Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ok, one more time

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

ok, one more time

Unread postby Kennyco » November 4th, 2010, 4:53 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:29 PM, on 11/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 3245 bytes


It's a redirect/pop up ad bug. (epoclick.com, google analytics etc) I reformatted my computer and it came back after resuming normal activity. Additionally, it shows up on my iPhone. Because of this I have a guess it could be from my hotmail.com account or shared wifi (which is a wifi spot for multiple apartment residents, yes I said apartment *shudder* you never know what miscreant lives next to thee)





Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9
BitTorrent
Dell Resource CD
Dell Wireless WLAN Card
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.12)
Norton AntiVirus
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SigmaTel Audio
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows XP Service Pack 3
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm
Advertisement
Register to Remove

Re: ok, one more time

Unread postby xixo_12 » November 8th, 2010, 5:42 am

Hello and Welcome to Anti-Malware Forums.Image
Introduction and rules :
  • I'm xixo_12 and really glad to help you.
  • You're advised to refrain running any self fixes until I give the "All Clean Speech"
  • Instruction in this topic is special create for current problem and don't apply those on another system.
  • You're advised to ask for any uncertainty.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.

Please make sure you have done your reading on this topic : How to get help at this forum
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Now, we will start the collaboration.
Do keep in mind, removing malware is one of hazardous undertaking. I'm ready to share what I have learn through years in removing malware but I'm also fallible.
You're advised to back up all the important data before we start.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

First,
P2P software.
IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitTorrent

  • It's not a good idea to have them.
  • You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above.
  • If you do not wish to remove your P2P programs, don't proceed with the next instruction and please tell me to close this topic.

Next,
MGADiag.
Please download from HERE and save to the desktop.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file MGADiag.txt and post it in your next reply.

Next,
CKScanner.
Please download from HERE and save to the desktop.
  • Double click on CKScanner.exe to run it and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

What you need to post
Checklist.
  • Content of MGADiag.txt
  • Content of CKFiles.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: ok, one more time

Unread postby Kennyco » November 9th, 2010, 1:20 am

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 76477-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {F2DC846A-52C3-47A5-8417-84215BB8A004}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F2DC846A-52C3-47A5-8417-84215BB8A004}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1715567821-854245398-839522115</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1525 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A11</Version><SMBIOSVersion major="2" minor="4"/><Date>20080310000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>BA9D3E370184607A</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 175DA:Dell Inc|175DA:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A





----------------------------------------------------------------------------------------------------------------------------------------------


CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby xixo_12 » November 9th, 2010, 6:55 am

Hi,

First,
Validation.
Please visit this website using Internet Explorer
  • Follow the instructions to Validate Windows

Next,
MGADiag.
Please run this tool again.
MGADiag.
Please download from HERE and save to the desktop.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file MGADiag.txt and post it in your next reply.


What you need to post
Checklist.
Please post.
  • Content of MGADiag.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: ok, one more time

Unread postby Kennyco » November 11th, 2010, 5:15 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 76477-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {F2DC846A-52C3-47A5-8417-84215BB8A004}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F2DC846A-52C3-47A5-8417-84215BB8A004}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1715567821-854245398-839522115</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1525 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A11</Version><SMBIOSVersion major="2" minor="4"/><Date>20080310000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>BA9D3E370184607A</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 175DA:Dell Inc|175DA:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby xixo_12 » November 12th, 2010, 8:42 am

Hi,
Let's proceed.

First,
Malwarebytes' Anti-Malware - Run
  • Double-click Malwarebytes' Anti-Malware to run the program.
  • Click on Update tab > Check for Updates.
  • Once done, click on Scanner tab, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
    Image
  • Refer to above image and then click Remove Selected to proceed.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


Next,
GMER.
Please download from HERE and save to the desktop.
  • Unzip/extract the file to its own folder.
  • Disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.
  • Click on >>> symbol and choose on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

What you need to post
Checklist.
  • Content of MBAM log
  • Content of GMER.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: ok, one more time

Unread postby Kennyco » November 12th, 2010, 3:04 pm

OK, I couldn't update Malware bytes, it kept giving me an error message. I deleted the program and re-installed it and still the same error message. Additionally, it appears that my external HD is infected as well I noticed a file installed on there "asd34dfawe4234sdf" with a name similar to that. I tried to delete this mysterious file and it would not let me.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11/12/2010 10:35:14 AM
mbam-log-2010-11-12 (10-35-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 144469
Time elapsed: 42 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


_________________________________________________________________________________

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-12 12:03:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BB2O
Running: gmer.exe; Driver: C:\DOCUME~1\Preston\LOCALS~1\Temp\afryipog.sys


---- System - GMER 1.0.15 ----

SSDT 89506AF0 ZwAlertResumeThread
SSDT 89506BD0 ZwAlertThread
SSDT 895EADE0 ZwAllocateVirtualMemory
SSDT 89511988 ZwAssignProcessToJobObject
SSDT 895F9598 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA25BA720]
SSDT 89489BC0 ZwCreateMutant
SSDT 8956B978 ZwCreateSymbolicLinkObject
SSDT 895DA7B0 ZwCreateThread
SSDT 895D56C8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA25BA9A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA25BAF00]
SSDT 895D69B0 ZwDuplicateObject
SSDT 895EA948 ZwFreeVirtualMemory
SSDT 89512AF0 ZwImpersonateAnonymousToken
SSDT 89512BD0 ZwImpersonateThread
SSDT 89512268 ZwLoadDriver
SSDT 895EA868 ZwMapViewOfSection
SSDT 89489AE0 ZwOpenEvent
SSDT 8950CDE0 ZwOpenProcess
SSDT 895D68D0 ZwOpenProcessToken
SSDT 895CB910 ZwOpenSection
SSDT 8950CD10 ZwOpenThread
SSDT 89511898 ZwProtectVirtualMemory
SSDT 894F6AF0 ZwResumeThread
SSDT 89691828 ZwSetContextThread
SSDT 895BBCC0 ZwSetInformationProcess
SSDT 895D57A8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA25BB150]
SSDT 895CB9F0 ZwSuspendProcess
SSDT 894F6BD0 ZwSuspendThread
SSDT 8950EC88 ZwTerminateProcess
SSDT 89691748 ZwTerminateThread
SSDT 895BBDB0 ZwUnmapViewOfSection
SSDT 895EACF0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2778 80501FB0 2 Bytes [F0, B9]
.text ntkrnlpa.exe!ZwCallbackReturn + 277B 80501FB3 5 Bytes [89, D0, 6B, 4F, 89]
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby xixo_12 » November 12th, 2010, 6:30 pm

Hi,
Let's proceed.
If you have any problem, just let me know about it.

First,
MBAM - clean
  • Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
  • Restart your computer <-Important.
  • Download from HERE and run the utility.
  • It will ask to restart your computer (please allow it to).

Next,
Download Malwarebytes' Anti-Malware from here and try to install it again and perform the full scan.

What you need to post
Checklist.
  • Content of MBAM log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: ok, one more time

Unread postby Kennyco » November 12th, 2010, 7:18 pm

I'm doing the scan right now, but it was still not able to update.
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby Kennyco » November 12th, 2010, 7:37 pm

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11/12/2010 4:30:18 PM
mbam-log-2010-11-12 (16-30-18).txt

Scan type: Full scan (C:\|)
Objects scanned: 144506
Time elapsed: 33 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby xixo_12 » November 12th, 2010, 9:21 pm

Hi,
We will proceed with different approach.

First,
RSIT by random/random.
Please download from HERE and save to the desktop.
  • Double-click on RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

What you need to post
Checklist.
  • Content of log.txt and info.txt (Find both in c:\rsit)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: ok, one more time

Unread postby Kennyco » November 13th, 2010, 3:36 pm

Logfile of random's system information tool 1.08 (written by random/random)
Run by Preston at 2010-11-13 12:34:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 103 GB (90%) free of 114 GB
Total RAM: 2038 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:52 PM, on 11/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Preston\Desktop\RSIT.exe
C:\Program Files\trend micro\Preston.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 4499 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL [2010-06-13 80248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-05 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-05 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-05 137752]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDSmartWare.lnk - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Preston\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Preston\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\iCall\iCall.exe"="C:\Program Files\iCall\iCall.exe:*:Enabled:iCall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-13 12:34:45 ----D---- C:\rsit
2010-11-12 15:56:36 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-12 15:56:36 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-12 15:56:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-11 22:39:46 ----D---- C:\WINDOWS\system32\XPSViewer
2010-11-11 22:39:43 ----D---- C:\Program Files\MSBuild
2010-11-11 22:39:35 ----D---- C:\Program Files\Reference Assemblies
2010-11-11 22:39:16 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-11-11 22:39:16 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-11-11 22:39:16 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-11-11 15:33:10 ----D---- C:\Documents and Settings\Preston\Application Data\Western Digital
2010-11-11 15:33:07 ----D---- C:\Documents and Settings\All Users\Application Data\Western Digital
2010-11-11 15:32:59 ----A---- C:\WINDOWS\system32\drivers\wdcsam.sys
2010-11-11 15:32:48 ----D---- C:\Program Files\Western Digital
2010-11-08 22:11:26 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-11-08 22:11:24 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-11-08 16:27:19 ----D---- C:\Program Files\iCall
2010-11-08 12:52:27 ----A---- C:\WINDOWS\WORDPAD.INI
2010-11-08 12:46:39 ----A---- C:\WINDOWS\system32\WRes1200.txt
2010-11-08 12:46:39 ----A---- C:\WINDOWS\system32\W600dpi.txt
2010-11-08 12:46:39 ----A---- C:\WINDOWS\system32\HRes600.txt
2010-11-08 12:46:39 ----A---- C:\WINDOWS\system32\HRes1200.txt
2010-11-08 12:46:39 ----A---- C:\WINDOWS\system32\HPPLVS.dll
2010-11-08 12:46:38 ----A---- C:\WINDOWS\system32\HP1006LM.DLL
2010-11-08 12:44:24 ----RSD---- C:\WINDOWS\assembly
2010-11-08 12:44:24 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-08 12:44:23 ----D---- C:\WINDOWS\system32\URTTemp
2010-11-08 12:44:05 ----HD---- C:\Program Files\Avago-HP
2010-11-08 12:43:02 ----D---- C:\hp_P1000_P1500_Full_Solution
2010-11-08 12:41:52 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2010-11-04 12:27:33 ----D---- C:\Documents and Settings\Preston\Application Data\BitTorrent
2010-11-04 12:12:07 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2010-11-04 11:51:11 ----D---- C:\Program Files\Trend Micro
2010-11-03 15:48:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-11-03 15:48:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-11-03 15:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-11-03 15:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-11-03 15:47:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-11-03 15:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-11-03 15:47:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-11-03 15:47:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-11-03 15:47:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-11-03 15:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-11-03 15:47:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-11-03 15:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-11-03 15:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2360131$
2010-11-03 15:46:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-11-03 15:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-11-03 15:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-11-03 15:46:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-11-03 15:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-11-03 15:46:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-11-03 15:45:57 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-11-03 15:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-11-03 15:45:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-11-03 15:45:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-11-03 15:45:21 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-11-03 15:45:15 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-11-03 15:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-11-03 15:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-11-03 15:45:01 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-11-03 15:44:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-11-01 12:31:49 ----D---- C:\WINDOWS\Prefetch
2010-11-01 12:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-11-01 12:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-11-01 12:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-11-01 12:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-11-01 12:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-11-01 12:24:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-11-01 12:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-11-01 12:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-11-01 12:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-11-01 12:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-11-01 12:21:07 ----D---- C:\WINDOWS\system32\scripting
2010-11-01 12:21:07 ----D---- C:\WINDOWS\system32\en-us
2010-11-01 12:21:06 ----D---- C:\WINDOWS\system32\en
2010-11-01 12:21:06 ----D---- C:\WINDOWS\system32\bits
2010-11-01 12:21:06 ----D---- C:\WINDOWS\l2schemas
2010-11-01 12:17:36 ----D---- C:\WINDOWS\network diagnostic
2010-11-01 12:15:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-11-01 12:15:47 ----D---- C:\WINDOWS\EHome
2010-11-01 11:57:36 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-29 12:01:21 ----D---- C:\Documents and Settings\Preston\Application Data\Malwarebytes
2010-10-29 12:01:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-10-29 09:08:43 ----SHD---- C:\RECYCLER
2010-10-28 09:04:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-10-28 09:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-10-28 08:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-10-28 08:52:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2010-10-28 08:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2010-10-28 08:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-10-28 08:52:01 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2010-10-28 08:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-10-28 08:51:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-10-28 08:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-10-28 08:51:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-10-28 08:51:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-10-28 08:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-10-28 08:50:54 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-10-28 08:50:49 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-10-28 08:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2010-10-28 08:50:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-10-28 08:50:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-10-28 08:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-10-28 08:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$
2010-10-28 08:50:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2010-10-28 08:50:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-10-28 08:49:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-10-28 08:49:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-10-28 08:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-10-28 08:49:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-10-28 08:49:28 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-10-28 08:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-10-28 08:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-10-28 08:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-10-28 08:48:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-10-28 08:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-10-28 08:48:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-10-28 08:48:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-10-28 08:48:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-10-28 08:48:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-10-28 08:48:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-10-28 08:48:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-10-28 08:47:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-10-28 08:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-10-28 08:47:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-10-28 08:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-10-28 08:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-10-28 08:47:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-10-28 08:47:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2010-10-28 08:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-10-28 08:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-10-28 08:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-10-28 08:46:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2010-10-28 08:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-10-28 08:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-10-28 08:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-10-28 08:46:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-10-28 08:46:10 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-10-28 08:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2010-10-28 08:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-10-28 08:45:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-10-28 08:45:35 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-10-28 08:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-10-28 08:45:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-10-28 08:45:19 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-10-28 08:45:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-10-28 08:45:05 ----D---- C:\WINDOWS\ServicePackFiles
2010-10-28 08:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-10-28 08:44:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-10-28 08:44:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-10-28 08:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-10-28 08:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-10-28 08:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2010-10-28 08:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9L$
2010-10-28 08:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-10-28 08:43:40 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-10-28 08:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-10-28 08:43:14 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-10-28 08:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-10-28 08:42:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-10-27 19:18:50 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2010-10-27 19:18:50 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2010-10-27 19:18:49 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2010-10-27 19:18:49 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2010-10-27 19:18:49 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2010-10-27 19:18:49 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2010-10-27 19:18:46 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2010-10-27 19:18:46 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2010-10-27 19:18:46 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2010-10-27 19:18:46 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2010-10-27 19:18:45 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2010-10-27 19:18:45 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2010-10-27 19:18:44 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2010-10-27 19:18:44 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2010-10-27 19:18:43 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2010-10-27 19:18:43 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2010-10-27 19:18:43 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2010-10-27 19:18:40 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2010-10-27 19:18:37 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2010-10-27 19:18:37 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2010-10-27 19:18:37 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2010-10-27 19:17:53 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2010-10-27 19:17:53 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2010-10-27 19:17:53 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2010-10-27 19:17:53 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2010-10-27 19:17:53 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2010-10-27 19:17:52 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2010-10-27 18:57:13 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-10-27 18:57:13 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-10-27 18:57:12 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-10-27 09:30:28 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2010-10-27 09:25:14 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-10-27 08:53:59 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2010-10-27 08:41:30 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2010-10-27 08:41:30 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-10-27 08:41:19 ----D---- C:\Program Files\McAfee Security Scan
2010-10-27 08:37:45 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-10-27 08:37:21 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-10-27 08:37:21 ----D---- C:\WINDOWS\system32\PreInstall
2010-10-27 08:37:21 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-10-27 08:37:20 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-10-26 21:08:30 ----D---- C:\Documents and Settings\Preston\Application Data\Mozilla
2010-10-26 09:17:27 ----D---- C:\Program Files\Mozilla Firefox
2010-10-26 08:46:13 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-10-25 22:02:51 ----A---- C:\WINDOWS\system32\snymsico.dll
2010-10-25 22:02:51 ----A---- C:\WINDOWS\system32\rixdicon.dll
2010-10-25 22:02:51 ----A---- C:\WINDOWS\system32\drivers\rixdptsk.sys
2010-10-25 22:02:51 ----A---- C:\WINDOWS\system32\drivers\rimsptsk.sys
2010-10-25 22:02:51 ----A---- C:\WINDOWS\system32\drivers\rimmptsk.sys
2010-10-25 21:54:59 ----A---- C:\WINDOWS\system32\drivers\IntcHdmi.sys
2010-10-25 21:51:37 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-10-25 21:50:29 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-10-25 21:50:28 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2010-10-25 21:50:27 ----A---- C:\WINDOWS\system32\drivers\dmusic.sys
2010-10-25 21:50:23 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2010-10-25 21:50:22 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-10-25 21:50:21 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2010-10-25 21:50:21 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2010-10-25 21:50:20 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2010-10-25 21:50:19 ----A---- C:\WINDOWS\system32\drivers\mspqm.sys
2010-10-25 21:50:19 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2010-10-25 21:50:18 ----A---- C:\WINDOWS\system32\drivers\mspclock.sys
2010-10-25 21:49:49 ----A---- C:\WINDOWS\system32\stlang.dll
2010-10-25 21:49:49 ----A---- C:\WINDOWS\system32\stacsv.exe
2010-10-25 21:49:49 ----A---- C:\WINDOWS\stsystra.exe
2010-10-25 21:49:47 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-10-25 21:49:47 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2010-10-25 21:49:29 ----HDC---- C:\WINDOWS\$NtUninstallKB835221WXP$
2010-10-25 21:49:15 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-25 21:49:15 ----D---- C:\Program Files\SigmaTel
2010-10-25 21:49:15 ----A---- C:\WINDOWS\system32\stacapi.dll
2010-10-25 21:49:15 ----A---- C:\WINDOWS\system32\st325602.dll
2010-10-25 21:49:15 ----A---- C:\WINDOWS\system32\drivers\sthda.sys
2010-10-25 21:49:11 ----D---- C:\Program Files\Common Files\InstallShield
2010-10-25 21:47:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-10-25 21:47:20 ----D---- C:\Program Files\Intel
2010-10-25 21:46:08 ----A---- C:\WINDOWS\system32\igxprd32.dll
2010-10-25 21:46:08 ----A---- C:\WINDOWS\system32\igfxtray.exe
2010-10-25 21:46:08 ----A---- C:\WINDOWS\system32\igfxpers.exe
2010-10-25 21:46:08 ----A---- C:\WINDOWS\system32\igfxexps.dll
2010-10-25 21:46:07 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igmedkrn.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igmedcompkrn.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igfxress.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igfxpph.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igfxext.exe
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igfxdo.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igfxdev.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igfxCoIn_v4864.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\ig4icd32.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\ig4dev32.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\hkcmd.exe
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\hccutils.dll
2010-10-25 21:46:07 ----A---- C:\WINDOWS\system32\drivers\igxpmp32.sys
2010-10-25 21:46:06 ----D---- C:\WINDOWS\system32\Lang
2010-10-25 21:46:06 ----A---- C:\WINDOWS\system32\igxpun.exe
2010-10-25 21:46:06 ----A---- C:\WINDOWS\system32\difxapi.dll
2010-10-25 21:46:00 ----D---- C:\Intel
2010-10-25 21:44:32 ----A---- C:\WINDOWS\system32\BCMLogon.dll
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\WLTRYSVC.EXE
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\wltrynt.dll
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\WLTRAY.EXE
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\vcredist_x86.exe
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\vcredist_x86.bat
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\preflib.dll
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\drivers\BCMWL5.SYS
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\bcmwlu00.exe
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\BCMWLTRY.EXE
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\bcmwlpkt.dll
2010-10-25 21:44:31 ----A---- C:\WINDOWS\system32\bcm1xsup.dll
2010-10-25 21:44:23 ----D---- C:\Documents and Settings\Preston\Application Data\InstallShield
2010-10-25 21:41:37 ----D---- C:\WINDOWS\system32\vmm32
2010-10-25 21:41:37 ----D---- C:\Program Files\Dell
2010-10-25 21:35:40 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-10-25 21:35:39 ----D---- C:\Documents and Settings\Preston\Application Data\Macromedia
2010-10-25 21:35:39 ----D---- C:\Documents and Settings\Preston\Application Data\Adobe
2010-10-25 21:32:36 ----D---- C:\Program Files\Symantec
2010-10-25 21:32:36 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-10-25 21:32:36 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-10-25 21:32:36 ----A---- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2010-10-25 21:32:13 ----D---- C:\WINDOWS\system32\drivers\NAV
2010-10-25 21:32:10 ----D---- C:\Program Files\Windows Sidebar
2010-10-25 21:32:10 ----D---- C:\Program Files\Norton AntiVirus
2010-10-25 21:32:10 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-10-25 21:28:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-10-25 21:28:42 ----D---- C:\Program Files\NortonInstaller
2010-10-25 21:28:38 ----D---- C:\Program Files\Common Files\Adobe
2010-10-25 21:28:38 ----D---- C:\Program Files\Adobe
2010-10-25 21:18:55 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-10-25 21:14:30 ----D---- C:\Documents and Settings\Preston\Application Data\Identities
2010-10-25 21:14:29 ----HD---- C:\Program Files\Uninstall Information
2010-10-25 21:14:25 ----ASH---- C:\Documents and Settings\Preston\Application Data\desktop.ini
2010-10-25 21:14:24 ----SD---- C:\Documents and Settings\Preston\Application Data\Microsoft
2010-10-25 21:12:51 ----D---- C:\WINDOWS\SoftwareDistribution
2010-10-25 21:12:50 ----SD---- C:\WINDOWS\system32\Microsoft
2010-10-25 21:12:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-25 21:10:14 ----D---- C:\WINDOWS\system32\xircom
2010-10-25 21:10:14 ----D---- C:\Program Files\xerox
2010-10-25 21:10:14 ----D---- C:\Program Files\microsoft frontpage
2010-10-25 21:10:12 ----D---- C:\DELL
2010-10-25 21:10:03 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-25 21:10:02 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2010-10-25 21:09:52 ----RASH---- C:\MSDOS.SYS
2010-10-25 21:09:52 ----RASH---- C:\IO.SYS
2010-10-25 21:09:52 ----A---- C:\WINDOWS\control.ini
2010-10-25 21:09:52 ----A---- C:\CONFIG.SYS
2010-10-25 21:09:52 ----A---- C:\AUTOEXEC.BAT
2010-10-25 21:09:37 ----A---- C:\WINDOWS\OEWABLog.txt
2010-10-25 21:09:36 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-10-25 21:09:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-10-25 21:09:03 ----RD---- C:\WINDOWS\Offline Web Pages
2010-10-25 21:09:02 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-10-25 21:08:58 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-10-25 21:08:55 ----HD---- C:\Program Files\WindowsUpdate
2010-10-25 21:08:41 ----D---- C:\WINDOWS\system32\DirectX
2010-10-25 21:08:19 ----A---- C:\WINDOWS\system32\atrace.dll
2010-10-25 21:08:16 ----A---- C:\WINDOWS\system32\desktop.ini
2010-10-25 21:08:16 ----A---- C:\WINDOWS\desktop.ini
2010-10-25 21:08:08 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-10-25 21:08:06 ----A---- C:\WINDOWS\system32\acctres.dll
2010-10-25 21:08:05 ----D---- C:\Program Files\Common Files\Services
2010-10-25 21:04:08 ----SD---- C:\WINDOWS\Tasks
2010-10-25 21:04:08 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-10-25 21:04:06 ----D---- C:\Program Files\Common Files\MSSoap
2010-10-25 21:04:02 ----D---- C:\WINDOWS\srchasst
2010-10-25 21:04:00 ----D---- C:\WINDOWS\system32\Macromed
2010-10-25 21:03:56 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-10-25 21:03:56 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-10-25 21:03:56 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-10-25 21:03:56 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-10-25 21:03:55 ----A---- C:\WINDOWS\system32\wups.dll
2010-10-25 21:03:55 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-10-25 21:03:55 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-10-25 21:03:55 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-10-25 21:03:55 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-10-25 21:03:55 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-10-25 21:03:55 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-10-25 21:03:55 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-10-25 21:03:54 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-10-25 21:03:49 ----D---- C:\Program Files\Movie Maker
2010-10-25 21:03:44 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-10-25 21:03:44 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-10-25 21:03:44 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-10-25 21:03:44 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-10-25 21:03:39 ----A---- C:\WINDOWS\system32\fltmc.exe
2010-10-25 21:03:39 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-10-25 21:03:39 ----A---- C:\WINDOWS\system32\drivers\fltmgr.sys
2010-10-25 21:03:38 ----D---- C:\WINDOWS\system32\Restore
2010-10-25 21:03:38 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-10-25 21:03:38 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-10-25 21:03:38 ----A---- C:\WINDOWS\system32\srclient.dll
2010-10-25 21:03:38 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2010-10-25 21:03:37 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-10-25 21:03:37 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-10-25 21:03:37 ----A---- C:\WINDOWS\system32\ils.dll
2010-10-25 21:03:36 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-10-25 21:03:36 ----A---- C:\WINDOWS\system32\msconf.dll
2010-10-25 21:03:36 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-10-25 21:03:33 ----D---- C:\Program Files\NetMeeting
2010-10-25 21:03:33 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-10-25 21:03:33 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-10-25 21:03:32 ----A---- C:\WINDOWS\system32\inetres.dll
2010-10-25 21:03:32 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-10-25 21:03:29 ----D---- C:\Program Files\Outlook Express
2010-10-25 21:03:29 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-10-25 21:03:28 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-10-25 21:03:28 ----A---- C:\WINDOWS\system32\mstask.dll
2010-10-25 21:03:27 ----A---- C:\WINDOWS\system32\isign32.dll
2010-10-25 21:03:27 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-10-25 21:03:27 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-10-25 21:03:27 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-10-25 21:03:21 ----D---- C:\Program Files\Common Files\System
2010-10-25 21:03:19 ----D---- C:\Program Files\Internet Explorer
2010-10-25 21:03:16 ----A---- C:\WINDOWS\vbaddin.ini
2010-10-25 21:03:16 ----A---- C:\WINDOWS\vb.ini
2010-10-25 21:03:15 ----D---- C:\WINDOWS\Registration
2010-10-25 21:02:59 ----D---- C:\Program Files\Online Services
2010-10-25 21:02:58 ----D---- C:\Program Files\Windows Media Player
2010-10-25 21:02:56 ----D---- C:\Program Files\Messenger
2010-10-25 21:02:52 ----D---- C:\Program Files\MSN Gaming Zone
2010-10-25 21:02:52 ----A---- C:\WINDOWS\system32\write.exe
2010-10-25 21:02:43 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-10-25 21:02:43 ----A---- C:\WINDOWS\system32\hticons.dll
2010-10-25 21:02:42 ----A---- C:\WINDOWS\system32\winchat.exe
2010-10-25 21:02:42 ----A---- C:\WINDOWS\system32\avwav.dll
2010-10-25 21:02:42 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-10-25 21:02:42 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-10-25 21:02:34 ----A---- C:\WINDOWS\system32\getuname.dll
2010-10-25 21:02:34 ----A---- C:\WINDOWS\system32\charmap.exe
2010-10-25 21:02:34 ----A---- C:\WINDOWS\system32\calc.exe
2010-10-25 21:02:33 ----A---- C:\WINDOWS\system32\winmine.exe
2010-10-25 21:02:33 ----A---- C:\WINDOWS\system32\sol.exe
2010-10-25 21:02:33 ----A---- C:\WINDOWS\system32\reset.exe
2010-10-25 21:02:33 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-10-25 21:02:33 ----A---- C:\WINDOWS\system32\freecell.exe
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\tskill.exe
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\tscon.exe
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\shadow.exe
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\regini.exe
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-10-25 21:02:32 ----A---- C:\WINDOWS\system32\msg.exe
2010-10-25 21:02:31 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-10-25 21:02:31 ----A---- C:\WINDOWS\system32\logoff.exe
2010-10-25 21:02:31 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-10-25 21:02:30 ----A---- C:\WINDOWS\system32\stclient.dll
2010-10-25 21:02:30 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-10-25 21:02:30 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-10-25 21:02:30 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-10-25 21:02:30 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-10-25 21:02:30 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-10-25 21:02:30 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-10-25 21:02:29 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-10-25 21:02:25 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-10-25 21:02:09 ----D---- C:\Program Files\MSN
2010-10-25 21:02:08 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-10-25 21:02:08 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-10-25 21:02:08 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-10-25 21:02:07 ----D---- C:\Program Files\Windows NT
2010-10-25 21:02:07 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-10-25 21:02:07 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-10-25 21:02:07 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-10-25 21:02:06 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-10-25 21:02:06 ----A---- C:\WINDOWS\system32\spider.exe
2010-10-25 21:02:06 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2010-10-25 21:02:06 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2010-10-25 21:02:06 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-10-25 21:02:05 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-10-25 21:02:05 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-10-25 21:02:05 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-10-25 21:02:05 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-10-25 21:02:05 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-10-25 21:02:05 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-10-25 21:02:05 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-10-25 21:02:05 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-10-25 21:02:04 ----D---- C:\WINDOWS\system32\MsDtc
2010-10-25 21:02:04 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-10-25 21:02:04 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-10-25 21:02:04 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-10-25 21:02:04 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-10-25 21:02:04 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-10-25 21:02:04 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-10-25 21:02:04 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-10-25 21:02:04 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-10-25 21:02:03 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-10-25 21:02:03 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-10-25 21:02:03 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-10-25 21:02:03 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-10-25 21:02:02 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-10-25 21:02:02 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-10-25 21:02:01 ----D---- C:\WINDOWS\system32\Com
2010-10-25 21:02:01 ----A---- C:\WINDOWS\system32\colbact.dll
2010-10-25 21:02:01 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-10-25 21:02:01 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-10-25 21:02:01 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-10-25 21:02:01 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-10-25 21:02:00 ----A---- C:\WINDOWS\system32\comuid.dll
2010-10-25 21:02:00 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-10-25 21:02:00 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-10-25 21:01:54 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-10-25 21:01:53 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-10-25 21:01:53 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-10-25 21:01:53 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-10-25 21:01:49 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2010-10-25 21:01:49 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2010-10-25 15:01:24 ----A---- C:\WINDOWS\system32\h323log.txt
2010-10-25 14:55:23 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2010-10-25 14:55:01 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2010-10-25 14:54:49 ----A---- C:\WINDOWS\system32\drivers\enum1394.sys
2010-10-25 14:54:40 ----A---- C:\WINDOWS\system32\usbui.dll
2010-10-25 14:54:33 ----A---- C:\WINDOWS\system32\drivers\wmiacpi.sys
2010-10-25 14:54:32 ----A---- C:\WINDOWS\system32\drivers\compbatt.sys
2010-10-25 14:54:31 ----A---- C:\WINDOWS\system32\drivers\cmbatt.sys
2010-10-25 14:54:31 ----A---- C:\WINDOWS\system32\drivers\battc.sys
2010-10-25 14:54:03 ----A---- C:\WINDOWS\imsins.BAK
2010-10-25 14:54:01 ----SHD---- C:\WINDOWS\Installer
2010-10-25 14:54:01 ----D---- C:\Program Files\Common Files\ODBC
2010-10-25 14:54:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-25 14:54:01 ----A---- C:\WINDOWS\ODBCINST.INI
2010-10-25 14:53:57 ----RD---- C:\Program Files
2010-10-25 14:53:57 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-10-25 14:53:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-10-25 14:53:57 ----D---- C:\Program Files\Common Files
2010-10-25 14:53:54 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-10-25 14:53:54 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-10-25 14:53:54 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-10-25 14:53:52 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-10-25 14:53:52 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-10-25 14:53:52 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-10-25 14:53:52 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-10-25 14:53:52 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-10-25 14:53:52 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-10-25 14:53:52 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-10-25 14:53:52 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-10-25 14:53:52 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-10-25 14:53:52 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-10-25 14:53:52 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-10-25 14:53:52 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-10-25 14:53:50 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-10-25 14:53:50 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-10-25 14:53:50 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-10-25 14:53:50 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-10-25 14:53:50 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-10-25 14:53:50 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-10-25 14:53:50 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-10-25 14:53:48 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-10-25 14:53:48 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-10-25 14:53:48 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-10-25 14:53:48 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-10-25 14:53:48 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-10-25 14:53:46 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-10-25 14:53:44 ----A---- C:\WINDOWS\system32\irclass.dll
2010-10-25 14:53:43 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-10-25 14:53:43 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-10-25 14:53:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-10-25 14:53:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-10-25 14:53:41 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-10-25 14:53:41 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-10-25 14:53:40 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2010-10-25 14:53:40 ----A---- C:\WINDOWS\system32\batt.dll
2010-10-25 14:53:40 ----A---- C:\WINDOWS\notepad.exe
2010-10-25 14:53:39 ----A---- C:\WINDOWS\system32\storprop.dll
2010-10-25 14:53:36 ----RA---- C:\WINDOWS\SET26.tmp
2010-10-25 14:53:36 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-10-25 14:53:35 ----RA---- C:\WINDOWS\SET25.tmp
2010-10-25 14:53:33 ----RA---- C:\WINDOWS\SET8.tmp
2010-10-25 14:53:30 ----RA---- C:\WINDOWS\SET4.tmp
2010-10-25 14:53:29 ----RA---- C:\WINDOWS\SET3.tmp
2010-10-25 14:53:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-25 14:53:24 ----D---- C:\WINDOWS\system32\CatRoot
2010-10-25 14:53:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-10-25 14:52:29 ----A---- C:\WINDOWS\setuplog.txt
2010-10-25 14:52:26 ----D---- C:\Documents and Settings
2010-10-25 14:52:25 ----SHD---- C:\System Volume Information
2010-10-25 14:47:49 ----SH---- C:\boot.ini
2010-10-25 14:40:41 ----ASH---- C:\pagefile.sys
2010-10-25 14:18:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-25 14:18:34 ----RD---- C:\WINDOWS\Web
2010-10-25 14:18:34 ----RD---- C:\WINDOWS\Fonts
2010-10-25 14:18:34 ----HD---- C:\WINDOWS\inf
2010-10-25 14:18:34 ----D---- C:\WINDOWS\WinSxS
2010-10-25 14:18:34 ----D---- C:\WINDOWS\twain_32
2010-10-25 14:18:34 ----D---- C:\WINDOWS\Temp
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\wins
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\wbem
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\usmt
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\spool
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\ShellExt
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\Setup
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\ras
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\oobe
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\npp
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\mui
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\inetsrv
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\IME
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\icsxml
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\ias
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\export
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\drivers\etc
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\drivers\disdn
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\drivers
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\dhcp
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\config
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\3com_dmi
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\3076
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\2052
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\1054
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\1042
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\1041
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\1037
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\1033
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\1031
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\1028
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32\1025
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system32
2010-10-25 14:18:34 ----D---- C:\WINDOWS\system
2010-10-25 14:18:34 ----D---- C:\WINDOWS\security
2010-10-25 14:18:34 ----D---- C:\WINDOWS\Resources
2010-10-25 14:18:34 ----D---- C:\WINDOWS\repair
2010-10-25 14:18:34 ----D---- C:\WINDOWS\Provisioning
2010-10-25 14:18:34 ----D---- C:\WINDOWS\PeerNet
2010-10-25 14:18:34 ----D---- C:\WINDOWS\pchealth
2010-10-25 14:18:34 ----D---- C:\WINDOWS\mui
2010-10-25 14:18:34 ----D---- C:\WINDOWS\msapps
2010-10-25 14:18:34 ----D---- C:\WINDOWS\msagent
2010-10-25 14:18:34 ----D---- C:\WINDOWS\Media
2010-10-25 14:18:34 ----D---- C:\WINDOWS\java
2010-10-25 14:18:34 ----D---- C:\WINDOWS\ime
2010-10-25 14:18:34 ----D---- C:\WINDOWS\Help
2010-10-25 14:18:34 ----D---- C:\WINDOWS\Driver Cache
2010-10-25 14:18:34 ----D---- C:\WINDOWS\dell
2010-10-25 14:18:34 ----D---- C:\WINDOWS\Debug
2010-10-25 14:18:34 ----D---- C:\WINDOWS\Cursors
2010-10-25 14:18:34 ----D---- C:\WINDOWS\Connection Wizard
2010-10-25 14:18:34 ----D---- C:\WINDOWS\Config
2010-10-25 14:18:34 ----D---- C:\WINDOWS\AppPatch
2010-10-25 14:18:34 ----D---- C:\WINDOWS\addins
2010-10-25 14:18:34 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2010-10-25 21:09:52 ----A---- C:\WINDOWS\win.ini
2010-10-25 21:09:29 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-10-25 14:53:56 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iastor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-07-12 305176]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMDS.SYS [2010-06-13 339504]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMEFA.SYS [2010-07-28 666672]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1201000.025\SRTSPX.SYS [2010-07-28 50096]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NAV\1201000.025\Ironx86.SYS [2010-06-26 134704]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\system32\drivers\NAV\1201000.025\SYMTDI.SYS [2010-07-12 369072]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101112.001\IDSxpx86.sys []
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2007-05-04 105984]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101113.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101113.003\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1201000.025\SRTSP.SYS [2010-07-28 489008]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2004-12-13 39904]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NAV;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe [2010-07-22 126904]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe [2007-05-10 94208]
R2 WDDMService;WD SmartWare Drive Manager; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------







info.txt logfile of random's system information tool 1.08 2010-11-13 12:34:55

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\18.1.0.37\InstStub.exe /X
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x9 anything
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360131)-->"C:\WINDOWS\$NtUninstallKB2360131$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
WD SmartWare-->MsiExec.exe /X{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Norton AntiVirus

======System event log======

Computer Name: BADONKADONK
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 1506
Source Name: Service Control Manager
Time Written: 20101104132120.000000-360
Event Type: error
User:

Computer Name: BADONKADONK
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 1503
Source Name: Service Control Manager
Time Written: 20101104132120.000000-360
Event Type: error
User:

Computer Name: BADONKADONK
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001FE12BB16A. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1419
Source Name: Dhcp
Time Written: 20101104075949.000000-360
Event Type: warning
User:

Computer Name: BADONKADONK
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001FE12BB16A. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1412
Source Name: Dhcp
Time Written: 20101104071254.000000-360
Event Type: warning
User:

Computer Name: BADONKADONK
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001FE12BB16A. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1313
Source Name: Dhcp
Time Written: 20101103164434.000000-360
Event Type: warning
User:

=====Application event log=====

Computer Name: BADONKADONK
Event Code: 1517
Message: Windows saved user BADONKADONK\Preston registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 87
Source Name: Userenv
Time Written: 20101025231201.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BADONKADONK
Event Code: 1517
Message: Windows saved user BADONKADONK\Preston registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 71
Source Name: Userenv
Time Written: 20101025230309.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BADONKADONK
Event Code: 1517
Message: Windows saved user BADONKADONK\Preston registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 57
Source Name: Userenv
Time Written: 20101025225533.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BADONKADONK
Event Code: 1517
Message: Windows saved user BADONKADONK\Preston registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 49
Source Name: Userenv
Time Written: 20101025225040.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BADONKADONK
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20101025220309.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby xixo_12 » November 15th, 2010, 10:02 am

Hi,
Let's proceed

First,
Delete folder.
  • Open Notepad.exe
  • Copy and paste below code into the notepad.
    Code: Select all
    rd /q /s "C:\Documents and Settings\Preston\Application Data\BitTorrent"
    del /q /f "C:\WINDOWS\SET26.tmp"
    del /q /f "C:\WINDOWS\SET25.tmp"
    del /q /f "C:\WINDOWS\SET8.tmp"
    del /q /f "C:\WINDOWS\SET4.tmp"
    del /q /f "C:\WINDOWS\SET3.tmp"
    del %0
  • Click on File > Save As
    Save in : Desktop
    File name : xixo.bat
    Save as type : All Files
  • It will look like this :
    Image
  • Double click on xixo.bat and the batch file will perform the task and auto delete itself.

Next,
ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links)
Save as Combo-Fix.exe <<Please have a look on file name. You have to change.
Link 1
Link 2

**IMPORTANT !!! Save Combo-Fix.exe to your Desktop**

  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on Combo-Fix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


What you need to post
Checklist.
  • Content of ComboFix.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: ok, one more time

Unread postby Kennyco » November 15th, 2010, 12:46 pm

ComboFix 10-11-14.04 - Preston 11/15/2010 9:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1677 [GMT -7:00]
Running from: c:\documents and settings\Preston\Desktop\Combo-Fix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://buy-download.norton.com
.
((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-13 19:34 . 2010-11-13 19:34 -------- d-----w- C:\rsit
2010-11-08 19:43 . 2010-11-08 19:44 -------- d-----w- C:\hp_P1000_P1500_Full_Solution

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 18:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2006-03-04 03:33 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2004-08-04 10:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2004-08-04 10:00 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 10:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 10:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 10:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 10:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-04 10:00 617472 ----a-w- c:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iCall\\iCall.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1201000.025\SymDS.sys [10/31/2010 6:30 PM 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1201000.025\SymEFA.sys [10/31/2010 6:30 PM 666672]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/3/2010 5:07 PM 691248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1201000.025\Ironx86.sys [10/31/2010 6:30 PM 134704]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe [10/31/2010 6:30 PM 126904]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 4:24 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/27/2010 11:09 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101112.001\IDSXpx86.sys [10/19/2010 1:36 PM 341880]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/25/2010 9:54 PM 105984]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/11/2010 3:32 PM 11520]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Preston\Application Data\Mozilla\Firefox\Profiles\80b6n0g5.default\
FF - prefs.js: browser.startup.homepage - espn.go.com
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 09:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-11-15 09:26:53
ComboFix-quarantined-files.txt 2010-11-15 16:26

Pre-Run: 108,108,476,416 bytes free
Post-Run: 108,547,198,976 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5E75C8F99A28CC5241C7BC04D360718D
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby xixo_12 » November 16th, 2010, 8:14 am

Hi,

How's your system? Is it running better?
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 126 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware