noscan
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9826 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-24 316784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2009-08-06 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-08-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
CoTGT_BHO Class - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-09 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\windows\system32\BAE.dll [2006-02-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-16 1144712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-08-06 2403392]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 316784]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-16 1144712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-31 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-27 16844800]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-08-03 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-11-29 58928]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-08-06 1838592]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-08-25 51048]
"isCfgWiz"=C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe [2007-08-24 607624]
"osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2007-08-25 714608]
"BigFix"=c:\program files\Bigfix\bigfix.exe [2006-11-16 2348584]
"Spare Backup"=C:\Program Files\Spare Backup\SpareBackup.exe [2007-07-13 5252936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"=NA []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2009-02-21 4333568]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Protection System"=C:\Program Files\Protection System\psystem.exe [2009-09-01 2535424]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll [2005-01-31 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll [2005-05-10 86016]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-09-01 18:01:21 ----D---- C:\Program Files\trend micro
2009-09-01 18:01:20 ----D---- C:\rsit
2009-08-31 20:30:31 ----A---- C:\WINDOWS\system32\wingenocx.dll
2009-08-31 20:10:06 ----D---- C:\Program Files\Protection System
2009-08-31 19:59:32 ----A---- C:\WINDOWS\system32\wscsvc32.exe
2009-08-27 03:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-20 19:22:19 ----D---- C:\Program Files\FLV Player
2009-08-20 19:03:50 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
2009-08-20 19:03:28 ----A---- C:\WINDOWS\system32\HSFCISP2.dll
2009-08-18 15:38:49 ----D---- C:\WINDOWS\Sun
2009-08-18 14:47:15 ----A---- C:\WINDOWS\system32\mcdmsg7.dll
2009-08-18 14:41:41 ----D---- C:\Program Files\Samurize
2009-08-18 14:40:58 ----D---- C:\Program Files\Ask.com
2009-08-18 14:40:45 ----D---- C:\Documents and Settings\Owner\Application Data\Trillian
2009-08-18 14:40:22 ----D---- C:\Program Files\Trillian
2009-08-18 14:40:00 ----D---- C:\Program Files\Rainlendar2
2009-08-18 14:39:19 ----D---- C:\Program Files\Stardock
2009-08-18 14:39:19 ----D---- C:\Program Files\Common Files\Stardock
2009-08-18 14:21:53 ----D---- C:\Program Files\TGTSoft
2009-08-13 03:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-12 03:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-12 03:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-12 03:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-12 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-12 03:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-12 03:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-12 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-12 03:01:36 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-12 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-12 03:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-10 15:14:11 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-08-10 14:55:42 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-08-10 00:52:42 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-10 00:52:37 ----D---- C:\Program Files\Cool MP3 Splitter
2009-08-10 00:06:59 ----D---- C:\Documents and Settings\Owner\Application Data\DivX
2009-08-09 03:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-08 03:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-08-08 03:16:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-08-08 03:16:46 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-08 03:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-08-08 03:16:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-08-08 03:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-08-08 03:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-08-08 03:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-08-08 03:16:10 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-08-08 03:16:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-08-08 03:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2009-08-08 03:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-08-08 03:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-08 03:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-08 03:11:25 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-08 03:11:23 ----D---- C:\Program Files\MSBuild
2009-08-08 03:11:17 ----D---- C:\Program Files\Reference Assemblies
2009-08-08 03:10:46 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-08 03:10:46 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-08 03:10:45 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-08 03:10:44 ----D---- C:\d43022c86e3ab25d9200cb23d8
2009-08-08 03:07:43 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-08-08 03:06:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-08 03:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-08 03:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-08 03:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-08 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-08-08 03:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-08-08 03:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-08 03:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-08-08 03:03:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-08-08 03:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-08-08 03:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-08 03:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-08-08 03:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-08-08 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-08 03:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-08-08 03:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-08-08 03:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2009-08-08 03:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-08-08 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-08-08 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-08-08 03:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-08-08 03:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-08 03:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-08-08 03:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-08 03:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-08-08 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-08 03:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-08 03:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-08-08 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-08-08 03:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-08-08 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-08-08 03:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-08-08 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-08-08 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-08-08 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-08-08 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-08 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-08-08 00:10:31 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-08-08 00:10:31 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-08-08 00:10:31 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-08-08 00:10:31 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-08-08 00:10:31 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-08-08 00:10:30 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-08-08 00:10:30 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-08-08 00:10:30 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-08-08 00:10:30 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-08-08 00:10:30 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-08-08 00:10:30 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-08-08 00:10:30 ----N---- C:\WINDOWS\system32\px.dll
2009-08-08 00:10:03 ----D---- C:\Program Files\DivX
2009-08-08 00:10:03 ----D---- C:\Program Files\Common Files\DivX Shared
2009-08-07 17:51:50 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-08-07 17:51:50 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-08-07 17:45:20 ----D---- C:\Documents and Settings\Owner\Application Data\WinRAR
2009-08-07 17:45:08 ----D---- C:\Program Files\WinRAR
2009-08-07 03:00:23 ----D---- C:\WINDOWS\system32\PreInstall
2009-08-07 03:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-08-07 01:43:00 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-08-06 22:32:08 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2009-08-06 22:31:50 ----D---- C:\WINDOWS\nview
2009-08-06 22:31:50 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-08-06 22:31:42 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-08-06 22:31:40 ----D---- C:\Program Files\Common Files\InstallShield
2009-08-06 22:31:37 ----D---- C:\Program Files\DIFX
2009-08-06 22:31:35 ----A---- C:\WINDOWS\system32\nvconrm.dll
2009-08-06 22:31:35 ----A---- C:\WINDOWS\system32\bdco1ins.dll
2009-08-06 22:31:35 ----A---- C:\WINDOWS\system32\bdco1.dll
2009-08-06 22:31:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-06 22:31:26 ----A---- C:\WINDOWS\system32\fdco1ins.dll
2009-08-06 22:31:26 ----A---- C:\WINDOWS\system32\fdco1.dll
2009-08-06 22:30:17 ----HDC---- C:\WINDOWS\$NtUninstallKB929120$
2009-08-06 22:30:14 ----HDC---- C:\WINDOWS\$NtUninstallKB928388$
2009-08-06 22:30:13 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-08-06 22:30:11 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-08-06 22:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB925454$
2009-08-06 22:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923694$
2009-08-06 22:29:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-08-06 22:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-08-06 22:29:37 ----D---- C:\WINDOWS\WBEM
2009-08-06 22:29:37 ----D---- C:\WINDOWS\system32\en-US
2009-08-06 22:29:30 ----HDC---- C:\WINDOWS\ie7
2009-08-06 22:29:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-08-06 22:29:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-08-06 22:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-08-06 22:29:10 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-08-06 22:27:04 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-08-06 22:20:18 ----D---- C:\Program Files\CONEXANT
2009-08-06 22:18:50 ----SHD---- C:\System Volume Information
2009-08-06 22:14:46 ----D---- C:\WINDOWS\creator
2009-08-06 22:13:58 ----D---- C:\WINDOWS\SMINST
2009-08-06 22:13:58 ----A---- C:\WINDOWS\system32\Uci32107.dll
2009-08-06 22:13:58 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-08-06 22:13:58 ----A---- C:\WINDOWS\system32\idecoiins.dll
2009-08-06 22:13:58 ----A---- C:\WINDOWS\system32\idecoi.dll
2009-08-06 22:13:56 ----D---- C:\WINDOWS\I386
2009-08-06 22:13:45 ----A---- C:\WINDOWS\system32\wowfaxui.dll
2009-08-06 22:13:42 ----A---- C:\WINDOWS\system32\wowfax.dll
2009-08-06 22:13:35 ----A---- C:\WINDOWS\system32\usrvpa.dll
2009-08-06 22:13:31 ----A---- C:\WINDOWS\system32\usrvoica.dll
2009-08-06 22:13:28 ----A---- C:\WINDOWS\system32\usrv80a.dll
2009-08-06 22:13:25 ----A---- C:\WINDOWS\system32\usrv42a.dll
2009-08-06 22:13:22 ----A---- C:\WINDOWS\system32\usrsvpia.dll
2009-08-06 22:13:19 ----A---- C:\WINDOWS\system32\usrshuta.exe
2009-08-06 22:13:16 ----A---- C:\WINDOWS\system32\usrsdpia.dll
2009-08-06 22:13:13 ----A---- C:\WINDOWS\system32\usrrtosa.dll
2009-08-06 22:13:10 ----A---- C:\WINDOWS\system32\usrprbda.exe
2009-08-06 22:13:06 ----A---- C:\WINDOWS\system32\usrmlnka.exe
2009-08-06 22:13:03 ----A---- C:\WINDOWS\system32\usrlbva.dll
2009-08-06 22:13:00 ----A---- C:\WINDOWS\system32\usrfaxa.dll
2009-08-06 22:12:57 ----A---- C:\WINDOWS\system32\usrdtea.dll
2009-08-06 22:12:54 ----A---- C:\WINDOWS\system32\usrdpa.dll
2009-08-06 22:12:51 ----A---- C:\WINDOWS\system32\usrcoina.dll
2009-08-06 22:12:48 ----A---- C:\WINDOWS\system32\usrcntra.dll
2009-08-06 22:12:47 ----A---- C:\WINDOWS\system32\usbui.dll
2009-08-06 22:12:44 ----A---- C:\WINDOWS\system32\tsbyuv.dll
2009-08-06 22:12:41 ----A---- C:\WINDOWS\system32\streamci.dll
2009-08-06 22:12:40 ----A---- C:\WINDOWS\system32\storprop.dll
2009-08-06 22:12:37 ----A---- C:\WINDOWS\system32\sprio800.dll
2009-08-06 22:12:35 ----A---- C:\WINDOWS\system32\sprio600.dll
2009-08-06 22:12:30 ----A---- C:\WINDOWS\system32\spnike.dll
2009-08-06 22:12:25 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-08-06 22:12:25 ----A---- C:\WINDOWS\system32\pid.dll
2009-08-06 22:12:22 ----A---- C:\WINDOWS\system32\paqsp.dll
2009-08-06 22:12:18 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-08-06 22:12:13 ----A---- C:\WINDOWS\system32\mdwmdmsp.dll
2009-08-06 22:12:13 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-08-06 22:12:11 ----A---- C:\WINDOWS\system32\hid.dll
2009-08-06 22:12:10 ----A---- C:\WINDOWS\system32\dvdplay.exe
2009-08-06 22:11:30 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-08-06 22:11:29 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2009-08-06 22:08:38 ----D---- C:\My Backup -- 09-08-06 0708PM
2009-08-06 20:58:17 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2009-08-06 20:58:09 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-08-06 20:57:50 ----D---- C:\Program Files\iPod
2009-08-06 20:57:46 ----D---- C:\Program Files\iTunes
2009-08-06 20:57:46 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-06 20:57:23 ----D---- C:\Program Files\Bonjour
2009-08-06 20:56:49 ----D---- C:\Program Files\QuickTime
2009-08-06 20:56:48 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-08-06 20:56:31 ----D---- C:\Program Files\Apple Software Update
2009-08-06 20:56:25 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-08-06 20:56:11 ----D---- C:\Program Files\Common Files\Apple
2009-08-06 20:56:10 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-06 20:49:54 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2009-08-06 20:49:46 ----D---- C:\Program Files\Mozilla Firefox
2009-08-06 20:41:32 ----D---- C:\Documents and Settings\Owner\Application Data\Google
2009-08-06 20:13:27 ----SHD---- C:\RECYCLER
2009-08-06 20:11:22 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2009-08-06 20:10:10 ----D---- C:\WINDOWS\system32\Lang
2009-08-06 20:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-08-06 20:06:34 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-08-06 20:06:14 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-08-06 20:05:53 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-08-06 20:05:39 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-08-06 20:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-08-06 20:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-08-06 20:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-08-06 20:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-08-06 20:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-08-06 20:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-08-06 20:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-08-06 20:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2009-08-06 20:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB917537$
2009-08-06 20:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB917159$
2009-08-06 20:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-08-06 20:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-08-06 20:01:46 ----D---- C:\Documents and Settings\Owner\Application Data\Spare Backup
2009-08-06 20:01:26 ----D---- C:\Program Files\Spare Backup
2009-08-06 20:01:04 ----D---- C:\Program Files\Microsoft WSE
2009-08-06 20:00:49 ----A---- C:\WINDOWS\system32\Marker32.exe
2009-08-06 20:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2009-08-06 19:59:49 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2009-08-06 19:58:48 ----HDC---- C:\WINDOWS\$NtUninstallKB933360$
2009-08-06 19:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-08-06 19:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB938829$
2009-08-06 19:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-08-06 19:54:10 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-08-06 19:53:58 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-08-06 19:53:24 ----D---- C:\Program Files\MSXML 4.0
2009-08-06 19:53:06 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2009-08-06 19:52:53 ----HDC---- C:\WINDOWS\$NtUninstallKB921503$
2009-08-06 19:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2009-08-06 19:51:50 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-08-06 19:51:35 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-08-06 19:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2009-08-06 19:50:35 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2009-08-06 19:50:14 ----D---- C:\WINDOWS\ie7updates
2009-08-06 19:49:46 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-08-06 19:49:35 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-08-06 19:49:23 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-08-06 19:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2009-08-06 19:48:55 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-08-06 19:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-08-06 19:48:27 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-08-06 19:48:20 ----D---- C:\Program Files\BigFix
2009-08-06 19:48:20 ----A---- C:\WINDOWS\BigFixClientOverride.dll
2009-08-06 19:48:00 ----HDC---- C:\WINDOWS\$NtUninstallKB929338$
2009-08-06 19:47:31 ----D---- C:\Documents
2009-08-06 19:47:03 ----D---- C:\Documents and Settings\Owner\Application Data\Symantec
2009-08-06 19:46:00 ----D---- C:\Program Files\Windows Sidebar
2009-08-06 19:45:35 ----D---- C:\Program Files\Norton Internet Security
2009-08-06 19:45:22 ----D---- C:\Documents and Settings\Owner\Application Data\SampleView
2009-08-06 19:45:09 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-08-06 19:45:05 ----D---- C:\Program Files\Symantec
2009-08-06 19:45:05 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-08-06 19:44:42 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-06 19:42:20 ----D---- C:\Program Files\eMachines Games
2009-08-06 19:42:04 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-08-06 19:41:54 ----D---- C:\google
2009-08-06 19:41:54 ----A---- C:\WINDOWS\system32\bae.dll
2009-08-06 19:41:51 ----D---- C:\Program Files\NetZero
2009-08-06 19:41:48 ----D---- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-08-06 19:41:45 ----D---- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2009-08-06 19:41:24 ----D---- C:\Program Files\Acceller
2009-08-06 19:41:22 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-06 19:41:22 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-06 19:41:22 ----A---- C:\WINDOWS\system32\java.exe
2009-08-06 19:41:13 ----D---- C:\Program Files\Java
2009-08-06 19:41:12 ----D---- C:\Program Files\Common Files\Java
2009-08-06 19:41:02 ----D---- C:\Documents and Settings\Owner\Application Data\Sun
2009-08-06 19:40:55 ----A---- C:\WINDOWS\csup.txt
2009-08-06 19:40:49 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-08-06 19:40:41 ----D---- C:\Program Files\Google
2009-08-06 19:40:35 ----HD---- C:\WINDOWS\msdownld.tmp
2009-08-06 19:40:28 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-08-06 19:39:49 ----D---- C:\Program Files\Common Files\DESIGNER
2009-08-06 19:39:35 ----D---- C:\Program Files\Microsoft.NET
2009-08-06 19:38:46 ----D---- C:\WINDOWS\SHELLNEW
2009-08-06 19:38:26 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-08-06 19:38:10 ----RHD---- C:\MSOCache
2009-08-06 19:37:36 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-08-06 19:37:14 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-08-06 19:37:14 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-08-06 19:37:06 ----D---- C:\Program Files\CyberLink
2009-08-06 19:36:42 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-06 19:36:35 ----D---- C:\Program Files\Common Files\Adobe
2009-08-06 19:36:35 ----D---- C:\Program Files\Adobe
2009-08-06 19:36:03 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-08-06 19:35:57 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-08-06 19:35:52 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-08-06 19:35:44 ----D---- C:\Program Files\Windows Media Connect 2
2009-08-06 19:35:39 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-08-06 19:35:16 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-08-06 19:35:04 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-06 19:34:57 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-08-06 19:34:25 ----D---- C:\Program Files\Microsoft Office
2009-08-06 19:34:22 ----D---- C:\Program Files\MSXML 6.0
2009-08-06 19:33:48 ----D---- C:\Program Files\Microsoft Works
2009-08-06 19:33:19 ----D---- C:\Program Files\eBay
2009-08-06 19:33:09 ----D---- C:\Program Files\AOL 9.0
2009-08-06 19:33:02 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-08-06 19:32:47 ----D---- C:\WINDOWS\system32\RTCOM
2009-08-06 19:32:44 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-08-06 19:32:20 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-08-06 19:32:17 ----A---- C:\WINDOWS\SoundMan.exe
2009-08-06 19:32:17 ----A---- C:\WINDOWS\SkyTel.exe
2009-08-06 19:32:16 ----A---- C:\WINDOWS\RtlUpd.exe
2009-08-06 19:32:16 ----A---- C:\WINDOWS\RTLCPL.exe
2009-08-06 19:32:15 ----A---- C:\WINDOWS\RTHDCPL.exe
2009-08-06 19:32:14 ----A---- C:\WINDOWS\MicCal.exe
2009-08-06 19:32:12 ----D---- C:\Program Files\Realtek
2009-08-06 19:32:12 ----A---- C:\WINDOWS\alcwzrd.exe
2009-08-06 19:32:12 ----A---- C:\WINDOWS\Alcmtr.exe
2009-08-06 19:32:11 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-06 19:32:08 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-08-06 19:32:08 ----A---- C:\WINDOWS\HideWin.exe

======List of files/folders modified in the last 1 months======

2009-09-01 18:01:21 ----RD---- C:\Program Files
2009-09-01 17:38:12 ----D---- C:\WINDOWS\Temp
2009-09-01 17:31:49 ----D---- C:\WINDOWS\Prefetch
2009-09-01 17:31:07 ----A---- C:\WINDOWS\win.ini
2009-09-01 17:29:30 ----D---- C:\WINDOWS\system32
2009-09-01 06:40:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-31 21:30:52 ----D---- C:\WINDOWS
2009-08-31 19:59:16 ----D---- C:\WINDOWS\system32\drivers
2009-08-27 03:00:21 ----HD---- C:\WINDOWS\inf
2009-08-25 18:02:45 ----RSD---- C:\WINDOWS\Fonts
2009-08-23 20:37:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-21 00:00:02 ----SD---- C:\WINDOWS\Tasks
2009-08-21 00:00:02 ----A---- C:\WINDOWS\setuplog.txt
2009-08-20 19:03:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-18 18:59:27 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-08-18 15:19:01 ----D---- C:\Program Files\Windows Media Player
2009-08-18 15:00:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-18 14:41:04 ----SHD---- C:\WINDOWS\Installer
2009-08-18 14:39:19 ----D---- C:\Program Files\Common Files
2009-08-18 14:24:37 ----RSH---- C:\boot.ini
2009-08-18 14:22:09 ----D---- C:\WINDOWS\Resources
2009-08-13 03:00:40 ----A---- C:\WINDOWS\imsins.BAK
2009-08-12 05:08:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-12 03:01:45 ----D---- C:\Program Files\Outlook Express
2009-08-09 03:00:40 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-08 15:43:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-08 03:29:17 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-08 03:29:16 ----RSD---- C:\WINDOWS\assembly
2009-08-08 03:23:03 ----D---- C:\WINDOWS\system32\wbem
2009-08-08 03:23:03 ----D---- C:\WINDOWS\AppPatch
2009-08-08 03:22:31 ----D---- C:\WINDOWS\security
2009-08-08 03:16:33 ----D---- C:\Program Files\Messenger
2009-08-08 03:13:50 ----D---- C:\WINDOWS\WinSxS
2009-08-08 03:11:06 ----D---- C:\WINDOWS\system32\spool
2009-08-08 03:08:56 ----D---- C:\Program Files\Internet Explorer
2009-08-08 03:02:37 ----D---- C:\WINDOWS\msagent
2009-08-07 01:43:05 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-07 01:43:05 ----D---- C:\WINDOWS\Help
2009-08-06 22:29:35 ----D---- C:\WINDOWS\Media
2009-08-06 22:19:12 ----A---- C:\WINDOWS\system.ini
2009-08-06 22:13:56 ----D---- C:\Program Files\Windows NT
2009-08-06 22:13:55 ----D---- C:\Program Files\NetMeeting
2009-08-06 22:13:54 ----D---- C:\Program Files\Movie Maker
2009-08-06 22:13:50 ----D---- C:\Program Files\Common Files\Services
2009-08-06 22:13:49 ----D---- C:\WINDOWS\twain_32
2009-08-06 22:13:49 ----D---- C:\WINDOWS\system
2009-08-06 22:12:48 ----D---- C:\WINDOWS\system32\usmt
2009-08-06 22:12:26 ----D---- C:\WINDOWS\system32\ras
2009-08-06 22:12:19 ----D---- C:\WINDOWS\system32\npp
2009-08-06 22:12:12 ----D---- C:\WINDOWS\system32\icsxml
2009-08-06 22:12:12 ----D---- C:\WINDOWS\system32\ias
2009-08-06 22:11:27 ----D---- C:\WINDOWS\system32\Setup
2009-08-06 22:11:26 ----D---- C:\WINDOWS\system32\Com
2009-08-06 22:11:25 ----D---- C:\WINDOWS\system32\1033
2009-08-06 22:11:25 ----D---- C:\WINDOWS\srchasst
2009-08-06 22:11:19 ----RD---- C:\WINDOWS\Web
2009-08-06 22:11:19 ----D---- C:\WINDOWS\ime
2009-08-06 22:11:17 ----D---- C:\WINDOWS\PeerNet
2009-08-06 22:11:02 ----D---- C:\WINDOWS\Cursors
2009-08-06 22:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-08-06 22:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2009-08-06 22:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB916281$
2009-08-06 22:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB914906$
2009-08-06 22:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB912945$
2009-08-06 22:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB911567$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB910728$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB906569$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-08-06 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB896688$
2009-08-06 22:10:58 ----SHD---- C:\System Recovery
2009-08-06 22:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2009-08-06 22:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-08-06 22:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-08-06 22:10:58 ----D---- C:\Program Files\xerox
2009-08-06 22:10:58 ----D---- C:\Program Files\Online Services
2009-08-06 22:10:58 ----D---- C:\Program Files\MSN Gaming Zone
2009-08-06 22:10:58 ----D---- C:\Program Files\MSN
2009-08-06 22:10:58 ----D---- C:\Program Files\microsoft frontpage
2009-08-06 22:10:57 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-08-06 22:10:57 ----D---- C:\Program Files\Common Files\ODBC
2009-08-06 22:10:57 ----D---- C:\Program Files\Common Files\New Boundary
2009-08-06 22:10:57 ----D---- C:\Program Files\Common Files\MSSoap
2009-08-06 22:10:56 ----D---- C:\Documents and Settings\Owner\Application Data\Identities
2009-08-06 22:10:55 ----D---- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2009-08-06 22:10:29 ----D---- C:\WINDOWS\pchealth
2009-08-06 22:10:29 ----D---- C:\WINDOWS\msapps
2009-08-06 22:10:06 ----D---- C:\WINDOWS\RegisteredPackages
2009-08-06 22:10:05 ----D---- C:\WINDOWS\Provisioning
2009-08-06 22:10:04 ----RD---- C:\WINDOWS\Offline Web Pages
2009-08-06 22:09:38 ----D---- C:\WINDOWS\Debug
2009-08-06 22:09:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-06 22:09:37 ----D---- C:\WINDOWS\Driver Cache
2009-08-06 22:09:13 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2009-08-06 22:09:13 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-08-06 22:09:13 ----HDC---- C:\WINDOWS\$NtUninstallKB899589$
2009-08-06 22:09:10 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP10$
2009-08-06 22:09:10 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-08-06 22:09:10 ----HDC---- C:\WINDOWS\$NtUninstallKB896256$
2009-08-06 22:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB905915$
2009-08-06 22:09:05 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-08-06 22:09:03 ----HDC---- C:\WINDOWS\$NtUninstallKB913446$
2009-08-06 22:09:02 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2009-08-06 22:09:02 ----HDC---- C:\WINDOWS\$NtUninstallKB912812$
2009-08-06 22:09:02 ----HDC---- C:\WINDOWS\$NtUninstallKB911565$
2009-08-06 22:09:00 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-08-06 22:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-08-06 22:08:57 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2009-08-06 22:08:53 ----D---- C:\WINDOWS\system32\mui
2009-08-06 22:08:51 ----D---- C:\WINDOWS\system32\URTTemp
2009-08-06 22:08:49 ----D---- C:\WINDOWS\system32\MsDtc
2009-08-06 22:08:49 ----D---- C:\WINDOWS\system32\Macromed
2009-08-06 22:08:48 ----SD---- C:\WINDOWS\system32\Microsoft
2009-08-06 22:08:48 ----D---- C:\WINDOWS\system32\IME
2009-08-06 22:08:48 ----D---- C:\WINDOWS\system32\DirectX
2009-08-06 22:08:40 ----D---- C:\WINDOWS\java
2009-08-06 20:39:49 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-06 20:39:26 ----D---- C:\WINDOWS\system32\Restore
2009-08-06 20:39:25 ----D---- C:\WINDOWS\system32\config
2009-08-06 20:38:07 ----D---- C:\WINDOWS\Registration
2009-08-06 20:13:29 ----D---- C:\WINDOWS\OPTIONS
2009-08-06 20:00:35 ----A---- C:\WINDOWS\system32\emver.ini
2009-08-06 20:00:34 ----A---- C:\WINDOWS\system32\oeminfo.ini
2009-08-06 19:52:00 ----D---- C:\Program Files\Common Files\System
2009-08-06 19:44:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-08-06 19:33:18 ----D---- C:\WINDOWS\system32\oobe
2009-08-06 19:33:06 ----D---- C:\Documents and Settings
2009-08-05 05:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-07-31 43696]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-08-13 188464]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-07-18 990592]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-02 4613120]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070820.048\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070820.048\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-07-31 278576]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 31280]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-08-13 22320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver; C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 69692]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-07-31 317616]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20070823.002\SymIDSCo.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 31280]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-25 149864]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-25 149864]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-25 149864]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-25 149864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2009-08-06 172032]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-10 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GameConsoleService;GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [2007-08-29 181800]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-08-06 1838592]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-06 138168]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-08-06 1245064]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-23 243064]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:57 PM

Posted 17 September 2009 - 07:55 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 thatdudebaker

thatdudebaker
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 19 September 2009 - 04:06 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 17:03:23.65 on Sat 09/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.340 [GMT -4:00]

AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.pif
C:\Documents and Settings\Owner\My Documents\Downloads\dds.pif
C:\WINDOWS\system32\findstr.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: CoTGT_BHO Class: {c333cf63-767f-4831-94ac-e683d962c63c} - c:\program files\tgtsoft\stylexp\TGT_BHO.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Power2GoExpress] NA
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [STYLEXP] c:\program files\tgtsoft\stylexp\StyleXP.exe -Hide
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Protection System] "c:\program files\protection system\psystem.exe" -noscan
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\w6b2ezz4.default\
FF - prefs.js: browser.startup.homepage - hxxp://ntkl.yuku.com/forums/65
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-25 149864]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-25 149864]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-25 149864]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070820.048\NAVENG.SYS [2009-8-6 81232]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070820.048\NAVEX15.SYS [2009-8-6 865904]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-8-6 1245064]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2009-8-6 69692]

=============== Created Last 30 ================

2009-09-19 17:02 <DIR> --d-h--- c:\windows\PIF
2009-09-17 20:48 45 a------- C:\TEST.XML
2009-09-12 21:35 268,648 a------- c:\windows\system32\mucltui.dll
2009-09-12 21:35 208,744 a------- c:\windows\system32\muweb.dll
2009-09-12 21:35 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-09-12 10:14 <DIR> --d----- c:\program files\iPhone Configuration Utility
2009-09-12 10:11 <DIR> --d----- c:\program files\iPod
2009-09-12 10:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-09 13:45 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-01 18:01 <DIR> --d----- c:\program files\trend micro
2009-08-31 20:30 31,232 a------- c:\windows\system32\wingenocx.dll
2009-08-31 20:10 <DIR> --d----- c:\program files\Protection System
2009-08-20 19:03 685,056 ac------ c:\windows\system32\dllcache\hsfcxts2.sys
2009-08-20 19:03 220,032 ac------ c:\windows\system32\dllcache\hsfbs2s2.sys
2009-08-20 19:03 32,285 ac------ c:\windows\system32\dllcache\hsfcisp2.dll
2009-08-20 19:03 685,056 a------- c:\windows\system32\drivers\HSFCXTS2.sys
2009-08-20 19:03 220,032 a------- c:\windows\system32\drivers\HSFBS2S2.sys
2009-08-20 19:03 32,285 a------- c:\windows\system32\HSFCISP2.dll
2009-08-20 19:03 1,041,536 ac------ c:\windows\system32\dllcache\hsfdpsp2.sys
2009-08-20 19:03 1,041,536 a------- c:\windows\system32\drivers\HSFDPSP2.sys
2009-08-20 19:03 129,045 a------- c:\windows\system32\drivers\cxthsfS2.cty

==================== Find3M ====================

2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-18 14:47 7,852 a------- c:\windows\system32\mcdmsg7.dll
2009-08-06 19:46 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-06 19:46 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-08-06 19:46 10,652 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-06 19:46 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-06 19:40 0 a------- c:\windows\system32\drivers\Gateway_W3644__.MRK
2009-08-06 19:32 315,392 a------- c:\windows\HideWin.exe
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-25 04:17 729,600 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:17 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:17 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 04:17 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:17 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:17 56,320 a------- c:\windows\system32\secur32.dll

============= FINISH: 17:04:29.03 ===============

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:57 AM

Posted 21 September 2009 - 02:07 AM

Hello thatdudebaker,

My name is Syler and I will be helping you to solve your Malware issues.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:57 AM

Posted 25 September 2009 - 06:10 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users