Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google goes to wrong sites. Norton does not open.


  • This topic is locked This topic is locked
19 replies to this topic

#1 melvynian

melvynian

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 08 September 2009 - 01:42 AM

Hello,
I have recently reformatted my hard drive because of a problem I had with my computer. I had a virus on my computer. The problem started as: when I used google it did not go to the page which I had clicked on. Eventually, the virus scan I had stopped opening up. Then, eventually, my computer totally stopped working. After booting up, I would see my wallpaper, but the icons were gone, my taskbar was gone, and nothing worked. I would even have to shut down by holding the button. Then I reformatted. After a short period of trouble free usage, the same google problem has begun happening again. Now when I click on a link, it only goes about 50%of the time. Other times I go to another search page, or a site which says that my computer is infected by something malicious, and it prompts me to download something, which I do not download. Just today, the virus scan would not open again. I did a system restore, and luckily it opens now, but google is still not working.
My Norton scans from the past week consistently show my computer being infected by"Trojan.Vundo", "Trojan.fakeavalert", "trojan.adclicker", and "Infostealer.gampass". There are also warnings about trojan horses and downloaders being detected. I have done at least four scans, and the same problems are detected and "fixed" everytime.
I have my Hijackthis, DDS, and Rootrepeal logs.

*************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:41 AM, on 9/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\eHome\ehRecvr.exe
C:\WINXP\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINXP\system32\dllhost.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINXP\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINXP\eHome\ehmsas.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxsrvc.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINXP\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mel\My Documents\Downloads\RootRepeal.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINXP\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINXP\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINXP\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5087 bytes

*************************************************************************


DDS (Ver_09-07-30.01) - NTFSx86
Run by Mel at 1:57:57.07 on Tue 09/08/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.422 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
C:\WINXP\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\eHome\ehRecvr.exe
C:\WINXP\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINXP\system32\dllhost.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINXP\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINXP\eHome\ehmsas.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINXP\system32\igfxsrvc.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINXP\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mel\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\winxp\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.0.0.135\IPSBHO.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\winxp\ehome\ehtray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\winxp\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winxp\system32\hkcmd.exe
mRun: [Persistence] c:\winxp\system32\igfxpers.exe
mRun: [DLA] c:\winxp\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.0.0.135\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mel\applic~1\mozilla\firefox\profiles\o2g5pbj5.default\
FF - plugin: c:\documents and settings\mel\application data\mozilla\firefox\profiles\o2g5pbj5.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{A05D4F18-C176-4FC5-A81C-D4ABBE6E0B08}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\winxp\system32\drivers\n360\0300000.087\SymEFA.sys [2009-9-1 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\winxp\system32\drivers\n360\0300000.087\BHDrvx86.sys [2009-9-1 258608]
R1 ccHP;Symantec Hash Provider;c:\winxp\system32\drivers\n360\0300000.087\cchpx86.sys [2009-9-1 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090904.002\IDSXpx86.sys [2009-9-6 276344]
R2 McrdSvc;Media Center Extender Service;c:\winxp\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.0.0.135\ccSvcHst.exe [2009-9-1 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-3 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090907.025\NAVENG.SYS [2009-9-7 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090907.025\NAVEX15.SYS [2009-9-7 1323568]
S3 getPlusHelper;getPlus® Helper;c:\winxp\system32\svchost.exe -k getPlusHelper [2004-8-10 14336]

=============== Created Last 30 ================

2009-09-06 23:21 <DIR> --d----- c:\program files\Trend Micro
2009-09-03 19:20 <DIR> --d--r-- c:\program files\Norton Support
2009-09-01 21:25 <DIR> --d----- c:\program files\Microsoft Games
2009-09-01 20:35 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-09-01 20:35 36,400 a----r-- c:\winxp\system32\drivers\SymIM.sys
2009-09-01 20:35 124,464 a------- c:\winxp\system32\drivers\SYMEVENT.SYS
2009-09-01 20:35 60,808 a------- c:\winxp\system32\S32EVNT1.DLL
2009-09-01 20:35 7,386 a------- c:\winxp\system32\drivers\SYMEVENT.CAT
2009-09-01 20:35 805 a------- c:\winxp\system32\drivers\SYMEVENT.INF
2009-09-01 20:35 <DIR> --d----- c:\program files\Symantec
2009-09-01 20:33 <DIR> --d----- c:\winxp\system32\drivers\N360
2009-09-01 20:33 <DIR> --d----- c:\program files\Norton 360
2009-09-01 20:28 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PCSettings
2009-09-01 20:28 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Norton
2009-09-01 20:24 <DIR> --d----- c:\program files\NortonInstaller
2009-09-01 20:24 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\NortonInstaller
2009-09-01 12:22 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-09-01 11:52 <DIR> --d----- c:\winxp\system32\wbem\Repository
2009-08-27 03:01 <DIR> --d----- c:\winxp\ServicePackFiles

==================== Find3M ====================

2009-08-05 05:11 204,800 a------- c:\winxp\system32\mswebdvd.dll
2009-07-29 00:53 119,808 a------- c:\winxp\system32\t2embed.dll
2009-07-29 00:53 82,432 a------- c:\winxp\system32\fontsub.dll
2009-07-17 14:55 58,880 a------- c:\winxp\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\winxp\system32\wmpdxm.dll
2009-06-26 11:59 668,160 a------- c:\winxp\system32\wininet.dll
2009-06-26 11:59 81,920 a------- c:\winxp\system32\ieencode.dll
2009-06-25 14:36 661,504 a------- c:\winxp\system32\mqqm.dll
2009-06-25 14:36 517,120 a------- c:\winxp\system32\mqsnap.dll
2009-06-25 14:36 471,552 a------- c:\winxp\system32\mqutil.dll
2009-06-25 14:36 225,280 a------- c:\winxp\system32\mqoa.dll
2009-06-25 14:36 186,880 a------- c:\winxp\system32\mqtrig.dll
2009-06-25 14:36 177,152 a------- c:\winxp\system32\mqrt.dll
2009-06-25 14:36 138,240 a------- c:\winxp\system32\mqad.dll
2009-06-25 14:36 123,392 a------- c:\winxp\system32\mqrtdep.dll
2009-06-25 14:36 95,744 a------- c:\winxp\system32\mqsec.dll
2009-06-25 14:36 48,640 a------- c:\winxp\system32\mqupgrd.dll
2009-06-25 14:36 47,104 a------- c:\winxp\system32\mqdscli.dll
2009-06-25 14:36 16,896 a------- c:\winxp\system32\mqise.dll
2009-06-25 04:17 729,600 a------- c:\winxp\system32\lsasrv.dll
2009-06-25 04:17 301,568 a------- c:\winxp\system32\kerberos.dll
2009-06-25 04:17 168,448 a------- c:\winxp\system32\schannel.dll
2009-06-25 04:17 136,192 a------- c:\winxp\system32\msv1_0.dll
2009-06-25 04:17 59,392 a------- c:\winxp\system32\wdigest.dll
2009-06-25 04:17 56,320 a------- c:\winxp\system32\secur32.dll
2009-06-22 07:49 117,248 a------- c:\winxp\system32\mqtgsvc.exe
2009-06-22 07:49 19,968 a------- c:\winxp\system32\mqbkup.exe
2009-06-22 07:49 4,608 a------- c:\winxp\system32\mqsvc.exe
2009-06-16 22:40 87,735 a------- c:\winxp\pchealth\helpctr\offlinecache\index.dat
2009-06-12 07:50 80,896 a------- c:\winxp\system32\tlntsess.exe
2009-06-12 07:50 76,288 a------- c:\winxp\system32\telnet.exe
2009-06-10 16:14 376,832 a------- c:\winxp\system32\AegisI5Installer.exe
2009-06-10 16:14 21,361 a------- c:\winxp\AegisP.sys
2009-06-10 10:21 84,992 a------- c:\winxp\system32\avifil32.dll
2009-06-10 02:32 132,096 a------- c:\winxp\system32\wkssvc.dll

============= FINISH: 1:58:26.90 ===============

******************************************************

Thank you for your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 22 September 2009 - 05:29 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 melvynian

melvynian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 25 September 2009 - 05:07 PM

Hello,
Thanks for the reply. My has not changed. Here is my new DDS report:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Mel at 18:03:56.96 on Fri 09/25/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.382 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
C:\WINXP\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINXP\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINXP\eHome\ehRecvr.exe
C:\WINXP\eHome\ehSched.exe
C:\WINXP\system32\dllhost.exe
C:\WINXP\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINXP\eHome\ehmsas.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\system32\igfxsrvc.exe
C:\WINXP\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINXP\system32\wuauclt.exe
C:\Documents and Settings\Mel\My Documents\Downloads\utorrent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mel\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\winxp\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\winxp\ehome\ehtray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\winxp\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winxp\system32\hkcmd.exe
mRun: [Persistence] c:\winxp\system32\igfxpers.exe
mRun: [DLA] c:\winxp\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {A788F1D1-6D28-4100-99BA-D7057DF3A1AA} = 192.168.1.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mel\applic~1\mozilla\firefox\profiles\o2g5pbj5.default\
FF - component: c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\mel\application data\mozilla\firefox\profiles\o2g5pbj5.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{A05D4F18-C176-4FC5-A81C-D4ABBE6E0B08}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\winxp\system32\drivers\n360\0305020.00b\SymEFA.sys [2009-9-10 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\winxp\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2009-9-10 259632]
R1 ccHP;Symantec Hash Provider;c:\winxp\system32\drivers\n360\0305020.00b\cchpx86.sys [2009-9-10 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090916.003\IDSXpx86.sys [2009-9-16 329080]
R2 McrdSvc;Media Center Extender Service;c:\winxp\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.2.11\ccSvcHst.exe [2009-9-10 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-3 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090925.002\NAVENG.SYS [2009-9-25 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users.winxp\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090925.002\NAVEX15.SYS [2009-9-25 1323568]
S3 getPlusHelper;getPlus® Helper;c:\winxp\system32\svchost.exe -k getPlusHelper [2004-8-10 14336]

=============== Created Last 30 ================

2009-09-25 16:58 411,368 a------- c:\winxp\system32\deploytk.dll
2009-09-25 16:58 73,728 a------- c:\winxp\system32\javacpl.cpl
2009-09-24 23:32 <DIR> --d----- c:\winxp\system32\LogFiles
2009-09-24 23:24 <DIR> --d----- c:\program files\Elecard
2009-09-17 19:41 12,160 ac------ c:\winxp\system32\dllcache\mouhid.sys
2009-09-17 19:41 12,160 a------- c:\winxp\system32\drivers\mouhid.sys
2009-09-16 22:22 <DIR> --d----- c:\program files\MSECache
2009-09-16 22:15 370 a------- c:\winxp\ODBC.INI
2009-09-16 22:15 17,920 a------- c:\winxp\system32\mdimon.dll
2009-09-16 22:14 <DIR> --d----- c:\winxp\SHELLNEW
2009-09-13 16:30 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 13:41 21,504 ac------ c:\winxp\system32\dllcache\hidserv.dll
2009-09-13 13:41 21,504 a------- c:\winxp\system32\hidserv.dll
2009-09-13 13:41 14,848 ac------ c:\winxp\system32\dllcache\kbdhid.sys
2009-09-13 13:41 14,848 a------- c:\winxp\system32\drivers\kbdhid.sys
2009-09-13 13:41 9,600 ac------ c:\winxp\system32\dllcache\hidusb.sys
2009-09-13 13:41 9,600 a------- c:\winxp\system32\drivers\hidusb.sys
2009-09-13 13:41 31,616 ac------ c:\winxp\system32\dllcache\usbccgp.sys
2009-09-13 13:41 31,616 a------- c:\winxp\system32\drivers\usbccgp.sys
2009-09-06 23:21 <DIR> --d----- c:\program files\Trend Micro
2009-09-05 01:54 94,208 a------- c:\winxp\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\winxp\system32\QuickTime.qts
2009-09-03 19:20 <DIR> --d--r-- c:\program files\Norton Support
2009-09-01 21:25 <DIR> --d----- c:\program files\Microsoft Games
2009-09-01 20:35 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-09-01 20:35 36,400 a----r-- c:\winxp\system32\drivers\SymIM.sys
2009-09-01 20:35 124,976 a------- c:\winxp\system32\drivers\SYMEVENT.SYS
2009-09-01 20:35 60,808 a------- c:\winxp\system32\S32EVNT1.DLL
2009-09-01 20:35 7,456 a------- c:\winxp\system32\drivers\SYMEVENT.CAT
2009-09-01 20:35 806 a------- c:\winxp\system32\drivers\SYMEVENT.INF
2009-09-01 20:35 <DIR> --d----- c:\program files\Symantec
2009-09-01 20:33 <DIR> --d----- c:\winxp\system32\drivers\N360
2009-09-01 20:33 <DIR> --d----- c:\program files\Norton 360
2009-09-01 20:28 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PCSettings
2009-09-01 20:28 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Norton
2009-09-01 20:24 <DIR> --d----- c:\program files\NortonInstaller
2009-09-01 20:24 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\NortonInstaller
2009-09-01 12:22 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-09-01 11:52 <DIR> --d----- c:\winxp\system32\wbem\Repository
2009-08-27 03:01 <DIR> --d----- c:\winxp\ServicePackFiles

==================== Find3M ====================

2009-09-10 20:27 26,600 a----r-- c:\winxp\system32\drivers\GEARAspiWDM.sys
2009-09-10 20:27 107,368 a----r-- c:\winxp\system32\GEARAspi.dll
2009-08-05 05:11 204,800 a------- c:\winxp\system32\mswebdvd.dll
2009-07-29 00:53 119,808 a------- c:\winxp\system32\t2embed.dll
2009-07-29 00:53 82,432 a------- c:\winxp\system32\fontsub.dll
2009-07-17 14:55 58,880 a------- c:\winxp\system32\atl.dll

============= FINISH: 18:04:46.70 ===============

>>>>>>>>>>Thanks Again

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 PM

Posted 30 September 2009 - 10:23 AM

Hello,

My name is Syler and I will be helping you to solve your Malware issues.

I noticed that you WINDOWS folder name has been changed to WINXP, can you tell me why and how you did this?

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#5 melvynian

melvynian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 30 September 2009 - 12:20 PM

Hello Syler,
Thanks for your help again. I have the reports here.
I don't know why my WINDOWS folder says WINXP. Maybe that happened when I did the hard drive reformat.

Malwarebytes' Anti-Malware 1.41
Database version: 2877
Windows 5.1.2600 Service Pack 2

9/30/2009 1:15:42 PM
mbam-log-2009-09-30 (13-15-42).txt

Scan type: Quick Scan
Objects scanned: 139581
Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

*******************************************************************************************

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mel at 2009-09-30 13:18:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 48 GB (64%) free of 76 GB
Total RAM: 1014 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:46 PM, on 9/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\WINXP\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\system32\igfxsrvc.exe
C:\WINXP\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\eHome\ehRecvr.exe
C:\WINXP\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINXP\eHome\ehmsas.exe
C:\WINXP\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINXP\system32\wuauclt.exe
C:\WINXP\system32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mel\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mel.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINXP\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINXP\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINXP\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A788F1D1-6D28-4100-99BA-D7057DF3A1AA}: NameServer = 192.168.1.1
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6487 bytes

======Scheduled tasks folder======

C:\WINXP\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINXP\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINXP\ehome\ehtray.exe [2005-08-05 64512]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"IgfxTray"=C:\WINXP\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINXP\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINXP\system32\igfxpers.exe [2007-03-30 138008]
"DLA"=C:\WINXP\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-25 149280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINXP\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINXP\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINXP\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINXP\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NofolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Mel\My Documents\Downloads\utorrent.exe"="C:\Documents and Settings\Mel\My Documents\Downloads\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-09-30 13:00:05 ----D---- C:\Documents and Settings\Mel\Application Data\Malwarebytes
2009-09-30 12:59:44 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Malwarebytes
2009-09-30 12:59:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-30 12:57:02 ----D---- C:\rsit
2009-09-30 03:49:16 ----D---- C:\WINXP\Sun
2009-09-28 22:28:14 ----A---- C:\WINXP\system32\ptpusb.dll
2009-09-28 22:28:11 ----A---- C:\WINXP\system32\ptpusd.dll
2009-09-26 03:07:00 ----A---- C:\WINXP\system32\wmpns.dll
2009-09-26 03:03:33 ----HDC---- C:\WINXP\$NtUninstallKB929399$
2009-09-26 03:02:06 ----HDC---- C:\WINXP\$NtUninstallKB939683$
2009-09-26 03:00:24 ----HDC---- C:\WINXP\$NtUninstallKB954154_WM11$
2009-09-25 16:58:39 ----A---- C:\WINXP\system32\javaws.exe
2009-09-25 16:58:39 ----A---- C:\WINXP\system32\javaw.exe
2009-09-25 16:58:39 ----A---- C:\WINXP\system32\java.exe
2009-09-25 16:58:39 ----A---- C:\WINXP\system32\deploytk.dll
2009-09-25 16:57:27 ----D---- C:\Documents and Settings\Mel\Application Data\Sun
2009-09-24 23:38:21 ----HDC---- C:\WINXP\$NtUninstallKB926239$
2009-09-24 23:37:34 ----N---- C:\WINXP\system32\spmsg.dll
2009-09-24 23:37:33 ----HDC---- C:\WINXP\$NtUninstallMSCompPackV1$
2009-09-24 23:36:39 ----HDC---- C:\WINXP\$NtUninstallwmp11$
2009-09-24 23:34:11 ----HDC---- C:\WINXP\$NtUninstallWMFDist11$
2009-09-24 23:32:26 ----D---- C:\WINXP\system32\LogFiles
2009-09-24 23:32:20 ----HDC---- C:\WINXP\$NtUninstallWudf01000$
2009-09-24 23:30:32 ----HDC---- C:\WINXP\$NtUninstallKB925766$
2009-09-24 23:25:15 ----A---- C:\MCfltstat.txt
2009-09-24 23:24:22 ----D---- C:\Program Files\Elecard
2009-09-22 20:35:04 ----D---- C:\Documents and Settings\Mel\Application Data\Help
2009-09-16 22:22:20 ----D---- C:\Program Files\MSECache
2009-09-16 22:15:24 ----A---- C:\WINXP\ODBC.INI
2009-09-16 22:15:06 ----A---- C:\WINXP\system32\mdimon.dll
2009-09-16 22:14:25 ----D---- C:\WINXP\SHELLNEW
2009-09-16 22:13:34 ----D---- C:\Program Files\Microsoft.NET
2009-09-13 16:30:17 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 13:41:52 ----A---- C:\WINXP\system32\hidserv.dll
2009-09-09 22:09:38 ----HDC---- C:\WINXP\$NtUninstallKB956844$
2009-09-09 22:09:31 ----HDC---- C:\WINXP\$NtUninstallKB968816_WM9$
2009-09-09 22:09:24 ----HDC---- C:\WINXP\$NtUninstallKB971961$
2009-09-09 22:08:41 ----HDC---- C:\WINXP\$NtUninstallKB973768$
2009-09-08 02:15:26 ----A---- C:\RootRepeal report 09-08-09 (02-15-26).txt
2009-09-08 02:03:15 ----A---- C:\RootRepeal report 09-08-09 (02-03-15).txt
2009-09-06 23:21:43 ----D---- C:\Program Files\Trend Micro
2009-09-03 19:20:52 ----RD---- C:\Program Files\Norton Support
2009-09-02 03:09:18 ----A---- C:\WINXP\system32\MRT.exe
2009-09-01 21:25:41 ----D---- C:\Program Files\Microsoft Games
2009-09-01 20:35:40 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-09-01 20:35:09 ----D---- C:\Program Files\Symantec
2009-09-01 20:35:09 ----A---- C:\WINXP\system32\S32EVNT1.DLL
2009-09-01 20:33:37 ----D---- C:\Program Files\Norton 360
2009-09-01 20:28:41 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\PCSettings
2009-09-01 20:28:31 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Norton
2009-09-01 20:24:46 ----D---- C:\Program Files\NortonInstaller
2009-09-01 20:24:46 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\NortonInstaller
2009-09-01 12:22:09 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-09-01 11:49:36 ----D---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2009-09-30 13:15:42 ----RD---- C:\Program Files
2009-09-30 13:01:31 ----D---- C:\WINXP\Temp
2009-09-30 13:00:05 ----D---- C:\WINXP\Prefetch
2009-09-30 12:59:58 ----D---- C:\WINXP\system32\drivers
2009-09-30 05:37:35 ----D---- C:\Program Files\Mozilla Firefox
2009-09-30 04:01:13 ----SHD---- C:\WINXP\Installer
2009-09-30 04:00:34 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Adobe
2009-09-30 04:00:31 ----D---- C:\Program Files\Common Files\Adobe
2009-09-30 03:59:43 ----D---- C:\WINXP\system32
2009-09-30 03:49:16 ----D---- C:\WINXP
2009-09-30 00:11:34 ----A---- C:\WINXP\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-09-28 22:28:23 ----RSHDC---- C:\WINXP\system32\dllcache
2009-09-28 20:20:07 ----D---- C:\WINXP\system32\CatRoot2
2009-09-27 13:09:43 ----D---- C:\WINXP\Registration
2009-09-26 03:12:52 ----A---- C:\WINXP\SchedLgU.Txt
2009-09-26 03:07:11 ----HD---- C:\WINXP\inf
2009-09-26 03:07:11 ----D---- C:\WINXP\system32\CatRoot
2009-09-26 03:02:10 ----A---- C:\WINXP\imsins.BAK
2009-09-25 03:07:45 ----D---- C:\WINXP\AppPatch
2009-09-24 23:37:05 ----A---- C:\WINXP\win.ini
2009-09-24 23:36:51 ----D---- C:\Program Files\Windows Media Player
2009-09-24 23:36:50 ----D---- C:\WINXP\Help
2009-09-24 23:30:41 ----D---- C:\WINXP\ehome
2009-09-24 23:27:22 ----D---- C:\Program Files\Common Files
2009-09-24 23:20:05 ----SD---- C:\Documents and Settings\Mel\Application Data\Microsoft
2009-09-22 19:59:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-16 22:22:39 ----RSD---- C:\WINXP\Fonts
2009-09-16 22:22:33 ----D---- C:\Program Files\Microsoft Office
2009-09-16 22:13:34 ----SD---- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft
2009-09-16 22:13:34 ----D---- C:\WINXP\pchealth
2009-09-16 22:10:30 ----D---- C:\WINXP\system
2009-09-13 22:22:51 ----D---- C:\Documents and Settings\Mel\Application Data\Apple Computer
2009-09-13 16:31:22 ----D---- C:\Program Files\iTunes
2009-09-13 16:30:26 ----D---- C:\Program Files\iPod
2009-09-13 16:29:15 ----D---- C:\Program Files\QuickTime
2009-09-13 16:28:23 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Apple Computer
2009-09-13 16:25:38 ----D---- C:\Program Files\Common Files\Apple
2009-09-13 16:24:09 ----DC---- C:\WINXP\system32\DRVSTORE
2009-09-10 20:27:56 ----RA---- C:\WINXP\system32\GEARAspi.dll
2009-09-09 22:09:37 ----HD---- C:\WINXP\$hf_mig$
2009-09-06 01:34:19 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\NOS
2009-09-03 19:32:53 ----D---- C:\WINXP\system32\CatRoot_bak
2009-09-02 03:33:31 ----D---- C:\WINXP\system32\Setup
2009-09-02 03:25:57 ----HDC---- C:\WINXP\$NtUninstallKB960859$
2009-09-02 03:25:17 ----HDC---- C:\WINXP\$NtUninstallKB961371-v2$
2009-09-02 03:24:05 ----D---- C:\Program Files\Internet Explorer
2009-09-02 03:22:43 ----HDC---- C:\WINXP\$NtUninstallKB972260$
2009-09-02 03:20:53 ----HDC---- C:\WINXP\$NtUninstallKB971657$
2009-09-02 03:19:55 ----HDC---- C:\WINXP\$NtUninstallKB971557$
2009-09-02 03:19:02 ----HDC---- C:\WINXP\$NtUninstallKB973346$
2009-09-02 03:17:45 ----HDC---- C:\WINXP\$NtUninstallKB971633$
2009-09-02 03:16:10 ----HDC---- C:\WINXP\$NtUninstallKB973869$
2009-09-02 03:14:41 ----HDC---- C:\WINXP\$NtUninstallKB973540_WM9L$
2009-09-02 03:14:07 ----HDC---- C:\WINXP\$NtUninstallKB973507$
2009-09-02 03:13:36 ----D---- C:\Program Files\Outlook Express
2009-09-02 03:13:32 ----HDC---- C:\WINXP\$NtUninstallKB973354$
2009-09-02 03:08:29 ----HDC---- C:\WINXP\$NtUninstallKB958470$
2009-09-02 03:06:57 ----HDC---- C:\WINXP\$NtUninstallKB973815$
2009-09-02 03:05:13 ----HDC---- C:\WINXP\$NtUninstallKB971032$
2009-09-02 03:03:47 ----HDC---- C:\WINXP\$NtUninstallKB970653-v3$
2009-09-02 03:01:54 ----HDC---- C:\WINXP\$NtUninstallKB968389$
2009-09-02 02:36:30 ----D---- C:\WINDOWS
2009-09-01 22:16:24 ----D---- C:\WINXP\WinSxS
2009-09-01 20:46:54 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-09-01 20:44:28 ----D---- C:\Documents and Settings\Mel\Application Data\Mozilla
2009-09-01 20:36:45 ----D---- C:\Documents and Settings
2009-09-01 20:36:09 ----SHD---- C:\System Volume Information
2009-09-01 20:33:37 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Symantec
2009-09-01 20:30:56 ----D---- C:\Documents and Settings\Mel\Application Data\Symantec
2009-09-01 11:52:14 ----D---- C:\WINXP\system32\config
2009-09-01 11:52:00 ----D---- C:\WINXP\system32\wbem
2009-09-01 11:49:08 ----D---- C:\Documents and Settings\Mel\Application Data\LimeWire
2009-09-01 11:48:09 ----DC---- C:\WINXP\$NtUninstallKB928843$
2009-09-01 11:48:09 ----DC---- C:\WINXP\$NtUninstallKB890859$
2009-09-01 11:48:07 ----DC---- C:\WINXP\$NtUninstallKB944653$
2009-09-01 11:48:07 ----DC---- C:\WINXP\$NtUninstallKB914389$
2009-09-01 11:48:06 ----DC---- C:\WINXP\$NtUninstallKB920683$
2009-09-01 11:48:05 ----DC---- C:\WINXP\$NtUninstallKB908519$
2009-09-01 11:48:04 ----DC---- C:\WINXP\$NtUninstallKB894391$
2009-09-01 11:48:03 ----DC---- C:\WINXP\$NtUninstallKB943055$
2009-09-01 11:48:02 ----DC---- C:\WINXP\$NtUninstallKB913580$
2009-09-01 11:48:02 ----DC---- C:\WINXP\$NtUninstallKB896428$
2009-09-01 11:48:01 ----DC---- C:\WINXP\$NtUninstallKB905749$
2009-09-01 11:48:00 ----DC---- C:\WINXP\$NtUninstallKB950749$
2009-09-01 11:47:55 ----DC---- C:\WINXP\$NtUninstallKB930916$
2009-09-01 11:47:54 ----DC---- C:\WINXP\$NtUninstallKB916595$
2009-09-01 11:47:53 ----DC---- C:\WINXP\$NtUninstallKB945553$
2009-09-01 11:47:53 ----DC---- C:\WINXP\$NtUninstallKB886185$
2009-09-01 11:47:52 ----DC---- C:\WINXP\$NtUninstallKB920213$
2009-09-01 11:47:52 ----D---- C:\WINXP\msagent
2009-09-01 11:47:51 ----DC---- C:\WINXP\$NtUninstallKB938127$
2009-09-01 11:47:51 ----DC---- C:\WINXP\$NtUninstallKB900725$
2009-09-01 11:47:50 ----DC---- C:\WINXP\$NtUninstallKB888302$
2009-09-01 11:47:49 ----DC---- C:\WINXP\$NtUninstallKB926255$
2009-09-01 11:47:48 ----DC---- C:\WINXP\$NtUninstallKB918118$
2009-09-01 11:47:47 ----DC---- C:\WINXP\$NtUninstallKB922582$
2009-09-01 11:47:46 ----DC---- C:\WINXP\$NtUninstallKB923191$
2009-09-01 11:47:45 ----DC---- C:\WINXP\$NtUninstallKB932168$
2009-09-01 11:47:45 ----DC---- C:\WINXP\$NtUninstallKB901214$
2009-09-01 11:47:43 ----DC---- C:\WINXP\$NtUninstallKB905414$
2009-09-01 11:47:42 ----DC---- C:\WINXP\$NtUninstallKB914388$
2009-09-01 11:47:41 ----DC---- C:\WINXP\$NtUninstallKB930178$
2009-09-01 11:47:41 ----DC---- C:\WINXP\$NtUninstallKB920872$
2009-09-01 11:47:40 ----DC---- C:\WINXP\$NtUninstallKB926436$
2009-09-01 11:47:39 ----DC---- C:\WINXP\$NtUninstallKB902400$
2009-09-01 11:47:36 ----HDC---- C:\WINXP\$NtUninstallKB913580$(2)
2009-09-01 11:47:36 ----D---- C:\WINXP\system32\Com
2009-09-01 11:47:35 ----DC---- C:\WINXP\$NtUninstallKB952004$(3)
2009-09-01 11:47:33 ----HDC---- C:\WINXP\$NtUninstallKB952004$(2)
2009-09-01 11:47:33 ----DC---- C:\WINXP\$NtUninstallKB950974$(2)
2009-09-01 11:47:32 ----DC---- C:\WINXP\$NtUninstallKB918439$
2009-09-01 11:47:31 ----DC---- C:\WINXP\$NtUninstallKB891781$
2009-09-01 11:47:30 ----DC---- C:\WINXP\$NtUninstallKB920670$
2009-09-01 11:47:29 ----DC---- C:\WINXP\$NtUninstallKB929123$
2009-09-01 11:47:29 ----D---- C:\Program Files\Common Files\System
2009-09-01 11:47:28 ----DC---- C:\WINXP\$NtUninstallKB925902$
2009-09-01 11:47:27 ----DC---- C:\WINXP\$NtUninstallKB911564$
2009-09-01 11:47:26 ----DC---- C:\WINXP\$NtUninstallKB925398_WMP64$
2009-09-01 11:47:26 ----DC---- C:\WINXP\$NtUninstallKB910437$
2009-09-01 11:47:25 ----DC---- C:\WINXP\$NtUninstallKB896358$
2009-09-01 11:47:24 ----DC---- C:\WINXP\$NtUninstallKB946026$
2009-09-01 11:47:23 ----DC---- C:\WINXP\$NtUninstallKB936357$
2009-09-01 11:47:23 ----DC---- C:\WINXP\$NtUninstallKB887472$
2009-09-01 11:47:22 ----DC---- C:\WINXP\$NtUninstallKB927891$
2009-09-01 11:47:21 ----DC---- C:\WINXP\$NtUninstallKB931261$
2009-09-01 11:47:21 ----DC---- C:\WINXP\$NtUninstallKB873339$
2009-09-01 11:47:20 ----DC---- C:\WINXP\$NtUninstallKB924270$
2009-09-01 11:47:19 ----DC---- C:\WINXP\$NtUninstallKB900485$
2009-09-01 11:47:18 ----DC---- C:\WINXP\$NtUninstallKB924667$
2009-09-01 11:47:18 ----DC---- C:\WINXP\$NtUninstallKB896423$
2009-09-01 11:47:17 ----DC---- C:\WINXP\$NtUninstallKB938828$
2009-09-01 11:47:16 ----DC---- C:\WINXP\$NtUninstallKB911562$
2009-09-01 11:47:16 ----DC---- C:\WINXP\$NtUninstallKB911280$
2009-09-01 11:47:15 ----DC---- C:\WINXP\$NtUninstallKB923980$
2009-09-01 11:47:13 ----DC---- C:\WINXP\$NtUninstallKB893756$
2009-09-01 11:47:12 ----DC---- C:\WINXP\$NtUninstallKB920685$
2009-09-01 11:47:11 ----DC---- C:\WINXP\$NtUninstallKB899591$
2009-09-01 11:47:10 ----DC---- C:\WINXP\$NtUninstallKB901017$
2009-09-01 11:47:09 ----DC---- C:\WINXP\$NtUninstallKB911927$
2009-09-01 11:47:08 ----DC---- C:\WINXP\$NtUninstallKB928255$
2009-09-01 11:47:07 ----DC---- C:\WINXP\$NtUninstallKB937894$
2009-09-01 11:47:06 ----DC---- C:\WINXP\$NtUninstallKB885836$
2009-09-01 11:47:04 ----DC---- C:\WINXP\$NtUninstallKB927802$
2009-09-01 11:47:04 ----DC---- C:\WINXP\$NtUninstallKB927779$
2009-09-01 11:47:02 ----DC---- C:\WINXP\$NtUninstallKB899587$
2009-09-01 11:46:58 ----D---- C:\Program Files\Messenger
2009-09-01 11:46:52 ----D---- C:\Program Files\Absolute Poker
2009-09-01 11:44:54 ----D---- C:\WINXP\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\WINXP\System32\Drivers\N360\0305020.00B\ccHPx86.sys [2009-08-22 482432]
R1 DLACDBHM;DLACDBHM; C:\WINXP\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINXP\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users.WINXP\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINXP\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINXP\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINXP\System32\Drivers\N360\0305020.00B\SRTSP.SYS [2009-08-22 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINXP\system32\drivers\N360\0305020.00B\SRTSPX.SYS [2009-08-22 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMTDI.SYS [2009-08-22 217136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINXP\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINXP\system32\DRIVERS\AegisP.sys [2009-06-10 21361]
R2 DLABOIOM;DLABOIOM; C:\WINXP\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINXP\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINXP\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINXP\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINXP\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINXP\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINXP\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINXP\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINXP\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 rimmptsk;rimmptsk; C:\WINXP\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINXP\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINXP\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;WLAN Transport; C:\WINXP\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Arp1394;1394 ARP Client Protocol; C:\WINXP\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINXP\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINXP\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINXP\System32\Drivers\GEARAspiWDM.sys [2009-09-10 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINXP\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINXP\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINXP\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINXP\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINXP\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 mouhid;Mouse HID Driver; C:\WINXP\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users.WINXP\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090930.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users.WINXP\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090930.002\NAVEX15.SYS []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINXP\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;1394 Net Driver; C:\WINXP\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 sdbus;sdbus; C:\WINXP\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINXP\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SymEvent;SymEvent; \??\C:\WINXP\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMFW.SYS [2009-08-22 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMIDS.SYS [2009-08-22 33072]
R3 SymIMMP;SymIMMP; C:\WINXP\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMNDIS.SYS [2009-08-22 36400]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINXP\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINXP\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINXP\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINXP\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINXP\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 OMCI;OMCI; \??\C:\WINXP\SYSTEM32\DRIVERS\OMCI.SYS []
S3 MHNDRV;MHN driver; C:\WINXP\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINXP\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
S3 usbscan;USB Scanner Driver; C:\WINXP\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINXP\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINXP\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINXP\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINXP\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINXP\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINXP\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-25 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINXP\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [2009-08-22 117640]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINXP\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus® Helper; C:\WINXP\System32\svchost.exe [2004-08-10 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINXP\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINXP\system32\svchost.exe [2004-08-10 14336]

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 PM

Posted 30 September 2009 - 01:30 PM

Hi melvynian,

Can you post the other Rsit log aswell please, it should be located here C:\Rsit\info.txt

unite.jpg


#7 melvynian

melvynian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 30 September 2009 - 09:01 PM

Sorry about that.


info.txt logfile of random's system information tool 1.06 2009-09-30 12:57:27

======Uninstall list======

-->C:\WINXP\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINXP\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINXP\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINXP\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINXP\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\WINXP\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1
Adobe Flash Player 10 ActiveX-->C:\WINXP\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINXP\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB835221-->C:\WINXP\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINXP\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINXP\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINXP\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINXP\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINXP\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINXP\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINXP\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINXP\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINXP\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINXP\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINXP\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINXP\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINXP\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software-->C:\WINXP\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINXP\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINXP\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINXP\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINXP\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINXP\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\3.5.2.11\InstStub.exe /X
Norton 360-->MsiExec.exe /I{F413B69D-4AD6-42AB-AEA5-0548989FAD50}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for Windows Media Player (KB952069)-->"C:\WINXP\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINXP\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINXP\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINXP\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINXP\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINXP\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINXP\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINXP\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINXP\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINXP\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINXP\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINXP\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINXP\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINXP\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINXP\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINXP\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINXP\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINXP\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINXP\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINXP\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINXP\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINXP\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINXP\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINXP\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINXP\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINXP\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINXP\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINXP\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINXP\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINXP\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINXP\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINXP\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINXP\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINXP\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINXP\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINXP\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINXP\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINXP\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINXP\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINXP\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINXP\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINXP\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINXP\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINXP\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINXP\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINXP\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINXP\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINXP\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINXP\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINXP\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINXP\$NtUninstallKB973869$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Update for Windows Media Player 10 (KB913800)-->"C:\WINXP\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINXP\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINXP\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINXP\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINXP\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINXP\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINXP\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINXP\$NtUninstallKB900325$\spuninst\spuninst.exe
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Installer 3.1 (KB893803)-->"C:\WINXP\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINXP\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINXP\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINXP\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINXP\$NtUninstallKB973768$\spuninst\spuninst.exe"

======Security center information======

AV: Norton 360
FW: Norton 360

======System event log======

Computer Name: WASABI-344C94FD
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 1981
Source Name: Windows Update Agent
Time Written: 20090815143047.000000-240
Event Type: error
User:

Computer Name: WASABI-344C94FD
Event Code: 240
Message: A request to suspend power was denied by winlogon.exe.

Record Number: 1961
Source Name: Win32k
Time Written: 20090812220336.000000-240
Event Type: warning
User:

Computer Name: WASABI-344C94FD
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 1960
Source Name: W32Time
Time Written: 20090812215544.000000-240
Event Type: error
User:

Computer Name: WASABI-344C94FD
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 1959
Source Name: W32Time
Time Written: 20090812215544.000000-240
Event Type: error
User:

Computer Name: WASABI-344C94FD
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001302C531EB. The IP address being used is 169.254.15.249.

Record Number: 1958
Source Name: Dhcp
Time Written: 20090812215544.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: WASABI-344C94FD
Event Code: 11935
Message: Producto: Microsoft Flight Simulator X -- Error 1935. Error durante la instalación del ensamblaje "Microsoft.FlightSimulator.SimConnect ,publicKeyToken="67c7c14424d61b5b",version="10.0.60905.0",type="win32",processorArchitecture="x86"". Consulte Ayuda y soporte técnico para obtener más información. HRESULT: 0x800736E7. interfaz de ensamblaje: IAssemblyCacheItem, función: Commit, componente: {61613E7A-1DD8-4224-B211-F4CD4A9BA25C}

Record Number: 937
Source Name: MsiInstaller
Time Written: 20090901220957.000000-240
Event Type: error
User: WASABI-344C94FD\Mel

Computer Name: WASABI-344C94FD
Event Code: 101
Message:
Record Number: 881
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090901123402.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: WASABI-344C94FD
Event Code: 101
Message:
Record Number: 877
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090901122902.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: WASABI-344C94FD
Event Code: 1000
Message: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Record Number: 871
Source Name: Application Error
Time Written: 20090901122039.000000-240
Event Type: error
User:

Computer Name: WASABI-344C94FD
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.3562, fault address 0x00008424.

Record Number: 870
Source Name: Application Error
Time Written: 20090901122031.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 PM

Posted 01 October 2009 - 07:15 AM

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Please post back here with the following logs:
  • GooredFix.txt
  • Gmer log
Thanks

unite.jpg


#9 melvynian

melvynian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 04 October 2009 - 12:46 PM

Hello Syler,
I got the two logs here now.
They are attached.
The Gmer log is very big.

Attached Files



#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 PM

Posted 04 October 2009 - 04:39 PM

Hi melvynian,

Nothing to worry about in those logs, please let me know in your next reply if you are still having any problems.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back here with the following logs:
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#11 melvynian

melvynian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 05 October 2009 - 01:40 AM

Hello,
One of my reports says my computer is infected with some stuff.

Here are the two logs. First, the RSIT, second, the kaspersky.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mel at 2009-10-05 02:38:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 47 GB (62%) free of 76 GB
Total RAM: 1014 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:32 AM, on 10/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\eHome\ehRecvr.exe
C:\WINXP\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINXP\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\system32\igfxsrvc.exe
C:\WINXP\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINXP\system32\dllhost.exe
C:\WINXP\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINXP\system32\msiexec.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\WINXP\system32\MsiExec.exe
C:\WINXP\system32\MsiExec.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Mel\Desktop\Scan Tools\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mel.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINXP\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINXP\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINXP\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A788F1D1-6D28-4100-99BA-D7057DF3A1AA}: NameServer = 192.168.1.1
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6493 bytes

======Scheduled tasks folder======

C:\WINXP\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINXP\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINXP\ehome\ehtray.exe [2005-08-05 64512]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"IgfxTray"=C:\WINXP\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINXP\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINXP\system32\igfxpers.exe [2007-03-30 138008]
"DLA"=C:\WINXP\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-04 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINXP\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINXP\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINXP\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINXP\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NofolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Mel\My Documents\Downloads\utorrent.exe"="C:\Documents and Settings\Mel\My Documents\Downloads\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-10-04 18:36:58 ----A---- C:\WINXP\system32\javaws.exe
2009-10-04 18:36:58 ----A---- C:\WINXP\system32\javaw.exe
2009-10-04 18:36:58 ----A---- C:\WINXP\system32\java.exe
2009-10-04 18:35:35 ----D---- C:\WINXP\system32\appmgmt
2009-10-04 11:40:33 ----A---- C:\WINXP\system32\muweb.dll
2009-10-04 11:40:33 ----A---- C:\WINXP\system32\mucltui.dll.mui
2009-10-04 11:40:33 ----A---- C:\WINXP\system32\mucltui.dll
2009-10-04 11:40:31 ----D---- C:\WINXP\LastGood
2009-10-03 17:49:59 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-01 23:44:18 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Windows Genuine Advantage
2009-10-01 22:53:35 ----D---- C:\Program Files\Safari
2009-10-01 21:32:48 ----D---- C:\Documents and Settings\Mel\Application Data\uTorrent
2009-09-30 13:00:05 ----D---- C:\Documents and Settings\Mel\Application Data\Malwarebytes
2009-09-30 12:59:44 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Malwarebytes
2009-09-30 12:59:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-30 12:57:02 ----D---- C:\rsit
2009-09-30 03:49:16 ----D---- C:\WINXP\Sun
2009-09-28 22:28:14 ----A---- C:\WINXP\system32\ptpusb.dll
2009-09-28 22:28:11 ----A---- C:\WINXP\system32\ptpusd.dll
2009-09-26 03:07:00 ----A---- C:\WINXP\system32\wmpns.dll
2009-09-26 03:03:33 ----HDC---- C:\WINXP\$NtUninstallKB929399$
2009-09-26 03:02:06 ----HDC---- C:\WINXP\$NtUninstallKB939683$
2009-09-26 03:00:24 ----HDC---- C:\WINXP\$NtUninstallKB954154_WM11$
2009-09-25 16:58:39 ----A---- C:\WINXP\system32\deploytk.dll
2009-09-25 16:57:27 ----D---- C:\Documents and Settings\Mel\Application Data\Sun
2009-09-24 23:38:21 ----HDC---- C:\WINXP\$NtUninstallKB926239$
2009-09-24 23:37:34 ----N---- C:\WINXP\system32\spmsg.dll
2009-09-24 23:37:33 ----HDC---- C:\WINXP\$NtUninstallMSCompPackV1$
2009-09-24 23:36:39 ----HDC---- C:\WINXP\$NtUninstallwmp11$
2009-09-24 23:34:11 ----HDC---- C:\WINXP\$NtUninstallWMFDist11$
2009-09-24 23:32:26 ----D---- C:\WINXP\system32\LogFiles
2009-09-24 23:32:20 ----HDC---- C:\WINXP\$NtUninstallWudf01000$
2009-09-24 23:30:32 ----HDC---- C:\WINXP\$NtUninstallKB925766$
2009-09-24 23:25:15 ----A---- C:\MCfltstat.txt
2009-09-24 23:24:22 ----D---- C:\Program Files\Elecard
2009-09-22 20:35:04 ----D---- C:\Documents and Settings\Mel\Application Data\Help
2009-09-16 22:22:20 ----D---- C:\Program Files\MSECache
2009-09-16 22:15:24 ----A---- C:\WINXP\ODBC.INI
2009-09-16 22:15:06 ----A---- C:\WINXP\system32\mdimon.dll
2009-09-16 22:14:25 ----D---- C:\WINXP\SHELLNEW
2009-09-16 22:13:34 ----D---- C:\Program Files\Microsoft.NET
2009-09-13 16:30:17 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 13:41:52 ----A---- C:\WINXP\system32\hidserv.dll
2009-09-09 22:09:38 ----HDC---- C:\WINXP\$NtUninstallKB956844$
2009-09-09 22:09:31 ----HDC---- C:\WINXP\$NtUninstallKB968816_WM9$
2009-09-09 22:09:24 ----HDC---- C:\WINXP\$NtUninstallKB971961$
2009-09-09 22:08:41 ----HDC---- C:\WINXP\$NtUninstallKB973768$
2009-09-08 02:15:26 ----A---- C:\RootRepeal report 09-08-09 (02-15-26).txt
2009-09-08 02:03:15 ----A---- C:\RootRepeal report 09-08-09 (02-03-15).txt
2009-09-06 23:21:43 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2009-10-05 02:38:13 ----D---- C:\WINXP\Temp
2009-10-05 02:38:07 ----D---- C:\WINXP\Prefetch
2009-10-04 19:32:35 ----SHD---- C:\WINXP\Installer
2009-10-04 19:32:32 ----D---- C:\Config.Msi
2009-10-04 19:32:19 ----D---- C:\WINXP\pchealth
2009-10-04 18:38:01 ----D---- C:\Program Files\Mozilla Firefox
2009-10-04 18:36:59 ----D---- C:\WINXP\system32
2009-10-04 18:36:24 ----D---- C:\Program Files\Java
2009-10-04 12:10:37 ----D---- C:\WINXP\system32\CatRoot
2009-10-04 12:09:34 ----D---- C:\WINXP\system32\CatRoot2
2009-10-04 12:09:34 ----D---- C:\WINXP\system32\CatRoot_bak
2009-10-04 12:09:31 ----HD---- C:\WINXP\inf
2009-10-04 11:40:31 ----D---- C:\WINXP
2009-10-04 11:26:29 ----A---- C:\WINXP\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-10-04 10:21:03 ----D---- C:\WINXP\Registration
2009-10-03 17:49:59 ----RD---- C:\Program Files
2009-10-02 23:08:56 ----SD---- C:\Documents and Settings\Mel\Application Data\Microsoft
2009-10-01 23:45:21 ----D---- C:\Documents and Settings\Mel\Application Data\Apple Computer
2009-10-01 23:06:50 ----D---- C:\Program Files\iTunes
2009-10-01 23:05:57 ----D---- C:\Program Files\iPod
2009-09-30 12:59:58 ----D---- C:\WINXP\system32\drivers
2009-09-30 04:00:34 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Adobe
2009-09-30 04:00:31 ----D---- C:\Program Files\Common Files\Adobe
2009-09-28 22:28:23 ----RSHDC---- C:\WINXP\system32\dllcache
2009-09-26 03:12:52 ----A---- C:\WINXP\SchedLgU.Txt
2009-09-26 03:02:10 ----A---- C:\WINXP\imsins.BAK
2009-09-25 03:07:45 ----D---- C:\WINXP\AppPatch
2009-09-24 23:37:05 ----A---- C:\WINXP\win.ini
2009-09-24 23:36:51 ----D---- C:\Program Files\Windows Media Player
2009-09-24 23:36:50 ----D---- C:\WINXP\Help
2009-09-24 23:30:41 ----D---- C:\WINXP\ehome
2009-09-24 23:27:22 ----D---- C:\Program Files\Common Files
2009-09-22 19:59:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-16 22:22:39 ----RSD---- C:\WINXP\Fonts
2009-09-16 22:22:33 ----D---- C:\Program Files\Microsoft Office
2009-09-16 22:13:34 ----SD---- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft
2009-09-16 22:10:30 ----D---- C:\WINXP\system
2009-09-13 16:29:15 ----D---- C:\Program Files\QuickTime
2009-09-13 16:28:23 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Apple Computer
2009-09-13 16:25:38 ----D---- C:\Program Files\Common Files\Apple
2009-09-13 16:24:09 ----DC---- C:\WINXP\system32\DRVSTORE
2009-09-10 20:29:00 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-09-10 20:28:45 ----D---- C:\Program Files\Symantec
2009-09-10 20:28:44 ----A---- C:\WINXP\system32\S32EVNT1.DLL
2009-09-10 20:27:56 ----RA---- C:\WINXP\system32\GEARAspi.dll
2009-09-09 22:09:37 ----HD---- C:\WINXP\$hf_mig$
2009-09-06 01:34:19 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\NOS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\WINXP\System32\Drivers\N360\0305020.00B\ccHPx86.sys [2009-08-22 482432]
R1 DLACDBHM;DLACDBHM; C:\WINXP\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINXP\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users.WINXP\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINXP\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINXP\System32\Drivers\N360\0305020.00B\SRTSP.SYS [2009-08-22 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINXP\system32\drivers\N360\0305020.00B\SRTSPX.SYS [2009-08-22 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMTDI.SYS [2009-08-22 217136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINXP\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINXP\system32\DRIVERS\AegisP.sys [2009-06-10 21361]
R2 DLABOIOM;DLABOIOM; C:\WINXP\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINXP\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINXP\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINXP\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINXP\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINXP\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINXP\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINXP\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINXP\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 rimmptsk;rimmptsk; C:\WINXP\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINXP\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINXP\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;WLAN Transport; C:\WINXP\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Arp1394;1394 ARP Client Protocol; C:\WINXP\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINXP\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINXP\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINXP\System32\Drivers\GEARAspiWDM.sys [2009-09-10 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINXP\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINXP\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINXP\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINXP\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users.WINXP\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091004.019\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users.WINXP\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091004.019\NAVEX15.SYS []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINXP\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;1394 Net Driver; C:\WINXP\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 sdbus;sdbus; C:\WINXP\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINXP\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SymEvent;SymEvent; \??\C:\WINXP\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMFW.SYS [2009-08-22 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMIDS.SYS [2009-08-22 33072]
R3 SymIMMP;SymIMMP; C:\WINXP\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMNDIS.SYS [2009-08-22 36400]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINXP\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINXP\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINXP\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINXP\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 kbdhid;Keyboard HID Driver; C:\WINXP\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 OMCI;OMCI; \??\C:\WINXP\SYSTEM32\DRIVERS\OMCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINXP\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 kwrorpog;kwrorpog; \??\C:\DOCUME~1\Mel\LOCALS~1\Temp\kwrorpog.sys []
S3 MHNDRV;MHN driver; C:\WINXP\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINXP\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINXP\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINXP\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\WINXP\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINXP\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINXP\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINXP\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINXP\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINXP\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINXP\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-04 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINXP\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [2009-08-22 117640]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
R3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINXP\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus® Helper; C:\WINXP\System32\svchost.exe [2004-08-10 14336]
S3 MHN;MHN; C:\WINXP\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINXP\system32\svchost.exe [2004-08-10 14336]

-----------------EOF-----------------

KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, October 5, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, October 05, 2009 00:05:14
Records in database: 2910524
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Objects scanned 84786
Threats found 3
Infected objects found 4
Suspicious objects found 0
Scan duration 03:10:43

File name Threat Threats count
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HU7GFJXO\pool[1] Infected: Trojan-Downloader.JS.LuckySploit.m 1
C:\WINDOWS\system32\dllcache\kernel32.dll Infected: Trojan.Win32.Patched.gr 1
C:\WINDOWS\system32\kernel32.dll Infected: Trojan.Win32.Patched.gr 1
C:\WINDOWS\system32\sfcfiles.dll Infected: Trojan.Win32.Patched.fr 1
Selected area has been scanned.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 PM

Posted 05 October 2009 - 12:08 PM

It does indeed say you are infected and unfortunately they are some legitimate files that have been patched, so we will need to try and find some replacements.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy the content of the following codebox into the main textfield :
    :filefind
    kernel32.dll
    sfcfiles.dll
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan, Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

Download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Then please post back with system look.txt and a new Rsit log.

unite.jpg


#13 melvynian

melvynian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 05 October 2009 - 08:07 PM

Hello Again,
I got those two logs there, and used the cleaner.
I am a bit confused. On the ATF menu, it said something like "delete firefox passwords" I did delete them, but then when I went back on to my email, the password was still saved. I don't know if that matters.



SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:47 on 05/10/2009 by Mel (Administrator - Elevation successful)

========== filefind ==========

Searching for "kernel32.dll"
C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll --a--- 986112 bytes [16:07 16/04/2007] [16:07 16/04/2007] 09F7CB3687F86EDAA4CA081F7AB66C03
C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll -----c 983552 bytes [18:32 20/07/2007] [10:00 04/08/2004] 888190E31455FAD793312F8D087146EB
C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2gdr\kernel32.dll --a--- 986112 bytes [14:18 21/03/2009] [14:18 21/03/2009] B6ACAED7588295129791E0E6A2B0FADE
C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2qfe\kernel32.dll --a--- 989184 bytes [13:54 21/03/2009] [13:54 21/03/2009] 80202858D245FF07DAA1739C57A3E19B
C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll --a--- 989696 bytes [14:06 21/03/2009] [14:06 21/03/2009] B921FB870C9AC0D509B2CCABBBBE95F3
C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll --a--- 991744 bytes [13:59 21/03/2009] [13:59 21/03/2009] DA11D9D6ECBDF0F93436A4B7C13F7BEC
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll --a--- 989696 bytes [05:06 19/08/2008] [00:11 14/04/2008] C24B983D211C34DA8FCC1AC38477971D
C:\WINDOWS\system32\dllcache\kernel32.dll --a--c 984576 bytes [10:00 04/08/2004] [15:52 16/04/2007] 02AFFC65F15983CE6FACC5CFD620C370
C:\WINDOWS\system32\kernel32.dll --a--- 984576 bytes [10:00 04/08/2004] [15:52 16/04/2007] 02AFFC65F15983CE6FACC5CFD620C370
C:\WINXP\$hf_mig$\KB959426\SP2QFE\kernel32.dll --a--- 989184 bytes [13:54 21/03/2009] [13:54 21/03/2009] 80202858D245FF07DAA1739C57A3E19B
C:\WINXP\$hf_mig$\KB959426\SP3GDR\kernel32.dll --a--- 989696 bytes [14:06 21/03/2009] [14:06 21/03/2009] B921FB870C9AC0D509B2CCABBBBE95F3
C:\WINXP\$hf_mig$\KB959426\SP3QFE\kernel32.dll --a--- 991744 bytes [13:59 21/03/2009] [13:59 21/03/2009] DA11D9D6ECBDF0F93436A4B7C13F7BEC
C:\WINXP\$NtUninstallKB959426$\kernel32.dll -----c 983552 bytes [12:39 12/06/2009] [11:00 10/08/2004] 888190E31455FAD793312F8D087146EB
C:\WINXP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll --a--- 989696 bytes [16:06 04/10/2009] [00:11 14/04/2008] C24B983D211C34DA8FCC1AC38477971D
C:\WINXP\system32\dllcache\kernel32.dll --a--c 986112 bytes [11:00 10/08/2004] [14:18 21/03/2009] B6ACAED7588295129791E0E6A2B0FADE
C:\WINXP\system32\kernel32.dll --a--- 986112 bytes [11:00 10/08/2004] [14:18 21/03/2009] B6ACAED7588295129791E0E6A2B0FADE

Searching for "sfcfiles.dll"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll --a--- 1614848 bytes [05:07 19/08/2008] [00:12 14/04/2008] 9DD07AF82244867CA36681EA2D29CE79
C:\WINDOWS\system32\dllcache\sfcfiles.dll --a--c 1580544 bytes [10:00 04/08/2004] [10:00 04/08/2004] 30A609E00BD1D4FFC49D6B5A432BE7F2
C:\WINDOWS\system32\sfcfiles.dll --a--- 1580544 bytes [10:00 04/08/2004] [10:00 04/08/2004] 42C9B2DAE48767A7FC2A1190A2BCAD81
C:\WINXP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll --a--- 1614848 bytes [16:07 04/10/2009] [00:12 14/04/2008] 9DD07AF82244867CA36681EA2D29CE79
C:\WINXP\system32\dllcache\sfcfiles.dll --a--c 1580544 bytes [11:00 10/08/2004] [11:00 10/08/2004] 30A609E00BD1D4FFC49D6B5A432BE7F2
C:\WINXP\system32\sfcfiles.dll --a--- 1580544 bytes [11:00 10/08/2004] [11:00 10/08/2004] 30A609E00BD1D4FFC49D6B5A432BE7F2

-=End Of File=-





Logfile of random's system information tool 1.06 (written by random/random)
Run by Mel at 2009-10-05 21:03:10
Microsoft Windows XP Professional Service Pack 2
System drive C: has 48 GB (63%) free of 76 GB
Total RAM: 1014 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:29 PM, on 10/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\WINXP\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINXP\system32\hkcmd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\eHome\ehRecvr.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\system32\igfxsrvc.exe
C:\WINXP\System32\DLA\DLACTRLW.EXE
C:\WINXP\eHome\ehSched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINXP\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINXP\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mel\Desktop\Scan Tools\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mel.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINXP\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINXP\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINXP\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A788F1D1-6D28-4100-99BA-D7057DF3A1AA}: NameServer = 192.168.1.1
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6350 bytes

======Scheduled tasks folder======

C:\WINXP\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINXP\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINXP\ehome\ehtray.exe [2005-08-05 64512]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"IgfxTray"=C:\WINXP\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINXP\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINXP\system32\igfxpers.exe [2007-03-30 138008]
"DLA"=C:\WINXP\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-04 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINXP\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINXP\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINXP\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINXP\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NofolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Mel\My Documents\Downloads\utorrent.exe"="C:\Documents and Settings\Mel\My Documents\Downloads\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-10-04 18:36:58 ----A---- C:\WINXP\system32\javaws.exe
2009-10-04 18:36:58 ----A---- C:\WINXP\system32\javaw.exe
2009-10-04 18:36:58 ----A---- C:\WINXP\system32\java.exe
2009-10-04 18:35:35 ----D---- C:\WINXP\system32\appmgmt
2009-10-04 11:40:33 ----A---- C:\WINXP\system32\muweb.dll
2009-10-04 11:40:33 ----A---- C:\WINXP\system32\mucltui.dll.mui
2009-10-04 11:40:33 ----A---- C:\WINXP\system32\mucltui.dll
2009-10-03 17:49:59 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-01 23:44:18 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Windows Genuine Advantage
2009-10-01 22:53:35 ----D---- C:\Program Files\Safari
2009-10-01 21:32:48 ----D---- C:\Documents and Settings\Mel\Application Data\uTorrent
2009-09-30 13:00:05 ----D---- C:\Documents and Settings\Mel\Application Data\Malwarebytes
2009-09-30 12:59:44 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Malwarebytes
2009-09-30 12:59:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-30 12:57:02 ----D---- C:\rsit
2009-09-30 03:49:16 ----D---- C:\WINXP\Sun
2009-09-28 22:28:14 ----A---- C:\WINXP\system32\ptpusb.dll
2009-09-28 22:28:11 ----A---- C:\WINXP\system32\ptpusd.dll
2009-09-26 03:07:00 ----A---- C:\WINXP\system32\wmpns.dll
2009-09-26 03:03:33 ----HDC---- C:\WINXP\$NtUninstallKB929399$
2009-09-26 03:02:06 ----HDC---- C:\WINXP\$NtUninstallKB939683$
2009-09-26 03:00:24 ----HDC---- C:\WINXP\$NtUninstallKB954154_WM11$
2009-09-25 16:58:39 ----A---- C:\WINXP\system32\deploytk.dll
2009-09-25 16:57:27 ----D---- C:\Documents and Settings\Mel\Application Data\Sun
2009-09-24 23:38:21 ----HDC---- C:\WINXP\$NtUninstallKB926239$
2009-09-24 23:37:34 ----N---- C:\WINXP\system32\spmsg.dll
2009-09-24 23:37:33 ----HDC---- C:\WINXP\$NtUninstallMSCompPackV1$
2009-09-24 23:36:39 ----HDC---- C:\WINXP\$NtUninstallwmp11$
2009-09-24 23:34:11 ----HDC---- C:\WINXP\$NtUninstallWMFDist11$
2009-09-24 23:32:26 ----D---- C:\WINXP\system32\LogFiles
2009-09-24 23:32:20 ----HDC---- C:\WINXP\$NtUninstallWudf01000$
2009-09-24 23:30:32 ----HDC---- C:\WINXP\$NtUninstallKB925766$
2009-09-24 23:25:15 ----A---- C:\MCfltstat.txt
2009-09-24 23:24:22 ----D---- C:\Program Files\Elecard
2009-09-22 20:35:04 ----D---- C:\Documents and Settings\Mel\Application Data\Help
2009-09-16 22:22:20 ----D---- C:\Program Files\MSECache
2009-09-16 22:15:24 ----A---- C:\WINXP\ODBC.INI
2009-09-16 22:15:06 ----A---- C:\WINXP\system32\mdimon.dll
2009-09-16 22:14:25 ----D---- C:\WINXP\SHELLNEW
2009-09-16 22:13:34 ----D---- C:\Program Files\Microsoft.NET
2009-09-13 16:30:17 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 13:41:52 ----A---- C:\WINXP\system32\hidserv.dll
2009-09-09 22:09:38 ----HDC---- C:\WINXP\$NtUninstallKB956844$
2009-09-09 22:09:31 ----HDC---- C:\WINXP\$NtUninstallKB968816_WM9$
2009-09-09 22:09:24 ----HDC---- C:\WINXP\$NtUninstallKB971961$
2009-09-09 22:08:41 ----HDC---- C:\WINXP\$NtUninstallKB973768$
2009-09-08 02:15:26 ----A---- C:\RootRepeal report 09-08-09 (02-15-26).txt
2009-09-08 02:03:15 ----A---- C:\RootRepeal report 09-08-09 (02-03-15).txt
2009-09-06 23:21:43 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2009-10-05 21:00:05 ----D---- C:\WINXP\Temp
2009-10-05 20:58:34 ----D---- C:\Program Files\Mozilla Firefox
2009-10-05 20:58:12 ----D---- C:\WINXP\Prefetch
2009-10-05 20:40:57 ----D---- C:\WINXP\Registration
2009-10-05 20:40:54 ----D---- C:\WINXP
2009-10-05 20:37:34 ----A---- C:\WINXP\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-10-04 19:32:35 ----SHD---- C:\WINXP\Installer
2009-10-04 19:32:32 ----D---- C:\Config.Msi
2009-10-04 19:32:19 ----D---- C:\WINXP\pchealth
2009-10-04 18:36:59 ----D---- C:\WINXP\system32
2009-10-04 18:36:24 ----D---- C:\Program Files\Java
2009-10-04 12:10:37 ----D---- C:\WINXP\system32\CatRoot
2009-10-04 12:09:34 ----D---- C:\WINXP\system32\CatRoot2
2009-10-04 12:09:34 ----D---- C:\WINXP\system32\CatRoot_bak
2009-10-04 12:09:31 ----HD---- C:\WINXP\inf
2009-10-03 17:49:59 ----RD---- C:\Program Files
2009-10-02 23:08:56 ----SD---- C:\Documents and Settings\Mel\Application Data\Microsoft
2009-10-01 23:45:21 ----D---- C:\Documents and Settings\Mel\Application Data\Apple Computer
2009-10-01 23:06:50 ----D---- C:\Program Files\iTunes
2009-10-01 23:05:57 ----D---- C:\Program Files\iPod
2009-09-30 12:59:58 ----D---- C:\WINXP\system32\drivers
2009-09-30 04:00:34 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Adobe
2009-09-30 04:00:31 ----D---- C:\Program Files\Common Files\Adobe
2009-09-28 22:28:23 ----RSHDC---- C:\WINXP\system32\dllcache
2009-09-26 03:12:52 ----A---- C:\WINXP\SchedLgU.Txt
2009-09-26 03:02:10 ----A---- C:\WINXP\imsins.BAK
2009-09-25 03:07:45 ----D---- C:\WINXP\AppPatch
2009-09-24 23:37:05 ----A---- C:\WINXP\win.ini
2009-09-24 23:36:51 ----D---- C:\Program Files\Windows Media Player
2009-09-24 23:36:50 ----D---- C:\WINXP\Help
2009-09-24 23:30:41 ----D---- C:\WINXP\ehome
2009-09-24 23:27:22 ----D---- C:\Program Files\Common Files
2009-09-22 19:59:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-16 22:22:39 ----RSD---- C:\WINXP\Fonts
2009-09-16 22:22:33 ----D---- C:\Program Files\Microsoft Office
2009-09-16 22:13:34 ----SD---- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft
2009-09-16 22:10:30 ----D---- C:\WINXP\system
2009-09-13 16:29:15 ----D---- C:\Program Files\QuickTime
2009-09-13 16:28:23 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Apple Computer
2009-09-13 16:25:38 ----D---- C:\Program Files\Common Files\Apple
2009-09-13 16:24:09 ----DC---- C:\WINXP\system32\DRVSTORE
2009-09-10 20:29:00 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-09-10 20:28:45 ----D---- C:\Program Files\Symantec
2009-09-10 20:28:44 ----A---- C:\WINXP\system32\S32EVNT1.DLL
2009-09-10 20:27:56 ----RA---- C:\WINXP\system32\GEARAspi.dll
2009-09-09 22:09:37 ----HD---- C:\WINXP\$hf_mig$
2009-09-06 01:34:19 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\NOS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\WINXP\System32\Drivers\N360\0305020.00B\ccHPx86.sys [2009-08-22 482432]
R1 DLACDBHM;DLACDBHM; C:\WINXP\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINXP\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users.WINXP\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINXP\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINXP\System32\Drivers\N360\0305020.00B\SRTSP.SYS [2009-08-22 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINXP\system32\drivers\N360\0305020.00B\SRTSPX.SYS [2009-08-22 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMTDI.SYS [2009-08-22 217136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINXP\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINXP\system32\DRIVERS\AegisP.sys [2009-06-10 21361]
R2 DLABOIOM;DLABOIOM; C:\WINXP\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINXP\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINXP\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINXP\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINXP\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINXP\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINXP\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINXP\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINXP\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 rimmptsk;rimmptsk; C:\WINXP\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINXP\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINXP\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;WLAN Transport; C:\WINXP\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Arp1394;1394 ARP Client Protocol; C:\WINXP\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINXP\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINXP\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINXP\System32\Drivers\GEARAspiWDM.sys [2009-09-10 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINXP\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINXP\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINXP\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINXP\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users.WINXP\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091005.023\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users.WINXP\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091005.023\NAVEX15.SYS []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINXP\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;1394 Net Driver; C:\WINXP\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 sdbus;sdbus; C:\WINXP\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINXP\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SymEvent;SymEvent; \??\C:\WINXP\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMFW.SYS [2009-08-22 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMIDS.SYS [2009-08-22 33072]
R3 SymIMMP;SymIMMP; C:\WINXP\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMNDIS.SYS [2009-08-22 36400]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINXP\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINXP\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINXP\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINXP\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 kbdhid;Keyboard HID Driver; C:\WINXP\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 OMCI;OMCI; \??\C:\WINXP\SYSTEM32\DRIVERS\OMCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINXP\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MHNDRV;MHN driver; C:\WINXP\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINXP\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINXP\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINXP\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\WINXP\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINXP\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINXP\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINXP\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINXP\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINXP\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINXP\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-04 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINXP\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [2009-08-22 117640]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINXP\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus® Helper; C:\WINXP\System32\svchost.exe [2004-08-10 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINXP\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINXP\system32\svchost.exe [2004-08-10 14336]

-----------------EOF-----------------

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 PM

Posted 07 October 2009 - 10:32 AM

Hi,

Can you let me know in your next reply if you are stil having any problems.

Please click this link-->Jotti
When the jotti page has finished loading, click the Browse button and navigate to the following files one by one and click Submit.

C:\WINXP\system32\kernel32.dll
C:\WINXP\system32\sfcfiles.dll

Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


Then update Malwarebytes and run a full scan, and post back with the following:
  • Jotti results
  • MBAM log
  • New Rsit log
Thanks

unite.jpg


#15 melvynian

melvynian
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 October 2009 - 11:27 PM

Hey Syler
Ive been using google for a couple of days without any problems. I did all three tests and they all came up negative. I think you did a good job.
The Jotti scan didn't have a log, but it said that everything was okay. Thanks in advance! I only did the quick scan with the MBAM, I just realized. I will post the full one in a couple of minutes, when it is done.


Here Are the other two logs:
Malwarebytes' Anti-Malware 1.41
Database version: 2877
Windows 5.1.2600 Service Pack 2

10/10/2009 12:24:11 AM
mbam-log-2009-10-10 (00-24-11).txt

Scan type: Quick Scan
Objects scanned: 136196
Time elapsed: 10 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mel at 2009-10-10 00:13:09
Microsoft Windows XP Professional Service Pack 2
System drive C: has 47 GB (62%) free of 76 GB
Total RAM: 1014 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:26 AM, on 10/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\WINXP\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxsrvc.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\eHome\ehRecvr.exe
C:\WINXP\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINXP\system32\dllhost.exe
C:\WINXP\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINXP\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mel\Desktop\Scan Tools\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mel.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINXP\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINXP\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINXP\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A788F1D1-6D28-4100-99BA-D7057DF3A1AA}: NameServer = 192.168.1.1
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6499 bytes

======Scheduled tasks folder======

C:\WINXP\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINXP\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINXP\ehome\ehtray.exe [2005-08-05 64512]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"IgfxTray"=C:\WINXP\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINXP\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINXP\system32\igfxpers.exe [2007-03-30 138008]
"DLA"=C:\WINXP\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-04 149280]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINXP\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINXP\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINXP\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINXP\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NofolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Mel\My Documents\Downloads\utorrent.exe"="C:\Documents and Settings\Mel\My Documents\Downloads\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-10-04 18:36:58 ----A---- C:\WINXP\system32\javaws.exe
2009-10-04 18:36:58 ----A---- C:\WINXP\system32\javaw.exe
2009-10-04 18:36:58 ----A---- C:\WINXP\system32\java.exe
2009-10-04 18:35:35 ----D---- C:\WINXP\system32\appmgmt
2009-10-04 11:40:33 ----A---- C:\WINXP\system32\muweb.dll
2009-10-04 11:40:33 ----A---- C:\WINXP\system32\mucltui.dll.mui
2009-10-04 11:40:33 ----A---- C:\WINXP\system32\mucltui.dll
2009-10-03 17:49:59 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-01 23:44:18 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Windows Genuine Advantage
2009-10-01 22:53:35 ----D---- C:\Program Files\Safari
2009-10-01 21:32:48 ----D---- C:\Documents and Settings\Mel\Application Data\uTorrent
2009-09-30 13:00:05 ----D---- C:\Documents and Settings\Mel\Application Data\Malwarebytes
2009-09-30 12:59:44 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Malwarebytes
2009-09-30 12:59:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-30 12:57:02 ----D---- C:\rsit
2009-09-30 03:49:16 ----D---- C:\WINXP\Sun
2009-09-28 22:28:14 ----A---- C:\WINXP\system32\ptpusb.dll
2009-09-28 22:28:11 ----A---- C:\WINXP\system32\ptpusd.dll
2009-09-26 03:07:00 ----A---- C:\WINXP\system32\wmpns.dll
2009-09-26 03:03:33 ----HDC---- C:\WINXP\$NtUninstallKB929399$
2009-09-26 03:02:06 ----HDC---- C:\WINXP\$NtUninstallKB939683$
2009-09-26 03:00:24 ----HDC---- C:\WINXP\$NtUninstallKB954154_WM11$
2009-09-25 16:58:39 ----A---- C:\WINXP\system32\deploytk.dll
2009-09-25 16:57:27 ----D---- C:\Documents and Settings\Mel\Application Data\Sun
2009-09-24 23:38:21 ----HDC---- C:\WINXP\$NtUninstallKB926239$
2009-09-24 23:37:34 ----N---- C:\WINXP\system32\spmsg.dll
2009-09-24 23:37:33 ----HDC---- C:\WINXP\$NtUninstallMSCompPackV1$
2009-09-24 23:36:39 ----HDC---- C:\WINXP\$NtUninstallwmp11$
2009-09-24 23:34:11 ----HDC---- C:\WINXP\$NtUninstallWMFDist11$
2009-09-24 23:32:26 ----D---- C:\WINXP\system32\LogFiles
2009-09-24 23:32:20 ----HDC---- C:\WINXP\$NtUninstallWudf01000$
2009-09-24 23:30:32 ----HDC---- C:\WINXP\$NtUninstallKB925766$
2009-09-24 23:25:15 ----A---- C:\MCfltstat.txt
2009-09-24 23:24:22 ----D---- C:\Program Files\Elecard
2009-09-22 20:35:04 ----D---- C:\Documents and Settings\Mel\Application Data\Help
2009-09-16 22:22:20 ----D---- C:\Program Files\MSECache
2009-09-16 22:15:24 ----A---- C:\WINXP\ODBC.INI
2009-09-16 22:15:06 ----A---- C:\WINXP\system32\mdimon.dll
2009-09-16 22:14:25 ----D---- C:\WINXP\SHELLNEW
2009-09-16 22:13:34 ----D---- C:\Program Files\Microsoft.NET
2009-09-13 16:30:17 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 13:41:52 ----A---- C:\WINXP\system32\hidserv.dll

======List of files/folders modified in the last 1 months======

2009-10-10 00:13:17 ----D---- C:\WINXP\Prefetch
2009-10-10 00:04:26 ----D---- C:\Program Files\Mozilla Firefox
2009-10-09 22:21:45 ----D---- C:\WINXP\Temp
2009-10-09 20:02:30 ----A---- C:\WINXP\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-10-08 22:44:27 ----D---- C:\WINXP
2009-10-08 20:31:34 ----D---- C:\WINXP\Registration
2009-10-08 10:59:02 ----A---- C:\WINXP\SchedLgU.Txt
2009-10-08 10:58:59 ----D---- C:\WINXP\system32\CatRoot2
2009-10-07 03:22:16 ----D---- C:\Config.Msi
2009-10-07 03:08:39 ----SHD---- C:\WINXP\Installer
2009-10-06 20:43:49 ----RSD---- C:\WINXP\Fonts
2009-10-06 20:43:01 ----D---- C:\WINXP\system32
2009-10-06 20:42:59 ----D---- C:\WINXP\pchealth
2009-10-06 20:40:30 ----D---- C:\WINXP\WinSxS
2009-10-05 22:40:32 ----D---- C:\Program Files\CyberLink
2009-10-05 22:40:27 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-04 18:36:24 ----D---- C:\Program Files\Java
2009-10-04 12:10:37 ----D---- C:\WINXP\system32\CatRoot
2009-10-04 12:09:34 ----D---- C:\WINXP\system32\CatRoot_bak
2009-10-04 12:09:31 ----HD---- C:\WINXP\inf
2009-10-03 17:49:59 ----RD---- C:\Program Files
2009-10-02 23:08:56 ----SD---- C:\Documents and Settings\Mel\Application Data\Microsoft
2009-10-01 23:45:21 ----D---- C:\Documents and Settings\Mel\Application Data\Apple Computer
2009-10-01 23:06:50 ----D---- C:\Program Files\iTunes
2009-10-01 23:05:57 ----D---- C:\Program Files\iPod
2009-09-30 12:59:58 ----D---- C:\WINXP\system32\drivers
2009-09-30 04:00:34 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Adobe
2009-09-30 04:00:31 ----D---- C:\Program Files\Common Files\Adobe
2009-09-28 22:28:23 ----RSHDC---- C:\WINXP\system32\dllcache
2009-09-26 03:02:10 ----A---- C:\WINXP\imsins.BAK
2009-09-25 03:07:45 ----D---- C:\WINXP\AppPatch
2009-09-24 23:37:05 ----A---- C:\WINXP\win.ini
2009-09-24 23:36:51 ----D---- C:\Program Files\Windows Media Player
2009-09-24 23:36:50 ----D---- C:\WINXP\Help
2009-09-24 23:30:41 ----D---- C:\WINXP\ehome
2009-09-24 23:27:22 ----D---- C:\Program Files\Common Files
2009-09-22 19:59:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-16 22:22:33 ----D---- C:\Program Files\Microsoft Office
2009-09-16 22:13:34 ----SD---- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft
2009-09-16 22:10:30 ----D---- C:\WINXP\system
2009-09-13 16:29:15 ----D---- C:\Program Files\QuickTime
2009-09-13 16:28:23 ----D---- C:\Documents and Settings\All Users.WINXP\Application Data\Apple Computer
2009-09-13 16:25:38 ----D---- C:\Program Files\Common Files\Apple
2009-09-13 16:24:09 ----DC---- C:\WINXP\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\WINXP\System32\Drivers\N360\0305020.00B\ccHPx86.sys [2009-08-22 482432]
R1 DLACDBHM;DLACDBHM; C:\WINXP\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINXP\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users.WINXP\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINXP\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINXP\System32\Drivers\N360\0305020.00B\SRTSP.SYS [2009-08-22 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINXP\system32\drivers\N360\0305020.00B\SRTSPX.SYS [2009-08-22 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMTDI.SYS [2009-08-22 217136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINXP\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINXP\system32\DRIVERS\AegisP.sys [2009-06-10 21361]
R2 DLABOIOM;DLABOIOM; C:\WINXP\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINXP\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINXP\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINXP\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINXP\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINXP\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINXP\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINXP\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINXP\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 rimmptsk;rimmptsk; C:\WINXP\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINXP\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINXP\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;WLAN Transport; C:\WINXP\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Arp1394;1394 ARP Client Protocol; C:\WINXP\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINXP\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINXP\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINXP\System32\Drivers\GEARAspiWDM.sys [2009-09-10 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINXP\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINXP\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINXP\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINXP\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users.WINXP\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091009.008\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users.WINXP\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091009.008\NAVEX15.SYS []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINXP\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;1394 Net Driver; C:\WINXP\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 sdbus;sdbus; C:\WINXP\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINXP\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SymEvent;SymEvent; \??\C:\WINXP\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMFW.SYS [2009-08-22 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMIDS.SYS [2009-08-22 33072]
R3 SymIMMP;SymIMMP; C:\WINXP\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINXP\System32\Drivers\N360\0305020.00B\SYMNDIS.SYS [2009-08-22 36400]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINXP\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINXP\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINXP\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINXP\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 kbdhid;Keyboard HID Driver; C:\WINXP\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 OMCI;OMCI; \??\C:\WINXP\SYSTEM32\DRIVERS\OMCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINXP\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MHNDRV;MHN driver; C:\WINXP\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINXP\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINXP\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINXP\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\WINXP\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINXP\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINXP\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINXP\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINXP\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINXP\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINXP\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-04 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINXP\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [2009-08-22 117640]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINXP\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus® Helper; C:\WINXP\System32\svchost.exe [2004-08-10 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINXP\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINXP\system32\svchost.exe [2004-08-10 14336]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users