System Security

tokixjam · 06-30-2009, 11:34 PM

Alright, so I followed the steps of the sticky.
I wasn't able to get a log from DDS, because it kept giving me this message: "Not enough main memory to complete the sort".
But I did get the log from GMER, which I've attached.

So I'm in a bit of a pickle. I've reformatted my laptop 2 times, and System Security has somehow managed to get its way into my laptop 3 times.
I am running on Windows XP Media Center 2005. If there are any more details you need to know, let me know. I just don't know what other info I need to post.

Alright, so here's the story:
First time I reformatted my laptop, all I downloaded and installed was Firefox, Adobe Flash Player, and Divx (now I know that Divx comes with spyware). And I got System Security popping up.
So I reformatted my laptop a second time. This second reformatting is the last I've done.
I've downloaded and installed Firefox, Internet Explorer 8, Adobe Flash Player, Defiler Pack Codec, and utorrent.
But System Security made its way back into my laptop.

In the past, being careful kept my laptop safe 100% of the time. I thought I was being careful when I reformatted my laptop, but apparently something slipped through the cracks.

Now, I have been going through Google, trying to find ways to get rid of it.
Right now, I have managed to delete the .exe file by going into my folder options, making all files invisible, running safe mode, and deleting the System Security folder in C:\Documents and Settings\Application Data. It was in a folder where the title was a bunch of numbers that started with a "1".
Deleting that folder is how I was able to actually open up Firefox and post this message.

But I'm sure there are part of it lurking around somewhere...hence this post.

Thank you to anyone in advance, and apologies in advance if I did anything wrong or whatnot. I'm new here. =)

P.S. My computer literacy is at about intermediate, but just to avoid me asking a lot of silly questions, a beginner's level language is good. Like in the sticky "Read this before posting for malware removal help".

tetonbob · 07-02-2009, 11:39 AM

Quote:

I've reformatted my laptop 2 times, and System Security has somehow managed to get its way into my laptop 3 times.

Well, this is a problem. Are you really formatting, or just doing a repair install?

Are you using an authentic Windows XP installation CD, the machine's recovery partition, or something you downloaded off the internet?

Are you reintroducing backed up data to the new installs? Have you scanned the backed up data before restoring it to ensure it's not infected?

Let's see if we can get some sort of log other than the gmer, which shows a nasty rootkit, by the way.

Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\rsit\info.txt
Click Upload.

---------------------------------------------------------------------------------------------

tokixjam · 07-02-2009, 12:41 PM

Quote:

Originally Posted by tetonbob

Well, this is a problem. Are you really formatting, or just doing a repair install?

Are you using an authentic Windows XP installation CD, the machine's recovery partition, or something you downloaded off the internet?

Are you reintroducing backed up data to the new installs? Have you scanned the backed up data before restoring it to ensure it's not infected?

I have been choosing the option to wipe my hard drive and get it back to factory settings. I've never chosen the repair setting.
I'm sorry, I don't know what I've done regarding partitions, but I always choose the option that will wipe everything and set it back to factory settings.

I'm using Recovery Discs I was prompted to burn when I first purchased my laptop. They're authentically from HP.

I have not introduced my backed up data to my laptop after the first time I reformatted. They're still in an external drive and have not touched my laptop.

I will run RSIT when I get back to my own laptop, seeing as to how I'm at work and using my sister's laptop now.

tetonbob · 07-02-2009, 12:54 PM

Since you've just formatted, you may want to simply start over again, but if you can run the scan, I'll look at the logs. These items you're downloading and installing, DivX and Defiler Pack Codec, and utorrent....it is from these types of downloads, and the sites they are sometimes obtained from, that rootkits such as the one on this machine come from.

If you're not restoring backed up data, and you're formatting, using recovery partition or recovery CDs, resetting to factory condition, then it's possible that the sites you intially visit after the recovery are exploited.

First thing to install is AntiVirus protection before you go online. Do you have an AntiVirus installed, updated and active?

========================

In our pre-posting topic, we strongly urge members to uninstall P2P applications such as utorrent, as they are major vectors for infection. I'd recommend it's uninstall.

As mentioned in our preposting topic:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Quote:

3. Uninstall the following via Add or Remove Programs in Control Panel:

p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues.

We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

tokixjam · 07-02-2009, 04:35 PM

I have not purchased an anti-virus system.
My laptop comes with Norton 2006, and every time I have reformatted, the 60-day subscription renews, so I never bothered to purchase a new one.
I'm pretty strapped for cash, and I don't want to pay $90 a year for it.
Are there any anti-virus programs you recommend that won't blow the bank?

I haven't downloaded Divx at all, but I do have Defiler. But I kept reading recommendations about Defiler.
I need a video codec. Are there any you recommend that aren't risky? If that's even possible?

I've uninstalled utorrent. I've never had problems with it in the past, but I know that doesn't necessarily mean it's not the problem.

I'll run the scan and post the logs when I get home though (still at work!). I'm kinda drained on reformatting my laptop so much, and I want to get as much info as possible before I subject it to another wash.

tokixjam · 07-02-2009, 08:43 PM

Sorry about the double post.
I've attached the info.txt
Here's the RSIT log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by toki at 2009-07-02 19:40:53
Microsoft Windows XP Professional Service Pack 3
System drive C: has 77 GB (78%) free of 99 GB
Total RAM: 2038 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:06 PM, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\toki\Desktop\RSIT.exe
C:\Program Files\trend micro\toki.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.****online.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askR...7&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askR...gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [13465154] C:\Documents and Settings\All Users\Application Data\13465154\13465154.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8634 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - toki.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
CNavExtBho Class - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-04-18 61952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-04-11 102400]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-09-17 52848]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-03-07 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-02-22 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"13465154"=C:\Documents and Settings\All Users\Application Data\13465154\13465154.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Disabled:Message Queuing"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

======List of files/folders created in the last 1 months======

2009-07-02 19:40:56 ----D---- C:\Program Files\trend micro
2009-07-02 19:40:53 ----D---- C:\rsit
2009-07-01 22:29:30 ----D---- C:\Program Files\NetWaiting
2009-07-01 22:28:02 ----SHD---- C:\Config.Msi
2009-07-01 22:24:35 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-01 15:29:38 ----D---- C:\Program Files\MSBuild
2009-07-01 15:29:34 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-01 15:29:30 ----D---- C:\Program Files\Reference Assemblies
2009-07-01 15:29:06 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-07-01 14:47:42 ----A---- C:\WINDOWS\SmartAudio.INI
2009-06-30 21:21:22 ----SD---- C:\moo
2009-06-30 21:21:15 ----A---- C:\WINDOWS\system32\CF12888.exe
2009-06-30 21:16:46 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-30 14:13:04 ----SHD---- C:\RECYCLER
2009-06-30 14:10:49 ----D---- C:\WINDOWS\temp
2009-06-30 13:59:25 ----A---- C:\WINDOWS\system32\hjgruiyxevxiom.dll
2009-06-30 13:58:49 ----A---- C:\WINDOWS\system32\hjgruiwmcxrien.dll
2009-06-30 13:53:41 ----A---- C:\WINDOWS\zip.exe
2009-06-30 13:53:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-30 13:53:41 ----A---- C:\WINDOWS\SWSC.exe
2009-06-30 13:53:41 ----A---- C:\WINDOWS\SWREG.exe
2009-06-30 13:53:41 ----A---- C:\WINDOWS\sed.exe
2009-06-30 13:53:41 ----A---- C:\WINDOWS\grep.exe
2009-06-30 13:53:29 ----D---- C:\WINDOWS\ERDNT
2009-06-30 13:53:25 ----A---- C:\WINDOWS\system32\CF23361.exe
2009-06-30 13:52:44 ----D---- C:\Qoobox
2009-06-30 13:44:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-06-30 13:43:50 ----D---- C:\WINDOWS\ie8updates
2009-06-30 13:43:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-06-30 00:40:33 ----HDC---- C:\WINDOWS\ie8
2009-06-30 00:20:41 ----A---- C:\WINDOWS\system32\hjgruixrviyqxy.dll
2009-06-30 00:20:30 ----A---- C:\WINDOWS\system32\hjgruimxvpwivl.dll
2009-06-30 00:03:52 ----D---- C:\WINDOWS\WBEM
2009-06-29 23:10:18 ----A---- C:\WINDOWS\OEWABLog.txt
2009-06-29 23:09:47 ----D---- C:\WINDOWS\Prefetch
2009-06-29 23:08:39 ----A---- C:\WINDOWS\system32\hjgruibpfqhtkb.dll
2009-06-29 23:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-29 23:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-29 23:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-29 23

56 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-29 23

52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-29 23

47 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-29 23

43 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-29 23

38 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-29 23

33 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-29 23

29 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-29 23

24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-06-29 23

20 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-06-29 23

16 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-06-29 23

11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-29 23

04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-29 23:05:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-29 23:05:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-29 23:05:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-29 23:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-29 23:05:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-29 23:05:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-29 23:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-29 23:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-29 23:05:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-29 23:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-29 23:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-06-29 23:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-29 23:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-29 23:00:31 ----A---- C:\WINDOWS\setuplog.txt
2009-06-29 22:59:59 ----D---- C:\WINDOWS\system32\scripting
2009-06-29 22:59:59 ----D---- C:\WINDOWS\system32\en-us
2009-06-29 22:59:59 ----D---- C:\WINDOWS\l2schemas
2009-06-29 22:59:58 ----D---- C:\WINDOWS\system32\en
2009-06-29 22:59:58 ----D---- C:\WINDOWS\system32\bits
2009-06-29 22:58:27 ----D---- C:\WINDOWS\ServicePackFiles
2009-06-29 22:57:27 ----D---- C:\WINDOWS\network diagnostic
2009-06-29 22:55:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-06-29 11:07:45 ----A---- C:\WINDOWS\system32\hjgruiowgalfjx.dll
2009-06-29 09

53 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2009-06-28 22:34:33 ----D---- C:\Documents and Settings\toki\Application Data\CyberLink
2009-06-28 22:34:31 ----D---- C:\Documents and Settings\toki\Application Data\HP
2009-06-28 21:52:38 ----D---- C:\Program Files\AskSearch
2009-06-28 21:52:15 ----D---- C:\Documents and Settings\toki\Application Data\uTorrent
2009-06-28 17:13:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-28 17:13:13 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-06-27 23:45:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-06-27 23:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-06-27 23:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-06-27 23:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-06-27 23:44:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-06-27 23:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-06-27 23:44:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-06-27 23:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-06-27 23:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-06-27 23:44:07 ----HDC---- C:\WINDOWS\$NtUninstallKB908250$
2009-06-27 23:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-06-27 23:43:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-06-27 23:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-06-27 23:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB969897_0$
2009-06-27 23:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-06-27 23:43:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-06-27 23:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2009-06-27 23:42:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-06-27 23:42:21 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-27 23:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-06-27 23:41:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-06-27 23:41:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-06-27 23:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-06-27 23:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-06-27 23:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-06-27 23:41:21 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-06-27 23:41:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-06-27 23:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-06-27 23:41:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-06-27 23:41:00 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-06-27 23:40:51 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2009-06-27 23:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-06-27 23:40:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-06-27 23:40:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-06-27 23:40:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-06-27 23:40:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-06-27 23:40:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-06-27 23:40:05 ----D---- C:\Program Files\MSXML 4.0
2009-06-27 23:39:58 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-06-27 23:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-06-27 23:39:45 ----A---- C:\WINDOWS\imsins.BAK
2009-06-27 23:39:41 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-06-27 21:17:36 ----D---- C:\Program Files\CCleaner
2009-06-27 21:09:17 ----A---- C:\WINDOWS\system32\hjgruixtqlxmuf.dll
2009-06-27 21:09:17 ----A---- C:\WINDOWS\system32\hjgruiuhdtyles.dll
2009-06-27 21:04:37 ----A---- C:\WINDOWS\system32\uacinit.dll
2009-06-27 20:55:31 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-06-27 20:52:37 ----D---- C:\Documents and Settings\toki\Application Data\Adobe
2009-06-27 18:00:26 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-06-27 18:00:25 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-06-27 18:00:24 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-06-27 18:00:24 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-06-27 18:00:24 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-06-27 18:00:23 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-06-27 18:00:21 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-06-27 18:00:21 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-06-27 18:00:19 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-06-27 18:00:19 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-06-27 18:00:17 ----N---- C:\WINDOWS\system32\slserv.exe
2009-06-27 18:00:17 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-06-27 18:00:17 ----N---- C:\WINDOWS\system32\slgen.dll
2009-06-27 18:00:17 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-06-27 18:00:17 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-06-27 18:00:17 ----N---- C:\WINDOWS\slrundll.exe
2009-06-27 18:00:16 ----N---- C:\WINDOWS\system32\setupn.exe
2009-06-27 18:00:15 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-06-27 18:00:15 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-06-27 18:00:15 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-06-27 18:00:14 ----N---- C:\WINDOWS\system32\qutil.dll
2009-06-27 18:00:14 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-06-27 18:00:14 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-06-27 18:00:14 ----N---- C:\WINDOWS\system32\qagent.dll
2009-06-27 18:00:13 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-06-27 18:00:13 ----N---- C:\WINDOWS\system32\onex.dll
2009-06-27 18:00:11 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-06-27 18:00:09 ----N---- C:\WINDOWS\system32\napstat.exe
2009-06-27 18:00:09 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-06-27 18:00:09 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-06-27 18:00:09 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-06-27 18:00:09 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-06-27 18:00:08 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-06-27 18:00:08 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-06-27 18:00:08 ----N---- C:\WINDOWS\system32\mssha.dll
2009-06-27 18:00:01 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-06-27 18:00:01 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-06-27 18:00:01 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-06-27 18:00:01 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-06-27 17:59:56 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-06-27 17:59:55 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-06-27 17:59:55 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-06-27 17:59:55 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-06-27 17:59:55 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-06-27 17:59:55 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-06-27 17:59:51 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-06-27 17:59:50 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-06-27 17:59:49 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-06-27 17:59:47 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-06-27 17:59:45 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-06-27 17:59:45 ----A---- C:\WINDOWS\002842_.tmp
2009-06-27 17:59:44 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-06-27 17:59:44 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-06-27 17:59:44 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-06-27 17:59:44 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-06-27 17:59:44 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-06-27 17:59:44 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-06-27 17:59:44 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-06-27 17:59:44 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-06-27 17:59:43 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-06-27 17:59:43 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-06-27 17:59:43 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-06-27 17:59:43 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-06-27 17:59:43 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-06-27 17:59:43 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-06-27 17:59:43 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-06-27 17:59:43 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-06-27 17:59:42 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-06-27 17:59:42 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-06-27 17:59:41 ----N---- C:\WINDOWS\system32\credssp.dll
2009-06-27 17:59:39 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-06-27 17:59:39 ----N---- C:\WINDOWS\system32\azroles.dll
2009-06-27 17:59:39 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-06-27 17:59:39 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-06-27 17:59:39 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-06-27 17:59:39 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-06-27 17:59:39 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-06-27 17:59:39 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-06-27 17:59:39 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-06-27 17:59:37 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-06-27 17:43:53 ----N---- C:\WINDOWS\kb913800.exe
2009-06-27 17:35:51 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-06-27 17:34:56 ----D---- C:\WINDOWS\system32\PreInstall
2009-06-27 17:34:54 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-06-27 17:33:40 ----D---- C:\WINDOWS\system32\appmgmt
2009-06-27 17:31:36 ----D---- C:\Program Files\DefilerPak
2009-06-27 17:21:34 ----D---- C:\Documents and Settings\toki\Application Data\Mozilla
2009-06-27 17:21:07 ----D---- C:\Program Files\Mozilla Firefox
2009-06-27 17:15:03 ----D---- C:\Documents and Settings\toki\Application Data\Macromedia
2009-06-27 17:14:31 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-06-27 17:09:06 ----ASH---- C:\Documents and Settings\toki\Application Data\desktop.ini
2009-06-27 17:09:04 ----D---- C:\Documents and Settings\toki\Application Data\Intuit
2009-06-27 17:09:04 ----D---- C:\Documents and Settings\toki\Application Data\Identities
2009-06-27 17:09:03 ----SD---- C:\Documents and Settings\toki\Application Data\Microsoft
2009-06-27 17:09:03 ----D---- C:\Documents and Settings\toki\Application Data\Symantec
2009-06-27 17

19 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2009-06-27 17

19 ----A---- C:\WINDOWS\system32\kbdusa.dll
2009-06-27 17

19 ----A---- C:\WINDOWS\system32\c_iscii.dll
2009-06-27 17

18 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2009-06-27 17:05:43 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2009-07-02 19:40:59 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-02 19:40:56 ----D---- C:\Program Files
2009-07-02 19:31:33 ----D---- C:\WINDOWS
2009-07-02 19:31:32 ----A---- C:\hpqp.ini
2009-07-02 19:31:27 ----A---- C:\XP_TV.ini
2009-07-02 19:30:53 ----D---- C:\WINDOWS\system32
2009-07-01 23:05:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-01 23:05:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-01 22:29:59 ----SHD---- C:\WINDOWS\Installer
2009-07-01 22:29:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-01 22:29:01 ----HD---- C:\WINDOWS\inf
2009-07-01 22:28:37 ----SD---- C:\WINDOWS\Tasks
2009-07-01 22:25:08 ----RSD---- C:\WINDOWS\assembly
2009-07-01 22:15:03 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-01 22:14:58 ----D---- C:\WINDOWS\system32\drivers
2009-07-01 22:14:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-01 22:14:27 ----D---- C:\SWSETUP
2009-07-01 22:11:39 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-01 22:10:14 ----D---- C:\Program Files\CONEXANT
2009-07-01 15:42:23 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-01 15:30:22 ----D---- C:\WINDOWS\WinSxS
2009-07-01 15:30:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-01 15:29:37 ----RSD---- C:\WINDOWS\Fonts
2009-07-01 15:29:12 ----D---- C:\WINDOWS\system32\spool
2009-07-01 15:28:03 ----D---- C:\Program Files\Internet Explorer
2009-07-01 00:16:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-30 23:08:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-30 21:20:10 ----D---- C:\Program Files\GemMaster
2009-06-30 14:11:28 ----A---- C:\WINDOWS\system.ini
2009-06-30 14

14 ----D---- C:\WINDOWS\AppPatch
2009-06-30 14

14 ----D---- C:\Program Files\Common Files
2009-06-30 14:05:28 ----D---- C:\WINDOWS\system32\wbem
2009-06-30 13:43:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-30 13:27:52 ----D---- C:\Program Files\Norton Internet Security
2009-06-30 13:21:38 ----D---- C:\WINDOWS\Help
2009-06-30 00:40:49 ----D---- C:\WINDOWS\Media
2009-06-29 23:11:11 ----D---- C:\WINDOWS\Debug
2009-06-29 23:08:53 ----D---- C:\WINDOWS\system32\Setup
2009-06-29 23:08:15 ----D---- C:\WINDOWS\security
2009-06-29 23:05:12 ----D---- C:\Program Files\Messenger
2009-06-29 23:00:04 ----D---- C:\WINDOWS\system32\inetsrv
2009-06-29 23:00:03 ----D---- C:\WINDOWS\ime
2009-06-29 22:59:59 ----D---- C:\WINDOWS\system32\usmt
2009-06-29 22:59:58 ----D---- C:\WINDOWS\PeerNet
2009-06-29 22:59:58 ----D---- C:\Program Files\Movie Maker
2009-06-29 22:58:21 ----D---- C:\WINDOWS\system32\Restore
2009-06-29 22:58:21 ----D---- C:\WINDOWS\system32\npp
2009-06-29 22:58:21 ----D---- C:\WINDOWS\mui
2009-06-29 22:58:21 ----D---- C:\WINDOWS\msagent
2009-06-29 22:58:20 ----D---- C:\WINDOWS\srchasst
2009-06-29 22:58:20 ----D---- C:\Program Files\NetMeeting
2009-06-29 22:58:19 ----D---- C:\WINDOWS\system32\Com
2009-06-29 22:58:18 ----D---- C:\Program Files\Windows NT
2009-06-29 22:58:18 ----D---- C:\Program Files\Outlook Express
2009-06-29 22:58:16 ----D---- C:\Program Files\Common Files\System
2009-06-29 22:58:10 ----D---- C:\WINDOWS\system32\oobe
2009-06-29 22:58:09 ----D---- C:\WINDOWS\system
2009-06-29 22:55:15 ----D---- C:\WINDOWS\ehome
2009-06-29 09

54 ----D---- C:\Program Files\Windows Media Player
2009-06-27 23:44:11 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-06-27 21:50:19 ----D---- C:\Program Files\Quicken
2009-06-27 21:50:17 ----A---- C:\WINDOWS\QUICKEN.INI
2009-06-27 20:49:31 ----D---- C:\Program Files\Hp
2009-06-27 20:49:22 ----D---- C:\Program Files\Hewlett-Packard
2009-06-27 17:38:44 ----D---- C:\WINDOWS\Registration
2009-06-27 17:35:30 ----A---- C:\WINDOWS\WININIT.INI
2009-06-27 17:35:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-27 17:33:30 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-27 17:33:30 ----D---- C:\WINDOWS\pchealth
2009-06-27 17:33:01 ----A---- C:\WINDOWS\win.ini
2009-06-27 17:16:31 ----D---- C:\Program Files\Symantec
2009-06-27 17:14:36 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-27 17:12:59 ----HD---- C:\system.sav
2009-06-27 17:12:59 ----D---- C:\WINDOWS\system32\config
2009-06-27 17:10:25 ----D---- C:\hp
2009-06-27 17:10:22 ----AD---- C:\WINDOWS\system32\pcintro
2009-06-27 17:09:03 ----D---- C:\Documents and Settings
2009-06-27 17:07:58 ----RASH---- C:\boot.ini
2009-06-27 17:05:55 ----D---- C:\Program Files\HPQ
2009-06-27 00:24:58 ----D---- C:\WINDOWS\SMINST
2009-06-27 00:22:51 ----RD---- C:\WINDOWS\Web
2009-06-27 00:22:49 ----D---- C:\WINDOWS\twain_32
2009-06-27 00:22:49 ----D---- C:\WINDOWS\tiinst
2009-06-27 00:22:34 ----D---- C:\WINDOWS\system32\URTTemp
2009-06-27 00:22:21 ----D---- C:\WINDOWS\system32\ras
2009-06-27 00:22:08 ----D---- C:\WINDOWS\system32\mui
2009-06-27 00:22:01 ----D---- C:\WINDOWS\system32\msmq
2009-06-27 00:21:57 ----D---- C:\WINDOWS\system32\MsDtc
2009-06-27 00:21:56 ----SD---- C:\WINDOWS\system32\Microsoft
2009-06-27 00:21:54 ----D---- C:\WINDOWS\system32\Macromed
2009-06-27 00:21:50 ----D---- C:\WINDOWS\system32\IME
2009-06-27 00:21:48 ----D---- C:\WINDOWS\system32\icsxml
2009-06-27 00:21:48 ----D---- C:\WINDOWS\system32\ias
2009-06-27 00:21:34 ----D---- C:\WINDOWS\system32\DirectX
2009-06-27 00:21:18 ----D---- C:\WINDOWS\system32\1033
2009-06-27 00:21:09 ----D---- C:\WINDOWS\Resources
2009-06-27 00:21:08 ----D---- C:\WINDOWS\repair
2009-06-27 00:21:04 ----D---- C:\WINDOWS\RegisteredPackages
2009-06-27 00:21:01 ----D---- C:\WINDOWS\Provisioning
2009-06-27 00:20:05 ----RD---- C:\WINDOWS\Offline Web Pages
2009-06-27 00:20:05 ----D---- C:\WINDOWS\msapps
2009-06-27 00:19:47 ----D---- C:\WINDOWS\java
2009-06-27 00:19:09 ----D---- C:\WINDOWS\Hewlett-Packard
2009-06-27 00:18:11 ----D---- C:\WINDOWS\Driver Cache
2009-06-27 00:18:10 ----D---- C:\WINDOWS\Downloaded Installations
2009-06-27 00:18:08 ----D---- C:\WINDOWS\Cursors
2009-06-27 00:18:07 ----D---- C:\WINDOWS\CREATOR
2009-06-27 00:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB915326$
2009-06-27 00:17:42 ----HD---- C:\WINDOWS\$NtUninstallKB913446$
2009-06-27 00:17:42 ----HD---- C:\WINDOWS\$NtUninstallKB912919$
2009-06-27 00:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB912436$
2009-06-27 00:17:41 ----HD---- C:\WINDOWS\$NtUninstallKB911927$
2009-06-27 00:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB909095$
2009-06-27 00:17:40 ----HD---- C:\WINDOWS\$NtUninstallKB911565$
2009-06-27 00:17:40 ----HD---- C:\WINDOWS\$NtUninstallKB911564$
2009-06-27 00:17:38 ----HD---- C:\WINDOWS\$NtUninstallKB908519$
2009-06-27 00:17:37 ----HD---- C:\WINDOWS\$NtUninstallKB904706$
2009-06-27 00:17:37 ----HD---- C:\WINDOWS\$NtUninstallKB903235$
2009-06-27 00:17:37 ----HD---- C:\WINDOWS\$NtUninstallKB901214$
2009-06-27 00:17:37 ----HD---- C:\WINDOWS\$NtUninstallKB901190$
2009-06-27 00:17:37 ----HD---- C:\WINDOWS\$NtUninstallKB896727$
2009-06-27 00:17:36 ----HD---- C:\WINDOWS\$NtUninstallKB896423$
2009-06-27 00:17:36 ----HD---- C:\WINDOWS\$NtUninstallKB896422$
2009-06-27 00:17:36 ----HD---- C:\WINDOWS\$NtUninstallKB896358$
2009-06-27 00:17:35 ----HDC---- C:\WINDOWS\$NtUninstallKB896256$
2009-06-27 00:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB892559$
2009-06-27 00:17:34 ----HD---- C:\WINDOWS\$NtUninstallKB894391$
2009-06-27 00:17:34 ----HD---- C:\WINDOWS\$NtUninstallKB893066$
2009-06-27 00:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB890546$
2009-06-27 00:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB889673$
2009-06-27 00:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB888402$
2009-06-27 00:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB888239$
2009-06-27 00:17:33 ----HD---- C:\WINDOWS\$NtUninstallKB891781$
2009-06-27 00:17:33 ----HD---- C:\WINDOWS\$NtUninstallKB888113$
2009-06-27 00:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-06-27 00:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB885855$
2009-06-27 00:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB885464$
2009-06-27 00:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB884575$
2009-06-27 00:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB883667$
2009-06-27 00:17:32 ----HD---- C:\WINDOWS\$NtUninstallKB887472$
2009-06-27 00:17:32 ----HD---- C:\WINDOWS\$NtUninstallKB886185$
2009-06-27 00:17:32 ----HD---- C:\WINDOWS\$NtUninstallKB885884$
2009-06-27 00:17:32 ----HD---- C:\WINDOWS\$NtUninstallKB885250$
2009-06-27 00:17:31 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-06-27 00:17:31 ----HD---- C:\WINDOWS\$NtUninstallKB873333$
2009-06-27 00:17:21 ----D---- C:\vongo
2009-06-27 00

40 ----D---- C:\Program Files\xerox
2009-06-27 00

38 ----D---- C:\Program Files\Windows Plus
2009-06-27 00:03:04 ----D---- C:\Program Files\WildTangent
2009-06-27 00:02:56 ----D---- C:\Program Files\Synaptics
2009-06-27 00:02:53 ----D---- C:\Program Files\Sonic
2009-06-27 00:02:15 ----D---- C:\Program Files\RGB
2009-06-27 00:02:15 ----D---- C:\Program Files\Quickensetup
2009-06-27 00:01:51 ----D---- C:\Program Files\Online Services
2009-06-27 00:00:39 ----D---- C:\Program Files\Netscape
2009-06-27 00:00:25 ----D---- C:\Program Files\muvee Technologies
2009-06-27 00:00:25 ----D---- C:\Program Files\music_now
2009-06-27 00:00:24 ----D---- C:\Program Files\MSN Gaming Zone
2009-06-27 00:00:24 ----D---- C:\Program Files\MSN Encarta Plus
2009-06-27 00:00:22 ----D---- C:\Program Files\MSN
2009-06-26 23:59:52 ----D---- C:\Program Files\Microsoft Office Trial Wizard
2009-06-26 23:59:15 ----D---- C:\Program Files\microsoft frontpage
2009-06-26 23:59:04 ----D---- C:\Program Files\Java
2009-06-26 23:59:04 ----D---- C:\Program Files\Intel
2009-06-26 23:57:19 ----D---- C:\Program Files\Google
2009-06-26 23:57:17 ----D---- C:\Program Files\EnglishOtto
2009-06-26 23:57:12 ----D---- C:\Program Files\Common Files\TiVo Shared
2009-06-26 23:56:46 ----D---- C:\Program Files\Common Files\SureThing Shared
2009-06-26 23:56:46 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-06-26 23:56:46 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-06-26 23:56:43 ----D---- C:\Program Files\Common Files\Services
2009-06-26 23:56:43 ----D---- C:\Program Files\Common Files\ODBC
2009-06-26 23:56:43 ----D---- C:\Program Files\Common Files\muvee Technologies
2009-06-26 23:56:30 ----D---- C:\Program Files\Common Files\MSSoap
2009-06-26 23:56:08 ----D---- C:\Program Files\Common Files\LightScribe
2009-06-26 23:56:03 ----D---- C:\Program Files\Common Files\Java
2009-06-26 23:56:02 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-26 23:55:58 ----D---- C:\Program Files\Common Files\HP
2009-06-26 23:55:50 ----D---- C:\Program Files\Adobe
2009-06-26 23:55:02 ----D---- C:\I386
2009-06-26 23:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-06-26 23:50:44 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2009-06-26 23:50:44 ----D---- C:\Documents and Settings\All Users\Application Data\SBSI
2009-06-26 23:50:38 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2009-06-26 23:50:38 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-06-26 23:50:38 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-06-26 23:50:38 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-06-26 23:50:38 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SAVRT;SAVRT; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R1 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-11-03 157696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-05-01 630272]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090702.005\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090702.005\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20090625.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192736]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-03-14 1428480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-03-02 57096]
S3 catchme;catchme; \??\C:\DOCUME~1\toki\LOCALS~1\Temp\catchme.sys []
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 EraserUtilDrv10910;EraserUtilDrv10910; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-09-17 192112]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2005-09-17 202352]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-09-17 169584]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-03-15 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-13 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-13 117248]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2007-05-23 139888]
R2 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
R2 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
R2 SPBBCSvc;Symantec SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-09-15 1160800]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2009-06-27 1251720]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; c:\Program Files\Norton Internet Security\ccPwdSvc.exe [2007-01-16 72328]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 comHost;COM Host; c:\Program Files\Norton Internet Security\comHost.exe [2007-01-16 45696]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 SAVScan;Symantec AVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

tetonbob · 07-02-2009, 08:54 PM

Hi again -

Regarding Norton 2006...

Unless you can update it to the current engine and definitions, it's not doing you much good. If it expires in 60 days, we may as well replace it before we're done. There are very good free AntiVirus available, I can advise you on that a bit later if you like. None of the paid ones I'm aware of cost $90, more like $40/yr for a standalone AV, or about $60-$70 for a suite.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Delete any version of ComboFix you might have now.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

--------------------------------------------------------------------

* IMPORTANT !!! Place combo-fix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

You can get help on disabling your protection programs here

For your version of Norton, it should be something like this:

NORTON ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a sign.
- right-click it -> chose "Disable Auto-Protect."
- select a duration of 5 hours (this assures no interference with the cleanup of your pc)
- click "Ok."
- a popup will warn that protection will now be disabled and the sign will now look like this:
You successfully disabled the Norton Antivirus Guard.
Double click on combo-fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

---------------------------------------------------------------------------------------------

tokixjam · 07-02-2009, 09:49 PM

Alright, I was able to run Combo Fix.
I've attached the log.

I would love information on good, free antivirus programs when you have time to tell me. =)

Thanks so much for all you're doing.

ComboFix 09-07-02.02 - toki 07/02/2009 20:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1522 [GMT -7:00]
Running from: c:\documents and settings\toki\Desktop\Combo-Fix.exe
AV: Norton Internet Security 2006 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\toki\jisfqt.exe
c:\documents and settings\toki\toki.exe
c:\windows\Installer\30674.msi
c:\windows\kb913800.exe
c:\windows\system32\hjgruiavhxbvpe.dat
c:\windows\system32\hjgruibpfqhtkb.dll
c:\windows\system32\hjgruibvmqwuhy.dat
c:\windows\system32\hjgruieqqtylhi.dat
c:\windows\system32\hjgruigrqltepx.dat
c:\windows\system32\hjgruikllxbnro.dat
c:\windows\system32\hjgruimxvpwivl.dll
c:\windows\system32\hjgruinoenklpa.dat
c:\windows\system32\hjgruinylnkbdw.dat
c:\windows\system32\hjgruiovyqxhxw.dat
c:\windows\system32\hjgruiowgalfjx.dll
c:\windows\system32\hjgruitismcmtk.dat
c:\windows\system32\hjgruitrrsmbdy.dat
c:\windows\system32\hjgruiuchuwarn.dat
c:\windows\system32\hjgruiuhdtyles.dll
c:\windows\system32\hjgruivblxsmbi.dat
c:\windows\system32\hjgruiwmcxrien.dll
c:\windows\system32\hjgruixrviyqxy.dll
c:\windows\system32\hjgruixtqlxmuf.dll
c:\windows\system32\hjgruiyxevxiom.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\uactmp.db
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.

2009-07-03 02:40 . 2009-07-03 02:41 -------- d-----w- c:\program files\trend micro
2009-07-03 02:40 . 2009-07-03 02:41 -------- d-----w- C:\rsit
2009-07-02 05:29 . 2009-07-02 05:29 -------- d-----w- c:\program files\NetWaiting
2009-07-02 05:24 . 2009-07-02 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-01 22:30 . 2009-07-01 22:30 140088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-01 22:29 . 2009-07-01 22:29 -------- d-----w- c:\program files\MSBuild
2009-07-01 22:29 . 2009-07-01 22:29 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-01 22:29 . 2009-07-01 22:29 -------- d-----w- c:\program files\Reference Assemblies
2009-07-01 22:29 . 2006-06-29 20:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-01 04:21 . 2009-07-01 04:21 -------- d-s---w- C:\moo
2009-06-30 20:44 . 2009-06-30 20:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-30 20:43 . 2009-06-30 20:43 -------- d-----w- c:\windows\ie8updates
2009-06-30 20:28 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-30 20:28 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-30 20:28 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-06-30 20:28 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-06-30 07:40 . 2009-06-30 07:40 -------- dc-h--w- c:\windows\ie8
2009-06-30 07:07 . 2009-06-30 07:07 -------- d-sh--w- c:\documents and settings\toki\IECompatCache
2009-06-30 07:06 . 2009-06-30 07:06 -------- d-sh--w- c:\documents and settings\toki\PrivacIE
2009-06-30 07:06 . 2009-06-30 07:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-30 07:06 . 2009-06-30 07:06 -------- d-sh--w- c:\documents and settings\toki\IETldCache
2009-06-30 05:59 . 2009-06-30 05:59 -------- d-----w- c:\windows\system32\scripting
2009-06-30 05:59 . 2009-06-30 05:59 -------- d-----w- c:\windows\l2schemas
2009-06-30 05:59 . 2009-06-30 05:59 -------- d-----w- c:\windows\system32\en
2009-06-30 05:59 . 2009-06-30 05:59 -------- d-----w- c:\windows\system32\bits
2009-06-30 05:58 . 2009-06-30 05:58 -------- d-----w- c:\windows\ServicePackFiles
2009-06-29 05:34 . 2009-06-29 05:34 -------- d-----w- c:\documents and settings\toki\Application Data\CyberLink
2009-06-29 05:34 . 2009-06-29 05:34 -------- d-----w- c:\documents and settings\toki\Local Settings\Application Data\QuickPlay
2009-06-29 05:34 . 2009-06-29 05:34 -------- d-----w- c:\documents and settings\toki\Application Data\HP
2009-06-29 04:52 . 2009-06-29 04:52 -------- d-----w- c:\program files\AskSearch
2009-06-29 04:52 . 2009-07-01 04:29 -------- d-----w- c:\documents and settings\toki\Application Data\uTorrent
2009-06-28 06:40 . 2009-06-28 06:40 -------- d-----w- c:\program files\MSXML 4.0
2009-06-28 04:17 . 2009-06-28 04:17 -------- d-----w- c:\program files\CCleaner
2009-06-28 04:09 . 2009-06-28 04:09 365 ----a-w- c:\documents and settings\toki\mstcmm.bat
2009-06-28 03:55 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-06-28 03:55 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-06-28 03:55 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-28 03:55 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-06-28 00:59 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-06-28 00:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-28 00:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-06-28 00:41 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-06-28 00:41 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-28 00:41 . 2008-06-11 09:58 2330624 ------w- c:\windows\system32\dllcache\WMVCore.dll
2009-06-28 00:41 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-06-28 00:41 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-06-28 00:41 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-28 00:40 . 2008-10-03 10:02 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-06-28 00:40 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-06-28 00:36 . 2008-09-04 17:15 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-06-28 00:35 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-28 00:35 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-06-28 00:31 . 2009-06-28 00:31 -------- d-----w- c:\program files\DefilerPak
2009-06-28 00:21 . 2009-06-28 00:21 0 ----a-w- c:\windows\nsreg.dat
2009-06-28 00:21 . 2009-06-28 00:21 -------- d-----w- c:\documents and settings\toki\Local Settings\Application Data\Mozilla
2009-06-28 00:15 . 2009-06-28 00:15 -------- d-sh--w- c:\documents and settings\toki\UserData
2009-06-28 00:10 . 2009-06-30 07:11 -------- d-sh--w- c:\documents and settings\toki\Temporary Internet Files
2009-06-28 00:10 . 2009-06-30 06:09 -------- d-sh--w- c:\documents and settings\toki\History
2009-06-28 00:06 . 2004-08-10 07:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2009-06-28 00:06 . 2004-08-10 07:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2009-06-28 00:06 . 2004-08-10 07:00 10752 ----a-w- c:\windows\system32\c_iscii.dll
2009-06-28 00:06 . 2004-08-10 07:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 03:40 . 2006-05-11 12:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-02 05:29 . 2006-05-11 09:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 05:10 . 2006-05-11 11:59 -------- d-----w- c:\program files\CONEXANT
2009-07-01 22:32 . 2006-05-11 11:54 64440 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 04:20 . 2006-05-11 12:09 -------- d-----w- c:\program files\GemMaster
2009-06-30 20:27 . 2006-05-11 12:28 -------- d-----w- c:\program files\Norton Internet Security
2009-06-30 06:03 . 2006-03-28 13:12 97159 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-28 04:50 . 2006-05-11 12:38 -------- d-----w- c:\program files\Quicken
2009-06-28 03:49 . 2006-05-11 09:47 -------- d-----w- c:\program files\Hp
2009-06-28 03:49 . 2006-05-11 09:47 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-28 00:16 . 2006-05-11 12:27 -------- d-----w- c:\program files\Symantec
2009-06-28 00:11 . 2009-06-28 00:09 127 ----a-w- c:\documents and settings\toki\Local Settings\Application Data\fusioncache.dat
2009-06-28 00:09 . 2009-06-28 00:09 1807 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv5000 (EZ406UA#ABA)_YN_0Pavi_QCND6283DSB_E413908001_46_I30A8_SHP_V56.47_BF.22_T061211_WXP2_L409_M2039_J120_7Intel_8T2400_91.83_#090627_N80861092_(EZ406UA#ABA)_XMOBILE_CN10_Z_2F.22.MRK
2009-06-28 00:05 . 2006-05-11 09:47 -------- d-----w- c:\program files\HPQ
2009-06-27 07:06 . 2006-05-11 09:47 -------- d-----w- c:\program files\Windows Plus
2009-06-27 07:03 . 2006-05-11 12:23 -------- d-----w- c:\program files\WildTangent
2009-06-27 07:02 . 2006-05-11 12:16 -------- d-----w- c:\program files\Synaptics
2009-06-27 07:02 . 2006-05-11 09:47 -------- d-----w- c:\program files\Sonic
2009-06-27 07:02 . 2006-05-11 12:38 -------- d-----w- c:\program files\Quickensetup
2009-06-27 07:02 . 2006-05-11 12:11 -------- d-----w- c:\program files\RGB
2009-06-27 07:00 . 2006-05-11 12:36 -------- d-----w- c:\program files\Netscape
2009-06-27 07:00 . 2006-05-11 12:37 -------- d-----w- c:\program files\muvee Technologies
2009-06-27 07:00 . 2006-05-11 12:37 -------- d-----w- c:\program files\music_now
2009-06-27 07:00 . 2006-05-11 12:12 -------- d-----w- c:\program files\MSN Encarta Plus
2009-06-27 06:59 . 2006-05-11 12:38 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2009-06-27 06:59 . 2006-05-11 09:47 -------- d-----w- c:\program files\microsoft frontpage
2009-06-27 06:59 . 2006-05-11 11:58 -------- d-----w- c:\program files\Intel
2009-06-27 06:59 . 2006-05-11 09:47 -------- d-----w- c:\program files\Java
2009-06-27 06:57 . 2006-05-11 12:35 -------- d-----w- c:\program files\Google
2009-06-27 06:57 . 2006-05-11 12:09 -------- d-----w- c:\program files\EnglishOtto
2009-06-27 06:57 . 2006-05-11 09:47 -------- d-----w- c:\program files\Common Files\TiVo Shared
2009-06-27 06:56 . 2006-05-11 09:47 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-06-27 06:56 . 2006-05-11 09:47 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-27 06:56 . 2006-05-11 12:37 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-06-27 06:56 . 2006-05-11 12:50 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-27 06:56 . 2006-05-11 09:47 -------- d-----w- c:\program files\Common Files\Java
2009-06-27 06:56 . 2006-05-11 09:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-27 06:55 . 2006-05-11 09:47 -------- d-----w- c:\program files\Common Files\HP
2009-05-13 05:15 . 2004-08-10 15:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 15:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 15:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 15:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2006-08-10 07:11 . 2009-06-27 07:24 0 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_21.11.26 )))))))))))))))))))))))))))))))))))))))))
.

<snipped so log would fit>
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-04-18 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/29/2009 9:12 AM 101936]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-28 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - toki.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 19:13]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-13465154 - c:\documents and settings\All Users\Application Data\13465154\13465154.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.****online.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\toki\Application Data\Mozilla\Firefox\Profiles\lojrea8k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 20:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????\??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-03 20:45
ComboFix-quarantined-files.txt 2009-07-03 03:45

Pre-Run: 80,875,790,336 bytes free
Post-Run: 81,030,266,880 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

920 --- E O F --- 2009-07-01 06:44

tetonbob · 07-02-2009, 10:17 PM

ComobFix has done a very good job at clearing things up. Now would be a good time to change AntiVirus.

This is the procedure to follow. If you have questions, please ask first.

Download the installer file for Avira antivirus, link to follow.

Avira AntiVir Personal

Direct link to the Avira installer file is here:

http://dlce.antivir.com/package/wks_...ersonal_en.exe

Download the Norton Removal Tool, direct link is here.

You can read Norton's information here, go directly to Step 3 for the download information.

We'll run it shortly.

Disconnect the machine from the internet.

Then, uninstall from Add or Remove Programs, your Norton items.

Then, run the Norton Removal Tool, which you already downloaded.

Double-click the Norton Removal Tool icon.
Follow the on-screen instructions.
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

Then, install Avira, which you already downloaded. There is an installation guide here

Reconnect to the internet. Allow Avira to perform it's quick scan. Then, update it's definitions, and run a full system scan.

---------------------------------------------------------------------------------------------

When the scan is complete, click on the Report button. A log file will open. Please post that in your next reply.

tokixjam · 07-03-2009, 01:00 AM

Alright, I followed all the steps and got the log from Avira, which I've attached.

And in case you didn't see...my sound came back after Combo Fix ran! You were right! =)

tetonbob · 07-03-2009, 09:29 AM

Looking good.

Let's send in one more tool.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Also run a new scan with DDS, it should run for you now. If it's been deleted, here's the link.

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.

-----------------------------------------------------

Please include the following logs in your thread:

Contents of the DDS.txt posted as text in your reply
Attach the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.

tokixjam · 07-03-2009, 03:23 PM

By the way, I'm not a "he", I'm a "she"! =)

Malware log:

Malwarebytes' Anti-Malware 1.38
Database version: 2369
Windows 5.1.2600 Service Pack 3

7/3/2009 1:55:22 PM
mbam-log-2009-07-03 (13-55-22).txt

Scan type: Quick Scan
Objects scanned: 92750
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------
DDS.txt:

DDS (Ver_09-06-26.01) - NTFSx86
Run by toki at 14:19:52.81 on Fri 07/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1531 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\toki\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.****online.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\toki\applic~1\mozilla\firefox\profiles\lojrea8k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-2 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-2 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-2 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-2 55640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-7-3 1373480]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10910.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10910.sys [?]

=============== Created Last 30 ================

2009-07-03 13:50 <DIR> --d----- c:\docume~1\toki\applic~1\Malwarebytes
2009-07-03 13:50 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 13:50 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-03 13:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-03 13:50 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 00:06 <DIR> --d----- c:\docume~1\toki\applic~1\WTablet
2009-07-03 00:06 1,380,680 -------- c:\windows\system32\PenTablet.znc
2009-07-03 00:05 2,684,200 -------- c:\windows\system32\PenTablet.cpl
2009-07-03 00:05 11,440 a------- c:\windows\system32\drivers\WacomVKHid.sys
2009-07-03 00:05 12,848 a------- c:\windows\system32\drivers\wacomvhid.sys
2009-07-03 00:05 11,312 a------- c:\windows\system32\drivers\wacommousefilter.sys
2009-07-03 00:05 <DIR> --d----- c:\windows\system32\WTablet
2009-07-03 00:05 181,544 -------- c:\windows\system32\Wintab32.dll
2009-07-03 00:05 128,296 -------- c:\windows\system32\Pen_Tablet.dll
2009-07-03 00:05 1,373,480 -------- c:\windows\system32\Pen_Tablet.exe
2009-07-03 00:05 <DIR> --d----- c:\program files\Tablet
2009-07-02 23:25 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-02 23:25 <DIR> --d----- c:\program files\Avira
2009-07-02 23:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-07-02 23:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-07-02 20:41 <DIR> a-dshr-- C:\cmdcons
2009-07-02 20:40 155,136 a------- c:\windows\PEV.exe
2009-07-02 20:40 <DIR> --ds---- C:\Combo-Fix
2009-07-02 19:40 <DIR> --d----- c:\program files\trend micro
2009-07-01 22:29 <DIR> --d----- c:\program files\NetWaiting
2009-07-01 22:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-07-01 22:10 110,592 -------- c:\windows\system32\SmartAudio.cpl
2009-07-01 15:29 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-01 15:29 14,048 -------- c:\windows\system32\spmsg2.dll
2009-07-01 14:47 27 a------- c:\windows\SmartAudio.INI
2009-06-30 14:11 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-06-30 13:53 161,792 a------- c:\windows\SWREG.exe
2009-06-30 13:53 98,816 a------- c:\windows\sed.exe
2009-06-30 13:43 <DIR> --d----- c:\windows\ie8updates
2009-06-30 13:28 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-30 13:28 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-30 13:28 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-06-30 13:28 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-06-30 00:40 <DIR> -cd-h--- c:\windows\ie8
2009-06-30 00:07 <DIR> --dsh--- c:\documents and settings\toki\IECompatCache
2009-06-30 00:06 <DIR> --dsh--- c:\documents and settings\toki\PrivacIE
2009-06-30 00:06 <DIR> --dsh--- c:\documents and settings\toki\IETldCache
2009-06-29 22:59 <DIR> --d----- c:\windows\system32\scripting
2009-06-29 22:59 <DIR> --d----- c:\windows\l2schemas
2009-06-29 22:59 <DIR> --d----- c:\windows\system32\en
2009-06-29 22:59 <DIR> --d----- c:\windows\system32\bits
2009-06-29 22:58 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-29 22:57 <DIR> --d----- c:\windows\network diagnostic
2009-06-28 21:52 <DIR> --d----- c:\program files\AskSearch
2009-06-28 21:52 <DIR> --d----- c:\docume~1\toki\applic~1\uTorrent
2009-06-27 23:40 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-27 21:17 <DIR> --d----- c:\program files\CCleaner
2009-06-27 21:09 365 a------- c:\documents and settings\toki\mstcmm.bat
2009-06-27 20:55 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-06-27 20:55 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-06-27 20:55 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-27 20:55 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-06-27 17:59 37,376 -------- c:\windows\system32\l2gpstore.dll
2009-06-27 17:46 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-06-27 17:46 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-06-27 17:41 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-06-27 17:41 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-27 17:41 2,330,624 -------- c:\windows\system32\dllcache\WMVCore.dll
2009-06-27 17:41 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-06-27 17:41 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-06-27 17:41 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-06-27 17:40 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-06-27 17:40 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-06-27 17:36 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-06-27 17:35 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-27 17:35 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-06-27 17:35 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-06-27 17:34 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-27 17:33 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-27 17:31 <DIR> --d----- c:\program files\DefilerPak
2009-06-27 17:15 <DIR> --dsh--- c:\documents and settings\toki\UserData
2009-06-27 17:14 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-27 17:10 <DIR> --dsh--- c:\documents and settings\toki\Temporary Internet Files
2009-06-27 17:10 <DIR> --dsh--- c:\documents and settings\toki\History
2009-06-27 17:09 1,807 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv5000 (EZ406UA#ABA)_YN_0Pavi_QCND6283DSB_E413908001_46_I30A8_SHP_V56.47_BF.22_T061211_WXP2_L409_M2039_J120_7Intel_8T2400_91.83_#090627_N80861092_(EZ406UA#ABA)_XMOBILE_CN10_Z_2F.22.MRK
2009-06-27 17:09 <DIR> --d----- c:\docume~1\toki\applic~1\Intuit
2009-06-27 17:09 <DIR> --d----- c:\documents and settings\toki
2009-06-27 17:06 185,344 a------- c:\windows\system32\Thawbrkr.dll
2009-06-27 17:06 66,594 a------- c:\windows\system32\c_864.nls
2009-06-27 17:06 66,594 a------- c:\windows\system32\c_862.nls
2009-06-27 17:06 66,594 a------- c:\windows\system32\c_720.nls
2009-06-27 17:06 66,082 a------- c:\windows\system32\c_708.nls
2009-06-27 17:06 66,082 a------- c:\windows\system32\C_28596.NLS
2009-06-27 17:06 66,082 a------- c:\windows\system32\c_10005.nls
2009-06-27 17:06 66,082 a------- c:\windows\system32\c_10004.nls
2009-06-27 17:06 10,752 a------- c:\windows\system32\c_iscii.dll
2009-06-27 17:06 5,632 a------- c:\windows\system32\kbdusa.dll
2009-06-27 17:06 66,082 a------- c:\windows\system32\c_10021.nls
2009-06-27 17:06 6,144 a------- c:\windows\system32\ftlx041e.dll

==================== Find3M ====================

2009-06-29 23:03 97,159 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-12 22:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 14:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 14:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 14:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 04:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 21:46 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2006-08-10 00:11 0 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 14:20:20.93 ===============

tetonbob · 07-03-2009, 03:31 PM

Duly noted and edited.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 14 -"
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6u14 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.

J2SE Runtime Environment 5.0 Update 6
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please perform this online scan to help look for remnants. This scan tends to take a while, so please don't use the machine for anything else while it's ongoing.

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on Settings. Uncheck Mail databases.
Next, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------------------------------------------------------------------------------------

How is the machine behaving now, please?

tokixjam · 07-03-2009, 06:42 PM

Everything's running pretty smoothly, thanks very much.
No problems have come up since I've run all the scanners and programs.

I've attached the Kapersky log.

tetonbob · 07-03-2009, 07:09 PM

Great, glad to hear it.

The items Kaspersky found are in ComboFix quarantine, and will be addressed by uninstalling ComboFix as instructed below.

Other than that....We should be done here. Some final housekeeping instructions, and protection information for you.

Your logs appear clean.You should be good to go. We still have a few items to address.

Disconnect from the internet and disable your AntiVirus temporarily.

Go to

-> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Re-enable your AntiVirus now. Reconnect to the internet at your leisure.

Delete any remaining tools we've used (DDS and GMER) and logs from them.

Empty your Recycle Bin.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Winpatrol

Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Do not install more than one AntiVirus program because they will conflict with each other.
Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

tokixjam · 07-03-2009, 10:19 PM

Thanks so much, tetonbob! If I could buy you a giftbasket, I would!
You do great work and an awesome job!
Happy Fourth of July!!!

tetonbob · 07-04-2009, 07:37 AM

Hi tokixjam, you're quite welcome, I'm glad to have helped. Thanks for the kind words.

Have a safe and Happy Fourth of July

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.

07-02-2009, 04:35 PM	#5 (permalink)
tokixjam Registered User Join Date: Jun 2009 Posts: 13 OS: Windows XP Media Center Edition 2005	) I have not purchased an anti-virus system. My laptop comes with Norton 2006, and every time I have reformatted, the 60-day subscription renews, so I never bothered to purchase a new one. I'm pretty strapped for cash, and I don't want to pay $90 a year for it. Are there any anti-virus programs you recommend that won't blow the bank? I haven't downloaded Divx at all, but I do have Defiler. But I kept reading recommendations about Defiler. I need a video codec. Are there any you recommend that aren't risky? If that's even possible? I've uninstalled utorrent. I've never had problems with it in the past, but I know that doesn't necessarily mean it's not the problem. I'll run the scan and post the logs when I get home though (still at work!). I'm kinda drained on reformatting my laptop so much, and I want to get as much info as possible before I subject it to another wash.

07-02-2009, 08:54 PM	#7 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,618 OS: 2000 Pro; XP Pro; XP Home	Re: System Security Hi again - Regarding Norton 2006... Unless you can update it to the current engine and definitions, it's not doing you much good. If it expires in 60 days, we may as well replace it before we're done. There are very good free AntiVirus available, I can advise you on that a bit later if you like. None of the paid ones I'm aware of cost $90, more like $40/yr for a standalone AV, or about $60-$70 for a suite. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. --------------------------------------------------------------------------------------------- Delete any version of ComboFix you might have now. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3 -------------------------------------------------------------------- * IMPORTANT !!! Place combo-fix.exe on your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. You can get help on disabling your protection programs here For your version of Norton, it should be something like this: NORTON ANTIVIRUS Please navigate to the system tray on the bottom right hand corner and look for a sign. right-click it -> chose "Disable Auto-Protect." select a duration of 5 hours (this assures no interference with the cleanup of your pc) click "Ok." a popup will warn that protection will now be disabled and the sign will now look like this: You successfully disabled the Norton Antivirus Guard. Double click on combo-fix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed. Click on Yes, to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

07-02-2009, 10:17 PM	#9 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,618 OS: 2000 Pro; XP Pro; XP Home	Re: System Security ComobFix has done a very good job at clearing things up. Now would be a good time to change AntiVirus. This is the procedure to follow. If you have questions, please ask first. Download the installer file for Avira antivirus, link to follow. Avira AntiVir Personal Direct link to the Avira installer file is here: http://dlce.antivir.com/package/wks_...ersonal_en.exe Download the Norton Removal Tool, direct link is here. You can read Norton's information here, go directly to Step 3 for the download information. We'll run it shortly. Disconnect the machine from the internet. Then, uninstall from Add or Remove Programs, your Norton items. Then, run the Norton Removal Tool, which you already downloaded. Double-click the Norton Removal Tool icon. Follow the on-screen instructions. Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts. Then, install Avira, which you already downloaded. There is an installation guide here Reconnect to the internet. Allow Avira to perform it's quick scan. Then, update it's definitions, and run a full system scan. --------------------------------------------------------------------------------------------- When the scan is complete, click on the Report button. A log file will open. Please post that in your next reply. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

07-03-2009, 09:29 AM	#11 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,618 OS: 2000 Pro; XP Pro; XP Home	Re: System Security Looking good. Let's send in one more tool. Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply. Also run a new scan with DDS, it should run for you now. If it's been deleted, here's the link. Download DDS and save it to your desktop from here or here. Disable any script blocker, and then double click dds to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt Save both reports to your desktop. ----------------------------------------------------- Please include the following logs in your thread: Contents of the DDS.txt posted as text in your reply *Attach* the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

07-03-2009, 03:31 PM	#13 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,618 OS: 2000 Pro; XP Pro; XP Home	Re: System Security Duly noted and edited. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop. Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 14 -" Click the "Download" button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6u14 with JavaFX 1 License Agreement". Click on Continue.The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name. J2SE Runtime Environment 5.0 Update 6 Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Temporary Files Window Click OK to leave the Java Control Panel. --------------------------------------------------------------------------------------------- Please perform this online scan to help look for remnants. This scan tends to take a while, so please don't use the machine for anything else while it's ongoing. Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner Note To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. Click Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on Settings. Uncheck Mail databases. Next, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save Report As... button. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply. --------------------------------------------------------------------------------------------- How is the machine behaving now, please? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

07-03-2009, 07:09 PM	#15 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,618 OS: 2000 Pro; XP Pro; XP Home	Re: System Security Great, glad to hear it. The items Kaspersky found are in ComboFix quarantine, and will be addressed by uninstalling ComboFix as instructed below. Other than that....We should be done here. Some final housekeeping instructions, and protection information for you. Your logs appear clean.You should be good to go. We still have a few items to address. Disconnect from the internet and disable your AntiVirus temporarily. Go to -> Run -> copy/paste in the following single line command & click OK combofix /u This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Re-enable your AntiVirus now. Reconnect to the internet at your leisure. Delete any remaining tools we've used (DDS and GMER) and logs from them. Empty your Recycle Bin. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs: Microsoft Windows Update - http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE. Winpatrol Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here. You can get a free copy of Winpatrol or use the Plus version for more features. You can read Winpatrol's FAQ if you run into problems. MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. Do not install more than one AntiVirus program because they will conflict with each other. Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles How did I get infected in the first place? PC Safety and Security--What Do I Need? If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

07-03-2009, 10:19 PM	#16 (permalink)
tokixjam Registered User Join Date: Jun 2009 Posts: 13 OS: Windows XP Media Center Edition 2005	Re: System Security Thanks so much, tetonbob! If I could buy you a giftbasket, I would! You do great work and an awesome job! Happy Fourth of July!!!

07-04-2009, 07:37 AM	#17 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,618 OS: 2000 Pro; XP Pro; XP Home	Re: System Security Hi tokixjam, you're quite welcome, I'm glad to have helped. Thanks for the kind words. Have a safe and Happy Fourth of July Surf Safely, and Think Prevention! Since this issue is resolved, this topic will be archived. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009