Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.FakeAV virus found


  • This topic is locked This topic is locked
11 replies to this topic

#1 ducciken

ducciken

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 02 February 2010 - 08:31 PM

This machine is a Dell Latitude D820 running XP Professional. After picking up this virus, it disabled my Symantec Antivirus and Zonelabs firewall. The machine began to hang and would not shut down properly. I restored the system to an earlier restore point, but that did not resolve the problems. Concluding that system files were affected, I did a windows system repair, but that also did not fix the issues. I bought and installed Norton 360 for virus fixing, file backup, and system repair. It found and removed the Trojan.FakeAV virus two times three days apart. I updated XP to SP/3 and tried updating to the latest Dell device drivers, but the Broadcom I/C driver and wireless drivers would not install to completion. The machine was still running very slowly and while no longer hanging, it would occasionally crash with stop errors (0X0000007E/ 0X0000008E) and would still not shutdown properly. While doing research, I came across ComboFix and ran it. It deleted one folder and one file as shown below:

C:\data
c:\windows\EventSystem.log

The machine seemed to run much better and I was able to complete the installs of the device drivers that previously failed. I have run all the items requested and pasted/attached the results. I just want to confirm that everything has been fixed or know if there are any additional issues that need to be addressed. Thank-you in advance for your help.


<<<<<<<<<<<<<<<<<<<< DDS.TXT follows >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ken Duccini at 21:30:36.48 on Mon 02/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.290 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\KENDUC~1\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ken Duccini\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070116
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\avg\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {8EAB99C9-F9EC-4B64-A4BA-D9BCAE8779C2} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\avg\spyware doctor\bdt\PCTBrowserDefender.dll
EB: {c3c07ad6-ace9-43ee-a2af-45bc13f6275f} - &Yapta
EB: {e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {432D0F57-8C30-4cd5-9E5A-68C200855A9D} - {C9CCBB35-D123-4a31-AFFC-9B2933132116}
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262643657843
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262656261765
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-4 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-2 207792]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys [2010-1-17 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2010-1-17 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys [2010-1-17 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100128.002\IDSXpx86.sys [2010-1-29 329592]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2005-10-18 61440]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\avg\spyware doctor\bdt\BDTUpdateService.exe [2010-1-2 112592]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.2.11\ccSvcHst.exe [2010-1-17 117640]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-8-11 30208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-31 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100201.033\NAVENG.SYS [2010-2-1 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100201.033\NAVEX15.SYS [2010-2-1 1323568]
S3 cpuz128;cpuz128;\??\c:\docume~1\kenduc~1\locals~1\temp\cpuz_x32.sys --> c:\docume~1\kenduc~1\locals~1\temp\cpuz_x32.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-1-16 29744]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [2004-6-15 7882]
S3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-8-11 224768]
S3 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-10-7 647168]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\avg\spyware doctor\pctsAuxs.exe [2010-1-2 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\avg\spyware doctor\pctsSvc.exe [2010-1-2 1141712]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]

=============== Created Last 30 ================

2010-02-01 02:19:22 0 d-sha-r- C:\cmdcons
2010-02-01 00:22:29 7049 ----a-w- c:\windows\bcm9.tmp
2010-01-31 23:05:06 0 d-----w- c:\program files\common files\Zeepe Framework 7
2010-01-31 23:05:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Novatel Wireless
2010-01-31 20:12:20 7049 ----a-w- c:\windows\bcmC.tmp
2010-01-31 19:16:33 68696 ----a-w- c:\windows\system32\drivers\oz776.sys
2010-01-31 19:16:24 0 d-----w- c:\program files\O2Micro OZ776 SCR Driver
2010-01-26 01:46:42 0 d-----w- c:\windows\system32\NtmsData
2010-01-25 02:30:47 5 ----a-w- c:\windows\system32\drivers\DELL_LAT_D820.MRK
2010-01-25 02:30:36 666 ----a-w- c:\windows\speed.reg
2010-01-25 02:26:42 0 d-----w- c:\windows\system32\vmm32
2010-01-23 18:29:17 166 ----a-w- c:\windows\system32\Compress.res
2010-01-23 18:29:09 232 ----a-w- c:\windows\reimage.ini
2010-01-23 18:28:34 0 d-----w- C:\rei
2010-01-23 18:28:28 0 d-----w- c:\program files\Reimage
2010-01-23 16:13:09 0 d-----w- c:\program files\Dell Support
2010-01-19 23:39:17 0 d---a-r- c:\program files\Norton Support
2010-01-19 22:48:30 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-01-19 22:48:27 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-01-19 22:48:26 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-01-19 22:48:20 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-01-19 22:48:16 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-01-19 22:47:52 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-01-19 22:47:44 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-01-19 22:47:42 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-01-19 22:47:37 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-01-19 22:47:36 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-01-19 22:47:35 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-01-19 22:47:08 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-01-19 22:47:05 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-01-19 22:45:58 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-01-19 22:44:59 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-01-19 22:43:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2010-01-19 22:42:59 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-01-19 22:41:56 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-01-19 22:40:58 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2010-01-19 22:39:51 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-01-19 22:38:58 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2010-01-19 22:37:56 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-01-19 22:36:58 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2010-01-19 22:35:57 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2010-01-19 22:34:48 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-01-19 22:34:45 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-01-19 22:34:37 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-01-19 22:34:33 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-01-19 22:34:30 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2010-01-19 22:34:29 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2010-01-19 22:34:24 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-01-19 22:34:21 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-01-19 22:34:18 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-01-19 22:34:13 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2010-01-19 22:34:08 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2010-01-19 22:34:04 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-01-19 22:34:01 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2010-01-19 22:32:53 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-01-19 22:32:52 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-01-19 22:32:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-01-19 22:32:38 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-01-19 22:32:36 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-01-19 22:32:20 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-01-19 22:32:17 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-01-19 22:32:17 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
2010-01-19 22:32:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-01-19 22:30:59 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
2010-01-19 22:29:55 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-01-19 22:28:33 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-01-19 22:27:57 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys
2010-01-19 22:26:58 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2010-01-19 22:25:59 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2010-01-19 22:24:59 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-01-19 22:23:59 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2010-01-19 22:22:59 256512 -c--a-w- c:\windows\system32\dllcache\devcon32.dll
2010-01-19 22:21:59 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2010-01-19 22:20:55 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-01-19 22:19:57 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2010-01-19 01:17:57 0 d-sh--w- c:\documents and settings\ken duccini\PrivacIE
2010-01-19 00:48:11 0 d-sh--w- c:\documents and settings\ken duccini\IETldCache
2010-01-19 00:44:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-19 00:44:35 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-19 00:44:35 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-19 00:44:35 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-19 00:44:35 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-19 00:44:35 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-19 00:44:30 0 d-----w- c:\windows\ie8updates
2010-01-19 00:43:19 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-18 01:40:38 0 dc-h--w- c:\windows\ie8
2010-01-17 16:22:11 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-01-17 16:05:11 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-17 16:05:11 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-01-17 15:59:52 0 d-----w- c:\windows\system32\drivers\N360
2010-01-17 15:59:50 0 d-----w- c:\program files\Norton 360
2010-01-17 15:57:55 0 d-----w- c:\program files\NortonInstaller
2010-01-17 15:45:17 0 d-----w- c:\windows\system32\scripting
2010-01-17 15:45:16 0 d-----w- c:\windows\l2schemas
2010-01-17 15:45:15 0 d-----w- c:\windows\system32\en
2010-01-17 15:45:15 0 d-----w- c:\windows\system32\bits
2010-01-17 15:10:56 0 d-----w- c:\windows\system32\XPSViewer
2010-01-17 15:08:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-17 15:08:06 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-17 15:08:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-17 15:08:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-17 15:08:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-17 15:08:05 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-17 15:08:05 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-17 14:58:53 0 d-----w- c:\program files\MSXML 6.0
2010-01-15 03:14:15 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-14 21:48:57 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2010-01-14 21:47:56 375519 -c----w- c:\windows\system32\dllcache\nuskin.wmv
2010-01-14 21:46:59 76800 -c--a-w- c:\windows\system32\dllcache\logui.ocx
2010-01-14 21:45:58 32256 -c--a-w- c:\windows\system32\dllcache\gzip.dll
2010-01-14 21:44:59 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll
2010-01-14 03:58:16 0 d-----w- c:\windows\ServicePackFiles
2010-01-14 00:33:38 2189184 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-14 00:33:33 2066048 -c--a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-14 00:13:40 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-07 23:23:01 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-01-07 23:05:58 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2010-01-07 23:04:58 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-01-07 23:03:57 7680 -c--a-w- c:\windows\system32\dllcache\ftpctrs2.dll
2010-01-07 23:02:59 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-01-07 23:02:48 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-01-07 23:02:48 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-01-07 23:02:47 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-01-07 23:02:46 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-01-07 23:02:46 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-01-07 23:02:45 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-01-07 23:02:40 94720 -c--a-w- c:\windows\system32\dllcache\certmap.ocx
2010-01-07 22:59:31 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-01-07 22:59:22 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-01-07 22:59:22 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-01-07 22:59:22 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-01-07 22:59:22 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-01-07 22:59:22 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-01-07 22:58:53 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-01-07 22:49:24 10559 ----a-r- c:\windows\SET167.tmp
2010-01-07 22:49:23 22339 ----a-r- c:\windows\SET166.tmp
2010-01-07 22:49:16 13753 ----a-r- c:\windows\SET113.tmp
2010-01-07 22:49:11 1086058 ----a-r- c:\windows\SET100.tmp
2010-01-07 22:49:07 1042903 ----a-r- c:\windows\SETFD.tmp
2010-01-07 22:17:35 1132 ----a-w- c:\windows\system32\PQ_BATCH.PQB
2010-01-07 22:06:26 0 ----a-w- c:\windows\system32\pqtmp.fil
2010-01-07 22:01:28 126 ----a-w- c:\windows\_delis43.ini
2010-01-07 21:47:07 10559 ----a-r- c:\windows\SET165.tmp
2010-01-07 21:47:06 22339 ----a-r- c:\windows\SET164.tmp
2010-01-07 21:47:00 13753 ----a-r- c:\windows\SET10B.tmp
2010-01-07 21:46:54 1086058 ----a-r- c:\windows\SETFC.tmp
2010-01-07 21:46:50 1042903 ----a-r- c:\windows\SETF5.tmp
2010-01-07 21:45:10 1063411712 ----a-w- c:\windows\MEMORY.DMP
2010-01-07 21:11:04 10559 ----a-r- c:\windows\SET163.tmp
2010-01-07 21:11:03 22339 ----a-r- c:\windows\SET162.tmp
2010-01-07 21:10:56 13753 ----a-r- c:\windows\SET10A.tmp
2010-01-07 21:10:51 1086058 ----a-r- c:\windows\SETFB.tmp
2010-01-07 21:10:47 1042903 ----a-r- c:\windows\SETF4.tmp
2010-01-07 21:01:23 3252 ----a-w- c:\windows\system32\drivers\PQNTDRV.sys
2010-01-07 21:01:23 1115804 ----a-w- c:\windows\system32\XMNT2000.EXE
2010-01-07 21:00:48 0 d-----w- c:\program files\PowerQuest
2010-01-07 18:13:28 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-01-07 18:13:28 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-01-07 18:13:28 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-01-07 18:13:28 13312 ----a-w- c:\windows\system32\irclass.dll
2010-01-07 18:13:24 10559 ----a-r- c:\windows\SET158.tmp
2010-01-07 18:13:23 22339 ----a-r- c:\windows\SET157.tmp
2010-01-07 18:13:17 13753 ----a-r- c:\windows\SET106.tmp
2010-01-07 18:13:12 1086058 ----a-r- c:\windows\SETF6.tmp
2010-01-07 18:13:08 1042903 ----a-r- c:\windows\SETF3.tmp
2010-01-07 17:01:42 10559 ----a-r- c:\windows\SET154.tmp
2010-01-07 17:01:41 22339 ----a-r- c:\windows\SET153.tmp
2010-01-07 17:01:35 13753 ----a-r- c:\windows\SET102.tmp
2010-01-07 17:01:29 1086058 ----a-r- c:\windows\SETF2.tmp
2010-01-07 17:01:27 1042903 ----a-r- c:\windows\SETEC.tmp
2010-01-07 03:04:03 10559 ----a-r- c:\windows\SET152.tmp
2010-01-07 03:04:02 22339 ----a-r- c:\windows\SET151.tmp
2010-01-07 03:03:55 13753 ----a-r- c:\windows\SET101.tmp
2010-01-07 03:03:50 1086058 ----a-r- c:\windows\SETF1.tmp
2010-01-07 03:03:45 1042903 ----a-r- c:\windows\SETEA.tmp
2010-01-07 02:21:47 10559 ----a-r- c:\windows\SET14A.tmp
2010-01-07 02:21:46 22339 ----a-r- c:\windows\SET149.tmp
2010-01-07 02:21:40 13753 ----a-r- c:\windows\SETF9.tmp
2010-01-07 02:21:36 1086058 ----a-r- c:\windows\SETE9.tmp
2010-01-07 02:21:33 1042903 ----a-r- c:\windows\SETE3.tmp
2010-01-07 00:54:35 22339 ----a-r- c:\windows\SET147.tmp
2010-01-07 00:54:35 10559 ----a-r- c:\windows\SET148.tmp
2010-01-07 00:54:28 13753 ----a-r- c:\windows\SETF8.tmp
2010-01-07 00:54:23 1086058 ----a-r- c:\windows\SETE8.tmp
2010-01-07 00:54:18 1042903 ----a-r- c:\windows\SETE2.tmp
2010-01-07 00:26:25 22339 ----a-r- c:\windows\SET145.tmp
2010-01-07 00:26:25 10559 ----a-r- c:\windows\SET146.tmp
2010-01-07 00:26:17 13753 ----a-r- c:\windows\SETF7.tmp
2010-01-07 00:26:12 1086058 ----a-r- c:\windows\SETE7.tmp
2010-01-07 00:26:09 1042903 ----a-r- c:\windows\SETE1.tmp
2010-01-07 00:15:21 22339 ----a-r- c:\windows\SET13E.tmp
2010-01-07 00:15:21 10559 ----a-r- c:\windows\SET13F.tmp
2010-01-07 00:15:14 13753 ----a-r- c:\windows\SETF0.tmp
2010-01-07 00:15:11 1086058 ----a-r- c:\windows\SETE0.tmp
2010-01-07 00:15:07 1042903 ----a-r- c:\windows\SETDA.tmp
2010-01-07 00:05:22 22339 ----a-r- c:\windows\SET13C.tmp
2010-01-07 00:05:22 10559 ----a-r- c:\windows\SET13D.tmp
2010-01-07 00:05:16 13753 ----a-r- c:\windows\SETEF.tmp
2010-01-07 00:05:10 1086058 ----a-r- c:\windows\SETDF.tmp
2010-01-07 00:05:06 1042903 ----a-r- c:\windows\SETD9.tmp
2010-01-06 04:07:49 22339 ----a-r- c:\windows\SET133.tmp
2010-01-06 04:07:49 10559 ----a-r- c:\windows\SET134.tmp
2010-01-06 04:07:43 13753 ----a-r- c:\windows\SETED.tmp
2010-01-06 04:07:38 1086058 ----a-r- c:\windows\SETDE.tmp
2010-01-06 04:07:34 1042903 ----a-r- c:\windows\SETD8.tmp
2010-01-06 03:28:52 22339 ----a-r- c:\windows\SET123.tmp
2010-01-06 03:28:52 10559 ----a-r- c:\windows\SET124.tmp
2010-01-06 03:28:45 13753 ----a-r- c:\windows\SETE6.tmp
2010-01-06 03:28:40 1086058 ----a-r- c:\windows\SETD7.tmp
2010-01-06 03:28:35 1042903 ----a-r- c:\windows\SETD1.tmp
2010-01-06 01:44:03 22339 ----a-r- c:\windows\SET121.tmp
2010-01-06 01:44:03 10559 ----a-r- c:\windows\SET122.tmp
2010-01-06 01:43:56 13753 ----a-r- c:\windows\SETE5.tmp
2010-01-06 01:43:51 1086058 ----a-r- c:\windows\SETD6.tmp
2010-01-06 01:43:48 1042903 ----a-r- c:\windows\SETD0.tmp
2010-01-06 01:30:49 22339 ----a-r- c:\windows\SET11F.tmp
2010-01-06 01:30:49 10559 ----a-r- c:\windows\SET120.tmp
2010-01-06 01:30:42 13753 ----a-r- c:\windows\SETE4.tmp
2010-01-06 01:30:39 1086058 ----a-r- c:\windows\SETD5.tmp
2010-01-06 01:30:35 1042903 ----a-r- c:\windows\SETCF.tmp
2010-01-06 01:22:01 10559 ----a-r- c:\windows\SET11B.tmp
2010-01-06 01:22:00 22339 ----a-r- c:\windows\SET11A.tmp
2010-01-06 01:21:54 13753 ----a-r- c:\windows\SETDD.tmp
2010-01-06 01:21:49 1086058 ----a-r- c:\windows\SETCE.tmp
2010-01-06 01:21:45 1042903 ----a-r- c:\windows\SETCB.tmp
2010-01-06 01:11:47 10559 ----a-r- c:\windows\SET119.tmp
2010-01-06 01:11:46 22339 ----a-r- c:\windows\SET118.tmp
2010-01-06 01:11:40 13753 ----a-r- c:\windows\SETDC.tmp
2010-01-06 01:11:36 1086058 ----a-r- c:\windows\SETCD.tmp
2010-01-06 01:11:32 1042903 ----a-r- c:\windows\SETCA.tmp
2010-01-06 00:57:11 10559 ----a-r- c:\windows\SET117.tmp
2010-01-06 00:57:10 22339 ----a-r- c:\windows\SET116.tmp
2010-01-06 00:57:04 13753 ----a-r- c:\windows\SETDB.tmp
2010-01-06 00:57:00 1086058 ----a-r- c:\windows\SETCC.tmp
2010-01-06 00:56:56 1042903 ----a-r- c:\windows\SETC9.tmp
2010-01-06 00:26:31 10559 ----a-r- c:\windows\SET112.tmp
2010-01-06 00:26:30 22339 ----a-r- c:\windows\SET111.tmp
2010-01-06 00:26:24 13753 ----a-r- c:\windows\SETD4.tmp
2010-01-06 00:26:18 1086058 ----a-r- c:\windows\SETC8.tmp
2010-01-06 00:26:14 1042903 ----a-r- c:\windows\SETC5.tmp
2010-01-05 06:16:08 22339 ----a-r- c:\windows\SET10F.tmp
2010-01-05 06:16:08 10559 ----a-r- c:\windows\SET110.tmp
2010-01-05 06:16:01 13753 ----a-r- c:\windows\SETD3.tmp
2010-01-05 06:15:55 1086058 ----a-r- c:\windows\SETC7.tmp
2010-01-05 06:15:51 1042903 ----a-r- c:\windows\SETC4.tmp
2010-01-05 05:59:31 10559 ----a-r- c:\windows\SET10E.tmp
2010-01-05 05:59:30 22339 ----a-r- c:\windows\SET10D.tmp
2010-01-05 05:59:24 13753 ----a-r- c:\windows\SETD2.tmp
2010-01-05 05:59:20 1086058 ----a-r- c:\windows\SETC6.tmp
2010-01-05 05:59:16 1042903 ----a-r- c:\windows\SETC3.tmp
2010-01-04 23:47:13 0 d-----w- c:\windows\msapps
2010-01-04 23:47:13 0 d-----w- c:\windows\dell
2010-01-04 22:32:00 404441 ----a-w- c:\windows\setupapi.old
2010-01-03 22:42:13 8860496 ----a-w- c:\windows\system32\N360 Backup - #1.m01
2010-01-03 22:42:13 67604 ----a-w- c:\windows\system32\N360 Backup - #1.vol
2010-01-03 22:42:13 3865088 ----a-w- c:\windows\system32\N360 Backup - #1.i01
2010-01-03 22:42:13 22669571 ----a-w- c:\windows\system32\N360 Backup - #1.f01
2010-01-03 05:27:45 0 d---a-r- C:\cmdconsx
2010-01-03 02:34:11 98816 ----a-w- c:\windows\sed.exe
2010-01-03 02:34:11 77312 ----a-w- c:\windows\MBR.exe
2010-01-03 02:34:11 261632 ----a-w- c:\windows\PEV.exe
2010-01-03 02:34:11 161792 ----a-w- c:\windows\SWREG.exe

==================== Find3M ====================

2010-01-31 03:13:05 5141 ----a-w- c:\windows\bcm8.tmp
2010-01-31 03:06:00 5 ----a-w- c:\windows\system32\drivers\1028_Dell_LAT_D820.mrk
2010-01-17 16:00:23 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-17 16:00:23 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-17 16:00:23 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-17 16:00:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-17 16:00:14 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-17 16:00:07 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-01-13 05:16:03 78643200 --sha-w- C:\NRTPage.sys
2010-01-07 22:57:44 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-31 22:57:52 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-12-31 03:42:24 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-14 14:35:08 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-11-19 17:24:24 17904 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-10 15:28:16 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 15:28:10 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 15:28:10 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 15:26:26 767952 ----a-w- c:\windows\BDTSupport.dll

============= FINISH: 21:31:44.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:19 AM

Posted 09 February 2010 - 03:52 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg


#3 ducciken

ducciken
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 09 February 2010 - 08:31 PM

Hello Syler and thanks for the help. No worries about the delay in responding, I've been working in the I/T business for over 30 years and have done system support, so I can relate. The machine has been behaving, however I just wanted an expert to give it a look over and be sure the system is clean and that there are no additional virus fragments left hanging (or hiding) out there somewhere. I was able to run the RSIT program and have pasted in the logs below, but had an issue with GMER. When I tried to do the download, the dialog would close as soon as I clicked on the "Save" button. So I downloaded the zip file directly from "WWW2.GMER.NET" through my explorer window, unzipped it, and ran it. It finished to completion and when I clicked on save, it asked me for a location and I typed in GMER to go to the desktop. But it did not seem to save any files and the CPU utilization went up to 100%. The machine was basically locked up I had to hold the power button to shut down. Upon restarting, I ran GMER again, but this time it hung up in the scan pointing to:

SYSTEM\ControlSet001\Services\RDSessMgr

I had to power again and restarted and that brings me to here. What are your thoughts on GMER? Once again, thanks for the help.

Regards,

KennyD

<<<<<<<<<<<<<<<<<<<<<<< Log.txt and Info.txt follow below >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ken Duccini at 2010-02-09 18:06:06
Microsoft Windows XP Professional Service Pack 3
System drive C: has 40 GB (53%) free of 76 GB
Total RAM: 1014 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:30 PM, on 2/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ken Duccini\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ken Duccini.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070116
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\AVG\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {432D0F57-8C30-4cd5-9E5A-68C200855A9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1262643657843
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1262656261765
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\AVG\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\AVG\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\AVG\Spyware Doctor\pctsSvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11102 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{AEEB84F1-3627-40C4-BA97-2827AB549044}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\AVG\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll [2010-01-17 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL [2010-01-17 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-12-05 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll [2010-01-17 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-10-07 2498560]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"Document Manager"=C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [2006-05-16 102400]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2005-10-28 335872]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2006-04-07 1343488]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2003-10-07 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-09 18:06:06 ----D---- C:\rsit
2010-02-01 22:08:38 ----A---- C:\RootRepeal report 02-01-10 (22-08-38).txt
2010-01-31 21:50:41 ----A---- C:\ComboFix.txt
2010-01-31 21:19:22 ----RASHD---- C:\cmdcons
2010-01-31 19:22:29 ----A---- C:\WINDOWS\bcm9.tmp
2010-01-31 18:05:06 ----D---- C:\Program Files\Common Files\Zeepe Framework 7
2010-01-31 18:05:04 ----D---- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
2010-01-31 15:12:20 ----A---- C:\WINDOWS\bcmC.tmp
2010-01-31 14:16:24 ----D---- C:\Program Files\O2Micro OZ776 SCR Driver
2010-01-30 22:12:58 ----A---- C:\WINDOWS\system32\vcredist_x86.bat
2010-01-30 22:12:58 ----A---- C:\WINDOWS\system32\bcm49.tmp
2010-01-30 22:12:58 ----A---- C:\WINDOWS\system32\bcm34.tmp
2010-01-30 22:12:58 ----A---- C:\WINDOWS\system32\bcm2F.tmp
2010-01-30 22:12:57 ----A---- C:\WINDOWS\system32\vcredist_x86.exe
2010-01-30 22:12:57 ----A---- C:\WINDOWS\system32\bcm47.tmp
2010-01-30 22:12:57 ----A---- C:\WINDOWS\system32\bcm32.tmp
2010-01-30 22:12:57 ----A---- C:\WINDOWS\system32\bcm2D.tmp
2010-01-30 22:12:56 ----A---- C:\WINDOWS\system32\bcmwlapi.dll
2010-01-30 22:12:56 ----A---- C:\WINDOWS\system32\bcm2E.tmp
2010-01-30 22:12:56 ----A---- C:\WINDOWS\system32\bcm1B.tmp
2010-01-30 22:12:56 ----A---- C:\WINDOWS\system32\bcm13.tmp
2010-01-30 22:12:49 ----A---- C:\WINDOWS\bcm8.tmp
2010-01-25 20:46:42 ----D---- C:\WINDOWS\system32\NtmsData
2010-01-24 21:26:42 ----D---- C:\WINDOWS\system32\vmm32
2010-01-24 20:06:53 ----D---- C:\WINDOWS\Minidump
2010-01-23 13:29:09 ----A---- C:\WINDOWS\reimage.ini
2010-01-23 13:28:34 ----D---- C:\rei
2010-01-23 13:28:28 ----D---- C:\Program Files\Reimage
2010-01-23 11:13:09 ----D---- C:\Program Files\Dell Support
2010-01-19 18:39:17 ----RAD---- C:\Program Files\Norton Support
2010-01-18 19:48:06 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-01-18 19:44:30 ----D---- C:\WINDOWS\ie8updates
2010-01-18 19:36:16 ----D---- C:\WINDOWS\system32\zh-TW
2010-01-18 19:36:16 ----D---- C:\WINDOWS\system32\zh-HK
2010-01-18 19:36:16 ----D---- C:\WINDOWS\system32\tr-TR
2010-01-18 19:36:16 ----D---- C:\WINDOWS\system32\sv-SE
2010-01-18 19:36:16 ----D---- C:\WINDOWS\system32\pt-BR
2010-01-18 19:36:16 ----D---- C:\WINDOWS\system32\nl-NL
2010-01-18 19:36:16 ----D---- C:\WINDOWS\system32\nb-NO
2010-01-18 19:36:16 ----D---- C:\WINDOWS\system32\ko-KR
2010-01-18 19:36:15 ----D---- C:\WINDOWS\system32\it-IT
2010-01-18 19:36:15 ----D---- C:\WINDOWS\system32\he-IL
2010-01-18 19:36:15 ----D---- C:\WINDOWS\system32\fr-FR
2010-01-18 19:36:15 ----D---- C:\WINDOWS\system32\fi-FI
2010-01-18 19:36:15 ----D---- C:\WINDOWS\system32\es-ES
2010-01-18 19:36:15 ----D---- C:\WINDOWS\system32\el-GR
2010-01-18 19:36:15 ----D---- C:\WINDOWS\system32\de-DE
2010-01-18 19:36:15 ----D---- C:\WINDOWS\system32\da-DK
2010-01-18 19:36:15 ----D---- C:\WINDOWS\system32\ar-SA
2010-01-17 20:40:38 ----HDC---- C:\WINDOWS\ie8
2010-01-17 13:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-01-17 13:35:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-01-17 13:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-17 13:29:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-17 13:29:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-01-17 11:05:11 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-17 11:05:11 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-17 10:59:50 ----D---- C:\Program Files\Windows Sidebar
2010-01-17 10:59:50 ----D---- C:\Program Files\Norton 360
2010-01-17 10:57:55 ----D---- C:\Program Files\NortonInstaller
2010-01-17 10:52:40 ----D---- C:\WINDOWS\Prefetch
2010-01-17 10:50:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-01-17 10:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-01-17 10:45:17 ----D---- C:\WINDOWS\system32\scripting
2010-01-17 10:45:16 ----D---- C:\WINDOWS\l2schemas
2010-01-17 10:45:15 ----D---- C:\WINDOWS\system32\en
2010-01-17 10:45:15 ----D---- C:\WINDOWS\system32\bits
2010-01-17 10:34:11 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-01-17 10:10:56 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-17 10:10:51 ----D---- C:\Program Files\MSBuild
2010-01-17 10:10:39 ----D---- C:\Program Files\Reference Assemblies
2010-01-17 10:08:06 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-01-17 10:08:06 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-01-17 10:08:05 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-01-17 10:00:43 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-01-17 09:58:53 ----D---- C:\Program Files\MSXML 6.0
2010-01-14 22:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-14 22:14:15 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-14 22:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-14 16:49:15 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-01-14 16:48:50 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-01-14 16:48:50 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-01-14 16:48:32 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2010-01-14 16:48:29 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2010-01-14 16:48:26 ----N---- C:\WINDOWS\system32\slserv.exe
2010-01-14 16:48:26 ----N---- C:\WINDOWS\system32\slrundll.exe
2010-01-14 16:48:26 ----N---- C:\WINDOWS\system32\slgen.dll
2010-01-14 16:48:26 ----N---- C:\WINDOWS\system32\slextspk.dll
2010-01-14 16:48:26 ----N---- C:\WINDOWS\system32\slcoinst.dll
2010-01-14 16:48:26 ----N---- C:\WINDOWS\slrundll.exe
2010-01-14 16:48:21 ----N---- C:\WINDOWS\system32\setupn.exe
2010-01-14 16:48:16 ----N---- C:\WINDOWS\system32\s3gnb.dll
2010-01-14 16:48:13 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-01-14 16:48:11 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-01-14 16:48:10 ----N---- C:\WINDOWS\system32\qutil.dll
2010-01-14 16:48:08 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-01-14 16:48:08 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-01-14 16:48:08 ----N---- C:\WINDOWS\system32\qagent.dll
2010-01-14 16:48:00 ----N---- C:\WINDOWS\system32\onex.dll
2010-01-14 16:47:46 ----N---- C:\WINDOWS\system32\napstat.exe
2010-01-14 16:47:46 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-01-14 16:47:46 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-01-14 16:47:46 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2010-01-14 16:47:42 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-01-14 16:47:42 ----N---- C:\WINDOWS\system32\mssha.dll
2010-01-14 16:47:09 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-01-14 16:47:08 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-01-14 16:47:08 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-01-14 16:47:07 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-01-14 16:46:42 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-01-14 16:46:40 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-01-14 16:46:39 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-01-14 16:46:39 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-01-14 16:46:38 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-01-14 16:46:38 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-01-14 16:46:17 ----N---- C:\WINDOWS\system32\smtpapi.dll
2010-01-14 16:46:16 ----N---- C:\WINDOWS\system32\rwnh.dll
2010-01-14 16:46:08 ----N---- C:\WINDOWS\system32\comsdupd.exe
2010-01-14 16:46:01 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2010-01-14 16:45:51 ----A---- C:\WINDOWS\003103_.tmp
2010-01-14 16:45:50 ----N---- C:\WINDOWS\system32\faxpatch.exe
2010-01-14 16:45:45 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-01-14 16:45:45 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-01-14 16:45:43 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-01-14 16:45:43 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-01-14 16:45:42 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-01-14 16:45:42 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-01-14 16:45:42 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-01-14 16:45:42 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-01-14 16:45:36 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-01-14 16:45:35 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-01-14 16:45:35 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-01-14 16:45:35 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-01-14 16:45:35 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-01-14 16:45:35 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-01-14 16:45:34 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-01-14 16:45:30 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-01-14 16:45:30 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-01-14 16:45:28 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-01-14 16:45:21 ----N---- C:\WINDOWS\system32\credssp.dll
2010-01-14 16:45:07 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-01-14 16:45:06 ----N---- C:\WINDOWS\system32\azroles.dll
2010-01-14 16:45:03 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2010-01-14 16:45:03 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2010-01-14 16:44:59 ----N---- C:\WINDOWS\system32\ati3duag.dll
2010-01-14 16:44:59 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2010-01-14 16:44:59 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2010-01-14 16:44:59 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2010-01-14 16:44:59 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2010-01-14 16:44:43 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-01-14 15:03:43 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-14 15:01:29 ----D---- C:\Program Files\Adobe
2010-01-13 23:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-01-13 23:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-01-13 23:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-01-13 23:36:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-01-13 23:35:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-13 23:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-13 23:35:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-01-13 23:34:57 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-13 23:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 23:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-13 23:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-13 23:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-01-13 23:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-13 23:32:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-13 23:32:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-01-13 23:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 23:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-13 23:30:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-01-13 23:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-13 23:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-01-13 23:29:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-01-13 23:29:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-01-13 23:28:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-01-13 23:28:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-13 23:28:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-13 23:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-01-13 23:27:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-01-13 23:26:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-13 23:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2010-01-13 23:24:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-13 23:23:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-13 23:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-01-13 23:21:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-01-13 23:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-01-13 23:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-01-13 23:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-13 23:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-13 23:18:09 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-01-13 23:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-01-13 23:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-13 23:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-01-13 23:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-13 22:59:44 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-01-13 22:59:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-13 22:58:16 ----D---- C:\WINDOWS\ServicePackFiles
2010-01-13 22:58:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-01-13 22:57:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-01-13 22:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-13 22:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-13 22:56:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-01-13 22:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-01-13 22:56:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-01-13 22:55:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-01-13 22:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-01-13 22:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-01-13 22:54:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-01-13 22:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-13 22:53:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-13 22:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-13 19:13:40 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2010-01-10 18:45:10 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

======List of files/folders modified in the last 1 months======

2010-02-09 18:06:08 ----D---- C:\WINDOWS\Temp
2010-02-09 17:42:46 ----D---- C:\WINDOWS\system32
2010-02-09 17:42:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-09 17:38:27 ----D---- C:\WINDOWS
2010-02-09 17:38:07 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2010-02-09 17:37:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-08 19:24:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-08 19:24:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-08 18:12:04 ----HD---- C:\WINDOWS\inf
2010-02-08 17:32:36 ----SHD---- C:\WINDOWS\Installer
2010-02-03 18:17:57 ----D---- C:\Documents and Settings\Ken Duccini\Application Data\WeatherBug
2010-02-01 21:50:01 ----D---- C:\WINDOWS\system32\drivers
2010-02-01 20:13:30 ----D---- C:\WINDOWS\network diagnostic
2010-01-31 22:16:56 ----D---- C:\Config.Msi
2010-01-31 22:16:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-31 22:16:36 ----D---- C:\WINDOWS\Help
2010-01-31 21:50:49 ----D---- C:\Qoobox
2010-01-31 21:49:17 ----D---- C:\WINDOWS\ERDNT
2010-01-31 21:41:21 ----A---- C:\WINDOWS\system.ini
2010-01-31 21:35:31 ----D---- C:\WINDOWS\AppPatch
2010-01-31 21:35:23 ----D---- C:\Program Files\Common Files
2010-01-31 21:28:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-31 21:25:16 ----D---- C:\WINDOWS\system32\config
2010-01-31 21:19:37 ----RASH---- C:\boot.ini
2010-01-31 18:05:03 ----D---- C:\Program Files\Dell
2010-01-31 15:49:41 ----D---- C:\Program Files\Broadcom
2010-01-31 14:47:42 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2010-01-31 14:16:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-31 14:16:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-31 14:16:24 ----RAD---- C:\Program Files
2010-01-31 12:44:03 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-29 20:59:02 ----RSD---- C:\WINDOWS\assembly
2010-01-29 20:59:02 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-29 20:55:53 ----RSD---- C:\WINDOWS\Fonts
2010-01-29 20:53:41 ----D---- C:\WINDOWS\WinSxS
2010-01-29 20:49:15 ----D---- C:\Program Files\TurboTax
2010-01-29 16:02:49 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-29 15:57:46 ----D---- C:\Program Files\Common Files\Adobe
2010-01-25 22:26:41 ----D---- C:\WINDOWS\Downloaded Installations
2010-01-25 20:58:11 ----D---- C:\WINDOWS\Registration
2010-01-24 20:14:18 ----D---- C:\dell
2010-01-24 20:13:21 ----D---- C:\Downloads
2010-01-23 14:22:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-23 11:13:53 ----HD---- C:\Documents and Settings\Ken Duccini\Application Data\Gtek
2010-01-23 11:13:53 ----D---- C:\Documents and Settings\All Users\Application Data\GTek
2010-01-22 21:12:21 ----D---- C:\Program Files\Internet Explorer
2010-01-22 21:10:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 15:02:29 ----SHD---- C:\System Volume Information
2010-01-21 14:55:39 ----D---- C:\WINDOWS\repair
2010-01-20 14:47:23 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-20 14:43:39 ----A---- C:\WINDOWS\imsins.BAK
2010-01-19 17:54:00 ----D---- C:\WINDOWS\system32\Setup
2010-01-19 14:47:08 ----SD---- C:\WINDOWS\Tasks
2010-01-18 19:47:38 ----D---- C:\WINDOWS\system32\en-US
2010-01-18 19:47:37 ----D---- C:\WINDOWS\Media
2010-01-17 22:08:59 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-17 20:23:43 ----D---- C:\WINDOWS\system32\wbem
2010-01-17 13:30:03 ----D---- C:\Program Files\Outlook Express
2010-01-17 11:00:24 ----D---- C:\Program Files\Symantec
2010-01-17 11:00:23 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-01-17 11:00:07 ----RA---- C:\WINDOWS\system32\GEARAspi.dll
2010-01-17 10:59:50 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-01-17 10:58:53 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-01-17 10:53:49 ----A---- C:\WINDOWS\OEWABLog.txt
2010-01-17 10:52:49 ----A---- C:\WINDOWS\setuplog.txt
2010-01-17 10:50:13 ----D---- C:\Program Files\Messenger
2010-01-17 10:49:37 ----D---- C:\WINDOWS\security
2010-01-17 10:45:53 ----D---- C:\Program Files\Windows Media Player
2010-01-17 10:45:33 ----D---- C:\WINDOWS\system32\inetsrv
2010-01-17 10:45:32 ----D---- C:\WINDOWS\ime
2010-01-17 10:45:18 ----D---- C:\WINDOWS\system32\usmt
2010-01-17 10:45:15 ----D---- C:\WINDOWS\PeerNet
2010-01-17 10:45:15 ----D---- C:\Program Files\Movie Maker
2010-01-17 10:41:55 ----D---- C:\WINDOWS\system32\Restore
2010-01-17 10:41:55 ----D---- C:\WINDOWS\system32\npp
2010-01-17 10:41:55 ----D---- C:\WINDOWS\mui
2010-01-17 10:41:53 ----D---- C:\WINDOWS\msagent
2010-01-17 10:41:51 ----D---- C:\WINDOWS\srchasst
2010-01-17 10:41:50 ----D---- C:\Program Files\NetMeeting
2010-01-17 10:41:48 ----D---- C:\WINDOWS\system32\Com
2010-01-17 10:41:44 ----D---- C:\Program Files\Windows NT
2010-01-17 10:41:40 ----D---- C:\Program Files\Common Files\System
2010-01-17 10:41:10 ----D---- C:\WINDOWS\system32\oobe
2010-01-17 10:41:07 ----D---- C:\WINDOWS\system
2010-01-17 10:33:00 ----D---- C:\WINDOWS\ehome
2010-01-17 10:08:34 ----D---- C:\WINDOWS\system32\spool
2010-01-13 19:18:14 ----D---- C:\Program Files\Google
2010-01-10 19:28:28 ----SHD---- C:\WINDOWS\CSC
2010-01-10 18:22:07 ----D---- C:\WINDOWS\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-01-17 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-01-17 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100204.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS [2010-01-17 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS [2010-01-17 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS [2010-01-17 217136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;DW WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-10-07 2649216]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2010-01-17 26600]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-12-23 68696]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100209.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100209.003\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-06-13 155264]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS [2010-01-17 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS [2010-01-17 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-12-31 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS [2010-01-17 36400]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz128;cpuz128; \??\C:\DOCUME~1\KENDUC~1\LOCALS~1\Temp\cpuz_x32.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 GTKCMOS;GTKCMOS; \??\C:\WINDOWS\system32\GTKCMOS.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
S3 NAVAP;NAVAP; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-02-20 16694]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-06-30 18560]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
S3 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-12-31 36400]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-04 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 ASFIPmon;Broadcom ASF IP Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2005-10-18 61440]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\AVG\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 DataSvr2;DataSvr2; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [2006-05-15 315392]
R2 DefWatch;DefWatch; C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe [2003-10-07 32768]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-01-17 117640]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-06-29 376832]
R2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [2006-06-12 180224]
R2 wltrysvc;DW WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-10-07 25088]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-05 29744]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-13 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Norton AntiVirus Server;Symantec AntiVirus Client; C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2003-10-07 647168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\AVG\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\AVG\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-30 1028432]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-02-09 18:06:35

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Camera Suite 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Advanced Control Suite-->MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Broadcom ASF Management Applications-->MsiExec.exe /I{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
Broadcom TPM Driver Installer-->MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
Browser Defender 2.0.6.11-->"C:\Program Files\AVG\Spyware Doctor\BDT\unins000.exe"
BUM-->MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon PhotoRecord-->MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Embassy Trust Suite by Wave Systems-->C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Mobile Broadband Card Utility-->MsiExec.exe /X{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
Dell Support 3.2.1-->MsiExec.exe /X{7A35F91E-1D16-454F-A248-B9B782A2327C}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Document Manager Lite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1033
Documents To Go-->MsiExec.exe /X{EB807EB6-5179-48B7-98D4-7B4934A57A81}
DW WLAN Card Utility-->"C:\Program Files\Dell\DW WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\DW WLAN Card"
EMBASSY Security Center-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEAFE1E5-076B-430A-96D9-B567792AFA88}
EMBASSY Trust Suite by Wave Systems-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe" -l0x9
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ETS Launch Pad-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DD41AC25-61B2-4FC9-90AA-672F32139AC3} /l1033
ETS Upgrade-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{72FECEA1-E87F-4192-89FA-D0FBF92885BB}
FranklinCovey Planning Software Handheld Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17048B5D-8FD5-4BB4-9B88-DE95CA847365}\Setup.exe" -l0x9
FranklinCovey Planning Software-->C:\Program Files\Franklin Covey\Planner\uninstall.exe
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LAUNCH CD-ROM-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LAUNCH\LAUNCH CD-ROM\Uninst.isu"
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Max Registry Cleaner-->"C:\Program Files\Max Registry Cleaner\unins001.exe"
MetaFrame Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 97, Professional Edition-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Monopoly Here & Now Edition (remove only)-->"C:\Program Files\Yahoo! Games\Monopoly Here & Now Edition\Uninstall.exe"
Mothers2003 Screen Saver-->C:\Documents and Settings\All Users\Application Data\Individual Software\Screen Creator\Mothers2003\UNINSTAL.EXE
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\2454B0AB\3.8.0.41\InstStub.exe /X
NTRU Hybrid TSS v2.0.25-->MsiExec.exe /I{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
OZ776 SCR Driver V1.1.4.202-->"C:\Program Files\InstallShield Installation Information\{EDC2B89F-3F72-48EA-B63E-985BC51622E4}\setup.exe" -runfromtemp -l0x0409 -removeonly
OZ776 SCR Driver V1.1.4.202-->MsiExec.exe /X{EDC2B89F-3F72-48EA-B63E-985BC51622E4}
Palm-->MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Pocket Quicken 2.5 for Palm OS-->C:\PROGRA~1\LandWare\POCKET~1.5FO\UNWISE.EXE /U C:\PROGRA~1\LandWare\POCKET~1.5FO\INSTALL.LOG
Pocket Tunes 4.0.6-->C:\Program Files\Pocket Tunes\PocketTunesSetup.exe /u
Preboot Manager-->MsiExec.exe /I{8CE90089-DCC9-4393-A535-802072333C35}
Private Information Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0B0A2153-58A6-4244-B458-25EDF5FCD809} /l1033
Punch! Home and Landscape-->C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
Punch! Home and Lanscape-->C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
Quicken 2009-->MsiExec.exe /X{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime 3.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Reimage Repair-->C:\Program Files\Reimage\Reimage Repair\uninst.exe
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Secure Update-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D1E829E9-88B8-47C6-A75E-0D40E2C09D50} /l1033
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Security Wizards-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4} /l1033
Spyware Doctor 7.0-->C:\Program Files\AVG\Spyware Doctor\unins000.exe /LOG
Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wnjiper-->MsiExec.exe /I{923CAE62-30C9-425E-B4ED-F5E9C09C5C4A}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
TurboTax 2009 wnjiper-->MsiExec.exe /I{3B1D6DF0-EAA2-012B-AE51-000000000000}
TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
TurboTax 2009-->C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
upekmsi-->MsiExec.exe /I{D648B20B-A789-407E-8CA4-9BDDBBE342C8}
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Wave Infrastructure Installer-->MsiExec.exe /I{F2B8F8EE-4811-4A28-9305-6640CD007115}
Wave Support Software-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{07D618CD-B016-438A-ADC9-A75BD23F85CE} /l1033
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WeatherBug-->C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinWay Resume Deluxe-->MsiExec.exe /I{DFACE88E-BFD1-4E1F-AF5C-100C979A12B0}
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

=====HijackThis Backups=====

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab [2009-12-28]
O9 - Extra button: ShopperReports - Compare product prices - {432D0F57-8C30-4cd5-9E5A-68C200855A9D} - C:\WINDOWS\system32\shdocvw.dll [2009-12-31]
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\WINDOWS\system32\shdocvw.dll [2009-12-31]
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\WINDOWS\system32\shdocvw.dll [2009-12-31]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab [2009-12-31]
O9 - Extra button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\WINDOWS\system32\shdocvw.dll [2009-12-31]
O9 - Extra 'Tools' menuitem: Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\WINDOWS\system32\shdocvw.dll [2009-12-31]
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\WINDOWS\system32\shdocvw.dll (HKCU) [2009-12-31]
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\WINDOWS\system32\shdocvw.dll (HKCU) [2009-12-31]
O2 - BHO: Yapta BHO - {2020dfef-8c87-4229-aa41-549d82210355} - (no file) [2009-12-31]
O4 - HKLM\..\Run: [N360] "C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\2454B0AB\3.5.2.11\InstStub.exe" /RELAUNCH /RUNONCE /PRODID N360 [2009-12-31]
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-01-13]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab [2010-01-13]
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe [2010-01-13]
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLURC.exe -AUTO [2010-01-13]
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\AVG\Spyware Doctor\pctsTray.exe" [2010-01-13]
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-13]
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-22]
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE [2010-01-22]
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html [2010-01-22]
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm [2010-01-22]
O2 - BHO: (no name) - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file) [2010-01-22]
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm [2010-01-22]
O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file) [2010-01-22]
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZRman000 [2010-01-22]
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm [2010-01-22]
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\AVG\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22]
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Default user') [2010-01-22]
R3 - URLSearchHook: (no name) - {811FB681-61C2-4442-9C96-9F164F619ED7} - (no file) [2010-01-22]
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-22]
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2010-01-22]
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm [2010-01-22]
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-01-22]
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'SYSTEM') [2010-01-22]
O9 - Extra button: ShopperReports - Compare product prices - {432D0F57-8C30-4cd5-9E5A-68C200855A9D} - C:\WINDOWS\system32\shdocvw.dll [2010-01-22]
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file) [2010-01-22]
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2010-01-22]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2010-01-22]
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2010-01-22]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2010-01-22]
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-22]
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-01-22]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll [2010-01-23]
O4 - HKUS\S-1-5-21-4032181155-3670586595-813892209-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'HelpAssistant') [2010-01-23]
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-01-23]
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2010-01-23]
O16 - DPF: {A959E4A5-0B3D-449E-9998-348705BD4092} (Desktop.Smdesk) - http://www.servicemagic.com/smod/smdesktop.CAB [2010-01-23]
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-23]
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab [2010-01-23]

======Security center information======

AV: Norton 360
FW: Norton 360

======System event log======

Computer Name: KENNYD
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB953404).

Record Number: 2153
Source Name: Windows Update Agent
Time Written: 20100124093702.000000-300
Event Type: error
User:

Computer Name: KENNYD
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel Viewer 2003 (KB955468).

Record Number: 2152
Source Name: Windows Update Agent
Time Written: 20100124093657.000000-300
Event Type: error
User:

Computer Name: KENNYD
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Excel Viewer 2003 Service Pack 3 (SP3).

Record Number: 2151
Source Name: Windows Update Agent
Time Written: 20100124093657.000000-300
Event Type: error
User:

Computer Name: KENNYD
Event Code: 7031
Message: The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Record Number: 2139
Source Name: Service Control Manager
Time Written: 20100124093308.000000-300
Event Type: error
User:

Computer Name: KENNYD
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 2136
Source Name: b57w2k
Time Written: 20100124093242.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: KENNYD
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 19
Source Name: WinMgmt
Time Written: 20100107175815.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KENNYD
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 18
Source Name: WinMgmt
Time Written: 20100107175815.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KENNYD
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 17
Source Name: WinMgmt
Time Written: 20100107175815.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KENNYD
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 16
Source Name: WinMgmt
Time Written: 20100107175812.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KENNYD
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 15
Source Name: WinMgmt
Time Written: 20100107175812.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:19 AM

Posted 09 February 2010 - 08:48 PM

I see you have been running combofix, please post the log it produced C:\ComboFix.txt, I would like to get a Rootkit scan, would you be able to take a screen shot of the whole Gmer results or are the results to large?

unite.jpg


#5 ducciken

ducciken
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 10 February 2010 - 09:54 PM

Hello Syler. This time GMER ran through to completion and I was able to save the log. The difference was I used the ".log" suffix whereas last time I left it blank thinking it would use whatever was appropriate. I guess it got confused because the zip file created a "GMER" directory and that's where the log ended up being located. Posted below are the results of the GMER.log as well as the Combofix.txt. Thank-you for looking these over.

<<<<<<<<<<<<<<<<<<<<<<<< GMER.log follows >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-10 21:29:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KENDUC~1\LOCALS~1\Temp\fwtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT 8654BBA8 ZwAlertResumeThread
SSDT 869AF520 ZwAlertThread
SSDT 86541EA0 ZwAllocateVirtualMemory
SSDT 86D1A488 ZwAssignProcessToJobObject
SSDT 864A3948 ZwConnectPort
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF73D0E52]
SSDT 86D03A28 ZwCreateMutant
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF73B1CDE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF73B1ED0]
SSDT 868D38D8 ZwCreateSymbolicLinkObject
SSDT 86EE2E90 ZwCreateThread
SSDT 86EF7898 ZwDebugActiveProcess
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF73D1640]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF73D18F4]
SSDT 868D19B8 ZwDuplicateObject
SSDT 86F68B78 ZwFreeVirtualMemory
SSDT 864B5A18 ZwImpersonateAnonymousToken
SSDT 864B5A70 ZwImpersonateThread
SSDT 86891168 ZwLoadDriver
SSDT 864F29B8 ZwMapViewOfSection
SSDT 8685C3D8 ZwOpenEvent
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF73CFB44]
SSDT 8686AF28 ZwOpenProcess
SSDT 869558A0 ZwOpenProcessToken
SSDT 86C52978 ZwOpenSection
SSDT 868A5158 ZwOpenThread
SSDT 86515358 ZwProtectVirtualMemory
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF73D1D60]
SSDT 86D3E930 ZwResumeThread
SSDT 868B1960 ZwSetContextThread
SSDT 868B1998 ZwSetInformationProcess
SSDT 8685BEB0 ZwSetSystemInformation
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73D1112]
SSDT 86900F90 ZwSuspendProcess
SSDT 865243D8 ZwSuspendThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF73B1984]
SSDT 86E968A8 ZwTerminateThread
SSDT 86DA1B90 ZwUnmapViewOfSection
SSDT 86E52600 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Combofix.txt follows >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

ComboFix 10-01-31.03 - Ken Duccini 01/31/2010 21:28:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.675 [GMT -5:00]
Running from: c:\documents and settings\Ken Duccini\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\windows\EventSystem.log

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))
.

2010-01-31 23:05 . 2010-01-31 23:05 -------- d-----w- c:\program files\Common Files\Zeepe Framework 7
2010-01-31 23:05 . 2010-01-31 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Novatel Wireless
2010-01-31 19:16 . 2007-12-23 22:18 68696 ----a-w- c:\windows\system32\drivers\oz776.sys
2010-01-31 19:16 . 2010-01-31 19:16 -------- d-----w- c:\program files\O2Micro OZ776 SCR Driver
2010-01-31 03:12 . 2009-10-07 20:01 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2010-01-31 03:12 . 2009-10-07 20:01 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2010-01-31 03:12 . 2009-10-07 20:01 155648 ----a-w- c:\windows\system32\bcmwlapi.dll
2010-01-31 02:23 . 2010-01-31 02:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2010-01-30 03:06 . 2010-01-30 03:06 74992 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-30 01:50 . 2010-01-30 01:50 -------- d-----w- c:\documents and settings\Ken Duccini\Local Settings\Application Data\IsolatedStorage
2010-01-30 00:07 . 2010-02-01 02:21 -------- d-----w- c:\documents and settings\HelpAssistant.KENNYD\PrivacIE
2010-01-30 00:02 . 2010-01-30 00:02 -------- d-----w- c:\documents and settings\HelpAssistant.KENNYD\IETldCache
2010-01-26 01:46 . 2010-01-26 01:57 -------- d-----w- c:\windows\system32\NtmsData
2010-01-25 02:30 . 2005-07-08 19:19 666 ----a-w- c:\windows\speed.reg
2010-01-25 02:26 . 2010-01-25 02:26 -------- d-----w- c:\windows\system32\vmm32
2010-01-23 18:28 . 2010-01-23 18:29 -------- d-----w- C:\rei
2010-01-23 18:28 . 2010-01-23 18:28 -------- d-----w- c:\program files\Reimage
2010-01-23 16:13 . 2010-01-31 19:24 -------- d-----w- c:\program files\Dell Support
2010-01-19 23:39 . 2010-01-19 23:39 -------- d---a-r- c:\program files\Norton Support
2010-01-19 22:48 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-01-19 22:48 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-01-19 22:48 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-01-19 22:48 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-01-19 22:48 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-01-19 22:47 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-01-19 22:47 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-01-19 22:47 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-01-19 22:47 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-01-19 22:47 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-01-19 22:47 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-01-19 22:47 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-01-19 22:47 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-01-19 22:45 . 2001-08-17 18:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-01-19 22:44 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-01-19 22:43 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2010-01-19 22:42 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-01-19 22:41 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-01-19 22:40 . 2001-08-18 03:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2010-01-19 22:39 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-01-19 22:38 . 2001-08-17 19:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2010-01-19 22:37 . 2001-08-17 17:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-01-19 22:36 . 2001-08-18 03:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2010-01-19 22:35 . 2001-08-17 17:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2010-01-19 22:34 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-01-19 22:34 . 2001-08-18 03:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-01-19 22:34 . 2001-08-17 17:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-01-19 22:34 . 2001-08-17 18:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-01-19 22:34 . 2001-08-17 18:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2010-01-19 22:34 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2010-01-19 22:34 . 2001-08-17 17:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-01-19 22:34 . 2001-08-17 17:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-01-19 22:34 . 2001-08-17 17:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-01-19 22:34 . 2004-08-04 03:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2010-01-19 22:34 . 2001-08-17 17:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2010-01-19 22:34 . 2001-08-17 17:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-01-19 22:34 . 2001-08-18 03:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2010-01-19 22:32 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-01-19 22:32 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-01-19 22:32 . 2001-08-17 18:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-01-19 22:32 . 2001-08-17 19:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-01-19 22:32 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-01-19 22:32 . 2001-08-17 19:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-01-19 22:32 . 2001-08-17 18:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-01-19 22:32 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-01-19 22:30 . 2001-08-18 03:36 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
2010-01-19 22:29 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-01-19 22:28 . 2001-08-18 03:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-01-19 22:27 . 2004-08-04 03:29 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys
2010-01-19 22:26 . 2001-08-18 03:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2010-01-19 22:25 . 2001-08-17 19:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2010-01-19 22:24 . 2001-08-18 03:36 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-01-19 22:23 . 2001-08-17 17:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2010-01-19 22:22 . 2001-08-18 03:36 256512 -c--a-w- c:\windows\system32\dllcache\devcon32.dll
2010-01-19 22:21 . 2001-08-17 18:57 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2010-01-19 22:20 . 2001-08-17 18:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-01-19 22:19 . 2004-08-04 03:31 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2010-01-19 19:58 . 2010-01-19 19:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-19 01:17 . 2010-01-19 01:17 -------- d-sh--w- c:\documents and settings\Ken Duccini\PrivacIE
2010-01-19 00:48 . 2010-01-19 00:48 -------- d-sh--w- c:\documents and settings\Ken Duccini\IETldCache
2010-01-19 00:48 . 2010-01-19 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-19 00:44 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-19 00:44 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-19 00:44 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-19 00:44 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-19 00:44 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-19 00:44 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-19 00:44 . 2010-01-23 02:12 -------- d-----w- c:\windows\ie8updates
2010-01-19 00:43 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-18 01:40 . 2010-01-19 00:43 -------- dc-h--w- c:\windows\ie8
2010-01-17 16:05 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-17 15:59 . 2010-01-17 15:59 -------- d-----w- c:\windows\system32\drivers\N360
2010-01-17 15:59 . 2010-01-17 16:00 -------- d-----w- c:\program files\Norton 360
2010-01-17 15:59 . 2010-01-17 15:59 -------- d-----w- c:\program files\Windows Sidebar
2010-01-17 15:57 . 2010-01-17 15:57 -------- d-----w- c:\program files\NortonInstaller
2010-01-17 15:45 . 2010-01-17 15:45 -------- d-----w- c:\windows\system32\scripting
2010-01-17 15:45 . 2010-01-17 15:45 -------- d-----w- c:\windows\l2schemas
2010-01-17 15:45 . 2010-01-17 15:45 -------- d-----w- c:\windows\system32\en
2010-01-17 15:45 . 2010-01-17 15:45 -------- d-----w- c:\windows\system32\bits
2010-01-17 15:10 . 2010-01-17 15:10 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-17 15:10 . 2010-01-17 15:10 -------- d-----w- c:\program files\MSBuild
2010-01-17 15:10 . 2010-01-17 15:10 -------- d-----w- c:\program files\Reference Assemblies
2010-01-17 15:08 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-17 15:08 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-17 15:08 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-17 15:08 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-17 15:08 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-17 15:08 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-17 15:08 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-17 15:08 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-17 15:08 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-17 14:58 . 2010-01-17 14:58 -------- d-----w- c:\program files\MSXML 6.0
2010-01-15 03:14 . 2010-01-15 03:14 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-14 21:48 . 2008-04-13 18:46 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2010-01-14 21:47 . 2004-08-04 03:41 180360 -c--a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2010-01-14 21:46 . 2008-04-14 00:11 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2010-01-14 21:45 . 2008-04-14 00:11 32256 -c--a-w- c:\windows\system32\dllcache\gzip.dll
2010-01-14 21:44 . 2008-04-14 00:11 1888992 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll
2010-01-14 20:03 . 2010-01-14 20:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-14 03:58 . 2010-01-17 15:42 -------- d-----w- c:\windows\ServicePackFiles
2010-01-14 00:33 . 2009-08-05 01:44 2189184 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-14 00:33 . 2009-08-04 14:20 2066048 -c--a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-14 00:13 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-10 23:40 . 2010-01-10 23:40 -------- d-s---w- c:\documents and settings\Duhishability\UserData
2010-01-10 23:27 . 2010-01-10 23:27 -------- d--h--r- c:\documents and settings\Duhishability\Application Data\yahoo!
2010-01-10 23:21 . 2010-01-10 23:21 -------- d-----w- c:\documents and settings\Duhishability\Local Settings\Application Data\Threat Expert

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 02:40 . 2008-01-22 19:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-01 02:02 . 2010-02-01 02:01 6380 ----a-w- c:\windows\bcm5.tmp
2010-02-01 00:22 . 2010-02-01 00:22 7049 ----a-w- c:\windows\bcm9.tmp
2010-01-31 23:05 . 2007-01-16 15:49 -------- d-----w- c:\program files\Dell
2010-01-31 21:01 . 2010-01-31 21:00 7037 ----a-w- c:\windows\bcm4.tmp
2010-01-31 20:49 . 2007-01-16 15:52 -------- d-----w- c:\program files\Broadcom
2010-01-31 20:12 . 2010-01-31 20:12 7049 ----a-w- c:\windows\bcmC.tmp
2010-01-31 19:16 . 2007-01-16 15:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 03:13 . 2010-01-31 03:12 5141 ----a-w- c:\windows\bcm8.tmp
2010-01-31 03:06 . 2010-01-25 02:30 5 ----a-w- c:\windows\system32\drivers\DELL_LAT_D820.MRK
2010-01-31 03:06 . 2007-01-16 15:32 5 ----a-w- c:\windows\system32\drivers\1028_Dell_LAT_D820.mrk
2010-01-30 01:49 . 2007-02-21 17:01 -------- d-----w- c:\program files\TurboTax
2010-01-29 20:57 . 2007-02-12 00:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-23 16:13 . 2010-01-04 18:06 -------- d--h--w- c:\documents and settings\Duhishability\Application Data\Gtek
2010-01-23 16:13 . 2007-01-22 23:31 -------- d--h--w- c:\documents and settings\Ken Duccini\Application Data\Gtek
2010-01-23 16:13 . 2007-01-16 15:57 -------- d--h--w- c:\documents and settings\Default User\Application Data\Gtek
2010-01-23 16:13 . 2007-01-16 15:57 -------- d--h--w- c:\documents and settings\Administrator\Application Data\GTek
2010-01-23 16:13 . 2007-01-16 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
2010-01-23 02:04 . 2007-01-23 00:42 -------- d-----w- c:\documents and settings\Ken Duccini\Application Data\WeatherBug
2010-01-20 21:02 . 2007-01-16 15:58 20000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 19:47 . 2009-09-05 11:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 16:00 . 2007-01-23 00:02 -------- d-----w- c:\program files\Symantec
2010-01-17 16:00 . 2009-12-31 22:58 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-17 16:00 . 2009-12-31 22:58 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-17 16:00 . 2007-01-23 00:02 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-17 16:00 . 2007-01-23 00:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-17 16:00 . 2006-09-19 18:44 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-17 16:00 . 2010-01-17 16:00 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-01-17 16:00 . 2010-01-17 16:00 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-01-17 16:00 . 2006-10-03 23:47 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-01-17 16:00 . 2010-01-17 16:00 771440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-01-17 15:59 . 2009-12-31 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-01-17 15:58 . 2009-12-31 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-17 06:41 . 2010-01-31 23:41 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.022\NAVENG.SYS
2010-01-17 06:41 . 2010-01-31 23:41 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.022\NAVENG32.DLL
2010-01-17 06:41 . 2010-01-31 23:41 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.022\NAVEX32A.DLL
2010-01-17 06:41 . 2010-01-31 23:41 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.022\NAVEX15.SYS
2010-01-17 06:41 . 2010-01-31 23:41 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.022\EECTRL.SYS
2010-01-17 06:41 . 2010-01-31 23:41 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.022\CCERASER.DLL
2010-01-17 06:41 . 2010-01-31 23:41 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.022\ECMSVR32.DLL
2010-01-17 06:41 . 2010-01-31 23:41 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100131.022\ERASER.SYS
2010-01-14 00:18 . 2007-01-16 15:56 -------- d-----w- c:\program files\Google
2010-01-13 05:16 . 2010-01-01 01:03 78643200 --sha-w- C:\NRTPage.sys
2010-01-07 22:57 . 2004-08-11 23:12 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-04 18:31 . 2008-03-19 23:46 -------- d-----w- c:\program files\Max Registry Cleaner
2010-01-02 20:06 . 2009-12-30 18:44 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-02 17:42 . 2007-01-23 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-01 00:07 . 2010-01-01 00:07 -------- d-----w- c:\program files\xNortonInstaller
2009-12-31 22:57 . 2009-12-31 22:58 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-12-31 05:08 . 2009-12-31 05:08 143250 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_30_22_45_18_small.dmp.zip
2009-12-31 03:42 . 2007-01-23 00:31 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-31 01:47 . 2007-05-14 13:26 23103418 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-12-31 00:54 . 2009-10-05 20:55 -------- d-----w- c:\program files\uixyxm
2009-12-30 22:32 . 2007-01-23 00:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-30 18:44 . 2009-12-29 06:05 -------- d-----w- c:\program files\AVG
2009-12-29 17:09 . 2009-12-29 17:09 -------- d-----w- c:\documents and settings\Ken Duccini\Application Data\Malwarebytes
2009-12-29 15:45 . 2009-12-29 15:45 -------- d-----w- c:\documents and settings\Ken Duccini\Application Data\SUPERAntiSpyware.com
2009-12-29 15:27 . 2009-12-29 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-29 01:05 . 2009-12-29 01:05 148634 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_28_19_41_11_small.dmp.zip
2009-12-29 00:41 . 2009-12-29 00:33 20571663 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_12_28_18_44_38_full.dmp.zip
2009-12-29 00:40 . 2009-12-29 00:40 129748 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_28_19_33_16_small.dmp.zip
2009-12-29 00:33 . 2009-12-29 00:33 150322 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_28_18_44_38_small.dmp.zip
2009-12-28 21:42 . 2009-12-28 21:42 126534 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_12_28_10_07_48_small.dmp.zip
2009-12-26 14:11 . 2007-05-12 19:11 -------- d-----w- c:\documents and settings\Ken Duccini\Application Data\ZoomBrowser EX
2009-12-26 14:08 . 2007-05-12 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-12-21 19:14 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 14:35 . 2009-12-14 14:35 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-12-12 01:06 . 2008-05-22 21:57 -------- d-----w- c:\documents and settings\Ken Duccini\Application Data\CheckPoint
2009-12-12 01:05 . 2008-05-22 21:57 -------- d-----w- c:\program files\CheckPoint
2009-12-07 22:08 . 2009-09-30 21:07 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 22:36 . 2009-11-19 22:36 141897 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_19_14_14_43_small.dmp.zip
2009-11-19 17:24 . 2009-11-19 17:24 17904 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-19 03:20 . 2009-11-19 03:20 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-14 01:19 . 2009-11-14 01:19 6725632 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181625-18178.dll
2009-11-14 01:17 . 2009-11-14 01:17 2904064 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\18154-181625.dll
2009-11-14 01:16 . 2009-05-02 10:37 245760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2009-11-03 16:33 . 2009-11-03 16:33 6 ----a-w- c:\windows\Fonts\wfonts.key
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 102400]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-16 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-1-30 192512]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 111376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"4553:TCP"= 4553:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3246:TCP"= 3246:TCP:Services
"5977:TCP"= 5977:TCP:Services

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/4/2009 5:07 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/2/2010 2:53 PM 207792]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0305020.00B\SymEFA.sys [1/17/2010 11:00 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [1/17/2010 11:00 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [1/17/2010 11:00 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys [1/29/2010 8:07 PM 329592]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 5:11 PM 61440]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\AVG\Spyware Doctor\BDT\BDTUpdateService.exe [1/2/2010 3:06 PM 112592]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [1/17/2010 11:00 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/31/2009 6:57 PM 102448]
S3 cpuz128;cpuz128;\??\c:\docume~1\KENDUC~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\KENDUC~1\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/16/2007 10:56 AM 29744]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [6/15/2004 2:55 PM 7882]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\AVG\Spyware Doctor\pctsAuxs.exe [1/2/2010 2:53 PM 359624]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
.
Contents of the 'Scheduled Tasks' folder

2009-12-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:07]

2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-02-01 c:\windows\Tasks\User_Feed_Synchronization-{AEEB84F1-3627-40C4-BA97-2827AB549044}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070116
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{432D0F57-8C30-4cd5-9E5A-68C200855A9D} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} -
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2 - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 21:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\KENDUC~1\LOCALS~1\Temp\~DF3418.tmp 114688 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1288)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1344)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(900)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Apoint\HidFind.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-31 21:50:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-01 02:50

Pre-Run: 42,119,495,680 bytes free
Post-Run: 42,179,112,960 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 013634D6D4EA85098E60AC2E862D492C


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:19 AM

Posted 11 February 2010 - 10:57 AM

Hi ducciken,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
Folder::
c:\program files\uixyxm
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-
"4553:TCP"=-
"2479:TCP"=-
"3389:TCP"=-
"3246:TCP"=-
"5977:TCP"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{149E45D8-163E-4189-86FC-45022AB2B6C9}]
Driver::
cpuz128


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.TFC(Temp File Cleaner):



Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, Aclick on View sACcan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • Combofix.txt
  • Kaspersky report

Thanks

unite.jpg


#7 ducciken

ducciken
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 11 February 2010 - 07:02 PM

Hello Syler, everything you requested is complete. Below are the files from Combofix and Kaspersky. Thank-you.

<<<<<<<<<<<<<<<<<<<< Combofix.txt follows >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

ComboFix 10-02-10.05 - Ken Duccini 02/11/2010 12:09:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.510 [GMT -5:00]
Running from: c:\documents and settings\Ken Duccini\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ken Duccini\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\uixyxm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ128
-------\Service_cpuz128


((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.

2010-02-11 15:48 . 2010-02-04 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100210.048\NAVENG.SYS
2010-02-11 15:48 . 2010-02-04 09:00 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100210.048\NAVEX15.SYS
2010-02-11 15:48 . 2010-01-17 06:41 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100210.048\NAVENG32.DLL
2010-02-11 15:48 . 2010-01-17 06:41 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100210.048\NAVEX32A.DLL
2010-02-11 15:48 . 2010-01-17 06:41 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100210.048\EECTRL.SYS
2010-02-11 15:48 . 2010-01-17 06:41 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100210.048\CCERASER.DLL
2010-02-11 15:48 . 2010-01-17 06:41 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100210.048\ECMSVR32.DLL
2010-02-11 15:48 . 2010-01-17 06:41 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100210.048\ERASER.SYS
2010-02-09 23:06 . 2010-02-09 23:06 -------- d-----w- C:\rsit
2010-02-06 22:48 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\Scxpx86.dll
2010-02-06 22:48 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSvix86.sys
2010-02-06 22:48 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSXpx86.sys
2010-02-06 22:48 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSxpx86.dll
2010-02-06 22:48 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSviA64.sys
2010-02-04 16:49 . 2010-02-04 16:49 -------- d-sh--w- c:\documents and settings\Ken Duccini\IECompatCache
2010-01-31 23:05 . 2010-01-31 23:05 -------- d-----w- c:\program files\Common Files\Zeepe Framework 7
2010-01-31 23:05 . 2010-01-31 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Novatel Wireless
2010-01-31 19:16 . 2007-12-23 22:18 68696 ----a-w- c:\windows\system32\drivers\oz776.sys
2010-01-31 19:16 . 2010-01-31 19:16 -------- d-----w- c:\program files\O2Micro OZ776 SCR Driver
2010-01-31 03:12 . 2009-10-07 20:01 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2010-01-31 03:12 . 2009-10-07 20:01 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2010-01-31 03:12 . 2009-10-07 20:01 155648 ----a-w- c:\windows\system32\bcmwlapi.dll
2010-01-31 02:23 . 2010-01-31 02:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2010-01-30 03:06 . 2010-01-30 03:06 74992 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-30 01:50 . 2010-01-30 01:50 -------- d-----w- c:\documents and settings\Ken Duccini\Local Settings\Application Data\IsolatedStorage
2010-01-30 01:07 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\Scxpx86.dll
2010-01-30 01:07 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSvix86.sys
2010-01-30 01:07 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys
2010-01-30 01:07 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSxpx86.dll
2010-01-30 01:07 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSviA64.sys
2010-01-30 00:07 . 2010-02-01 02:21 -------- d-----w- c:\documents and settings\HelpAssistant.KENNYD\PrivacIE
2010-01-30 00:02 . 2010-01-30 00:02 -------- d-----w- c:\documents and settings\HelpAssistant.KENNYD\IETldCache
2010-01-26 01:46 . 2010-01-26 01:57 -------- d-----w- c:\windows\system32\NtmsData
2010-01-25 02:30 . 2005-07-08 19:19 666 ----a-w- c:\windows\speed.reg
2010-01-25 02:26 . 2010-01-25 02:26 -------- d-----w- c:\windows\system32\vmm32
2010-01-23 18:28 . 2010-01-23 18:29 -------- d-----w- C:\rei
2010-01-23 18:28 . 2010-01-23 18:28 -------- d-----w- c:\program files\Reimage
2010-01-23 16:13 . 2010-01-31 19:24 -------- d-----w- c:\program files\Dell Support
2010-01-19 23:39 . 2010-01-19 23:39 -------- d---a-r- c:\program files\Norton Support
2010-01-19 22:48 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-01-19 22:48 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-01-19 22:48 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-01-19 22:48 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-01-19 22:48 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-01-19 22:47 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-01-19 22:47 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-01-19 22:47 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-01-19 22:47 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-01-19 22:47 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-01-19 22:47 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-01-19 22:47 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-01-19 22:47 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-01-19 22:45 . 2001-08-17 18:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-01-19 22:44 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-01-19 22:43 . 2001-08-17 19:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2010-01-19 22:42 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2010-01-19 22:41 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-01-19 22:40 . 2001-08-18 03:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2010-01-19 22:39 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-01-19 22:38 . 2001-08-17 19:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2010-01-19 22:37 . 2001-08-17 17:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-01-19 22:36 . 2001-08-18 03:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2010-01-19 22:35 . 2001-08-17 17:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2010-01-19 22:34 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2010-01-19 22:34 . 2001-08-18 03:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2010-01-19 22:34 . 2001-08-17 17:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-01-19 22:34 . 2001-08-17 18:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-01-19 22:34 . 2001-08-17 18:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2010-01-19 22:34 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2010-01-19 22:34 . 2001-08-17 17:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-01-19 22:34 . 2001-08-17 17:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-01-19 22:34 . 2001-08-17 17:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-01-19 22:34 . 2004-08-04 03:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2010-01-19 22:34 . 2001-08-17 17:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2010-01-19 22:34 . 2001-08-17 17:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-01-19 22:34 . 2001-08-18 03:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2010-01-19 22:32 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-01-19 22:32 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-01-19 22:32 . 2001-08-17 18:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-01-19 22:32 . 2001-08-17 19:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-01-19 22:32 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-01-19 22:32 . 2001-08-17 19:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-01-19 22:32 . 2001-08-17 18:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-01-19 22:32 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-01-19 22:30 . 2001-08-18 03:36 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
2010-01-19 22:29 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-01-19 22:28 . 2001-08-18 03:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-01-19 22:27 . 2004-08-04 03:29 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys
2010-01-19 22:26 . 2001-08-18 03:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2010-01-19 22:25 . 2001-08-17 19:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2010-01-19 22:24 . 2001-08-18 03:36 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2010-01-19 22:23 . 2001-08-17 17:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2010-01-19 22:22 . 2001-08-18 03:36 256512 -c--a-w- c:\windows\system32\dllcache\devcon32.dll
2010-01-19 22:21 . 2001-08-17 18:57 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2010-01-19 22:20 . 2001-08-17 18:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-01-19 22:19 . 2004-08-04 03:31 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2010-01-19 19:58 . 2010-01-19 19:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-19 01:17 . 2010-01-19 01:17 -------- d-sh--w- c:\documents and settings\Ken Duccini\PrivacIE
2010-01-19 00:48 . 2010-01-19 00:48 -------- d-sh--w- c:\documents and settings\Ken Duccini\IETldCache
2010-01-19 00:48 . 2010-01-19 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-19 00:44 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-19 00:44 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-19 00:44 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-19 00:44 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-19 00:44 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-19 00:44 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-19 00:44 . 2010-01-23 02:12 -------- d-----w- c:\windows\ie8updates
2010-01-19 00:43 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-18 01:40 . 2010-01-19 00:43 -------- dc-h--w- c:\windows\ie8
2010-01-17 16:05 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-17 16:00 . 2010-01-17 16:00 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-01-17 16:00 . 2010-01-17 16:00 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-01-17 16:00 . 2010-01-17 16:00 771440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-01-17 15:59 . 2010-02-05 22:34 -------- d-----w- c:\windows\system32\drivers\N360
2010-01-17 15:59 . 2010-01-17 16:00 -------- d-----w- c:\program files\Norton 360
2010-01-17 15:59 . 2010-01-17 15:59 -------- d-----w- c:\program files\Windows Sidebar
2010-01-17 15:57 . 2010-01-17 15:57 -------- d-----w- c:\program files\NortonInstaller
2010-01-17 15:45 . 2010-01-17 15:45 -------- d-----w- c:\windows\system32\scripting
2010-01-17 15:45 . 2010-01-17 15:45 -------- d-----w- c:\windows\l2schemas
2010-01-17 15:45 . 2010-01-17 15:45 -------- d-----w- c:\windows\system32\en
2010-01-17 15:45 . 2010-01-17 15:45 -------- d-----w- c:\windows\system32\bits
2010-01-17 15:10 . 2010-01-17 15:10 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-17 15:10 . 2010-01-17 15:10 -------- d-----w- c:\program files\MSBuild
2010-01-17 15:10 . 2010-01-17 15:10 -------- d-----w- c:\program files\Reference Assemblies
2010-01-17 15:08 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 17:19 . 2008-01-22 19:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-03 23:17 . 2007-01-23 00:42 -------- d-----w- c:\documents and settings\Ken Duccini\Application Data\WeatherBug
2010-02-01 00:22 . 2010-02-01 00:22 7049 ----a-w- c:\windows\bcm9.tmp
2010-01-31 23:05 . 2007-01-16 15:49 -------- d-----w- c:\program files\Dell
2010-01-31 20:49 . 2007-01-16 15:52 -------- d-----w- c:\program files\Broadcom
2010-01-31 20:12 . 2010-01-31 20:12 7049 ----a-w- c:\windows\bcmC.tmp
2010-01-31 19:16 . 2007-01-16 15:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 03:13 . 2010-01-31 03:12 5141 ----a-w- c:\windows\bcm8.tmp
2010-01-31 03:06 . 2010-01-25 02:30 5 ----a-w- c:\windows\system32\drivers\DELL_LAT_D820.MRK
2010-01-31 03:06 . 2007-01-16 15:32 5 ----a-w- c:\windows\system32\drivers\1028_Dell_LAT_D820.mrk
2010-01-30 01:49 . 2007-02-21 17:01 -------- d-----w- c:\program files\TurboTax
2010-01-29 20:57 . 2007-02-12 00:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-23 16:13 . 2010-01-04 18:06 -------- d--h--w- c:\documents and settings\Duhishability\Application Data\Gtek
2010-01-23 16:13 . 2007-01-22 23:31 -------- d--h--w- c:\documents and settings\Ken Duccini\Application Data\Gtek
2010-01-23 16:13 . 2007-01-16 15:57 -------- d--h--w- c:\documents and settings\Default User\Application Data\Gtek
2010-01-23 16:13 . 2007-01-16 15:57 -------- d--h--w- c:\documents and settings\Administrator\Application Data\GTek
2010-01-23 16:13 . 2007-01-16 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
2010-01-20 21:02 . 2007-01-16 15:58 20000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 19:47 . 2009-09-05 11:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 16:00 . 2007-01-23 00:02 -------- d-----w- c:\program files\Symantec
2010-01-17 16:00 . 2009-12-31 22:58 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-17 16:00 . 2009-12-31 22:58 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-17 16:00 . 2007-01-23 00:02 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-17 16:00 . 2007-01-23 00:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-17 16:00 . 2006-09-19 18:44 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-17 16:00 . 2006-10-03 23:47 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-01-17 15:59 . 2009-12-31 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-01-17 15:58 . 2009-12-31 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-14 00:18 . 2007-01-16 15:56 -------- d-----w- c:\program files\Google
2010-01-13 05:16 . 2010-01-01 01:03 78643200 --sha-w- C:\NRTPage.sys
2010-01-10 23:27 . 2010-01-10 23:27 -------- d--h--r- c:\documents and settings\Duhishability\Application Data\yahoo!
2010-01-07 22:57 . 2004-08-11 23:12 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-07 21:00 . 2010-01-07 21:00 -------- d-----w- c:\program files\PowerQuest
2010-01-04 18:31 . 2008-03-19 23:46 -------- d-----w- c:\program files\Max Registry Cleaner
2010-01-04 18:30 . 2010-01-04 18:30 -------- d-----w- c:\documents and settings\Duhishability\Application Data\HotSync
2010-01-02 23:09 . 2010-01-02 23:09 -------- d-----w- c:\documents and settings\Ken Duccini\Application Data\AVG8
2010-01-02 21:39 . 2010-01-02 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2010-01-02 20:06 . 2009-12-30 18:44 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-02 19:53 . 2010-01-02 19:53 -------- d-----w- c:\documents and settings\Ken Duccini\Application Data\PC Tools
2010-01-02 19:53 . 2010-01-02 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-02 17:42 . 2007-01-23 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-01 00:07 . 2010-01-01 00:07 -------- d-----w- c:\program files\xNortonInstaller
2009-12-31 22:57 . 2009-12-31 22:58 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-12-31 16:50 . 2004-08-04 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 05:08 . 2009-12-31 05:08 143250 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_30_22_45_18_small.dmp.zip
2009-12-31 03:42 . 2007-01-23 00:31 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-31 01:47 . 2007-05-14 13:26 23103418 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-12-30 22:32 . 2007-01-23 00:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-30 18:44 . 2009-12-29 06:05 -------- d-----w- c:\program files\AVG
2009-12-29 17:09 . 2009-12-29 17:09 -------- d-----w- c:\documents and settings\Ken Duccini\Application Data\Malwarebytes
2009-12-29 15:45 . 2009-12-29 15:45 -------- d-----w- c:\documents and settings\Ken Duccini\Application Data\SUPERAntiSpyware.com
2009-12-29 15:27 . 2009-12-29 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-29 01:05 . 2009-12-29 01:05 148634 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_28_19_41_11_small.dmp.zip
2009-12-29 00:41 . 2009-12-29 00:33 20571663 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_12_28_18_44_38_full.dmp.zip
2009-12-29 00:40 . 2009-12-29 00:40 129748 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_28_19_33_16_small.dmp.zip
2009-12-29 00:33 . 2009-12-29 00:33 150322 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_12_28_18_44_38_small.dmp.zip
2009-12-28 21:42 . 2009-12-28 21:42 126534 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_crt_term_2009_12_28_10_07_48_small.dmp.zip
2009-12-26 14:11 . 2007-05-12 19:11 -------- d-----w- c:\documents and settings\Ken Duccini\Application Data\ZoomBrowser EX
2009-12-26 14:08 . 2007-05-12 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-12-21 19:14 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-11 23:11 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 14:35 . 2009-12-14 14:35 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-12-14 07:08 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-07 22:08 . 2009-09-30 21:07 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-12-04 18:22 . 2004-08-04 10:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 10:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-04 10:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 10:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 10:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 22:36 . 2009-11-19 22:36 141897 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_19_14_14_43_small.dmp.zip
2009-11-19 17:24 . 2009-11-19 17:24 17904 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-19 03:20 . 2009-11-19 03:20 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-14 01:19 . 2009-11-14 01:19 6725632 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181625-18178.dll
2009-11-14 01:17 . 2009-11-14 01:17 2904064 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\18154-181625.dll
2009-11-14 01:16 . 2009-05-02 10:37 245760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 102400]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-16 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-1-30 192512]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 111376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/4/2009 5:07 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/2/2010 2:53 PM 207792]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/3/2010 6:30 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/3/2010 6:30 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/3/2010 6:30 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSXpx86.sys [2/6/2010 5:48 PM 329592]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 5:11 PM 61440]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\AVG\Spyware Doctor\BDT\BDTUpdateService.exe [1/2/2010 3:06 PM 112592]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2/3/2010 6:29 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/31/2009 6:57 PM 102448]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/16/2007 10:56 AM 29744]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [6/15/2004 2:55 PM 7882]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\AVG\Spyware Doctor\pctsAuxs.exe [1/2/2010 2:53 PM 359624]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
.
Contents of the 'Scheduled Tasks' folder

2009-12-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:07]

2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-02-11 c:\windows\Tasks\User_Feed_Synchronization-{AEEB84F1-3627-40C4-BA97-2827AB549044}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070116
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{432D0F57-8C30-4cd5-9E5A-68C200855A9D} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} -
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 12:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1328)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(2092)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\Apoint\HidFind.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-11 12:27:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-11 17:27
ComboFix2.txt 2010-02-01 02:50

Pre-Run: 41,712,128,000 bytes free
Post-Run: 41,874,657,280 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - DFFAACB9D7460C220BA9A8331480ECC6


<<<<<<<<<<<<<<<<<<< Kaspersky.txt follows >>>>>>>>>>>>>>>>>

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, February 11, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, February 11, 2010 18:53:44
Records in database: 3480749
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Objects scanned: 160776
Threats found: 5
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 03:37:42


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\011C0000.VBN Infected: Exploit.Win32.Pidief.cvl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03000000.VBN Infected: Trojan-Downloader.Win32.Agent.bmna 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09880000.VBN Infected: Trojan.JS.Fraud.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A080000.VBN Infected: Trojan-Downloader.Java.Agent.ab 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DEC0000.VBN Infected: Trojan.Win32.Agent.deam 1

Selected area has been scanned.


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:19 AM

Posted 11 February 2010 - 07:18 PM

That looks ok, you can just empty Norton's quarantine to remove the threats found by Kaspersky.

Please run the following batch file then post back with the log and let me know if you have any more problems.
  • Go to Start >> Run, and type Notepad into the run box, then click Ok.
  • Copy and paste the following code into Notepad. ( Do not include the word "CODE")
CODE
net user HelpAssistant /active:no
net localgroup Administrators HelpAssistant /delete
net user HelpAssistant>log.txt&START log.txt
  • Click on the File tab, and select Save.
  • In the box that opens type remove.bat for the File name.
  • Change the Save as type to All Files, then save it to your Desktop. (It should look like this )
  • Double click remove.bat, a box will pop up briefly on your screen and disappear, this is normal.
  • It will produce a file on your desktop called log.txt, please copy and paste this in your next reply.

Edited by syler, 11 February 2010 - 07:19 PM.

unite.jpg


#9 ducciken

ducciken
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 11 February 2010 - 11:04 PM

Hello Syler, I created/ran the batch file and the log is shown below. Does this mean that there was a remote logon on the date and time given or just indicating when the account was created? Does Norton 360 not pick up this type of thing?

Thanks again.

<<<<<<<<<<<<<<<<<<< Log.txt follows >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

User name HelpAssistant
Full Name Remote Desktop Help Assistant Account
Comment Account for Providing Remote Assistance
User's comment
Country code 000 (System Default)
Account active No
Account expires Never

Password last set 1/31/2010 9:07 PM
Password expires Never
Password changeable 1/31/2010 9:07 PM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 1/31/2010 9:07 PM

Logon hours allowed All

Local Group Memberships
Global Group memberships *None
The command completed successfully.



#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:19 AM

Posted 12 February 2010 - 11:11 AM

The infection you had activates that account and uses it to access your machine. The batch file you ran has deactivated and removed the
account, I would guess that Norton can't pick up this infection but these type of infections are designed to stay hidden.

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /uninstall in the run box and click OK. Note the space between the X and the /, it needs to be there.



Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#11 ducciken

ducciken
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 12 February 2010 - 09:45 PM

Hello Syler, Thank-you very much for your help. You guys do an excellent job in providing (unfortunately) a much needed service. Keep up the good work!

Regards,

KennyD

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:19 AM

Posted 13 February 2010 - 10:17 AM

You're welcome smile.gif

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users