Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can someone read my log please ?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can someone read my log please ?

Unread postby berlydawn4kids » September 27th, 2009, 10:14 pm

I keep getting this pop up saying that an email is trying to be sent from Symantec. and a thing that says TR/Drop.Agent.gna2,when I try and run my virus scanner.
Here's my Hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:30 PM, on 9/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Event Agent\bin\smss .exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\sys64_nov.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\HP_Owner\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Event Agent] C:\WINDOWS\system32\Event Agent\bin\smss .exe
O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\HP_Owner\My Documents\RCA EasyRip\EZDock.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sys64_nov] C:\WINDOWS\system32\sys64_nov.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [sys64_nov] C:\Documents and Settings\HP_Owner\sys64_nov.exe
O4 - HKUS\S-1-5-18\..\Run: [sys64_nov] C:\WINDOWS\system32\config\systemprofile\sys64_nov.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [sys64_nov] C:\WINDOWS\system32\config\systemprofile\sys64_nov.exe (User 'Default user')
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\HP_Owner\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4950568671
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O20 - Winlogon Notify: Event Agent - C:\WINDOWS\SYSTEM32\CustomEvents.dll
O20 - Winlogon Notify: mmffi1 - mmffi1.dll (file missing)
O22 - SharedTaskScheduler: COM+ Service - {3BF77FF3-E054-4728-ADD0-B21EF95EECE1} - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: System Event Agent - Unknown owner - C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9393 bytes
berlydawn4kids
Regular Member
 
Posts: 16
Joined: September 27th, 2009, 9:27 pm
Advertisement
Register to Remove

Re: Can someone read my log please ?

Unread postby Cypher » October 2nd, 2009, 12:23 pm

Hi, Welcome to the Malware Removal forum.
My name is Cypher, and I will be helping you with your malware problems.
Before we begin...please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • The logs from the tools we use can take some time to research so please be patient.

    If you follow these guidelines, things should proceed smoothly. :)
    I am currently reviewing your log, and will return as soon as possible with your instructions.



    In the meantime Please post an Uninstall list.

    1. Open HijackThis.
    2. Click on the Open the Misc Tools section button.
    3. Look under System tools.
    4. Click on the Open Uninstall Manager... button.
    5. Click on the Save list... button.
    6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
    7. Notepad will open. Please post this log in your next reply.


In your next reply.

1. Uninstall list
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can someone read my log please ?

Unread postby berlydawn4kids » October 2nd, 2009, 6:08 pm

Thank you so much for your help !
Here is the Uninstall list you requested.

Acrobat.com
Ad-Aware
Ad-Aware
Ad-Aware SE Personal
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
AOL Coach Version 2.0(Build:20041026.5 en)
AppCore
Apple Mobile Device Support
Apple Software Update
AV
Avira AntiVir Personal - Free Antivirus
Bonjour
ccCommon
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Creative System Information
Creative ZEN Nano Plus
Data Fax SoftModem with SmartCP
Free Realms Installer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Boot Optimizer
HP Document Viewer 5.3
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
hp psc 1200 series
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
IntelliMover Data Transfer Demo
Internet Worm Protection
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 16
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Paltalk Messenger
Philips Device Manager
Philips Device Plug-in
Phonics 2-3
Pop-Up Stopper Free Edition
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2005
QuickTime
RCA Detective 1.0.0.95
RCA EasyRip™ 1.3.8.0
Reading Readiness
RealPlayer
Rhapsody Player Engine
Samsung Master
Samsung USB Driver
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SiS VGA Utilities
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 9
SpywareBlaster v3.5.1
Symantec
Symantec Real Time Storage Protection Component
SymNet
Transition Math K-1
Unity Web Player
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Updates from HP (remove only)
Viewpoint Media Player
Wal-Mart Music Downloads Store
WildTangent Web Driver
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
berlydawn4kids
Regular Member
 
Posts: 16
Joined: September 27th, 2009, 9:27 pm

Re: Can someone read my log please ?

Unread postby Cypher » October 4th, 2009, 7:45 am

Hi berlydawn4kids.

BACKDOOR TROJAN

I'm afraid I have some bad news for you. Your computer is infected with BACKDOOR TROJAN. Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victims machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, Backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more. Please read this article by Roger A. Grimes on Remote Access Trojans it will give you an Idea of the severity of the type of infection you have.

What are Remote Access Trojans and why are they dangerous

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all youraccount numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

How do I respond to a possible identity theft and how do I prevent it

Because of the severity and the capabilities of this type of virus, (it cannot be known what changes to your system it has made or if it opened up other ways into your system) The only responsible course of action I can advise is to reformat your computer and reinstall windows.

Further reading:

When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Should you have any questions please feel free to ask.[/quote]
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can someone read my log please ?

Unread postby berlydawn4kids » October 4th, 2009, 5:27 pm

Yikes ! So what do I need to do exactly ? Can you give me step by step instructions ? Also,, I don't think I have the OS disk from this computer anymore.
Is there no other way to get rid of it ?

Thanks in advance,
Kim
berlydawn4kids
Regular Member
 
Posts: 16
Joined: September 27th, 2009, 9:27 pm

Re: Can someone read my log please ?

Unread postby Cypher » October 6th, 2009, 5:50 am

Hi berlydawn4kids.
Sorry for the delay i will get back to you as soon as possible.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can someone read my log please ?

Unread postby berlydawn4kids » October 6th, 2009, 5:02 pm

Ok Cypher,,thanks for your time. It looks like lots of people have been hit recently,I know you're very busy.

Kim
berlydawn4kids
Regular Member
 
Posts: 16
Joined: September 27th, 2009, 9:27 pm

Re: Can someone read my log please ?

Unread postby Cypher » October 7th, 2009, 10:53 am

Hi berlydawn4kids.
Thank you for your patience.
Is there no other way to get rid of it ?

We can attempt to clean this machine,Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted.
If you still want me to go ahead and do what we can, please do the following.


RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next.

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

In your next reply.

1. RSIT log.txt file contents and info.txt file contents.
2. Gmer.txt log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can someone read my log please ? "log.txt"

Unread postby berlydawn4kids » October 7th, 2009, 3:46 pm

Here is my log.txt file that you requested.

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Owner at 2009-10-07 14:38:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (10%) free of 30 GB
Total RAM: 447 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:38 PM, on 10/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Event Agent\bin\services .exe
C:\WINDOWS\system32\Event Agent\lsass .exe
C:\WINDOWS\system32\Event Agent\lsass .exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\Event Agent\bin\smss .exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\HP_Owner\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Event Agent] C:\WINDOWS\system32\Event Agent\bin\smss .exe
O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\HP_Owner\My Documents\RCA EasyRip\EZDock.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sys64_nov] C:\WINDOWS\system32\sys64_nov.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [sys64_nov] C:\Documents and Settings\HP_Owner\sys64_nov.exe
O4 - HKUS\S-1-5-18\..\Run: [sys64_nov] C:\WINDOWS\system32\config\systemprofile\sys64_nov.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [sys64_nov] C:\WINDOWS\system32\config\systemprofile\sys64_nov.exe (User 'Default user')
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\HP_Owner\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4950568671
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O20 - Winlogon Notify: Event Agent - C:\WINDOWS\SYSTEM32\CustomEvents.dll
O20 - Winlogon Notify: mmffi1 - mmffi1.dll (file missing)
O22 - SharedTaskScheduler: COM+ Service - {3BF77FF3-E054-4728-ADD0-B21EF95EECE1} - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: System Event Agent - Unknown owner - C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9745 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1252891455.job
C:\WINDOWS\tasks\Schedule Task Weekly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-30 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-09-03 84640]
"osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2006-09-05 26248]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"Event Agent"=C:\WINDOWS\system32\Event Agent\bin\smss .exe [2008-11-25 200772]
"Easy Dock"=C:\Documents and Settings\HP_Owner\My Documents\RCA EasyRip\EZDock.exe [2008-03-20 524288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-07-30 198160]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]
"sys64_nov"=C:\WINDOWS\system32\sys64_nov.exe []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"sys64_nov"=C:\Documents and Settings\HP_Owner\sys64_nov.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup
RCA Detective.lnk - C:\Documents and Settings\HP_Owner\My Documents\RCA Detective\RCADetective.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Event Agent]
C:\WINDOWS\system32\CustomEvents.dll [2007-09-24 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mmffi1]
mmffi1.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
COM+ Service - {3BF77FF3-E054-4728-ADD0-B21EF95EECE1}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=20000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a624896-2d69-11de-9024-0013d4bf2df3}]
shell\AutoRun\command - J:\rcaeasyrip_setup.exe
shell\install\command - J:\rcaeasyrip_setup.exe
shell\usermanualEnglish\command - J:\rcaeasyrip_setup.exe /pdf_English
shell\usermanualFrench\command - J:\rcaeasyrip_setup.exe /pdf_French
shell\usermanualSpanish\command - J:\rcaeasyrip_setup.exe /pdf_Spanish

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eded9288-b519-11dd-9009-00038a000015}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======File associations======

.bat - edit - C:\WINDOWS\system32\notepad.exe %1
.ini - open - notepad.exe %1
.reg - edit - C:\WINDOWS\system32\notepad.exe %1
.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2009-10-07 14:38:43 ----D---- C:\rsit
2009-10-07 13:46:09 ----A---- C:\WINDOWS\system32\WOEM_3_2awoem.tmp
2009-10-05 19:13:01 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-05 16:39:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-28 16:01:53 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-09-28 12:57:05 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-28 12:55:28 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-09-27 14:27:58 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-09-27 14:27:57 ----D---- C:\Program Files\Avira
2009-09-27 13:48:06 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AVG8
2009-09-27 03:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-09-27 03:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-27 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-27 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-09-26 20:53:14 ----D---- C:\WINDOWS\Prefetch
2009-09-26 20:45:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-26 20:45:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-26 20:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-26 20:44:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-26 20:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-26 20:44:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-26 20:44:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-26 20:44:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-26 20:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-26 20:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-09-26 20:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-26 20:43:07 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-26 20:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-09-26 20:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-26 20:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-09-26 20:42:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-09-26 20:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-26 20:41:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-26 20:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-09-26 20:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-26 20:41:11 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-26 20:41:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-09-26 20:40:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-26 20:40:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-26 20:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-09-26 20:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-26 20:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-09-26 20:39:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-26 20:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-09-26 20:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-26 20:39:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-26 20:38:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-26 20:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-09-26 20:38:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-26 20:37:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-26 20:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-09-26 20:37:22 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2009-09-26 20:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-26 20:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-26 20:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-26 20:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-26 20:36:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-09-26 20:36:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-26 20:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-09-26 20:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-26 20:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-26 20:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-26 20:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-09-26 20:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-26 20:34:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-09-26 20:34:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-26 20:25:57 ----D---- C:\WINDOWS\system32\en-us
2009-09-26 20:25:54 ----D---- C:\WINDOWS\system32\scripting
2009-09-26 20:25:53 ----D---- C:\WINDOWS\l2schemas
2009-09-26 20:25:51 ----D---- C:\WINDOWS\system32\en
2009-09-26 20:25:51 ----D---- C:\WINDOWS\system32\bits
2009-09-26 20:17:51 ----D---- C:\WINDOWS\network diagnostic
2009-09-26 20:09:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-09-26 20:09:40 ----D---- C:\WINDOWS\EHome
2009-09-22 15:24:07 ----A---- C:\WINDOWS\hpqEmlSz.INI
2009-09-19 20:58:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-19 20:58:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-19 20:58:01 ----A---- C:\WINDOWS\system32\java.exe
2009-09-10 03:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2009-09-10 03:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$

======List of files/folders modified in the last 1 months======

2009-10-07 14:33:13 ----D---- C:\Program Files\Mozilla Firefox
2009-10-07 14:09:14 ----D---- C:\WINDOWS\Temp
2009-10-07 13:55:52 ----D---- C:\WINDOWS\system32\ias
2009-10-07 13:55:15 ----D---- C:\WINDOWS\system32\drivers
2009-10-07 13:54:40 ----A---- C:\WINDOWS\ModemLog_PCI Data Fax SoftModem with SmartCP.txt
2009-10-07 13:49:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-07 13:47:52 ----A---- C:\EZ Dock_log.txt
2009-10-07 13:46:09 ----D---- C:\WINDOWS\system32
2009-10-07 13:40:54 ----D---- C:\WINDOWS
2009-10-07 09:03:26 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-10-07 07:53:03 ----SHD---- C:\System Volume Information
2009-10-06 19:16:36 ----A---- C:\EasyCD Ripper_log.txt
2009-10-05 07:32:52 ----D---- C:\WINDOWS\Debug
2009-10-01 12:52:04 ----D---- C:\WINDOWS\system32\FxsTmp
2009-10-01 01:34:57 ----D---- C:\WINDOWS\system32\dllcache
2009-09-29 22:31:27 ----HD---- C:\WINDOWS\inf
2009-09-28 22:25:19 ----D---- C:\Documents and Settings
2009-09-28 13:59:20 ----D---- C:\WINDOWS\Tasks
2009-09-28 13:33:52 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-28 13:29:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-28 12:57:03 ----SHD---- C:\WINDOWS\Installer
2009-09-28 12:55:28 ----D---- C:\Program Files\Lavasoft
2009-09-28 10:48:09 ----D---- C:\Program Files\SpywareBlaster
2009-09-27 18:56:31 ----SHD---- C:\WINDOWS\system32\lowsec
2009-09-27 14:27:57 ----D---- C:\Program Files
2009-09-27 14:20:24 ----D---- C:\WINDOWS\WinSxS
2009-09-27 03:02:31 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-26 21:00:19 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-26 20:51:06 ----D---- C:\WINDOWS\AppPatch
2009-09-26 20:51:06 ----D---- C:\Program Files\Messenger
2009-09-26 20:51:05 ----D---- C:\WINDOWS\system32\Setup
2009-09-26 20:51:05 ----D---- C:\WINDOWS\system32\npp
2009-09-26 20:51:04 ----D---- C:\WINDOWS\system32\wbem
2009-09-26 20:51:03 ----RSD---- C:\WINDOWS\Fonts
2009-09-26 20:45:39 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-26 20:45:02 ----D---- C:\Program Files\Outlook Express
2009-09-26 20:39:29 ----D---- C:\WINDOWS\security
2009-09-26 20:26:37 ----D---- C:\WINDOWS\ime
2009-09-26 20:26:37 ----D---- C:\WINDOWS\Help
2009-09-26 20:25:57 ----D---- C:\WINDOWS\system32\usmt
2009-09-26 20:25:53 ----D---- C:\Program Files\Internet Explorer
2009-09-26 20:25:50 ----D---- C:\WINDOWS\PeerNet
2009-09-26 20:25:50 ----D---- C:\Program Files\Movie Maker
2009-09-26 20:21:21 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-26 20:21:12 ----D---- C:\WINDOWS\system32\Restore
2009-09-26 20:21:10 ----D---- C:\WINDOWS\msagent
2009-09-26 20:21:08 ----D---- C:\WINDOWS\srchasst
2009-09-26 20:21:07 ----D---- C:\Program Files\NetMeeting
2009-09-26 20:21:05 ----D---- C:\WINDOWS\system32\Com
2009-09-26 20:21:01 ----D---- C:\Program Files\Windows NT
2009-09-26 20:21:01 ----D---- C:\Program Files\Windows Media Player
2009-09-26 20:20:56 ----D---- C:\Program Files\Common Files\System
2009-09-26 20:20:31 ----D---- C:\WINDOWS\system32\oobe
2009-09-26 20:20:29 ----D---- C:\WINDOWS\system
2009-09-26 20:14:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-25 16:03:40 ----A---- C:\WINDOWS\win.ini
2009-09-22 15:23:46 ----D---- C:\Temp
2009-09-22 14:56:12 ----D---- C:\Program Files\Adobe
2009-09-21 17:37:40 ----D---- C:\Program Files\AntWar_at
2009-09-21 17:31:28 ----D---- C:\Program Files\Microsoft Works
2009-09-19 20:57:50 ----D---- C:\Program Files\Java
2009-09-13 20:17:21 ----D---- C:\WINDOWS\twain_32
2009-09-13 19:41:31 ----D---- C:\Program Files\HP
2009-09-13 17:50:39 ----A---- C:\WINDOWS\system32\hpzjrd01.dll
2009-09-13 17:16:04 ----D---- C:\Program Files\Hewlett-Packard
2009-09-12 00:45:43 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-12 00:45:41 ----D---- C:\Program Files\Microsoft Office
2009-09-10 03:06:54 ----AC---- C:\WINDOWS\system32\MRT.INI
2009-09-09 19:04:56 ----D---- C:\Program Files\Coupons
2009-09-09 18:40:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-09 18:34:54 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-09-09 18:33:23 ----D---- C:\Program Files\Common Files\HP
2009-09-09 17:57:00 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-05-25 11904]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2006-08-22 243376]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2006-08-22 24240]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-09-02 186048]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-15 220928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080513.004\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080513.004\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-05-25 245760]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-09-02 11968]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-09-02 144832]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-09-02 39104]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080513.001\SymIDSCo.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-09-02 33216]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-09-02 26432]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
R3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a); C:\WINDOWS\system32\drivers\WOEM_3_2a.sys []
S2 zgvldmpsnivf;zgvldmpsnivf; \??\C:\WINDOWS\system32\drivers\lqezni.sys []
S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys []
S3 EraserUtilDrv10740;EraserUtilDrv10740; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10740.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2006-08-22 275120]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-02 198336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-03 105632]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-03 105632]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-03 105632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-28 1028432]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-09-03 105632]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-09-01 46736]
R2 System Event Agent;System Event Agent; C:\WINDOWS\system32\Event Agent\bin\spoolsv .exe [2007-12-08 102400]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-11-01 1252232]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton AntiVirus\isPwdSvc.exe [2006-09-05 79496]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
berlydawn4kids
Regular Member
 
Posts: 16
Joined: September 27th, 2009, 9:27 pm

Re: Can someone read my log please ? "info.txt"

Unread postby berlydawn4kids » October 7th, 2009, 3:48 pm

Here's the info.txt file you requested.

info.txt logfile of random's system information tool 1.06 2009-10-07 14:39:49

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Ad-Aware SE Personal-->MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN Nano Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA63612E-0458-416A-ADCD-B2349194F20F}\SETUP.EXE" -l0x9 /remove
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
Free Realms Installer-->C:\Program Files\Sony Online Entertainment\uninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\HP\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Norton AntiVirus (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI-->MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Paltalk Messenger-->"C:\WINDOWS\Paltalk Messenger\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
Philips Device Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}\setup.exe" -l0x9 -removeonly
Philips Device Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57F06897-6735-4B97-9DF3-DE8BC27879D4}\setup.exe" -l0x9 -removeonly
Phonics 2-3-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8064\uninstal.log
Pop-Up Stopper Free Edition-->C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RCA Detective 1.0.0.95-->"C:\Documents and Settings\HP_Owner\My Documents\RCA Detective\unins000.exe"
RCA EasyRip™ 1.3.8.0-->"C:\Documents and Settings\HP_Owner\My Documents\RCA EasyRip\unins000.exe"
Reading Readiness-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8036\uninstal.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Rhapsody Player Engine-->MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
Samsung Master-->C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Samsung USB Driver-->"C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" -runfromtemp -l0x0009 anything -removeonly
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem2.inf
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Transition Math K-1-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8034\uninstal.log
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wal-Mart Music Downloads Store-->MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {e094070a-0f97-431b-9c60-89dc69fe74fe} - C:\WINDOWS\system32\mmffi1.dll [2007-07-19]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser [2007-07-19]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser [2007-07-19]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser [2007-07-19]
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\tmp2B.tmp.dll [2007-07-19]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2007-07-19]
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [2007-07-19]
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [2007-07-19]
O4 - HKUS\S-1-5-21-3014206387-338665106-3420718384-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') [2007-07-19]
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2007-07-19]
O4 - HKUS\S-1-5-21-3014206387-338665106-3420718384-1009\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" (User '?') [2007-07-19]
O4 - HKUS\S-1-5-21-3014206387-338665106-3420718384-1009\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 (User '?') [2007-07-19]
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User '?') [2007-07-19]
O4 - HKUS\S-1-5-21-3014206387-338665106-3420718384-1009\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?') [2007-07-19]
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2007-07-19]
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe [2007-07-19]
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe [2007-07-19]
O4 - HKUS\S-1-5-21-3014206387-338665106-3420718384-1009\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?') [2007-07-19]
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-07-19]
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2007-07-19]
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2007-07-19]
O4 - HKUS\S-1-5-21-3014206387-338665106-3420718384-1009\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?') [2007-07-19]
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 [2007-07-19]
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [2007-07-19]

======Security center information======

AV: AntiVir Desktop (disabled) (outdated)

======System event log======

Computer Name: YOUR-27E1513D96
Event Code: 18
Message: TIMEOUT<explorer.exe>

Record Number: 32692
Source Name: avgntflt
Time Written: 20090927193858.000000-300
Event Type: warning
User:

Computer Name: YOUR-27E1513D96
Event Code: 18
Message: TIMEOUT<explorer.exe>

Record Number: 32691
Source Name: avgntflt
Time Written: 20090927193831.000000-300
Event Type: warning
User:

Computer Name: YOUR-27E1513D96
Event Code: 10005
Message: DCOM got error "%1053" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Record Number: 32690
Source Name: DCOM
Time Written: 20090927193344.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-27E1513D96
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 32689
Source Name: Tcpip
Time Written: 20090927193033.000000-300
Event Type: warning
User:

Computer Name: YOUR-27E1513D96
Event Code: 1005
Message: Unable to load settings file. Using default settings for real time protection.

Record Number: 32686
Source Name: SRTSP
Time Written: 20090927192342.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: YOUR-27E1513D96
Event Code: 4113
Message: AntiVir has detected 'TR/Drop.Agent.qna.2'
in the file
C:\WINDOWS\uknyeln.epd

Record Number: 22
Source Name: Avira AntiVir
Time Written: 20091002131607.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-27E1513D96
Event Code: 4113
Message: AntiVir has detected 'TR/Drop.Agent.qna.2'
in the file
C:\WINDOWS\uknyeln.epd

Record Number: 21
Source Name: Avira AntiVir
Time Written: 20091002131604.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-27E1513D96
Event Code: 4113
Message: AntiVir has detected 'TR/Drop.Agent.qna.2'
in the file
C:\WINDOWS\uknyeln.epd

Record Number: 20
Source Name: Avira AntiVir
Time Written: 20091002131539.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-27E1513D96
Event Code: 4113
Message: AntiVir has detected 'TR/Drop.Agent.qna.2'
in the file
C:\WINDOWS\uknyeln.epd

Record Number: 19
Source Name: Avira AntiVir
Time Written: 20091002131539.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-27E1513D96
Event Code: 4113
Message: AntiVir has detected 'TR/Drop.Agent.qna.2'
in the file
C:\WINDOWS\uknyeln.epd

Record Number: 18
Source Name: Avira AntiVir
Time Written: 20091002131539.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 28 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
berlydawn4kids
Regular Member
 
Posts: 16
Joined: September 27th, 2009, 9:27 pm

Re: Can someone read my log please ? Gmer.txt log

Unread postby berlydawn4kids » October 7th, 2009, 5:32 pm

Here's the gmer.txt log

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-07 16:28:06
Windows 5.1.2600 Service Pack 3
Running: 5jlcq5po.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\kwdyqfoc.sys


---- System - GMER 1.0.15 ----

SSDT 848B9CB8 ZwAlertResumeThread
SSDT 849F6FD0 ZwAlertThread
SSDT 84927470 ZwAllocateVirtualMemory
SSDT 849CB308 ZwConnectPort
SSDT F7D45FC6 ZwCreateKey
SSDT 849D8230 ZwCreateMutant
SSDT F7D45FBC ZwCreateThread
SSDT F7D45FCB ZwDeleteKey
SSDT F7D45FD5 ZwDeleteValueKey
SSDT 84929108 ZwFreeVirtualMemory
SSDT 84A0F9F8 ZwImpersonateAnonymousToken
SSDT 84983B60 ZwImpersonateThread
SSDT F7D45FDA ZwLoadKey
SSDT 848E1910 ZwMapViewOfSection
SSDT 849DE390 ZwOpenEvent
SSDT F7D45FA8 ZwOpenProcess
SSDT 84924B70 ZwOpenProcessToken
SSDT F7D45FAD ZwOpenThread
SSDT 8492B6F8 ZwOpenThreadToken
SSDT F7D45FE4 ZwReplaceKey
SSDT F7D45FDF ZwRestoreKey
SSDT 848D9530 ZwResumeThread
SSDT 8492B7D0 ZwSetContextThread
SSDT 8492AFD0 ZwSetInformationProcess
SSDT 8492C6C0 ZwSetInformationThread
SSDT F7D45FD0 ZwSetValueKey
SSDT 8490A108 ZwSuspendProcess
SSDT 849F6E50 ZwSuspendThread
SSDT F7D45FB7 ZwTerminateProcess
SSDT 849F6D78 ZwTerminateThread
SSDT 8492AEF8 ZwUnmapViewOfSection
SSDT 84928128 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
berlydawn4kids
Regular Member
 
Posts: 16
Joined: September 27th, 2009, 9:27 pm

Re: Can someone read my log please ?

Unread postby Cypher » October 9th, 2009, 6:11 am

Hi berlydawn4kids.

Remove one of your Anti Virus programs.
You are operating your computer with multiple Anti Virus programs:

Avira AntiVir Personal
Norton AntiVirus


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove one of them, i suggest Avira.

Next.

Disable Norton Anti-virus

  • Please navigate to the Norton system tray icon on the bottom right hand corner.
  • Right-click it and chose Disable Auto-Protect.
  • Select a duration of 5 hours (this assures no interference with the cleanup of your pc)
  • click Ok.
  • a popup will warn that protection will now be disabled.
  • Note: Don't forget to re-enable it after the fix.

Next.

Download and Run ComboFix

  • Please download ComboFix, and find instructions on how to properly run it from Here
  • Make sure you install the recovery console if asked to.
  • The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time and can be a lifesaver later.
  • Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.
  • Run ComboFix as instructed by the tutorial. Normal scan time is 10-20 minutes. When ComboFix is finished running, a log will be opened. Include this log in your next reply.

In your next reply.

1. ComboFix log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can someone read my log please ?

Unread postby berlydawn4kids » October 9th, 2009, 8:47 am

Hi Cypher,
Norton expired and I don't use it anymore. That's why I downloaded Avira. I've tried to uninstall Norton,but I can't get it to uninstall. Do you have any suggestions ?

Thanks,
Kim
berlydawn4kids
Regular Member
 
Posts: 16
Joined: September 27th, 2009, 9:27 pm

Re: Can someone read my log please ?

Unread postby Cypher » October 9th, 2009, 12:35 pm

Hi Kim.
No problem we can deal with Norton removal once your PC is clean.

Please do the following.

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner.
  • Look for an open white umbrella on red background.
  • RIght click it > untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background.
  • Note: Don't forget to re-enable it after the fix.

Next.

Download and Run ComboFix

  • Please download ComboFix, and find instructions on how to properly run it from Here
  • Make sure you install the recovery console if asked to.
  • The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time and can be a lifesaver later.
  • Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.
  • Run ComboFix as instructed by the tutorial. Normal scan time is 10-20 minutes. When ComboFix is finished running, a log will be opened. Include this log in your next reply.

In your next reply.

1. ComboFix log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Can someone read my log please ? Combofix log

Unread postby berlydawn4kids » October 9th, 2009, 6:27 pm

Ok about the Norton,,here's the combofix log that you requested. Thank you for your time,,I really appreciate it. :)

ComboFix 09-10-08.04 - HP_Owner 10/09/2009 12:44.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.116 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner\Application Data\Install.dat
c:\documents and settings\HP_Owner\cookies\hufod.ban
c:\documents and settings\HP_Owner\My Documents\registry changes.reg
c:\documents and settings\HP_Owner\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\progra~1\COMMON~1\{3C97F~1
c:\progra~1\COMMON~1\{6C97F~1
c:\program files\Common Files\racle~1
c:\program files\Common Files\smante~1
c:\program files\sembly~1
c:\program files\XP_AntiSpyware
c:\program files\XP_AntiSpyware\comp.dat
c:\program files\XP_AntiSpyware\data(2)\daily.cvd
c:\program files\XP_AntiSpyware\data(3)\daily.cvd
c:\program files\ystem~1
c:\program files\ystem3~1
c:\recycler\S-1-5-21-37361006-2366129122-3815192063-1009
c:\recycler\S-1-5-21-520188312-694257180-3008347895-1009
C:\test.txt
c:\windows\aaceeg.ini
c:\windows\aaybay.ini
c:\windows\babcfe.ini
c:\windows\bcbbbc.ini
c:\windows\bcdffe.ini
c:\windows\ccfhii.ini
c:\windows\crosof~1.net
c:\windows\dccdgh.ini
c:\windows\dcfggh.ini
c:\windows\dfikkj.ini
c:\windows\dgjlmp.ini
c:\windows\edccfe.ini
c:\windows\edcehk.ini
c:\windows\fijmlm.ini
c:\windows\gffihk.ini
c:\windows\ghiilm.ini
c:\windows\gjjkjl.ini
c:\windows\gjmmoq.ini
c:\windows\hghjkj.ini
c:\windows\hgjihk.ini
c:\windows\hhhijl.ini
c:\windows\hihklm.ini
c:\windows\hijmlm.ini
c:\windows\icroso~1.net
c:\windows\iihijl.ini
c:\windows\iikjkj.ini
c:\windows\ikjihk.ini
c:\windows\illonn.ini
c:\windows\ilmoqr.ini
c:\windows\ilmpoq.ini
c:\windows\Installer\19f05793.msi
c:\windows\Installer\19f05799.msi
c:\windows\Installer\19f0579f.msi
c:\windows\Installer\1ca2b.msp
c:\windows\Installer\1e40b.msi
c:\windows\Installer\1e97a047.msi
c:\windows\Installer\21336.msp
c:\windows\Installer\27402.msi
c:\windows\Installer\27477.msi
c:\windows\Installer\314041a4.msi
c:\windows\Installer\314041ad.msi
c:\windows\Installer\314041b4.msi
c:\windows\Installer\314041ba.msi
c:\windows\Installer\314041c0.msi
c:\windows\Installer\314041c6.msi
c:\windows\Installer\314041cc.msi
c:\windows\Installer\314041d2.msi
c:\windows\Installer\314041d8.msi
c:\windows\Installer\314041e1.msi
c:\windows\Installer\314041eb.msi
c:\windows\Installer\314041f2.msi
c:\windows\Installer\314041f8.msi
c:\windows\Installer\31404201.msi
c:\windows\Installer\31404208.msi
c:\windows\Installer\3140420e.msi
c:\windows\Installer\31404214.msi
c:\windows\Installer\3140421a.msi
c:\windows\Installer\31404220.msi
c:\windows\Installer\31404227.msi
c:\windows\Installer\3140422d.msi
c:\windows\Installer\31404233.msi
c:\windows\Installer\3140423c.msi
c:\windows\Installer\31404246.msi
c:\windows\Installer\3298c.msp
c:\windows\Installer\32f5b4a2.msi
c:\windows\Installer\33e6d070.msi
c:\windows\Installer\39412205.msp
c:\windows\Installer\3d4bf.msi
c:\windows\Installer\4e2c08b.msp
c:\windows\Installer\50b4b41.msp
c:\windows\Installer\5fcac.msi
c:\windows\Installer\82b4bc6.msp
c:\windows\Installer\848eef82.msp
c:\windows\Installer\848eef83.msp
c:\windows\Installer\848eef84.msp
c:\windows\Installer\848eef85.msp
c:\windows\Installer\848eef86.msp
c:\windows\Installer\848eef87.msp
c:\windows\Installer\848eef88.msp
c:\windows\Installer\848eef89.msp
c:\windows\Installer\848eef8a.msp
c:\windows\Installer\848eef8b.msp
c:\windows\Installer\8d126.msi
c:\windows\Installer\d0bb17.msi
c:\windows\jiilmp.ini
c:\windows\jkmpqr.ini
c:\windows\jknnoq.ini
c:\windows\jlmmoq.ini
c:\windows\kjiilm.ini
c:\windows\kjlnoq.ini
c:\windows\kkloqr.ini
c:\windows\kllmlm.ini
c:\windows\lklnmp.ini
c:\windows\lmorqr.ini
c:\windows\lnqtwa.ini
c:\windows\lorsru.ini
c:\windows\mbols~1
c:\windows\mlortv.ini
c:\windows\mmlopo.ini
c:\windows\nnnopo.ini
c:\windows\npppoq.ini
c:\windows\nprutv.ini
c:\windows\oqqtwa.ini
c:\windows\pqtwwa.ini
c:\windows\qponmp.ini
c:\windows\qpstut.ini
c:\windows\qqttut.ini
c:\windows\qsutss.ini
c:\windows\qtuttv.ini
c:\windows\rsttss.ini
c:\windows\rsuxbc.ini
c:\windows\rtutwa.ini
c:\windows\sstem3~1
c:\windows\svyccf.ini
c:\windows\system32\cmnocfg.xml
c:\windows\system32\comcbx2.dll
c:\windows\system32\comcs32c.dll
c:\windows\system32\commands.xml
c:\windows\system32\commnet8.dll
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\cookie.dat
c:\windows\system32\drivers\str.sys
c:\windows\system32\dsuiexq.dll
c:\windows\system32\fontqxet.dll
c:\windows\system32\Ge6ApcU4.exe.a_a
c:\windows\system32\hnetviw.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\mantec~1
c:\windows\system32\mt_32.dll
c:\windows\system32\pfxzmtsmtspm.dll
c:\windows\system32\pfxzmtwbmail.dll
c:\windows\system32\ps.dat
c:\windows\system32\q181lw4a.exe.a_a
c:\windows\system32\rasqervy.dll
c:\windows\system32\sdfinacs.dll
c:\windows\system32\sfxzmtsmtspm.dll
c:\windows\system32\sfxzmtwbmail.dll
c:\windows\system32\srvswc2.dll
c:\windows\system32\srvswc3.dll
c:\windows\system32\unsvchosts.lzma
c:\windows\system32\wincom32.ini
c:\windows\system32\winivfop.dll
c:\windows\system32\wintsvsu.exe
c:\windows\system32\wuasirvy.dll
c:\windows\tstvxx.ini
c:\windows\ttstut.ini
c:\windows\ttttut.ini
c:\windows\ttvybc.ini
c:\windows\tuvuwa.ini
c:\windows\twybcf.ini
c:\windows\uvuvxx.ini
c:\windows\uwabcf.ini
c:\windows\vvwyxx.ini
c:\windows\vyaycf.ini
c:\windows\wvuwyb.ini
c:\windows\wwwxxx.ini
c:\windows\xacfii.ini
c:\windows\xadgjl.ini
c:\windows\xbeghk.ini
c:\windows\xwadfe.ini
c:\windows\xwvuwa.ini
c:\windows\xxaadd.ini
c:\windows\xyxaay.ini
c:\windows\ybeghk.ini
c:\windows\ycddgh.ini
c:\windows\ycdghk.ini
c:\windows\ystem3~1
c:\windows\yxaddd.ini
c:\windows\yxbadd.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 )))))))))))))))))))))))))))))))
.

2009-10-09 18:49 . 2009-10-09 18:49 35712 ----a-w- c:\windows\system32\drivers\WOEM_3_2a.sys
2009-10-07 19:38 . 2009-10-07 19:39 -------- d-----w- C:\rsit
2009-10-06 23:53 . 2009-10-06 23:53 -------- d-----w- c:\documents and settings\Administrator.YOUR-27E1513D96\Local Settings\Application Data\Mozilla
2009-10-06 00:34 . 2009-10-06 00:34 -------- d-----w- c:\documents and settings\Administrator.YOUR-27E1513D96\Local Settings\Application Data\Adobe
2009-10-06 00:29 . 2009-10-06 00:30 -------- d-----w- c:\documents and settings\Administrator.YOUR-27E1513D96\Application Data\U3
2009-09-28 21:01 . 2009-09-28 18:28 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-28 18:29 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-28 17:57 . 2009-09-28 17:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-28 17:55 . 2009-09-28 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-27 19:29 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-27 19:29 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-27 19:29 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-27 19:29 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-27 19:27 . 2009-09-27 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-27 19:27 . 2009-09-27 19:27 -------- d-----w- c:\program files\Avira
2009-09-27 18:48 . 2009-09-27 18:48 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AVG8
2009-09-27 04:58 . 2009-08-13 15:16 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2009-09-27 01:27 . 2009-09-27 01:51 -------- d-----w- c:\windows\system32\wbem\repository.001
2009-09-27 01:25 . 2009-09-27 01:25 -------- d-----w- c:\windows\system32\scripting
2009-09-27 01:25 . 2009-09-27 01:25 -------- d-----w- c:\windows\l2schemas
2009-09-27 01:25 . 2009-09-27 01:25 -------- d-----w- c:\windows\system32\en
2009-09-27 01:25 . 2009-09-27 01:25 -------- d-----w- c:\windows\system32\bits
2009-09-27 01:09 . 2009-09-27 01:09 -------- d-----w- c:\windows\EHome
2009-09-21 22:31 . 2009-09-22 19:33 145 ---ha-w- c:\program files\hpothb07.dat
2009-09-14 00:36 . 2003-04-22 15:24 16606 ------w- c:\windows\hpomdl01.dat
2009-09-14 00:36 . 2009-09-14 01:24 19545 ----a-w- c:\windows\hpoins01.dat
2009-09-13 22:05 . 2009-09-13 22:09 -------- d-----w- c:\temp\HP All-in-One Series Web Release
2009-09-09 23:26 . 2009-09-09 23:26 179 ----a-w- C:\handle.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 18:49 . 2009-10-09 18:49 90112 ----a-w- c:\windows\system32\WOEM_3_2awoem.tmp
2009-10-07 14:03 . 2005-09-10 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-06 00:16 . 2009-10-06 00:16 -------- d-----w- c:\documents and settings\Administrator.YOUR-27E1513D96\Application Data\HPQ
2009-10-01 01:16 . 2006-01-20 01:26 36104 -c--a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-28 18:33 . 2008-08-16 23:19 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-28 17:55 . 2007-03-08 04:50 -------- d-----w- c:\program files\Lavasoft
2009-09-28 15:48 . 2007-07-20 04:36 -------- d-----w- c:\program files\SpywareBlaster
2009-09-22 19:33 . 2009-09-21 22:31 253 ---ha-w- c:\program files\hpothb07.tif
2009-09-21 22:37 . 2008-12-17 22:23 -------- d-----w- c:\program files\AntWar_at
2009-09-21 22:31 . 2005-09-10 19:47 -------- d-----w- c:\program files\Microsoft Works
2009-09-20 01:57 . 2005-09-10 18:56 -------- d-----w- c:\program files\Java
2009-09-14 00:41 . 2005-09-10 19:13 -------- d-----w- c:\program files\HP
2009-09-13 22:50 . 2005-01-25 00:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-09-13 22:16 . 2005-09-10 19:42 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-10 00:04 . 2009-05-21 05:05 -------- d-----w- c:\program files\Coupons
2009-09-09 23:40 . 2005-09-10 19:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-09 23:34 . 2005-09-10 19:22 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-09-09 23:33 . 2005-09-10 19:21 -------- d-----w- c:\program files\Common Files\HP
2009-09-06 03:48 . 2009-09-06 03:48 -------- d-----w- c:\program files\NOS
2009-09-06 03:48 . 2009-08-27 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-28 19:55 . 2009-08-28 19:09 -------- d-----w- c:\program files\MSECache
2009-08-27 23:08 . 2005-09-10 19:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-27 23:00 . 2009-08-27 23:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 20:23 . 2009-02-01 04:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-04 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2007-06-20 14:01 . 2007-06-20 13:53 167631 -c--a-w- c:\program files\client.rar
2007-06-10 14:13 . 2007-06-10 14:13 796549 -csh--w- c:\windows\aaceeg.tmp
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-09-10 19:41 . 2005-05-11 00:50 253952 c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe

2005-03-04 16:40 . 2005-03-04 16:40 48752 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
2006-09-03 07:04 . 2006-09-03 07:04 84640 c:\program files\Common Files\Symantec Shared\ccApp.exe

2004-11-03 06:59 . 2004-11-03 06:59 218240 c:\program files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe

2005-02-26 05:34 . 2005-02-26 05:34 245760 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe

2005-06-02 06:35 . 2005-06-02 06:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe

2005-05-12 13:12 . 2005-05-12 13:12 49152 c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe

2006-02-28 02:16 . 2005-03-17 17:10 536576 c:\program files\Panicware\Pop-Up Stopper Free Edition\bak\PSFree.exe
2007-03-28 03:40 . 2005-03-17 17:10 536576 c:\program files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe

2007-02-25 21:27 . 2006-04-10 21:44 622592 c:\program files\Philips\Philips Device Manager\bin\bak\DeviceManager.exe

2007-02-25 21:25 . 2005-09-08 22:10 159744 c:\program files\Philips\Philips Lime Service\bin\bak\LimeAlive.exe

2005-09-10 19:53 . 2005-09-10 19:53 98304 c:\program files\QuickTime\bak\qttask.exe
2009-05-26 22:18 . 2009-05-26 22:18 413696 c:\program files\QuickTime\QTTask.exe

2004-08-04 12:00 . 2004-08-04 12:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-04 12:00 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"sys64_nov"="c:\documents and settings\HP_Owner\sys64_nov.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 84640]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2006-09-06 26248]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"Event Agent"="c:\windows\system32\Event Agent\bin\smss .exe" [2008-11-25 200772]
"Easy Dock"="c:\documents and settings\HP_Owner\My Documents\RCA EasyRip\EZDock.exe" [2008-03-20 524288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-31 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"sys64_nov"="c:\windows\system32\sys64_nov.exe" [N/A]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-05-26 49152]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\HP_Owner\My Documents\RCA Detective\RCADetective.exe [2009-5-24 1110016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\HP\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Event Agent]
2007-09-25 04:27 53248 ------w- c:\windows\system32\CustomEvents.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/28/2009 1:29 PM 64160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/13/2008 3:36 PM 109616]
R3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);c:\windows\system32\drivers\WOEM_3_2a.sys --> c:\windows\system32\drivers\WOEM_3_2a.sys [?]
S2 zgvldmpsnivf;zgvldmpsnivf;\??\c:\windows\system32\drivers\lqezni.sys --> c:\windows\system32\drivers\lqezni.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 EraserUtilDrv10740;EraserUtilDrv10740;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10740.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10740.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 18:28]

2009-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
c:\windows\Tasks\At23.job

2009-09-14 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4252891455.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\kbl8dbm6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\kbl8dbm6.default\extensions\letssyncpublisher@letssync.com\platform\WINNT_x86-msvc\plugins\npletssyncpublisher.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-mmffi1 - mmffi1.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 13:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\CustomEvents.dll

- - - - - - - > 'explorer.exe'(2348)
c:\progra~1\WINDOW~1\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\Event Agent\Bin\spoolsv .exe
c:\windows\system32\wdfmgr.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\windows\system32\Event Agent\lsass .exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\windows\system32\Event Agent\Bin\services .exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\HP\Digital Imaging\bin\hposts08.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-10-09 14:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-09 19:45

Pre-Run: 3,170,164,736 bytes free
Post-Run: 3,649,355,776 bytes free

405 --- E O F --- 2009-09-27 08:03
berlydawn4kids
Regular Member
 
Posts: 16
Joined: September 27th, 2009, 9:27 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 65 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware