Need help with virus that takes over admin powers (cont)

Posted 12/10/2009 12:21 PM
#80820
User avatar

urbane Advanced member

Date Joined Nov 2016
Total Posts: 30
Er can we post in this new thread instead please, for some bizarre your post and everything after it does not want to load... my internet has been loading for hours to no avail. Maybe its my crappy net, an image u hosted, or the virus slowing down net, or a bug. I dunno, but yeah I can't view anything in that thread. <br/> <br/>I couldn't see that last reply of yours, it just forever got stuck here:
Posted 12/11/2009 9:32 AM
#80861
User avatar

urbane Advanced member

Date Joined Nov 2016
Total Posts: 30
Jintan please continue your support here. The other thread as shown in the screenshot above isn't working beyond that point.. It just forever loads and I used many different browsers. I even left my computer on for 8 hours, come back and its still loading :S <br/> <br/>I dunno why, but yeah please reply here
Posted 12/11/2009 11:45 PM
#80880
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
One thing that might help us is not posting these very large graphics shots. They cause my browser problems as well. Go back to that earlier post and click the Pencil icon, upper right corner, and remvoe that graphics link please. <br/> <br/>Once you have done that post here, and I will be able to continue with our work here.
Posted 12/12/2009 1:26 AM
#80882
User avatar

urbane Advanced member

Date Joined Nov 2016
Total Posts: 30
Done. Yeah I think the graphics screwed it up, I still cannot view that thread so lets stay in here. <br/> <br/>We were up to the abp470n5 file I detected in my last log post. I couldn't see your instructions after that
Posted 12/16/2009 7:29 AM
#81020
User avatar

urbane Advanced member

Date Joined Nov 2016
Total Posts: 30
*bump* Er Jintan?
Posted 12/16/2009 11:23 PM
#81037
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
My apoligies for wandering off. I think I did not have this new thread marked for notifications correctly. Better to regroup after the delay with new information, then continue. <br/> <br/>To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. <br/> <br/> <br/>Delete the existing copy of ComboFix. Then download the temporarily renamed ComboFix.exe from here to your desktop, then click the renamed KittyFix.exe to run the ComboFix scan. <br/> <br/>Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here. <br/> <br/>A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. <br/> <br/>Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt. This renamed version is new, so I haven't had a chance to verify if it creates that log, or instead a C:\KittyFix.txt log, so check for either after please.
Posted 12/17/2009 11:16 AM
#81076
User avatar

urbane Advanced member

Date Joined Nov 2016
Total Posts: 30
Alright, I thought you might have made a breakthrough in the previous thread. <br/> <br/>The virus is getting bad now, computer restarted all the time automatically for no reason to, so I had to untick the automatic restart box on system failure in system recovery. Now I get a lot of "irql not less or equal" blue screen errors rather frequently. Ok here is your combofix log <br/> <br/>ComboFix 09-12-16.05 - Owner 12/17/2009 22:05:36.5.1 - x86 <br/>Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1663 [GMT 11:00] <br/>Running from: c:\documents and settings\Owner\Desktop\KittyFix.exe <br/>. <br/> <br/>((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-12-17 09:23 . 2009-12-17 09:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer <br/>2009-12-10 11:53 . 2009-12-10 11:53 -------- d-s---w- c:\documents and settings\Owner\UserData <br/>2009-12-09 11:44 . 2009-12-09 11:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple <br/>2009-12-09 02:23 . 2009-12-09 02:23 -------- d-----w- c:\documents and settings\Owner\WINDOWS <br/>2009-12-04 06:50 . 2009-12-04 06:50 -------- d-----w- c:\documents and settings\Owner\dwhelper <br/>2009-12-04 06:46 . 2009-12-04 06:46 -------- d-----w- C:\downloads <br/>2009-12-04 06:46 . 2009-12-04 06:46 -------- d-----w- c:\documents and settings\Owner\Application Data\GrabPro <br/>2009-12-04 06:46 . 2009-12-04 06:50 -------- d-----w- c:\program files\Orbitdownloader <br/>2009-12-04 06:46 . 2009-12-04 06:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Orbit <br/>2009-12-04 04:27 . 2009-12-04 04:27 151040 ----a-w- C:\mbr.exe <br/>2009-12-04 04:25 . 2009-12-04 04:25 -------- d-----w- c:\program files\QuickTime <br/>2009-12-04 04:25 . 2009-12-04 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer <br/>2009-12-04 04:25 . 2009-12-04 04:25 -------- d-----w- c:\program files\Common Files\Apple <br/>2009-12-04 04:24 . 2009-12-04 04:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple <br/>2009-12-04 04:24 . 2009-12-04 04:24 -------- d-----w- c:\program files\Apple Software Update <br/>2009-12-04 04:24 . 2009-12-04 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple <br/>2009-12-04 04:24 . 2009-12-04 04:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer <br/>2009-11-26 15:30 . 2009-11-28 07:55 40 ----a-w- c:\windows\servcheck.bat <br/>2009-11-25 18:53 . 2009-12-16 05:25 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM <br/>2009-11-25 18:53 . 2009-11-25 18:53 56 ---ha-w- c:\windows\system32\ezsidmv.dat <br/>2009-11-25 18:49 . 2009-12-16 06:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype <br/>2009-11-25 18:28 . 2009-11-25 18:28 -------- d-----w- c:\program files\Common Files\Skype <br/>2009-11-25 18:28 . 2009-11-25 18:29 -------- d-----r- c:\program files\Skype <br/>2009-11-25 18:27 . 2009-11-25 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype <br/>2009-11-23 17:38 . 2009-12-07 07:27 -------- d-----w- C:\ComboFix <br/>2009-11-22 06:56 . 2009-11-30 20:23 -------- d-----w- c:\program files\trend micro <br/>2009-11-22 06:56 . 2009-11-22 06:56 -------- d-----w- C:\rsit <br/>2009-11-20 21:11 . 2009-12-16 09:11 17169 ----a-w- c:\windows\system32\nvModes.dat <br/>2009-11-20 08:25 . 2009-12-17 11:04 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc <br/>2009-11-20 08:24 . 2009-11-20 08:24 -------- d-----w- c:\program files\VideoLAN <br/>2009-11-20 07:16 . 2009-11-20 07:16 -------- d-----w- C:\SamRO <br/>2009-11-20 06:50 . 2009-11-20 07:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy <br/>2009-11-20 06:50 . 2009-11-20 06:56 -------- d-----w- c:\program files\Spybot - Search & Destroy <br/>2009-11-20 06:11 . 2009-11-20 06:11 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8 <br/>2009-11-20 06:10 . 2009-11-20 06:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes <br/>2009-11-20 06:10 . 2009-09-10 03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-11-20 06:10 . 2009-11-20 06:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2009-11-20 06:10 . 2009-11-20 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2009-11-20 06:10 . 2009-09-10 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-12-12 00:17 . 2009-12-05 05:00 -------- d-----w- c:\program files\Winamp <br/>2009-12-05 05:06 . 2009-12-05 05:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp <br/>2009-11-21 20:17 . 2009-12-16 09:43 142714 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat <br/>2009-11-21 20:16 . 2009-11-19 05:25 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat <br/>2009-11-20 20:01 . 2009-11-19 14:37 -------- d-----w- c:\program files\Yahoo! <br/>2009-11-20 17:52 . 2009-11-20 17:52 -------- d-----w- c:\program files\Sony Ericsson <br/>2009-11-20 17:52 . 2009-11-20 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson <br/>2009-11-20 17:52 . 2009-11-19 05:36 -------- d--h--w- c:\program files\InstallShield Installation Information <br/>2009-11-19 14:45 . 2009-11-19 14:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo! <br/>2009-11-19 14:44 . 2009-11-19 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! <br/>2009-11-19 06:43 . 2009-11-19 06:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic <br/>2009-11-19 06:35 . 2009-11-19 06:35 12328 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-11-19 06:32 . 2009-11-19 06:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech <br/>2009-11-19 06:20 . 2009-11-19 06:20 -------- d-----w- c:\program files\Common Files\Adobe <br/>. <br/> <br/>((((((((((((((((((((((((((((( SnapShot@2009-11-23_07.24.21 ))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 96752 c:\windows\system32\vxblock.dll <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 66032 c:\windows\system32\pxinsa64.exe <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 72176 c:\windows\system32\pxhpinst.exe <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 66544 c:\windows\system32\pxcpya64.exe <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 44944 c:\windows\system32\drivers\PxHelp20.sys <br/>+ 2009-12-04 04:25 . 2009-12-04 04:25 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 9200 c:\windows\system32\drivers\cdralw2k.sys <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 9072 c:\windows\system32\drivers\cdr4_xp.sys <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 436720 c:\windows\system32\pxwave.dll <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 219632 c:\windows\system32\pxmas.dll <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 551408 c:\windows\system32\pxdrv.dll <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 129520 c:\windows\system32\pxafs.dll <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 670192 c:\windows\system32\px.dll <br/>+ 2009-11-25 18:29 . 2009-11-25 18:29 794112 c:\windows\Installer\a76b39c.msi <br/>+ 2009-12-04 04:25 . 2009-12-04 04:25 796672 c:\windows\Installer\112ab576.msi <br/>+ 2009-11-25 18:28 . 2009-11-25 18:28 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 1858032 c:\windows\system32\pxsfs.dll <br/>+ 2009-11-25 18:28 . 2009-11-25 18:28 1565696 c:\windows\Installer\a76b395.msi <br/>+ 2009-12-04 04:25 . 2009-12-04 04:25 9473024 c:\windows\Installer\112ab57a.msi <br/>+ 2009-12-04 04:25 . 2009-12-04 04:25 1549312 c:\windows\Installer\112ab56f.msi <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5317944] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"SoundMan"="SOUNDMAN.EXE" [2004-11-15 155648] <br/>"nwiz"="nwiz.exe" [2004-11-14 995328] <br/>"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-11-01 166400] <br/>"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-11-14 86016] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-14 4620288] <br/>"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1488208] <br/>"D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-03 1736704] <br/>"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 131072] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 113520] <br/>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 1009016] <br/>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 491520] <br/>"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 107520] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center] <br/>"AntiVirusOverride"=dword:00000001 <br/>"FirewallOverride"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] <br/>"AntiVirusOverride"=dword:00000001 <br/>"AntiVirusDisableNotify"=dword:00000001 <br/>"FirewallDisableNotify"=dword:00000001 <br/>"FirewallOverride"=dword:00000001 <br/>"UpdatesDisableNotify"=dword:00000001 <br/>"UacDisableNotify"=dword:00000001 <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] <br/>"EnableFirewall"= 0 (0x0) <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= <br/>"c:\\Program Files\\ANI\\ANIWZCS2 Service\\ANIWZCSdS.exe"= <br/>"c:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"= <br/>"c:\\SamRO\\RO\\VanRO.exe"= <br/>"c:\\Program Files\\D-Link\\D-Link Wireless G DWA-110\\AirGCFG.exe"= <br/>"d:\\My Documents\\VanRO\\RO\\VanRO.exe"= <br/>"c:\\SamRO\\RO\\SamRO.exe"= <br/>"c:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Suite\\SupServ.exe"= <br/>"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= <br/>"c:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe"= <br/>"c:\\Program Files\\Mozilla Firefox\\firefox.exe"= <br/>"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= <br/>"c:\\Documents and Settings\\Owner\\Desktop\\l0tkxmho.exe"= <br/>"d:\\My Documents\\VanRO\\RO\\VanRO X.exe"= <br/>"c:\\WINDOWS\\system32\\taskmgr.exe"= <br/>"c:\\WINDOWS\\SOUNDMAN.EXE"= <br/>"c:\\Documents and Settings\\Owner\\Desktop\\RSIT.exe"= <br/>"d:\\Desktop\\games\\emulators\\FB\\finalburn.exe"= <br/>"c:\\Program Files\\Winamp\\winampa.exe"= <br/>"c:\\Program Files\\WinRAR\\WinRAR.exe"= <br/>"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"= <br/>"c:\\Program Files\\Mozilla Firefox\\crashreporter.exe"= <br/>"c:\\Program Files\\Skype\\Phone\\Skype.exe"= <br/> <br/>R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\flnipn.sys --> c:\windows\system32\drivers\flnipn.sys [?] <br/>R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [11/21/2009 4:52 AM 27632] <br/>S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [11/21/2009 4:52 AM 172032] <br/>S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [11/21/2009 4:52 AM 86824] <br/>S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [11/21/2009 4:52 AM 15016] <br/>S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [11/21/2009 4:52 AM 114728] <br/>S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [11/21/2009 4:52 AM 106208] <br/>S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [11/21/2009 4:52 AM 26024] <br/>S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [11/21/2009 4:52 AM 104744] <br/>S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [11/21/2009 4:52 AM 109864] <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ra4q4zbh.default\ <br/>FF - prefs.js: browser.startup.homepage - www.google.com <br/>FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll <br/>. <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2009-12-17 22:07 <br/>Windows 5.1.2600 Service Pack 2 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'explorer.exe'(2304) <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>. <br/>Completion time: 2009-12-17 22:09:23 <br/>ComboFix-quarantined-files.txt 2009-12-17 11:09 <br/>ComboFix2.txt 2009-12-09 02:40 <br/>ComboFix3.txt 2009-12-07 07:36 <br/>ComboFix4.txt 2009-11-23 17:45 <br/>ComboFix5.txt 2009-12-17 11:05 <br/> <br/>Pre-Run: 56,566,546,432 bytes free <br/>Post-Run: 56,681,168,896 bytes free <br/> <br/>- - End Of File - - A2CDB49187D9DF99999193B85F0B6C31
Posted 12/17/2009 1:33 PM
#81078
User avatar

jekyll Member

Date Joined Nov 2016
Total Posts: 4
PLEASE HELP ME. i HAVE THE SAME PROBLEM : <br/> I can't modify l'account , I can't dellete files , If i move the files i can't see them, but they are there , the proof is that i tried to copy a file sull desktop but it disappeared i copied again and he asks me if i want to rewritte the file. <SPAN style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium 'Times New Roman'; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px" class=Apple-style-span><SPAN style="LINE-HEIGHT: 12px; FONT-FAMILY: Tahoma, Verdana, Arial, Helvetica, sans-serif; WHITE-SPACE: pre-wrap; FONT-SIZE: 11px" class=Apple-style-span>he doesn't read me anymore the cd <SPAN style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium 'Times New Roman'; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px" class=Apple-style-span><SPAN style="LINE-HEIGHT: 12px; FONT-FAMILY: Tahoma, Verdana, Arial, Helvetica, sans-serif; WHITE-SPACE: pre-wrap; FONT-SIZE: 11px" class=Apple-style-span>it tells me that the cd is <SPAN style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium 'Times New Roman'; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px" class=Apple-style-span><SPAN style="LINE-HEIGHT: 12px; FONT-FAMILY: Tahoma, Verdana, Arial, Helvetica, sans-serif; WHITE-SPACE: pre-wrap; FONT-SIZE: 11px" class=Apple-style-span>empty. <SPAN style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium 'Times New Roman'; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px" class=Apple-style-span><SPAN style="LINE-HEIGHT: 12px; FONT-FAMILY: Tahoma, Verdana, Arial, Helvetica, sans-serif; WHITE-SPACE: pre-wrap; FONT-SIZE: 11px" class=Apple-style-span>and more other problems if anyone could help me ...........
Posted 12/18/2009 1:35 AM
#81093
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Please do not post in other people's request threads jekyll. You have your own thread, so have patience, and someone will respond there as time permits. <br/> <br/> <br/>I researched some more on this Win32/Sality infection giving the problems there urbane, and we will need one more piece of info to see if we can get the upper hand there. <br/> <br/> <br/>[code]@ECHO OFF <br/>cd c:\windows <br/>type system.ini > c:\looki.txt <br/>notepad c:\looki.txt[/code] <br/>Open Notepad (Start - Run, type notepad and press Enter). <br/> <br/>Copy/paste the above text (inside the Code box) into the open text box, then save this to your desktop as "3serv.bat" <br/> <br/>Be sure to include the "" quotes in the name. Then click on 3serv.bat. When the scan completes a textbox will open - copy/paste those contents back here please.
Posted 12/18/2009 10:26 AM
#81107
User avatar

urbane Advanced member

Date Joined Nov 2016
Total Posts: 30
; for 16-bit app support <br/>[drivers] <br/>wave=mmdrv.dll <br/>timer=timer.drv <br/>[mci] <br/>[driver32] <br/>[386enh] <br/>woafont=dosapp.FON <br/>EGA80WOA.FON=EGA80WOA.FON <br/>EGA40WOA.FON=EGA40WOA.FON <br/>CGA80WOA.FON=CGA80WOA.FON <br/>CGA40WOA.FON=CGA40WOA.FON <br/>[MCIDRV_VER] <br/>DEVICEMB=11532832482 <br/>DEVICEMB=73404633621
Posted 12/18/2009 11:33 PM
#81122
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Good job, and although there are other malware changes let's see if removing what it added to the system.ini file brings some progress there. <br/> <br/> <br/>Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" <br/> <br/>Right click My Computer, left click Explore, and use the plus + symbols to navigate to the following hilighted file: <br/> <br/>C:\Windows\system.ini <br/> <br/>Right click that file and select Open. Then delete these last three entries at the bottom: <br/> <br/>[MCIDRV_VER] <br/>DEVICEMB=11532832482 <br/>DEVICEMB=73404633621 <br/> <br/> <br/>When you have done that, this is all that should show in the system.ini file: <br/> <br/>; for 16-bit app support <br/>[drivers] <br/>wave=mmdrv.dll <br/>timer=timer.drv <br/>[mci] <br/>[driver32] <br/>[386enh] <br/>woafont=dosapp.FON <br/>EGA80WOA.FON=EGA80WOA.FON <br/>EGA40WOA.FON=EGA40WOA.FON <br/>CGA80WOA.FON=CGA80WOA.FON <br/>CGA40WOA.FON=CGA40WOA.FON <br/> <br/>Then go to File, and click Save to save the changes you made. <br/> <br/>------------------- <br/> <br/>Then go back to Device Manager (Start - Run, type devmgmt.msc and press OK). When the Device Manager display opens click View - Show hidden devices. <br/> <br/>Then in the list below that click the plus symbol (+) next to the following to expand that list: <br/> <br/>Non-Plug and Play Drivers <br/> <br/> <br/>In that list locate the following item, right click it and select Disable. <br/> <br/>abp470n5 <br/> <br/>Go ahead and allow the computer to reboot to complete disabling that malware service. <br/> <br/>---------------------- <br/> <br/>After the reboot run a new KittyFix scan, as well as a new Gmer scan, and post those logs please.
Posted 12/19/2009 2:14 AM
#81124
User avatar

urbane Advanced member

Date Joined Nov 2016
Total Posts: 30
It seems to have made no effect... even worse, when I deleted those entries it just remade part of it again: <br/>[MCIDRV_VER] <br/>DEVICEMB=14687357 <br/> <br/>Each time you ask for a new combo fix, the virus disables me from running it again.. like most other exe applications so I have to delete and re download each time. <br/> <br/>Here is Combofix (kittyfix): <br/> <br/>ComboFix 09-12-18.01 - Owner 12/19/2009 12:37:35.6.1 - x86 <br/>Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1757 [GMT 11:00] <br/>Running from: c:\documents and settings\Owner\Desktop\KittyFix.exe <br/>. <br/> <br/>((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-12-17 09:23 . 2009-12-17 09:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer <br/>2009-12-10 11:53 . 2009-12-10 11:53 -------- d-s---w- c:\documents and settings\Owner\UserData <br/>2009-12-09 11:44 . 2009-12-09 11:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple <br/>2009-12-09 02:23 . 2009-12-09 02:23 -------- d-----w- c:\documents and settings\Owner\WINDOWS <br/>2009-12-04 06:50 . 2009-12-04 06:50 -------- d-----w- c:\documents and settings\Owner\dwhelper <br/>2009-12-04 06:46 . 2009-12-04 06:46 -------- d-----w- C:\downloads <br/>2009-12-04 06:46 . 2009-12-04 06:46 -------- d-----w- c:\documents and settings\Owner\Application Data\GrabPro <br/>2009-12-04 06:46 . 2009-12-04 06:50 -------- d-----w- c:\program files\Orbitdownloader <br/>2009-12-04 06:46 . 2009-12-04 06:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Orbit <br/>2009-12-04 04:27 . 2009-12-04 04:27 151040 ----a-w- C:\mbr.exe <br/>2009-12-04 04:25 . 2009-12-04 04:25 -------- d-----w- c:\program files\QuickTime <br/>2009-12-04 04:25 . 2009-12-04 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer <br/>2009-12-04 04:25 . 2009-12-04 04:25 -------- d-----w- c:\program files\Common Files\Apple <br/>2009-12-04 04:24 . 2009-12-04 04:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple <br/>2009-12-04 04:24 . 2009-12-04 04:24 -------- d-----w- c:\program files\Apple Software Update <br/>2009-12-04 04:24 . 2009-12-04 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple <br/>2009-12-04 04:24 . 2009-12-04 04:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer <br/>2009-11-26 15:30 . 2009-11-28 07:55 40 ----a-w- c:\windows\servcheck.bat <br/>2009-11-25 18:53 . 2009-12-16 05:25 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM <br/>2009-11-25 18:53 . 2009-11-25 18:53 56 ---ha-w- c:\windows\system32\ezsidmv.dat <br/>2009-11-25 18:49 . 2009-12-16 06:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype <br/>2009-11-25 18:28 . 2009-11-25 18:28 -------- d-----w- c:\program files\Common Files\Skype <br/>2009-11-25 18:28 . 2009-11-25 18:29 -------- d-----r- c:\program files\Skype <br/>2009-11-25 18:27 . 2009-11-25 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype <br/>2009-11-23 17:38 . 2009-12-07 07:27 -------- d-----w- C:\ComboFix <br/>2009-11-22 06:56 . 2009-11-30 20:23 -------- d-----w- c:\program files\trend micro <br/>2009-11-22 06:56 . 2009-11-22 06:56 -------- d-----w- C:\rsit <br/>2009-11-20 21:11 . 2009-12-16 09:11 17169 ----a-w- c:\windows\system32\nvModes.dat <br/>2009-11-20 08:25 . 2009-12-19 00:44 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc <br/>2009-11-20 08:24 . 2009-11-20 08:24 -------- d-----w- c:\program files\VideoLAN <br/>2009-11-20 07:16 . 2009-11-20 07:16 -------- d-----w- C:\SamRO <br/>2009-11-20 06:50 . 2009-11-20 07:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy <br/>2009-11-20 06:50 . 2009-11-20 06:56 -------- d-----w- c:\program files\Spybot - Search & Destroy <br/>2009-11-20 06:11 . 2009-11-20 06:11 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8 <br/>2009-11-20 06:10 . 2009-11-20 06:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes <br/>2009-11-20 06:10 . 2009-09-10 03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-11-20 06:10 . 2009-11-20 06:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2009-11-20 06:10 . 2009-11-20 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2009-11-20 06:10 . 2009-09-10 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-12-12 00:17 . 2009-12-05 05:00 -------- d-----w- c:\program files\Winamp <br/>2009-12-05 05:06 . 2009-12-05 05:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp <br/>2009-11-21 20:17 . 2009-12-16 09:43 142714 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat <br/>2009-11-21 20:16 . 2009-11-19 05:25 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat <br/>2009-11-20 20:01 . 2009-11-19 14:37 -------- d-----w- c:\program files\Yahoo! <br/>2009-11-20 17:52 . 2009-11-20 17:52 -------- d-----w- c:\program files\Sony Ericsson <br/>2009-11-20 17:52 . 2009-11-20 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson <br/>2009-11-20 17:52 . 2009-11-19 05:36 -------- d--h--w- c:\program files\InstallShield Installation Information <br/>2009-11-19 14:45 . 2009-11-19 14:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo! <br/>2009-11-19 14:44 . 2009-11-19 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! <br/>2009-11-19 06:43 . 2009-11-19 06:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic <br/>2009-11-19 06:35 . 2009-11-19 06:35 12328 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-11-19 06:32 . 2009-11-19 06:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech <br/>2009-11-19 06:20 . 2009-11-19 06:20 -------- d-----w- c:\program files\Common Files\Adobe <br/>. <br/> <br/>((((((((((((((((((((((((((((( SnapShot@2009-11-23_07.24.21 ))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 96752 c:\windows\system32\vxblock.dll <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 66032 c:\windows\system32\pxinsa64.exe <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 72176 c:\windows\system32\pxhpinst.exe <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 66544 c:\windows\system32\pxcpya64.exe <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 44944 c:\windows\system32\drivers\PxHelp20.sys <br/>+ 2009-12-04 04:25 . 2009-12-04 04:25 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 9200 c:\windows\system32\drivers\cdralw2k.sys <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 9072 c:\windows\system32\drivers\cdr4_xp.sys <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 436720 c:\windows\system32\pxwave.dll <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 219632 c:\windows\system32\pxmas.dll <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 551408 c:\windows\system32\pxdrv.dll <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 129520 c:\windows\system32\pxafs.dll <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 670192 c:\windows\system32\px.dll <br/>+ 2009-11-25 18:29 . 2009-11-25 18:29 794112 c:\windows\Installer\a76b39c.msi <br/>+ 2009-12-04 04:25 . 2009-12-04 04:25 796672 c:\windows\Installer\112ab576.msi <br/>+ 2009-11-25 18:28 . 2009-11-25 18:28 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe <br/>+ 2009-12-05 05:00 . 2009-04-28 20:20 1858032 c:\windows\system32\pxsfs.dll <br/>+ 2009-11-25 18:28 . 2009-11-25 18:28 1565696 c:\windows\Installer\a76b395.msi <br/>+ 2009-12-04 04:25 . 2009-12-04 04:25 9473024 c:\windows\Installer\112ab57a.msi <br/>+ 2009-12-04 04:25 . 2009-12-04 04:25 1549312 c:\windows\Installer\112ab56f.msi <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5317944] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"SoundMan"="SOUNDMAN.EXE" [2004-11-15 155648] <br/>"nwiz"="nwiz.exe" [2004-11-14 995328] <br/>"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-11-01 166400] <br/>"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-11-14 86016] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-14 4620288] <br/>"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1488208] <br/>"D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-03 1736704] <br/>"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 131072] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 113520] <br/>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 1009016] <br/>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 491520] <br/>"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 107520] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center] <br/>"AntiVirusOverride"=dword:00000001 <br/>"FirewallOverride"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] <br/>"AntiVirusOverride"=dword:00000001 <br/>"AntiVirusDisableNotify"=dword:00000001 <br/>"FirewallDisableNotify"=dword:00000001 <br/>"FirewallOverride"=dword:00000001 <br/>"UpdatesDisableNotify"=dword:00000001 <br/>"UacDisableNotify"=dword:00000001 <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] <br/>"EnableFirewall"= 0 (0x0) <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= <br/>"c:\\Program Files\\ANI\\ANIWZCS2 Service\\ANIWZCSdS.exe"= <br/>"c:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"= <br/>"c:\\SamRO\\RO\\VanRO.exe"= <br/>"c:\\Program Files\\D-Link\\D-Link Wireless G DWA-110\\AirGCFG.exe"= <br/>"d:\\My Documents\\VanRO\\RO\\VanRO.exe"= <br/>"c:\\SamRO\\RO\\SamRO.exe"= <br/>"c:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Suite\\SupServ.exe"= <br/>"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= <br/>"c:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe"= <br/>"c:\\Program Files\\Mozilla Firefox\\firefox.exe"= <br/>"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= <br/>"c:\\Documents and Settings\\Owner\\Desktop\\l0tkxmho.exe"= <br/>"d:\\My Documents\\VanRO\\RO\\VanRO X.exe"= <br/>"c:\\WINDOWS\\system32\\taskmgr.exe"= <br/>"c:\\WINDOWS\\SOUNDMAN.EXE"= <br/>"c:\\Documents and Settings\\Owner\\Desktop\\RSIT.exe"= <br/>"d:\\Desktop\\games\\emulators\\FB\\finalburn.exe"= <br/>"c:\\Program Files\\Winamp\\winampa.exe"= <br/>"c:\\Program Files\\WinRAR\\WinRAR.exe"= <br/>"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"= <br/>"c:\\Program Files\\Mozilla Firefox\\crashreporter.exe"= <br/>"c:\\Program Files\\Skype\\Phone\\Skype.exe"= <br/> <br/>R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [11/21/2009 4:52 AM 27632] <br/>S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [11/21/2009 4:52 AM 172032] <br/>S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\irnp.sys --> c:\windows\system32\drivers\irnp.sys [?] <br/>S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [11/21/2009 4:52 AM 86824] <br/>S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [11/21/2009 4:52 AM 15016] <br/>S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [11/21/2009 4:52 AM 114728] <br/>S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [11/21/2009 4:52 AM 106208] <br/>S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [11/21/2009 4:52 AM 26024] <br/>S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [11/21/2009 4:52 AM 104744] <br/>S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [11/21/2009 4:52 AM 109864] <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ra4q4zbh.default\ <br/>FF - prefs.js: browser.startup.homepage - www.google.com <br/>FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll <br/>. <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2009-12-19 12:40 <br/>Windows 5.1.2600 Service Pack 2 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'explorer.exe'(2072) <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>. <br/>Completion time: 2009-12-19 12:42:38 <br/>ComboFix-quarantined-files.txt 2009-12-19 01:42 <br/>ComboFix2.txt 2009-12-17 11:09 <br/>ComboFix3.txt 2009-12-09 02:40 <br/>ComboFix4.txt 2009-12-07 07:36 <br/>ComboFix5.txt 2009-12-19 01:37 <br/> <br/>Pre-Run: 55,857,942,528 bytes free <br/>Post-Run: 55,830,396,928 bytes free <br/> <br/>- - End Of File - - FFFEE6F864DE3A6F606E167623453DB0 <br/> <br/> <br/> <br/> <br/>Here is GMER: <br/> <br/>GMER 1.0.15.15252 - http://www.gmer.net <br/>Rootkit scan 2009-12-19 13:09:06 <br/>Windows 5.1.2600 Service Pack 2 <br/>Running: l0tkxmho.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxtdipow.sys <br/> <br/> <br/>---- Kernel code sections - GMER 1.0.15 ---- <br/> <br/>? C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. ! <br/>? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. ! <br/> <br/>---- Devices - GMER 1.0.15 ---- <br/> <br/>AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.) <br/>AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.) <br/> <br/>---- EOF - GMER 1.0.15 ----
Posted 12/19/2009 4:03 AM
#81129
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
There should be some malware drivers, but Gmer nor ComboFix are showing these. There are also altered system files that we will have to replace, or the situation won't improve. But the scans are just not capturing the data to work from. A plus is that the changes you were able to make to the system.ini file had an effect, as the known malware device driver is showing as not running this time. <br/> <br/> <br/>Click here and download jpshortstuff's SystemLook to your desktop, then click that file to open the scan display. In the open textbox, copy and paste the following (inside the Code box below): <br/> <br/>[CODE]:filefind <br/>cmd.exe <br/>ctfmon.exe <br/>mmc.exe <br/>taskmgr.exe[/CODE] <br/> <br/>Then click Look. Once the scan completes Notepad will open - copy/paste those contents back here please. That will also be saved as a log where you have the scan file, named SystemLook.txt. <br/> <br/>------------------- <br/> <br/>Go here and download reglooks.exe to your Desktop. Doubleclick on it to run it and when it has finished scanning, a log named result.txt will open in Notepad. Copy the log and post it in this thread.
Posted 12/22/2009 6:53 AM
#81247
User avatar

urbane Advanced member

Date Joined Nov 2016
Total Posts: 30
System look: <br/> <br/>SystemLook v1.0 by jpshortstuff (29.08.09) <br/>Log created at 17:49 on 22/12/2009 by Owner (Administrator - Elevation successful) <br/> <br/>========== filefind ========== <br/> <br/>Searching for "cmd.exe" <br/>C:\WINDOWS\system32\cmd.exe --a--- 388608 bytes [12:00 04/08/2004] [12:00 04/08/2004] EEB024F2C81F0D55936FB825D21A91D6 <br/>C:\WINDOWS\system32\dllcache\cmd.exe --a--c 388608 bytes [12:00 04/08/2004] [12:00 04/08/2004] EEB024F2C81F0D55936FB825D21A91D6 <br/> <br/>Searching for "ctfmon.exe" <br/>C:\WINDOWS\ERDNT\cache\ctfmon.exe --a--- 15360 bytes [07:24 23/11/2009] [12:00 04/08/2004] 24232996A38C0B0CF151C2140AE29FC8 <br/>C:\WINDOWS\system32\ctfmon.exe ------ 15360 bytes [12:00 04/08/2004] [12:00 04/08/2004] 24232996A38C0B0CF151C2140AE29FC8 <br/>C:\WINDOWS\system32\dllcache\ctfmon.exe --a--c 15360 bytes [12:00 04/08/2004] [12:00 04/08/2004] 24232996A38C0B0CF151C2140AE29FC8 <br/> <br/>Searching for "mmc.exe" <br/>C:\WINDOWS\system32\dllcache\mmc.exe --a--c 815104 bytes [12:00 04/08/2004] [12:00 04/08/2004] 808A9C735682FA8F23747F7E3E765C3B <br/>C:\WINDOWS\system32\mmc.exe --a--- 815104 bytes [12:00 04/08/2004] [12:00 04/08/2004] 808A9C735682FA8F23747F7E3E765C3B <br/> <br/>Searching for "taskmgr.exe" <br/>C:\WINDOWS\system32\dllcache\taskmgr.exe --a--c 135680 bytes [12:00 04/08/2004] [12:00 04/08/2004] FC160ACE21C81837692B339D230DD4BE <br/>C:\WINDOWS\system32\taskmgr.exe --a--- 135680 bytes [12:00 04/08/2004] [12:00 04/08/2004] FC160ACE21C81837692B339D230DD4BE <br/> <br/>-=End Of File=- <br/> <br/> <br/>Reglooks: <br/> <br/>REGLOOKS logfile - version 0.983 <br/>Scan started: Tue 12/22/2009 17:50:05.32 <br/> <br/>--- INFORMATION --- <br/> <br/>Manufacturer: NVIDIA - Model: AWRDACPI <br/>Operating System: Microsoft Windows XP Home Edition -- 5.1.2600 -- Service Pack 2 -- <br/>Processor: AMD Athlon(tm) 64 Processor 3500+ <br/> <br/>Work Station <br/>Bootmode: Normal boot <br/>Total RAM: 2047 MB (free 1626 MB - 79%) <br/> <br/>Computername: TYLER <br/>Domain: MSHOME <br/>User: Owner (Administrator account) <br/> <br/>Bootdevice: \Device\HarddiskVolume1 <br/>Systemdrive: C: <br/>Windowsdirectory: C:\WINDOWS <br/>Systemdirectory: C:\WINDOWS\system32 <br/> <br/>Internet Explorer Version: 6.0.2900.2180 <br/> <br/> <br/> <br/> <br/>--- SIGCHECK --- <br/> <br/>C:\WINDOWS\explorer.exe -- [1032192] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\appmgmts.dll NOT found <br/>C:\WINDOWS\system32\browser.dll -- [77312] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\comres.dll -- [792064] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\comctl32.dll -- [611328] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\cryptsvc.dll -- [60416] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\ctfmon.exe -- [15360] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\es.dll -- [243200] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\eventlog.dll -- [55808] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\ias.dll NOT found <br/>C:\WINDOWS\system32\imm32.dll -- [110080] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\kernel32.dll -- [983552] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\linkinfo.dll -- [18944] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\lpk.dll -- [22016] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\lsass.exe -- [13312] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\mfc40u.dll -- [924432] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\msgsvc.dll -- [33792] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\mshtml.dll -- [3003392] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\mspmsnsv.dll -- [27136] -- [10/18/2006 09:47 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\mswsock.dll -- [245248] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\netlogon.dll -- [407040] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\netman.dll -- [198144] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\ntkrnlpa.exe -- [2056832] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\ntmssvc.dll -- [435200] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\ntoskrnl.exe -- [2180992] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\pchsvc.dll NOT found <br/>C:\WINDOWS\system32\powrprof.dll -- [17408] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\qmgr.dll -- [382464] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\rasauto.dll -- [89088] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\regsvc.dll -- [59904] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\rpcss.dll -- [395776] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\scecli.dll -- [180224] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\schedsvc.dll -- [190976] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\services.exe -- [108032] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\sfc.dll -- [5120] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\sfcfiles.dll -- [1580544] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\spoolsv.exe -- [57856] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\srsvc.dll -- [170496] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\ssdpsrv.dll -- [71680] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\svchost.exe -- [14336] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\tapisrv.dll -- [246272] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\termsrv.dll -- [295424] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\upnphost.dll -- [185344] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\user32.dll -- [577024] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\userinit.exe -- [24576] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\wininet.dll -- [656384] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\winlogon.exe -- [502272] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\ws2_32.dll -- [82944] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\wscntfy.exe -- [13824] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\wuauclt.exe -- [111104] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\xmlprov.dll -- [129536] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\drivers\acpiec.sys -- [11648] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\drivers\aec.sys -- [142464] -- [08/03/2004 10:39 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\drivers\asyncmac.sys -- [14336] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\drivers\beep.sys -- [4224] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\drivers\ip6fw.sys -- [29056] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\drivers\kbdclass.sys -- [24576] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\drivers\ndis.sys -- [182912] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\drivers\ntfs.sys -- [574592] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/>C:\WINDOWS\system32\drivers\tcpip.sys -- [359040] -- [08/04/2004 11:00 PM] -- sigcheck OK <br/> <br/> <br/>--- SSODL regkeys --- <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <br/>"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?] <br/>"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?] <br/>"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: %Systemroot%\system32\webcheck.dll -- [?] <br/>"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: %systemroot%\system32\stobject.dll -- [?] <br/>"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -- File: C:\WINDOWS\system32\WPDShServiceObj.dll -- [133632] -- [10/18/2006 09:47 PM] <br/> <br/> <br/>--- STS regkeys --- <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <br/>"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" -- File: %SystemRoot%\system32\browseui.dll -- [?] <br/>"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" -- File: %SystemRoot%\system32\browseui.dll -- [?] <br/> <br/> <br/>--- USERINIT regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] <br/>"Userinit"="C:\\WINDOWS\\system32\\userinit.exe," <br/>File: C:\WINDOWS\system32\userinit.exe -- [24576] -- [08/04/2004 11:00 PM] <br/> <br/> <br/>--- SHELL regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] <br/>"Shell"="Explorer.exe" <br/>File: C:\WINDOWS\Explorer.exe -- [1032192] -- [08/04/2004 11:00 PM] <br/> <br/> <br/>--- SYSTEM regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] <br/>"System"="" <br/> <br/> <br/>--- APPINIT_DLLS regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <br/>no AppInit_DLLs regkey found <br/> <br/> <br/>--- NOTIFY regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] <br/>-- File: C:\WINDOWS\system32\crypt32.dll -- [597504] -- [08/04/2004 11:00 PM] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] <br/>-- File: C:\WINDOWS\system32\cryptnet.dll -- [63488] -- [08/04/2004 11:00 PM] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] <br/>-- File: C:\WINDOWS\system32\cscdll.dll -- [101888] -- [08/04/2004 11:00 PM] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] <br/>-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/04/2004 11:00 PM] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] <br/>-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/04/2004 11:00 PM] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] <br/>-- File: C:\WINDOWS\system32\sclgntfy.dll -- [20992] -- [08/04/2004 11:00 PM] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] <br/>-- File: C:\WINDOWS\system32\WlNotify.dll -- [92672] -- [08/04/2004 11:00 PM] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] <br/>-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/04/2004 11:00 PM] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] <br/>-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [08/04/2004 11:00 PM] <br/> <br/> <br/>--- RUN / LOAD regkeys --- <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <br/>no run / load keys found <br/> <br/> <br/>--- SHELLEXECUTEHOOKS regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] <br/>"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?] <br/> <br/> <br/>--- HKLM AUTORUN regkeys --- <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor] <br/>no AutoRun regkey found <br/> <br/> <br/>--- HKCU AUTORUN regkeys --- <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Command Processor] <br/>no AutoRun regkey found <br/> <br/> <br/>--- HKLM\RUN regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"SoundMan" -- File: SOUNDMAN.EXE -- [?] <br/>"nwiz" -- File: nwiz.exe /installquiet -- [?] <br/>"NVRaidService" -- File C:\WINDOWS\system32\nvraidservice.exe -- [166400] -- [11/02/2004 09:55 AM] <br/>"NvMediaCenter" -- File: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit -- [?] <br/>"NvCplDaemon" -- File: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup -- [?] <br/>"Malwarebytes Anti-Malware (reboot)" -- File: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript -- [?] <br/>"D-Link D-Link Wireless G DWA-110" -- File: C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe -- [?] <br/>"ANIWZCS2Service" -- File C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe -- [131072] -- [01/19/2007 11:49 AM] <br/>"Adobe Reader Speed Launcher" -- File "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" -- [113520] -- [10/03/2009 04:08 AM] <br/>"Adobe ARM" -- File "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" -- [1009016] -- [09/04/2009 12:08 PM] <br/>"QuickTime Task" -- File: "C:\Program Files\QuickTime\QTTask.exe" -atboottime -- [?] <br/>"WinampAgent" -- File "C:\Program Files\Winamp\winampa.exe" -- [107520] -- [07/02/2009 03:37 AM] <br/> <br/> <br/>--- HKLM\RUNONCE regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] <br/>no runonce values found <br/> <br/> <br/>--- HKLM\RUNONCEEX regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] <br/>no runonceex values found <br/> <br/> <br/>--- HKLM\RUNSERVICES regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] <br/>no runservices values found <br/> <br/> <br/>--- HKLM\RUNSERVICESONCE regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] <br/>no runservicesonce values found <br/> <br/> <br/>--- HKCU\RUN regkey --- <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Messenger (Yahoo!)" -- File: "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet -- [?] <br/> <br/> <br/>--- HKCU\RUNONCE regkey --- <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] <br/>no runonce values found <br/> <br/> <br/>--- HKCU\RUNONCEEX regkey --- <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] <br/>key not found <br/> <br/> <br/>--- HKCU\RUNSERVICES regkey --- <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] <br/>no runservices values found <br/> <br/> <br/>--- HKCU\RUNSERVICESONCE regkey --- <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] <br/>no runservicesonce values found <br/> <br/> <br/>--- HKU\.DEFAULT\Run regkeys - Default user --- <br/> <br/>[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>no run values found <br/> <br/> <br/>--- HKU\S-1-5-18\Run regkeys - user SYSTEM --- <br/> <br/>[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>no run values found <br/> <br/> <br/>--- HKU\S-1-5-19\Run regkeys - User Lokale service --- <br/> <br/>[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>key not found <br/> <br/> <br/>--- HKU\S-1-5-20\Run regkeys - User Lokale service --- <br/> <br/>[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>key not found <br/> <br/> <br/>--- HKLM\Explorer\Run regkeys --- <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <br/>no run values found <br/> <br/> <br/>--- HKCU\Explorer\Run regkeys --- <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <br/>no run values found <br/> <br/> <br/>--- Image File Execution regkeys --- <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] <br/>no debuggers found <br/> <br/> <br/>--- BROWSER HELPER OBJECTS regkeys --- <br/> <br/>[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] <br/>-- CLSID not found <br/>[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] <br/>-- File: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll -- [75128] -- [02/27/2009 01:07 PM] <br/> <br/> <br/>--- TOOLBAR regkeys --- <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>no toolbars found <br/> <br/> <br/>--- HKLM\URLSEARCHHOOKS regkeys --- <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks] <br/>no urlsearchhooks found <br/> <br/> <br/>--- HKCU\URLSEARCHHOOKS regkeys --- <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] <br/>{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: %SystemRoot%\system32\shdocvw.dll -- [?] <br/>{EF99BD32-C1FB-11D2-892F-0090271D4F88} -- CLSID not found <br/> <br/> <br/>--- SRCEENSAVER regkey --- <br/> <br/>[HKEY_CURRENT_USER\Control Panel\Desktop] <br/>scrnsave.exe value not found <br/> <br/> <br/>--- ALTERNATESHELL regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] <br/>no AlternateShell value found <br/> <br/> <br/>--- SECURITYPROVIDERS regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] <br/>"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" <br/>File: C:\WINDOWS\system32\msapsspc.dll -- [86016] -- [08/04/2004 11:00 PM] <br/>File: C:\WINDOWS\system32\schannel.dll -- [144896] -- [08/04/2004 11:00 PM] <br/>File: C:\WINDOWS\system32\digest.dll -- [68608] -- [08/04/2004 11:00 PM] <br/>File: C:\WINDOWS\system32\msnsspc.dll -- [290816] -- [08/04/2004 11:00 PM] <br/> <br/> <br/>--- Active Setup\Installed Components regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <br/>-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE -- [?] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <br/>-- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <br/>-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <br/>-- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <br/>-- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <br/>-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -- [?] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}] <br/>-- File: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf -- [?] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] <br/>-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <br/>-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub -- [?] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] <br/>-- File: regsvr32.exe /s /n /i:U shell32.dll -- [?] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <br/>-- File: %SystemRoot%\system32\ie4uinit.exe -- [?] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <br/>-- File: %SystemRoot%\system32\ie4uinit.exe -- [?] <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}] <br/>-- filepath not found <br/> <br/> <br/>--- Services regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abp470n5] <br/>-- File: \??\C:\WINDOWS\system32\drivers\jljnk.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abp480n5] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adpu160m] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aec] <br/>-- File: system32\drivers\aec.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aic78u2] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aic78xx] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ANIO] <br/>-- File: \??\C:\WINDOWS\system32\ANIO.SYS -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ANIWZCSdService] <br/>-- File: C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- [126976] -- [01/19/2007 11:49 AM] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3350p] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi] <br/>-- File: system32\DRIVERS\atapi.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\audstub] <br/>-- File: system32\DRIVERS\audstub.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i2omgmt] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i2omp] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt] <br/>-- File: system32\DRIVERS\i8042prt.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\inetaccs] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ini910u] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\irda] <br/>-- File: system32\DRIVERS\irda.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\irsir] <br/>-- File: system32\DRIVERS\irsir.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\isapnp] <br/>-- File: system32\DRIVERS\isapnp.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npkcrypt] <br/>-- File: \??\C:\Documents and Settings\Owner\Desktop\RO\npkcrypt.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ohci1394] <br/>-- File: system32\DRIVERS\ohci1394.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OMSI download service] <br/>-- File: C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- [172032] -- [04/30/2009 12:23 PM] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s1018bus] <br/>-- File: system32\DRIVERS\s1018bus.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s1018mdfl] <br/>-- File: system32\DRIVERS\s1018mdfl.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s1018mgmt] <br/>-- File: system32\DRIVERS\s1018mgmt.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s1018nd5] <br/>-- File: system32\DRIVERS\s1018nd5.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s1018obex] <br/>-- File: system32\DRIVERS\s1018obex.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s1018unic] <br/>-- File: system32\DRIVERS\s1018unic.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seehcri] <br/>-- File: system32\DRIVERS\seehcri.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ultra] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost] <br/>-- File: %SystemRoot%\system32\svchost.exe -k LocalService -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbehci] <br/>-- File: system32\DRIVERS\usbehci.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbhub] <br/>-- File: system32\DRIVERS\usbhub.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbohci] <br/>-- File: system32\DRIVERS\usbohci.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbstor] <br/>-- File: system32\DRIVERS\USBSTOR.SYS -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yukonwxp] <br/>-- File: system32\DRIVERS\yk51x86.sys -- [?] <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{0A088315-C8DE-4EEF-B02E-065DB21B2E51}] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{472CA9A7-544B-4C06-B16E-6AE35D88C7EC}] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{977F7CC0-6ED7-4D79-B0D1-7DD3D9727859}] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{E4B884A5-4CB7-4B70-B230-39FD9A24852E}] <br/>-- filepath not found <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{F5600E9E-F754-4AEE-81D3-68BA1E3AFE09}] <br/>-- filepath not found <br/> <br/> <br/>--- SAFEBOOT MINIMAL SERVICES --- <br/> <br/>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal <br/>no unknown services found <br/> <br/> <br/>--- SAFEBOOT Network SERVICES --- <br/> <br/>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network <br/>no unknown services found <br/> <br/> <br/>--- BOOTEXECUTE regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] <br/>"BootExecute"= autocheck autochk *\0\0 <br/> <br/> <br/>--- PENDINGFILERENAMEOPERATIONS regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] <br/>"PendingFileRenameOperations"= \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\FlashPlayerUpdate.exe\0\0\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\~nsu.tmp\Au_.exe\0\0\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\nsm3.tmp\NSISArray.dll\0\0\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\nsm3.tmp\\0\0\0 <br/> <br/> <br/>--- WOW-CMDLINE regkeys --- <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW] <br/>"cmdline" = %SystemRoot%\system32\ntvdm.exe <br/>"cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 <br/> <br/> <br/>--- NETSVCS regkey --- <br/> <br/>[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS <br/>0WmdmPmSN <br/> <br/> <br/>--- DNS SERVER regkeys --- <br/> <br/>no "NameServer" values found <br/> <br/> <br/>--- File associations --- <br/> <br/>.BAT files: ("%1" %*) <br/>.COM files: ("%1" %*) <br/>.EXE files: ("%1" %*) <br/>.HLP files: (%SystemRoot%\System32\winhlp32.exe %1) <br/>.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1) <br/>.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1) <br/>.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*) <br/>.PIF files: ("%1" %*) <br/>.REG files: (regedit.exe "%1") <br/>.SCR files: ("%1" /S) <br/>.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1) <br/>.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*) <br/> <br/> <br/>--- STARTUP FOLDERS --- <br/> <br/>C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini -- [84] -- [11/19/2009 04:26 PM] <br/>C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -- [84] -- [11/19/2009 04:26 PM] <br/>C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini -- [84] -- [11/19/2009 04:26 PM] <br/>C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini -- [84] -- [11/19/2009 04:26 PM] <br/> <br/> <br/>--- TASK SCHEDULER JOBS --- <br/> <br/>C:\WINDOWS\tasks\AppleSoftwareUpdate.job -- [284] -- [12/16/2009 10:44 PM] <br/> <br/> <br/>Scan completed: Tue 12/22/2009 17:50:30.60 <br/>FINISHED
Posted 12/22/2009 11:24 AM
#81261
User avatar

urbane Advanced member

Date Joined Nov 2016
Total Posts: 30
My computer is really starting to get bad. Constant crashes blue screens: <br/>"A thread tried to release a resource it did not own" <br/> <br/>Definitely sounds driver related.. has this virus got us beat, we cant seem to beat it
Posted 12/23/2009 12:08 AM
#81276
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Well, a big issue is that this malware variant is a file infector, so has likely loaded it's code into some files there. And we are not aware of which files. See if you can run a scan that might "heal" the files. <br/> <br/> <br/>Download Dr.Web CureIt! from here to your Desktop. <br/> <br/>Doubleclick the drweb-cureit.exe file. Click on Start and Ok and allow it to run the express scan. This is a short scan and will scan all files currently running in memory. If something is found, click the Yes button when it asks you if you want to cure it. <br/> <br/>Once the short scan has finished, click on Custom Scan and choose the drives that you want to scan. Click on the drive to select it. A red dot shows which drives have been chosen (if only one drive you will not be shown these options). Click the green arrow > to the right and the scan will begin. At the first sign of infection, Select 'Yes to all' if it asks if you want to cure/move the file. <br/> <br/>When the scan has finished, click the "Select all" button and then click on the Move button. This will move any infected files to the %userprofile%\DoctorWeb\quarantine folder. <br/> <br/>Next and this is important, from the main Dr.Web CureIt menu (top left), click File and choose save report list and save the report to your desktop. The report will be called DrWeb.csv and it can be opened in Notepad. <br/> <br/>Close Cureit and restart your computer to completely remove any stubborn files. You may get a message saying "No operations performed with some objects in list. Exit program". If so, click "Yes" (You may get a popup offering you a discount if you purchase DrWeb AntiVirus. You may or may not wish to take advantage of this offer later but for now, just close the popup and wait for the scan to finish). <br/> <br/>Please post the log in this thread.
Posted 1/4/2010 4:41 AM
#81593
User avatar

urbane Advanced member

Date Joined Nov 2016
Total Posts: 30
Sorry the virus gave me browser problems I could not post in this forum till now. <br/> <br/>I reformatted my computer again... the virus just came back came back over and over. So I decided to reformat my computer one more time and straight away I downloaded Norton Anti-virus gaming edition. The Anti Virus seems to have killed the virus on a full system scan, my entire computer is normal again. All exe applications work, I can use all my drives without worry, my computer does not auto switch off and error to blue screen like before and I have admin powers again. <br/> <br/>The main things I see inside quarantine is a high risk threat called W32.Sality.AE I think it is the name of the virus I had. <br/> <br/>I can run a combo fix or something for you so you can check if my computer is all in the clear.
Posted 1/4/2010 5:13 PM
#81616
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Aside from a fairly infrequent MBR infector, if you had infection after a reformat that suggests infection was returned to the system. Perhaps through using the same infected flash drive before and after the reformat, or saving infected files then returning them after. For now let's just take a look - please run and post back new RSIT and Gmer logs.
Posted 1/5/2010 7:07 PM
#81648
User avatar

urbane Advanced member

Date Joined Nov 2016
Total Posts: 30
Well I have 3 drives, I dont format 1 as i need one back up. The virus I think was staying in that. <br/> <br/>I disconnected the back up drive, format everything, install antivirus then re connect that drive and scanned it. Many virus was in it, mainly that W32.Sality.AE <br/> <br/>Here is the logs: <br/> <br/>Logfile of random's system information tool 1.06 (written by random/random) <br/>Run by Tyler Williams at 2010-01-05 23:30:11 <br/>Microsoft Windows XP Home Edition Service Pack 3 <br/>System drive C: has 60 GB (78%) free of 76 GB <br/>Total RAM: 2047 MB (64% free) <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 11:30:19 PM, on 1/5/2010 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18702) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe <br/>C:\WINDOWS\SOUNDMAN.EXE <br/>C:\WINDOWS\system32\nvraidservice.exe <br/>C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe <br/>C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe <br/>C:\WINDOWS\system32\RUNDLL32.EXE <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Windows Live\Messenger\msnmsgr.exe <br/>C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe <br/>C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe <br/>C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe <br/>C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE <br/>C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe <br/>C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\WINDOWS\system32\wbem\unsecapp.exe <br/>C:\Program Files\Windows Live\Contacts\wlcomm.exe <br/>C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\PingFu Iris\PingFu.exe <br/>C:\Program Files\Internet Explorer\IEXPLORE.EXE <br/>C:\Program Files\Internet Explorer\IEXPLORE.EXE <br/>C:\Program Files\Windows Live\Toolbar\wltuser.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Documents and Settings\Tyler Williams\Desktop\RSIT.exe <br/>C:\Program Files\trend micro\Tyler Williams.exe <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL <br/>O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE <br/>O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <br/>O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe <br/>O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe <br/>O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit <br/>O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe" <br/>O4 - HKLM\..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks Basic Edition\NswUiTray.exe <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet <br/>O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon <br/>O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk <br/>O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262694367562 <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe <br/>O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe <br/>O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE <br/>O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe <br/>O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe <br/>O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE <br/>O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe <br/> <br/>-- <br/>End of file - 6908 bytes <br/> <br/>======Scheduled tasks folder====== <br/> <br/>C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job <br/> <br/>======Registry dump====== <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] <br/>Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL [2009-08-22 107896] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] <br/>Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] <br/>Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] <br/>Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824] <br/>"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe [2004-11-02 84480] <br/>"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-10 7311360] <br/>"nwiz"=nwiz.exe /install [] <br/>"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152] <br/>"D-Link D-Link Wireless G DWA-110"=C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe [2007-05-04 1662976] <br/>"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-12-10 86016] <br/>"NSWosCheck"=C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe [2008-09-25 160112] <br/>"NswUiTray"=C:\Program Files\Norton SystemWorks Basic Edition\NswUiTray.exe [2008-09-25 85360] <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] <br/>"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] <br/>"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2009-11-10 5244216] <br/>"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <br/>WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] <br/>"dontdisplaylastusername"=0 <br/>"legalnoticecaption"= <br/>"legalnoticetext"= <br/>"shutdownwithoutlogon"=1 <br/>"undockwithoutlogon"=1 <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] <br/>"NoDriveTypeAutoRun"=145 <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] <br/>"HonorAutoRunSetting"= <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] <br/>"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" <br/>"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" <br/>"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" <br/>"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus" <br/>"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] <br/>"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" <br/>"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" <br/>"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" <br/> <br/>======List of files/folders created in the last 1 months====== <br/> <br/>2010-01-05 23:30:11 ----D---- C:\rsit <br/>2010-01-05 23:30:11 ----D---- C:\Program Files\trend micro <br/>2010-01-05 04:26:00 ----D---- C:\Documents and Settings\Tyler Williams\Application Data\ArtOfPing <br/>2010-01-05 04:25:55 ----D---- C:\Program Files\PingFu Iris <br/>2010-01-05 01:25:55 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software <br/>2010-01-05 01:24:00 ----A---- C:\Documents and Settings\All Users\Application Data\hpe1767.dll <br/>2010-01-05 01:23:49 ----D---- C:\Program Files\Sony Ericsson <br/>2010-01-05 01:23:48 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson <br/>2010-01-04 23:05:23 ----HD---- C:\WINDOWS\PIF <br/>2010-01-04 22:21:58 ----D---- C:\Documents and Settings\Tyler Williams\Application Data\Leadertech <br/>2010-01-04 22:21:44 ----D---- C:\Program Files\GameSpy Arcade <br/>2010-01-04 22:13:43 ----D---- C:\NeverwinterNights <br/>2010-01-04 12:02:04 ----D---- C:\Documents and Settings\Tyler Williams\Application Data\Symantec <br/>2010-01-04 11:29:50 ----D---- C:\Documents and Settings\Tyler Williams\Application Data\vlc <br/>2010-01-04 11:28:47 ----D---- C:\Program Files\VideoLAN <br/>2010-01-04 03:54:47 ----D---- C:\Documents and Settings\Tyler Williams\Application Data\Yahoo! <br/>2010-01-04 03:54:28 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! <br/>2010-01-04 03:39:59 ----D---- C:\Program Files\Yahoo! <br/>2010-01-04 02:48:25 ----D---- C:\Documents and Settings\Tyler Williams\Application Data\WinRAR <br/>2010-01-04 01:33:35 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus <br/>2010-01-04 01:33:32 ----D---- C:\Documents and Settings\Tyler Williams\Application Data\Azureus <br/>2010-01-04 01:32:51 ----D---- C:\Program Files\Vuze <br/>2010-01-04 01:32:51 ----D---- C:\Program Files\Common Files\i4j_jres <br/>2010-01-04 00:45:10 ----D---- C:\Program Files\Microsoft Silverlight <br/>2010-01-04 00:44:51 ----DC---- C:\WINDOWS\system32\DRVSTORE <br/>2010-01-04 00:41:37 ----RSD---- C:\WINDOWS\assembly <br/>2010-01-04 00:40:17 ----D---- C:\WINDOWS\Microsoft.NET <br/>2010-01-04 00:39:33 ----D---- C:\Program Files\Microsoft Sync Framework <br/>2010-01-04 00:38:46 ----A---- C:\WINDOWS\system32\d3dx9_32.dll <br/>2010-01-04 00:38:38 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition <br/>2010-01-04 00:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$ <br/>2010-01-04 00:37:26 ----D---- C:\Program Files\Microsoft <br/>2010-01-04 00:37:06 ----D---- C:\Program Files\Windows Live SkyDrive <br/>2010-01-04 00:36:42 ----D---- C:\Program Files\Windows Live <br/>2010-01-04 00:26:15 ----N---- C:\WINDOWS\system32\spmsg.dll <br/>2010-01-04 00:26:12 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$ <br/>2010-01-04 00:25:58 ----D---- C:\Program Files\Windows Media Connect 2 <br/>2010-01-04 00:25:45 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ <br/>2010-01-04 00:24:58 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ <br/>2010-01-04 00:24:18 ----D---- C:\WINDOWS\system32\LogFiles <br/>2010-01-04 00:24:13 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$ <br/>2010-01-04 00:22:17 ----D---- C:\Program Files\WinRAR <br/>2010-01-04 00:04:32 ----D---- C:\Program Files\Common Files\Windows Live <br/>2010-01-04 00:01:54 ----D---- C:\Documents and Settings\Tyler Williams\Application Data\Mozilla <br/>2010-01-04 00:01:47 ----D---- C:\Program Files\Mozilla Firefox <br/>2010-01-03 18:52:30 ----D---- C:\Documents and Settings\All Users\Application Data\NortonSystemWorks <br/>2010-01-03 18:52:08 ----D---- C:\Program Files\Norton SystemWorks Basic Edition <br/>2010-01-03 18:32:21 ----D---- C:\Program Files\Symantec <br/>2010-01-03 18:32:21 ----D---- C:\Program Files\Common Files\Symantec Shared <br/>2010-01-03 18:32:21 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL <br/>2010-01-03 18:32:02 ----D---- C:\Program Files\Windows Sidebar <br/>2010-01-03 18:32:02 ----D---- C:\Program Files\Norton AntiVirus <br/>2010-01-03 18:32:02 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec <br/>2010-01-03 18:21:12 ----D---- C:\Documents and Settings\All Users\Application Data\Norton <br/>2010-01-03 18:21:09 ----D---- C:\Program Files\NortonInstaller <br/>2010-01-03 18:21:09 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller <br/>2010-01-03 15:52:05 ----A---- C:\WINDOWS\system32\h323log.txt <br/>2010-01-03 15:48:56 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini <br/>2010-01-03 15:48:51 ----RA---- C:\WINDOWS\SET29.tmp <br/>2010-01-03 15:48:49 ----RA---- C:\WINDOWS\SET1D.tmp <br/>2010-01-03 15:48:47 ----RA---- C:\WINDOWS\SET1A.tmp <br/>2010-01-03 15:48:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft <br/>2010-01-03 15:45:55 ----A---- C:\WINDOWS\system32\wshirda.dll <br/>2010-01-03 15:45:55 ----A---- C:\WINDOWS\system32\irmon.dll <br/>2010-01-03 15:45:55 ----A---- C:\WINDOWS\system32\irftp.exe <br/>2010-01-03 15:45:43 ----A---- C:\WINDOWS\system32\usbui.dll <br/>2010-01-03 15:44:52 ----A---- C:\WINDOWS\imsins.BAK <br/>2010-01-03 15:44:50 ----SHD---- C:\WINDOWS\Installer <br/>2010-01-03 15:44:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI <br/>2010-01-03 15:44:49 ----D---- C:\Program Files\Common Files\ODBC <br/>2010-01-03 15:44:49 ----A---- C:\WINDOWS\ODBCINST.INI <br/>2010-01-03 15:44:46 ----D---- C:\Program Files\Common Files\SpeechEngines <br/>2010-01-03 15:44:45 ----RD---- C:\Program Files <br/>2010-01-03 15:44:45 ----D---- C:\Program Files\Common Files\Microsoft Shared <br/>2010-01-03 15:44:45 ----D---- C:\Program Files\Common Files <br/>2010-01-03 15:44:43 ----RA---- C:\WINDOWS\system32\kbdtuq.dll <br/>2010-01-03 15:44:43 ----RA---- C:\WINDOWS\system32\kbdazel.dll <br/>2010-01-03 15:44:42 ----RA---- C:\WINDOWS\system32\kbdtuf.dll <br/>2010-01-03 15:44:40 ----RA---- C:\WINDOWS\system32\kbdycc.dll <br/>2010-01-03 15:44:40 ----RA---- C:\WINDOWS\system32\kbduzb.dll <br/>2010-01-03 15:44:40 ----RA---- C:\WINDOWS\system32\kbdur.dll <br/>2010-01-03 15:44:40 ----RA---- C:\WINDOWS\system32\kbdtat.dll <br/>2010-01-03 15:44:40 ----RA---- C:\WINDOWS\system32\kbdru1.dll <br/>2010-01-03 15:44:40 ----RA---- C:\WINDOWS\system32\kbdru.dll <br/>2010-01-03 15:44:40 ----RA---- C:\WINDOWS\system32\kbdmon.dll <br/>2010-01-03 15:44:40 ----RA---- C:\WINDOWS\system32\kbdkyr.dll <br/>2010-01-03 15:44:40 ----RA---- C:\WINDOWS\system32\kbdkaz.dll <br/>2010-01-03 15:44:40 ----RA---- C:\WINDOWS\system32\kbdbu.dll <br/>2010-01-03 15:44:40 ----RA---- C:\WINDOWS\system32\kbdblr.dll <br/>2010-01-03 15:44:40 ----RA---- C:\WINDOWS\system32\kbdaze.dll <br/>2010-01-03 15:44:37 ----RA---- C:\WINDOWS\system32\kbdhept.dll <br/>2010-01-03 15:44:37 ----RA---- C:\WINDOWS\system32\kbdhela3.dll <br/>2010-01-03 15:44:37 ----RA---- C:\WINDOWS\system32\kbdhela2.dll <br/>2010-01-03 15:44:37 ----RA---- C:\WINDOWS\system32\kbdhe319.dll <br/>2010-01-03 15:44:37 ----RA---- C:\WINDOWS\system32\kbdhe220.dll <br/>2010-01-03 15:44:37 ----RA---- C:\WINDOWS\system32\kbdhe.dll <br/>2010-01-03 15:44:37 ----RA---- C:\WINDOWS\system32\kbdgkl.dll <br/>2010-01-03 15:44:35 ----RA---- C:\WINDOWS\system32\kbdlv1.dll <br/>2010-01-03 15:44:35 ----RA---- C:\WINDOWS\system32\kbdlv.dll <br/>2010-01-03 15:44:35 ----RA---- C:\WINDOWS\system32\kbdlt1.dll <br/>2010-01-03 15:44:35 ----RA---- C:\WINDOWS\system32\kbdlt.dll <br/>2010-01-03 15:44:35 ----RA---- C:\WINDOWS\system32\kbdest.dll <br/>2010-01-03 15:44:33 ----RA---- C:\WINDOWS\system32\kbdsl1.dll <br/>2010-01-03 15:44:33 ----RA---- C:\WINDOWS\system32\kbdsl.dll <br/>2010-01-03 15:44:33 ----RA---- C:\WINDOWS\system32\kbdro.dll <br/>2010-01-03 15:44:33 ----RA---- C:\WINDOWS\system32\kbdpl.dll <br/>2010-01-03 15:44:32 ----RA---- C:\WINDOWS\system32\kbdycl.dll <br/>2010-01-03 15:44:32 ----RA---- C:\WINDOWS\system32\kbdpl1.dll <br/>2010-01-03 15:44:32 ----RA---- C:\WINDOWS\system32\kbdhu1.dll <br/>2010-01-03 15:44:32 ----RA---- C:\WINDOWS\system32\kbdhu.dll <br/>2010-01-03 15:44:32 ----RA---- C:\WINDOWS\system32\kbdcz2.dll <br/>2010-01-03 15:44:32 ----RA---- C:\WINDOWS\system32\kbdcz1.dll <br/>2010-01-03 15:44:32 ----RA---- C:\WINDOWS\system32\kbdcz.dll <br/>2010-01-03 15:44:32 ----RA---- C:\WINDOWS\system32\kbdcr.dll <br/>2010-01-03 15:44:32 ----RA---- C:\WINDOWS\system32\KBDAL.DLL <br/>2010-01-03 15:44:30 ----A---- C:\WINDOWS\system32\irclass.dll <br/>2010-01-03 15:44:30 ----A---- C:\WINDOWS\system32\dgsetup.dll <br/>2010-01-03 15:44:30 ----A---- C:\WINDOWS\system32\dgrpsetu.dll <br/>2010-01-03 15:44:29 ----A---- C:\WINDOWS\system32\spxcoins.dll <br/>2010-01-03 15:44:29 ----A---- C:\WINDOWS\system32\EqnClass.Dll <br/>2010-01-03 15:44:27 ----N---- C:\WINDOWS\system32\CONFIG.TMP <br/>2010-01-03 15:44:27 ----A---- C:\WINDOWS\TASKMAN.EXE <br/>2010-01-03 15:44:26 ----A---- C:\WINDOWS\system32\batt.dll <br/>2010-01-03 15:44:26 ----A---- C:\WINDOWS\notepad.exe <br/>2010-01-03 15:44:25 ----A---- C:\WINDOWS\system32\storprop.dll <br/>2010-01-03 15:44:14 ----RA---- C:\WINDOWS\SET8.tmp <br/>2010-01-03 15:44:11 ----RA---- C:\WINDOWS\SET4.tmp <br/>2010-01-03 15:44:10 ----RA---- C:\WINDOWS\SET3.tmp <br/>2010-01-03 15:44:05 ----D---- C:\WINDOWS\system32\CatRoot2 <br/>2010-01-03 15:44:05 ----D---- C:\WINDOWS\system32\CatRoot <br/>2010-01-03 15:43:39 ----A---- C:\WINDOWS\setuplog.txt <br/>2010-01-03 15:43:36 ----D---- C:\Documents and Settings <br/>2010-01-03 15:43:35 ----SHD---- C:\System Volume Information <br/>2010-01-03 15:42:40 ----SH---- C:\boot.ini <br/>2010-01-03 15:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ <br/>2010-01-03 15:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ <br/>2010-01-03 15:37:04 ----RSHDC---- C:\WINDOWS\system32\dllcache <br/>2010-01-03 15:37:04 ----RSD---- C:\WINDOWS\Fonts <br/>2010-01-03 15:37:04 ----RD---- C:\WINDOWS\Web <br/>2010-01-03 15:37:04 ----HD---- C:\WINDOWS\inf <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\WinSxS <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\twain_32 <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\Temp <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\wins <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\wbem <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\usmt <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\spool <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\ShellExt <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\Setup <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\ras <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\oobe <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\npp <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\mui <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\inetsrv <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\IME <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\icsxml <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\ias <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\export <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\drivers <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\dhcp <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\config <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\3com_dmi <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\3076 <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\2052 <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\1054 <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\1042 <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\1041 <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\1037 <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\1033 <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\1031 <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\1028 <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32\1025 <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system32 <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\system <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\security <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\Resources <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\repair <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\Provisioning <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\PeerNet <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\pchealth <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\mui <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\msapps <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\msagent <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\Media <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\java <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\ime <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\Help <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\Driver Cache <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\Debug <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\Cursors <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\Connection Wizard <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\Config <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\AppPatch <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS\addins <br/>2010-01-03 15:37:04 ----D---- C:\WINDOWS <br/>2010-01-03 15:26:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ <br/>2010-01-03 15:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ <br/>2010-01-03 15:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ <br/>2010-01-03 15:26:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ <br/>2010-01-03 15:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$ <br/>2010-01-03 15:26:28 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$ <br/>2010-01-03 15:26:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ <br/>2010-01-03 15:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ <br/>2010-01-03 15:26:18 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ <br/>2010-01-03 15:26:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ <br/>2010-01-03 15:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ <br/>2010-01-03 15:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ <br/>2010-01-03 15:26:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ <br/>2010-01-03 15:26:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$ <br/>2010-01-03 15:25:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ <br/>2010-01-03 15:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ <br/>2010-01-03 15:25:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ <br/>2010-01-03 15:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ <br/>2010-01-03 15:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$ <br/>2010-01-03 15:25:43 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ <br/>2010-01-03 15:25:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ <br/>2010-01-03 15:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ <br/>2010-01-03 15:25:11 ----D---- C:\WINDOWS\ie8updates <br/>2010-01-03 15:25:06 ----D---- C:\WINDOWS\WBEM <br/>2010-01-03 15:24:52 ----HDC---- C:\WINDOWS\ie8 <br/>2010-01-03 15:24:17 ----A---- C:\WINDOWS\system32\MRT.exe <br/>2010-01-03 15:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$ <br/>2010-01-03 15:22:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ <br/>2010-01-03 15:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ <br/>2010-01-03 15:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ <br/>2010-01-03 15:22:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ <br/>2010-01-03 15:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ <br/>2010-01-03 15:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ <br/>2010-01-03 15:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ <br/>2010-01-03 15:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ <br/>2010-01-03 15:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ <br/>2010-01-03 15:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ <br/>2010-01-03 15:22:05 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ <br/>2010-01-03 15:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ <br/>2010-01-03 15:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ <br/>2010-01-03 15:21:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ <br/>2010-01-03 15:21:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ <br/>2010-01-03 15:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ <br/>2010-01-03 15:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ <br/>2010-01-03 15:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ <br/>2010-01-03 15:21:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ <br/>2010-01-03 15:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ <br/>2010-01-03 15:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ <br/>2010-01-03 15:21:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ <br/>2010-01-03 15:21:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ <br/>2010-01-03 15:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ <br/>2010-01-03 15:21:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ <br/>2010-01-03 15:21:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ <br/>2010-01-03 15:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ <br/>2010-01-03 15:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ <br/>2010-01-03 15:21:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ <br/>2010-01-03 15:21:04 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ <br/>2010-01-03 15:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ <br/>2010-01-03 15:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ <br/>2010-01-03 15:20:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ <br/>2010-01-03 15:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ <br/>2010-01-03 15:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ <br/>2010-01-03 14:12:33 ----D---- C:\WINDOWS\Prefetch <br/>2010-01-03 13:36:58 ----D---- C:\WINDOWS\system32\scripting <br/>2010-01-03 13:36:58 ----D---- C:\WINDOWS\system32\en-us <br/>2010-01-03 13:36:57 ----D---- C:\WINDOWS\system32\en <br/>2010-01-03 13:36:57 ----D---- C:\WINDOWS\system32\bits <br/>2010-01-03 13:36:57 ----D---- C:\WINDOWS\l2schemas <br/>2010-01-03 13:36:18 ----D---- C:\WINDOWS\ServicePackFiles <br/>2010-01-03 13:35:25 ----D---- C:\WINDOWS\network diagnostic <br/>2010-01-03 13:34:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ <br/>2010-01-03 13:34:24 ----D---- C:\WINDOWS\EHome <br/>2010-01-03 13:31:36 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage <br/>2010-01-03 13:30:57 ----A---- C:\WINDOWS\system32\wpa.bak <br/>2010-01-03 06:18:13 ----N---- C:\WINDOWS\system32\xpsp3res.dll <br/>2010-01-03 06:18:12 ----A---- C:\WINDOWS\system32\xmllite.dll <br/>2010-01-03 06:18:11 ----N---- C:\WINDOWS\system32\wmphoto.dll <br/>2010-01-03 06:18:10 ----N---- C:\WINDOWS\system32\wlanapi.dll <br/>2010-01-03 06:18:10 ----N---- C:\WINDOWS\system32\windowscodecsext.dll <br/>2010-01-03 06:18:10 ----N---- C:\WINDOWS\system32\windowscodecs.dll <br/>2010-01-03 06:18:09 ----N---- C:\WINDOWS\system32\verclsid.exe <br/>2010-01-03 06:18:08 ----N---- C:\WINDOWS\system32\tzchange.exe <br/>2010-01-03 06:18:08 ----N---- C:\WINDOWS\system32\tspkg.dll <br/>2010-01-03 06:18:08 ----N---- C:\WINDOWS\system32\tsgqec.dll <br/>2010-01-03 06:18:07 ----N---- C:\WINDOWS\system32\spupdwxp.exe <br/>2010-01-03 06:18:07 ----A---- C:\WINDOWS\system32\spdwnwxp.exe <br/>2010-01-03 06:18:05 ----N---- C:\WINDOWS\system32\slserv.exe <br/>2010-01-03 06:18:05 ----N---- C:\WINDOWS\system32\slrundll.exe <br/>2010-01-03 06:18:05 ----N---- C:\WINDOWS\system32\slgen.dll <br/>2010-01-03 06:18:05 ----N---- C:\WINDOWS\system32\slextspk.dll <br/>2010-01-03 06:18:05 ----N---- C:\WINDOWS\system32\slcoinst.dll <br/>2010-01-03 06:18:05 ----N---- C:\WINDOWS\slrundll.exe <br/>2010-01-03 06:18:04 ----N---- C:\WINDOWS\system32\setupn.exe <br/>2010-01-03 06:18:04 ----N---- C:\WINDOWS\system32\s3gnb.dll <br/>2010-01-03 06:18:04 ----N---- C:\WINDOWS\system32\rhttpaa.dll <br/>2010-01-03 06:18:03 ----N---- C:\WINDOWS\system32\rasqec.dll <br/>2010-01-03 06:18:03 ----N---- C:\WINDOWS\system32\qutil.dll <br/>2010-01-03 06:18:03 ----N---- C:\WINDOWS\system32\qcliprov.dll <br/>2010-01-03 06:18:03 ----N---- C:\WINDOWS\system32\qagentrt.dll <br/>2010-01-03 06:18:03 ----N---- C:\WINDOWS\system32\qagent.dll <br/>2010-01-03 06:18:03 ----N---- C:\WINDOWS\system32\photometadatahandler.dll <br/>2010-01-03 06:18:02 ----N---- C:\WINDOWS\system32\onex.dll <br/>2010-01-03 06:18:00 ----N---- C:\WINDOWS\system32\napstat.exe <br/>2010-01-03 06:18:00 ----N---- C:\WINDOWS\system32\napmontr.dll <br/>2010-01-03 06:18:00 ----N---- C:\WINDOWS\system32\napipsec.dll <br/>2010-01-03 06:18:00 ----N---- C:\WINDOWS\system32\mtxparhd.dll <br/>2010-01-03 06:18:00 ----N---- C:\WINDOWS\system32\msxml6r.dll <br/>2010-01-03 06:17:59 ----N---- C:\WINDOWS\system32\msshavmsg.dll <br/>2010-01-03 06:17:59 ----N---- C:\WINDOWS\system32\mssha.dll <br/>2010-01-03 06:17:59 ----A---- C:\WINDOWS\system32\msxml6.dll <br/>2010-01-03 06:17:55 ----N---- C:\WINDOWS\system32\mmcperf.exe <br/>2010-01-03 06:17:55 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll <br/>2010-01-03 06:17:55 ----N---- C:\WINDOWS\system32\mmcex.dll <br/>2010-01-03 06:17:55 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll <br/>2010-01-03 06:17:55 ----N---- C:\WINDOWS\system32\mdmxsdk.dll <br/>2010-01-03 06:17:52 ----N---- C:\WINDOWS\system32\l2gpstore.dll <br/>2010-01-03 06:17:52 ----N---- C:\WINDOWS\system32\kmsvc.dll <br/>2010-01-03 06:17:52 ----N---- C:\WINDOWS\system32\kbdpash.dll <br/>2010-01-03 06:17:52 ----N---- C:\WINDOWS\system32\kbdnepr.dll <br/>2010-01-03 06:17:52 ----N---- C:\WINDOWS\system32\kbdiultn.dll <br/>2010-01-03 06:17:52 ----N---- C:\WINDOWS\system32\kbdbhc.dll <br/>2010-01-03 06:17:51 ----N---- C:\WINDOWS\system32\hsfcisp2.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\faxpatch.exe <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\eapsvc.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\eapqec.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\eappprxy.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\eapphost.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\eappgnui.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\eappcfg.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\eapp3hst.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\eapolqec.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\dot3ui.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\dot3svc.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\dot3msm.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\dot3dlg.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\dot3cfg.dll <br/>2010-01-03 06:17:50 ----N---- C:\WINDOWS\system32\dot3api.dll <br/>2010-01-03 06:17:50 ----A---- C:\WINDOWS\002582_.tmp <br/>2010-01-03 06:17:49 ----N---- C:\WINDOWS\system32\dimsroam.dll <br/>2010-01-03 06:17:49 ----N---- C:\WINDOWS\system32\dimsntfy.dll <br/>2010-01-03 06:17:49 ----N---- C:\WINDOWS\system32\dhcpqec.dll <br/>2010-01-03 06:17:49 ----N---- C:\WINDOWS\system32\credssp.dll <br/>2010-01-03 06:17:48 ----N---- C:\WINDOWS\system32\bitsprx4.dll <br/>2010-01-03 06:17:48 ----N---- C:\WINDOWS\system32\azroles.dll <br/>2010-01-03 06:17:47 ----N---- C:\WINDOWS\system32\ativvaxx.dll <br/>2010-01-03 06:17:47 ----N---- C:\WINDOWS\system32\ativtmxx.dll <br/>2010-01-03 06:17:47 ----N---- C:\WINDOWS\system32\ati3duag.dll <br/>2010-01-03 06:17:47 ----N---- C:\WINDOWS\system32\ati3d1ag.dll <br/>2010-01-03 06:17:47 ----N---- C:\WINDOWS\system32\ati2dvag.dll <br/>2010-01-03 06:17:47 ----N---- C:\WINDOWS\system32\ati2dvaa.dll <br/>2010-01-03 06:17:47 ----N---- C:\WINDOWS\system32\ati2cqag.dll <br/>2010-01-03 06:17:47 ----N---- C:\WINDOWS\system32\aaclient.dll <br/>2010-01-03 06:05:43 ----D---- C:\Documents and Settings\Tyler Williams\Application Data\Macromedia <br/>2010-01-03 06:05:41 ----D---- C:\Documents and Settings\Tyler Williams\Application Data\Adobe <br/>2010-01-03 05:48:48 ----D---- C:\NVIDIA <br/>2010-01-03 05:46:35 ----N---- C:\WINDOWS\system32\xpsp4res.dll <br/>2010-01-03 05:33:26 ----D---- C:\WINDOWS\system32\PreInstall <br/>2010-01-03 05:33:26 ----A---- C:\WINDOWS\system32\spupdsvc.exe <br/>2010-01-03 05:33:25 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ <br/>2010-01-03 05:33:25 ----HD---- C:\WINDOWS\$hf_mig$ <br/>2010-01-03 05:33:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ <br/>2010-01-03 05:21:31 ----D---- C:\WINDOWS\system32\SoftwareDistribution <br/>2010-01-03 05:18:55 ----A---- C:\WINDOWS\system32\wnicapi.dll <br/>2010-01-03 05:18:55 ----A---- C:\WINDOWS\system32\WlanApp.dll <br/>2010-01-03 05:18:55 ----A---- C:\WINDOWS\system32\odSupp_M.dll <br/>2010-01-03 05:18:55 ----A---- C:\WINDOWS\system32\JJAKEn.dll <br/>2010-01-03 05:18:55 ----A---- C:\WINDOWS\system32\AQCKGen.dll <br/>2010-01-03 05:18:55 ----A---- C:\WINDOWS\system32\ANIWZCS2.dll <br/>2010-01-03 05:18:55 ----A---- C:\WINDOWS\system32\ANICtl.dll <br/>2010-01-03 05:18:55 ----A---- C:\WINDOWS\system32\aIPH.dll <br/>2010-01-03 05:18:42 ----D---- C:\Program Files\ANI <br/>2010-01-03 05:18:42 ----A---- C:\WINDOWS\system32\ANIOApi.dll <br/>2010-01-03 05:18:27 ----D---- C:\Program Files\D-Link <br/>2010-01-03 05:18:07 ----D---- C:\Documents and Settings\Tyler Williams\Application Data\InstallShield <br/>2010-01-03 05:16:44 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles <br/>2010-01-03 05:16:31 ----SHD---- C:\RECYCLER <br/>2010-01-03 05:12:46 ----D---- C:\WINDOWS\nview <br/>2010-01-03 05:12:45 ----A---- C:\WINDOWS\system32\nvudisp.exe <br/>2010-01-03 05:12:41 ----A---- C:\WINDOWS\system32\nwiz.exe <br/>2010-01-03 05:12:41 ----A---- C:\WINDOWS\system32\nvwimg.dll <br/>2010-01-03 05:12:41 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll <br/>2010-01-03 05:12:41 ----A---- C:\WINDOWS\system32\nvwddi.dll <br/>2010-01-03 05:12:40 ----A---- C:\WINDOWS\system32\nvsvc32.exe <br/>2010-01-03 05:12:40 ----A---- C:\WINDOWS\system32\nvoglnt.dll <br/>2010-01-03 05:12:40 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll <br/>2010-01-03 05:12:40 ----A---- C:\WINDOWS\system32\nvcodins.dll <br/>2010-01-03 05:12:40 ----A---- C:\WINDOWS\system32\nvcod.dll <br/>2010-01-03 05:12:39 ----A---- C:\WINDOWS\system32\nvshell.dll <br/>2010-01-03 05:12:39 ----A---- C:\WINDOWS\system32\nvdspsch.exe <br/>2010-01-03 05:12:39 ----A---- C:\WINDOWS\system32\nvappbar.exe <br/>2010-01-03 05:12:38 ----A---- C:\WINDOWS\system32\nview.dll <br/>2010-01-03 05:12:38 ----A---- C:\WINDOWS\system32\nv4_disp.dll <br/>2010-01-03 05:12:37 ----A---- C:\WINDOWS\system32\nvmctray.dll <br/>2010-01-03 05:12:37 ----A---- C:\WINDOWS\system32\keystone.exe <br/>2010-01-03 05:12:36 ----A---- C:\WINDOWS\system32\nvcpl.dll <br/>2010-01-03 05:12:31 ----D---- C:\WINDOWS\system32\WinFast <br/>2010-01-03 05:11:45 ----D---- C:\WINDOWS\system32\WinFox <br/>2010-01-03 05:09:16 ----RA---- C:\WINDOWS\system32\NvSataConnectionzht.dll <br/>2010-01-03 05:09:16 ----RA---- C:\WINDOWS\system32\NvRaidWizardzht.dll <br/>2010-01-03 05:09:16 ----A---- C:\WINDOWS\system32\nvuide.exe <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvSataConnectionzhc.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvSataConnectiontr.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvSataConnectionth.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvSataConnectionsv.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvRaidzht.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvRaidzhc.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvRaidWizardzhc.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvRaidWizardtr.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvRaidWizardth.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvRaidWizardsv.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvRaidtr.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvRaidth.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvRaidSvzht.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvRaidSvzhc.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvRaidSvtr.dll <br/>2010-01-03 05:09:15 ----RA---- C:\WINDOWS\system32\NvRaidSvth.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvSataConnectionsl.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvSataConnectionsk.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvSataConnectionru.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvSataConnectionptb.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvRaidWizardsl.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvRaidWizardsk.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvRaidWizardru.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvRaidSvsv.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvRaidSvsl.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvRaidSvsk.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvRaidSvru.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvRaidsv.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvRaidsl.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvRaidsk.dll <br/>2010-01-03 05:09:14 ----RA---- C:\WINDOWS\system32\NvRaidru.dll <br/>2010-01-03 05:09:13 ----RA---- C:\WINDOWS\system32\NvSataConnectionpt.dll <br/>2010-01-03 05:09:13 ----RA---- C:\WINDOWS\system32\NvSataConnectionpl.dll <br/>2010-01-03 05:09:13 ----RA---- C:\WINDOWS\system32\NvSataConnectionno.dll <br/>2010-01-03 05:09:13 ----RA---- C:\WINDOWS\system32\NvRaidWizardptb.dll <br/>2010-01-03 05:09:13 ----RA---- C:\WINDOWS\system32\NvRaidWizardpt.dll <br/>2010-01-03 05:09:13 ----RA---- C:\WINDOWS\system32\NvRaidWizardpl.dll <br/>2010-01-03 05:09:13 ----RA---- C:\WINDOWS\system32\NvRaidSvptb.dll <br/>2010-01-03 05:09:13 ----RA---- C:\WINDOWS\system32\NvRaidSvpt.dll <br/>2010-01-03 05:09:13 ----RA---- C:\WINDOWS\system32\NvRaidSvpl.dll <br/>2010-01-03 05:09:13 ----RA---- C:\WINDOWS\system32\NvRaidptb.dll <br/>2010-01-03 05:09:13 ----RA---- C:\WINDOWS\system32\NvRaidpt.dll <br/>2010-01-03 05:09:13 ----RA---- C:\WINDOWS\system32\NvRaidpl.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvSataConnectionnl.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvSataConnectionko.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvSataConnectionja.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvRaidWizardno.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvRaidWizardnl.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvRaidWizardko.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvRaidWizardja.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvRaidSvno.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvRaidSvnl.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvRaidSvko.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvRaidSvja.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvRaidno.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvRaidnl.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvRaidko.dll <br/>2010-01-03 05:09:12 ----RA---- C:\WINDOWS\system32\NvRaidja.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvSataConnectionit.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvSataConnectionhu.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvSataConnectionhe.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvSataConnectionfr.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvRaidWizardit.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvRaidWizardhu.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvRaidWizardhe.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvRaidWizardfr.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvRaidSvit.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvRaidSvhu.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvRaidSvhe.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvRaidSvfr.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvRaidit.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvRaidhu.dll <br/>2010-01-03 05:09:11 ----RA---- C:\WINDOWS\system32\NvRaidhe.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvSataConnectionfi.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvSataConnectiones.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvSataConnectioneng.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvSataConnectionel.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvRaidWizardfi.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvRaidWizardes.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvRaidWizardeng.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvRaidSvfi.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvRaidSves.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvRaidSveng.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvRaidfr.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvRaidfi.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvRaides.dll <br/>2010-01-03 05:09:10 ----RA---- C:\WINDOWS\system32\NvRaideng.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvSataConnectionde.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvSataConnectionda.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvSataConnectioncs.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvRaidWizardel.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvRaidWizardde.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvRaidWizardda.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvRaidWizardcs.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvRaidSvel.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvRaidSvde.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvRaidSvda.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvRaidSvcs.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvRaidel.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvRaidde.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvRaidda.dll <br/>2010-01-03 05:09:09 ----RA---- C:\WINDOWS\system32\NvRaidcs.dll <br/>2010-01-03 05:09:08 ----RA---- C:\WINDOWS\system32\NvSataConnectionEnu.dll <br/>2010-01-03 05:09:08 ----RA---- C:\WINDOWS\system32\NvSataConnectionar.dll <br/>2010-01-03 05:09:08 ----RA---- C:\WINDOWS\system32\nvsataconnection.exe <br/>2010-01-03 05:09:08 ----RA---- C:\WINDOWS\system32\NvRaidWizardEnu.dll <br/>2010-01-03 05:09:08 ----RA---- C:\WINDOWS\system32\NvRaidWizardar.dll <br/>2010-01-03 05:09:08 ----RA---- C:\WINDOWS\system32\NvRaidSvEnu.dll <br/>2010-01-03 05:09:08 ----RA---- C:\WINDOWS\system32\NvRaidSvar.dll <br/>2010-01-03 05:09:08 ----RA---- C:\WINDOWS\system32\nvraidservice.exe <br/>2010-01-03 05:09:08 ----RA---- C:\WINDOWS\system32\NvRaidMan.exe <br/>2010-01-03 05:09:08 ----RA---- C:\WINDOWS\system32\NvRaidEnu.dll <br/>2010-01-03 05:09:08 ----RA---- C:\WINDOWS\system32\NvRaidar.dll <br/>2010-01-03 05:09:07 ----RA---- C:\WINDOWS\system32\NvRaidWizard.dll <br/>2010-01-03 05:09:01 ----RA---- C:\WINDOWS\system32\nvraidco.dll <br/>2010-01-03 05:09:01 ----A---- C:\WINDOWS\system32\nvraiins.dll <br/>2010-01-03 05:08:56 ----RA---- C:\WINDOWS\system32\idecoi.dll <br/>2010-01-03 05:07:21 ----A---- C:\WINDOWS\system32\ksuser.dll <br/>2010-01-03 05:07:18 ----D---- C:\Program Files\Realtek Sound Manager <br/>2010-01-03 05:07:14 ----N---- C:\WINDOWS\avrack.ini <br/>2010-01-03 05:07:14 ----D---- C:\Program Files\AvRack <br/>2010-01-03 05:07:09 ----N---- C:\WINDOWS\system32\ChCfg.exe <br/>2010-01-03 05:07:09 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll <br/>2010-01-03 05:07:09 ----A---- C:\WINDOWS\SOUNDMAN.EXE <br/>2010-01-03 05:07:04 ----A---- C:\WINDOWS\system32\RTLCPL.EXE <br/>2010-01-03 05:06:55 ----N---- C:\WINDOWS\alcupd.exe <br/>2010-01-03 05:06:54 ----N---- C:\WINDOWS\alcrmv.exe <br/>2010-01-03 05:06:54 ----HD---- C:\Program Files\InstallShield Installation Information <br/>2010-01-03 05:04:24 ----RA---- C:\WINDOWS\system32\fdco1ins.dll <br/>2010-01-03 05:04:24 ----RA---- C:\WINDOWS\system32\fdco1.dll <br/>2010-01-03 05:04:22 ----A---- C:\WINDOWS\system32\nvunrm.exe <br/>2010-01-03 05:04:21 ----RA---- C:\WINDOWS\system32\nvconrm.dll <br/>2010-01-03 05:04:21 ----RA---- C:\WINDOWS\system32\bdco1ins.dll <br/>2010-01-03 05:04:21 ----RA---- C:\WINDOWS\system32\bdco1.dll <br/>2010-01-03 05:04:20 ----A---- C:\WINDOWS\system32\nvusmb.exe <br/>2010-01-03 05:04:20 ----A---- C:\WINDOWS\system32\NVUNINST.EXE <br/>2010-01-03 05:04:10 ----D---- C:\WINDOWS\system32\ReinstallBackups <br/>2010-01-03 05:04:03 ----D---- C:\Program Files\Common Files\InstallShield <br/>2010-01-03 05:02:24 ----D---- C:\Documents and Settings\Tyler Williams\Application Data\Identities <br/>2010-01-03 05:02:23 ----HD---- C:\Program Files\Uninstall Information <br/>2010-01-03 05:02:18 ----SD---- C:\Documents and Settings\Tyler Williams\Application Data\Microsoft <br/>2010-01-03 05:02:18 ----ASH---- C:\Documents and Settings\Tyler Williams\Application Data\desktop.ini <br/>2010-01-03 05:01:45 ----D---- C:\WINDOWS\SoftwareDistribution <br/>2010-01-03 05:01:43 ----SD---- C:\WINDOWS\system32\Microsoft <br/>2010-01-03 05:01:43 ----A---- C:\WINDOWS\SchedLgU.Txt <br/>2010-01-03 04:58:01 ----D---- C:\WINDOWS\system32\xircom <br/>2010-01-03 04:58:01 ----D---- C:\Program Files\xerox <br/>2010-01-03 04:58:01 ----D---- C:\Program Files\microsoft frontpage <br/>2010-01-03 04:57:53 ----A---- C:\WINDOWS\control.ini <br/>2010-01-03 04:57:53 ----A---- C:\AUTOEXEC.BAT <br/>2010-01-03 04:57:39 ----A---- C:\WINDOWS\OEWABLog.txt <br/>2010-01-03 04:57:35 ----A---- C:\WINDOWS\system32\mapi32.dll <br/>2010-01-03 04:56:59 ----SD---- C:\WINDOWS\Downloaded Program Files <br/>2010-01-03 04:56:59 ----RD---- C:\WINDOWS\Offline Web Pages <br/>2010-01-03 04:56:59 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest <br/>2010-01-03 04:56:55 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest <br/>2010-01-03 04:56:51 ----HD---- C:\Program Files\WindowsUpdate <br/>2010-01-03 04:56:31 ----D---- C:\WINDOWS\system32\DirectX <br/>2010-01-03 04:56:08 ----A---- C:\WINDOWS\system32\atrace.dll <br/>2010-01-03 04:56:05 ----A---- C:\WINDOWS\system32\desktop.ini <br/>2010-01-03 04:56:05 ----A---- C:\WINDOWS\desktop.ini <br/>2010-01-03 04:55:57 ----A---- C:\WINDOWS\system32\nmevtmsg.dll <br/>2010-01-03 04:55:55 ----D---- C:\Program Files\Common Files\Services <br/>2010-01-03 04:55:55 ----A---- C:\WINDOWS\system32\acctres.dll <br/>2010-01-03 04:55:51 ----SD---- C:\WINDOWS\Tasks <br/>2010-01-03 04:55:51 ----A---- C:\WINDOWS\system32\icfgnt5.dll <br/>2010-01-03 04:55:50 ----D---- C:\Program Files\Common Files\MSSoap <br/>2010-01-03 04:55:46 ----D---- C:\WINDOWS\srchasst <br/>2010-01-03 04:55:45 ----D---- C:\WINDOWS\system32\Macromed <br/>2010-01-03 04:55:41 ----A---- C:\WINDOWS\system32\wuweb.dll <br/>2010-01-03 04:55:41 ----A---- C:\WINDOWS\system32\wups.dll <br/>2010-01-03 04:55:41 ----A---- C:\WINDOWS\system32\wucltui.dll <br/>2010-01-03 04:55:41 ----A---- C:\WINDOWS\system32\wuauserv.dll <br/>2010-01-03 04:55:41 ----A---- C:\WINDOWS\system32\wuaueng1.dll <br/>2010-01-03 04:55:41 ----A---- C:\WINDOWS\system32\wuaueng.dll <br/>2010-01-03 04:55:41 ----A---- C:\WINDOWS\system32\wuauclt1.exe <br/>2010-01-03 04:55:40 ----A---- C:\WINDOWS\system32\wuauclt.exe <br/>2010-01-03 04:55:40 ----A---- C:\WINDOWS\system32\wuapi.dll <br/>2010-01-03 04:55:40 ----A---- C:\WINDOWS\system32\qmgrprxy.dll <br/>2010-01-03 04:55:40 ----A---- C:\WINDOWS\system32\qmgr.dll <br/>2010-01-03 04:55:40 ----A---- C:\WINDOWS\system32\bitsprx3.dll <br/>2010-01-03 04:55:40 ----A---- C:\WINDOWS\system32\bitsprx2.dll <br/>2010-01-03 04:55:36 ----D---- C:\Program Files\Movie Maker <br/>2010-01-03 04:55:31 ----A---- C:\WINDOWS\system32\safrslv.dll <br/>2010-01-03 04:55:31 ----A---- C:\WINDOWS\system32\safrdm.dll <br/>2010-01-03 04:55:31 ----A---- C:\WINDOWS\system32\safrcdlg.dll <br/>2010-01-03 04:55:31 ----A---- C:\WINDOWS\system32\racpldlg.dll <br/>2010-01-03 04:55:27 ----D---- C:\WINDOWS\system32\Restore <br/>2010-01-03 04:55:27 ----A---- C:\WINDOWS\system32\srrstr.dll <br/>2010-01-03 04:55:27 ----A---- C:\WINDOWS\system32\fltmc.exe <br/>2010-01-03 04:55:27 ----A---- C:\WINDOWS\system32\fltlib.dll <br/>2010-01-03 04:55:26 ----A---- C:\WINDOWS\system32\srsvc.dll <br/>2010-01-03 04:55:26 ----A---- C:\WINDOWS\system32\srclient.dll <br/>2010-01-03 04:55:26 ----A---- C:\WINDOWS\system32\ils.dll <br/>2010-01-03 04:55:25 ----A---- C:\WINDOWS\system32\nmmkcert.dll <br/>2010-01-03 04:55:25 ----A---- C:\WINDOWS\system32\msconf.dll <br/>2010-01-03 04:55:25 ----A---- C:\WINDOWS\system32\mnmsrvc.exe <br/>2010-01-03 04:55:25 ----A---- C:\WINDOWS\system32\mnmdd.dll <br/>2010-01-03 04:55:25 ----A---- C:\WINDOWS\system32\isrdbg32.dll <br/>2010-01-03 04:55:22 ----D---- C:\Program Files\NetMeeting <br/>2010-01-03 04:55:22 ----A---- C:\WINDOWS\system32\msoert2.dll <br/>2010-01-03 04:55:21 ----A---- C:\WINDOWS\system32\msoeacct.dll <br/>2010-01-03 04:55:20 ----A---- C:\WINDOWS\system32\inetres.dll <br/>2010-01-03 04:55:20 ----A---- C:\WINDOWS\system32\inetcomm.dll <br/>2010-01-03 04:55:18 ----D---- C:\Program Files\Outlook Express <br/>2010-01-03 04:55:18 ----A---- C:\WINDOWS\system32\schedsvc.dll <br/>2010-01-03 04:55:18 ----A---- C:\WINDOWS\system32\mstinit.exe <br/>2010-01-03 04:55:17 ----A---- C:\WINDOWS\system32\mstask.dll <br/>2010-01-03 04:55:17 ----A---- C:\WINDOWS\system32\isign32.dll <br/>2010-01-03 04:55:17 ----A---- C:\WINDOWS\system32\icwphbk.dll <br/>2010-01-03 04:55:17 ----A---- C:\WINDOWS\system32\icwdial.dll <br/>2010-01-03 04:55:16 ----A---- C:\WINDOWS\system32\inetcfg.dll <br/>2010-01-03 04:55:10 ----D---- C:\Program Files\Common Files\System <br/>2010-01-03 04:55:09 ----D---- C:\Program Files\Internet Explorer <br/>2010-01-03 04:54:57 ----D---- C:\Program Files\ComPlus Applications <br/>2010-01-03 04:54:55 ----A---- C:\WINDOWS\vbaddin.ini <br/>2010-01-03 04:54:55 ----A---- C:\WINDOWS\vb.ini <br/>2010-01-03 04:54:50 ----D---- C:\WINDOWS\Registration <br/>2010-01-03 04:54:28 ----D---- C:\Program Files\Online Services <br/>2010-01-03 04:54:27 ----D---- C:\Program Files\Windows Media Player <br/>2010-01-03 04:54:23 ----D---- C:\Program Files\Messenger <br/>2010-01-03 04:54:19 ----D---- C:\Program Files\MSN Gaming Zone <br/>2010-01-03 04:54:19 ----A---- C:\WINDOWS\system32\write.exe <br/>2010-01-03 04:54:08 ----A---- C:\WINDOWS\system32\sndvol32.exe <br/>2010-01-03 04:54:08 ----A---- C:\WINDOWS\system32\hticons.dll <br/>2010-01-03 04:54:08 ----A---- C:\WINDOWS\system32\avwav.dll <br/>2010-01-03 04:54:08 ----A---- C:\WINDOWS\system32\avmeter.dll <br/>2010-01-03 04:54:07 ----A---- C:\WINDOWS\system32\winchat.exe <br/>2010-01-03 04:54:07 ----A---- C:\WINDOWS\system32\avtapi.dll <br/>2010-01-03 04:53:59 ----A---- C:\WINDOWS\system32\getuname.dll <br/>2010-01-03 04:53:58 ----A---- C:\WINDOWS\system32\sol.exe <br/>2010-01-03 04:53:58 ----A---- C:\WINDOWS\system32\charmap.exe <br/>2010-01-03 04:53:58 ----A---- C:\WINDOWS\system32\calc.exe <br/>2010-01-03 04:53:57 ----A---- C:\WINDOWS\system32\winmine.exe <br/>2010-01-03 04:53:57 ----A---- C:\WINDOWS\system32\reset.exe <br/>2010-01-03 04:53:57 ----A---- C:\WINDOWS\system32\mshearts.exe <br/>2010-01-03 04:53:57 ----A---- C:\WINDOWS\system32\freecell.exe <br/>2010-01-03 04:53:56 ----A---- C:\WINDOWS\system32\usrlogon.cmd <br/>2010-01-03 04:53:56 ----A---- C:\WINDOWS\system32\tsshutdn.exe <br/>2010-01-03 04:53:56 ----A---- C:\WINDOWS\system32\tslabels.ini <br/>2010-01-03 04:53:56 ----A---- C:\WINDOWS\system32\tskill.exe <br/>2010-01-03 04:53:56 ----A---- C:\WINDOWS\system32\tsdiscon.exe <br/>2010-01-03 04:53:56 ----A---- C:\WINDOWS\system32\tscon.exe <br/>2010-01-03 04:53:56 ----A---- C:\WINDOWS\system32\shadow.exe <br/>2010-01-03 04:53:56 ----A---- C:\WINDOWS\system32\rwinsta.exe <br/>2010-01-03 04:53:56 ----A---- C:\WINDOWS\system32\regini.exe <br/>2010-01-03 04:53:56 ----A---- C:\WINDOWS\system32\rdpcfgex.dll <br/>2010-01-03 04:53:56 ----A---- C:\WINDOWS\system32\qwinsta.exe <br/>2010-01-03 04:53:55 ----A---- C:\WINDOWS\system32\qappsrv.exe <br/>2010-01-03 04:53:55 ----A---- C:\WINDOWS\system32\msg.exe <br/>2010-01-03 04:53:55 ----A---- C:\WINDOWS\system32\msdtcprf.ini <br/>2010-01-03 04:53:55 ----A---- C:\WINDOWS\system32\logoff.exe <br/>2010-01-03 04:53:55 ----A---- C:\WINDOWS\system32\cdmodem.dll <br/>2010-01-03 04:53:54 ----A---- C:\WINDOWS\system32\mtxlegih.dll <br/>2010-01-03 04:53:54 ----A---- C:\WINDOWS\system32\mtxex.dll <br/>2010-01-03 04:53:54 ----A---- C:\WINDOWS\system32\mtxdm.dll <br/>2010-01-03 04:53:54 ----A---- C:\WINDOWS\system32\dcomcnfg.exe <br/>2010-01-03 04:53:53 ----A---- C:\WINDOWS\system32\comrepl.dll <br/>2010-01-03 04:53:53 ----A---- C:\WINDOWS\system32\comaddin.dll <br/>2010-01-03 04:53:52 ----A---- C:\WINDOWS\system32\stclient.dll <br/>2010-01-03 04:53:52 ----A---- C:\WINDOWS\system32\comsnap.dll <br/>2010-01-03 04:53:47 ----A---- C:\WINDOWS\system32\wmimgmt.msc <br/>2010-01-03 04:53:38 ----D---- C:\Program Files\MSN <br/>2010-01-03 04:53:37 ----A---- C:\WINDOWS\system32\accwiz.exe <br/>2010-01-03 04:53:36 ----A---- C:\WINDOWS\system32\sndrec32.exe <br/>2010-01-03 04:53:36 ----A---- C:\WINDOWS\system32\mplay32.exe <br/>2010-01-03 04:53:36 ----A---- C:\WINDOWS\system32\hypertrm.dll <br/>2010-01-03 04:53:35 ----D---- C:\Program Files\Windows NT <br/>2010-01-03 04:53:35 ----A---- C:\WINDOWS\system32\spider.exe <br/>2010-01-03 04:53:35 ----A---- C:\WINDOWS\system32\mspaint.exe <br/>2010-01-03 04:53:35 ----A---- C:\WINDOWS\system32\clipbrd.exe <br/>2010-01-03 04:53:34 ----A---- C:\WINDOWS\system32\tscfgwmi.dll <br/>2010-01-03 04:53:34 ----A---- C:\WINDOWS\system32\mstscax.dll <br/>2010-01-03 04:53:33 ----A---- C:\WINDOWS\system32\tscupgrd.exe <br/>2010-01-03 04:53:33 ----A---- C:\WINDOWS\system32\termsrv.dll <br/>2010-01-03 04:53:33 ----A---- C:\WINDOWS\system32\sessmgr.exe <br/>2010-01-03 04:53:33 ----A---- C:\WINDOWS\system32\remotepg.dll <br/>2010-01-03 04:53:33 ----A---- C:\WINDOWS\system32\rdshost.exe <br/>2010-01-03 04:53:33 ----A---- C:\WINDOWS\system32\rdsaddin.exe <br/>2010-01-03 04:53:33 ----A---- C:\WINDOWS\system32\rdchost.dll <br/>2010-01-03 04:53:33 ----A---- C:\WINDOWS\system32\mstsc.exe <br/>2010-01-03 04:53:32 ----D---- C:\WINDOWS\system32\MsDtc <br/>2010-01-03 04:53:32 ----A---- C:\WINDOWS\system32\rdpwsx.dll <br/>2010-01-03 04:53:32 ----A---- C:\WINDOWS\system32\rdpsnd.dll <br/>2010-01-03 04:53:32 ----A---- C:\WINDOWS\system32\rdpclip.exe <br/>2010-01-03 04:53:32 ----A---- C:\WINDOWS\system32\qprocess.exe <br/>2010-01-03 04:53:32 ----A---- C:\WINDOWS\system32\msdtcuiu.dll <br/>2010-01-03 04:53:32 ----A---- C:\WINDOWS\system32\icaapi.dll <br/>2010-01-03 04:53:32 ----A---- C:\WINDOWS\system32\cfgbkend.dll <br/>2010-01-03 04:53:31 ----A---- C:\WINDOWS\system32\mtxoci.dll <br/>2010-01-03 04:53:31 ----A---- C:\WINDOWS\system32\msdtctm.dll <br/>2010-01-03 04:53:31 ----A---- C:\WINDOWS\system32\msdtcprx.dll <br/>2010-01-03 04:53:30 ----A---- C:\WINDOWS\system32\xolehlp.dll <br/>2010-01-03 04:53:30 ----A---- C:\WINDOWS\system32\msdtclog.dll <br/>2010-01-03 04:53:30 ----A---- C:\WINDOWS\system32\msdtc.exe <br/>2010-01-03 04:53:29 ----D---- C:\WINDOWS\system32\Com <br/>2010-01-03 04:53:29 ----A---- C:\WINDOWS\system32\colbact.dll <br/>2010-01-03 04:53:29 ----A---- C:\WINDOWS\system32\clbcatex.dll <br/>2010-01-03 04:53:29 ----A---- C:\WINDOWS\system32\catsrvut.dll <br/>2010-01-03 04:53:29 ----A---- C:\WINDOWS\system32\catsrvps.dll <br/>2010-01-03 04:53:29 ----A---- C:\WINDOWS\system32\catsrv.dll <br/>2010-01-03 04:53:28 ----A---- C:\WINDOWS\system32\comuid.dll <br/>2010-01-03 04:53:28 ----A---- C:\WINDOWS\system32\comsvcs.dll <br/>2010-01-03 04:53:27 ----A---- C:\WINDOWS\system32\clbcatq.dll <br/>2010-01-03 04:53:22 ----A---- C:\WINDOWS\system32\servdeps.dll <br/>2010-01-03 04:53:22 ----A---- C:\WINDOWS\system32\mmfutil.dll <br/>2010-01-03 04:53:22 ----A---- C:\WINDOWS\system32\licwmi.dll <br/>2010-01-03 04:53:21 ----A---- C:\WINDOWS\system32\cmprops.dll <br/> <br/>======List of files/folders modified in the last 1 months====== <br/> <br/>2010-01-04 00:26:04 ----A---- C:\WINDOWS\win.ini <br/>2010-01-03 15:49:03 ----A---- C:\WINDOWS\system.ini <br/> <br/>======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== <br/> <br/>R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\BHDrvx86.sys [2009-08-22 259632] <br/>R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\ccHPx86.sys [2010-01-03 482432] <br/>R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] <br/>R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091230.004\IDSxpx86.sys [] <br/>R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1007020.00B\SRTSPX.SYS [2009-08-22 43696] <br/>R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMTDI.SYS [2009-08-22 217136] <br/>R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS [] <br/>R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] <br/>R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192] <br/>R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664] <br/>R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] <br/>R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] <br/>R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-18 18688] <br/>R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100104.022\NAVENG.SYS [] <br/>R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100104.022\NAVEX15.SYS [] <br/>R3 NetHook_ControlCenter;ArtOfPing ControlCenter; \??\C:\Program Files\PingFu Iris\ControlCenter.sys [] <br/>R3 NetHook_Interceptor;ArtOfPing TDI Interceptor; \??\C:\Program Files\PingFu Iris\Interceptor.sys [] <br/>R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] <br/>R3 NPDriver;Norton UnErase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [] <br/>R3 npkcrypt;npkcrypt; \??\D:\RO\npkcrypt.sys [] <br/>R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-10 3536768] <br/>R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-20 33280] <br/>R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-20 12928] <br/>R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-18 19584] <br/>R3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2006-12-21 429440] <br/>R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632] <br/>R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SRTSP.SYS [2009-08-22 308272] <br/>R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] <br/>R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMFW.SYS [2009-08-22 89904] <br/>R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMIDS.SYS [2009-08-22 33072] <br/>R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400] <br/>R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMNDIS.SYS [2009-08-22 36400] <br/>R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] <br/>R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] <br/>R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152] <br/>R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] <br/>R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104] <br/>S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2009-03-25 86824] <br/>S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016] <br/>S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728] <br/>S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208] <br/>S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024] <br/>S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2009-03-25 104744] <br/>S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2009-03-25 109864] <br/>S3 SDdriver;SDdriver; \??\C:\WINDOWS\system32\Drivers\sddriver.sys [] <br/>S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400] <br/>S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] <br/>S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] <br/>S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] <br/> <br/>======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== <br/> <br/>R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-08-02 238968] <br/>R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] <br/>R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [2009-08-22 117640] <br/>R2 NProtectService;Norton UnErase Protection; C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE [2008-09-25 95600] <br/>R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-10 131139] <br/>R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] <br/>R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] <br/>R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE [2008-09-25 181680] <br/>R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] <br/>R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-10 602392] <br/>S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152] <br/>S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] <br/>S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] <br/>S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] <br/>S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-02 3220856] <br/>S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] <br/> <br/>-----------------EOF----------------- <br/> <br/> <br/>GMER 1.0.15.15281 - http://www.gmer.net <br/>Rootkit scan 2010-01-06 00:06:37 <br/>Windows 5.1.2600 Service Pack 3 <br/>Running: mdz0ny5p.exe; Driver: C:\DOCUME~1\TYLERW~1\LOCALS~1\Temp\kxtdipow.sys <br/> <br/> <br/>---- System - GMER 1.0.15 ---- <br/> <br/>SSDT 89FEE748 ZwAlertResumeThread <br/>SSDT 89FF6368 ZwAlertThread <br/>SSDT 89A128A0 ZwAllocateVirtualMemory <br/>SSDT 89FD60C0 ZwAssignProcessToJobObject <br/>SSDT 89CB9728 ZwConnectPort <br/>SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB4317130] <br/>SSDT 89A42928 ZwCreateMutant <br/>SSDT 89AA3858 ZwCreateSymbolicLinkObject <br/>SSDT 8A0FD1F0 ZwCreateThread <br/>SSDT 89FD6BC0 ZwDebugActiveProcess <br/>SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB43173B0] <br/>SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB4317910] <br/>SSDT 89A137C8 ZwDuplicateObject <br/>SSDT 89A0F928 ZwFreeVirtualMemory <br/>SSDT 89FE84F8 ZwImpersonateAnonymousToken <br/>SSDT 89FE85D0 ZwImpersonateThread <br/>SSDT 89FD5540 ZwLoadDriver <br/>SSDT 8A0ED650 ZwMapViewOfSection <br/>SSDT 89FE2738 ZwOpenEvent <br/>SSDT 89A13968 ZwOpenProcess <br/>SSDT 8A0148B8 ZwOpenProcessToken <br/>SSDT 89FD9720 ZwOpenSection <br/>SSDT 89A13898 ZwOpenThread <br/>SSDT 89AA3928 ZwProtectVirtualMemory <br/>SSDT 8A103008 ZwResumeThread <br/>SSDT 8A00E658 ZwSetContextThread <br/>SSDT 89A0D970 ZwSetInformationProcess <br/>SSDT 89FD8C08 ZwSetSystemInformation <br/>SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB4317B60] <br/>SSDT 89FDC8A8 ZwSuspendProcess <br/>SSDT 89FF66A0 ZwSuspendThread <br/>SSDT 8A0332B0 ZwTerminateProcess <br/>SSDT 8A00C6B0 ZwTerminateThread <br/>SSDT 89B7D2A0 ZwUnmapViewOfSection <br/>SSDT 89A127D0 ZwWriteVirtualMemory <br/> <br/>---- Kernel code sections - GMER 1.0.15 ---- <br/> <br/>? SYMEFA.SYS The system cannot find the file specified. ! <br/>.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB906A360, 0x20598D, 0xE8000020] <br/> <br/>---- User code sections - GMER 1.0.15 ---- <br/> <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] ntdll.dll!RtlValidateUnicodeString + 554 7C9163BE 10 Bytes JMP 046F003A <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9865 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCEE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254602 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] ole32.dll!OleInitialize + E37 77500521 7 Bytes JMP 046F0275 <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED748 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] ole32.dll!CoImpersonateClient + 51 775156C0 7 Bytes JMP 046F032B <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E47A0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5560] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E21541D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5560] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED6EC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5560] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E441F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5560] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4351 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5560] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E43BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5560] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4222 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5560] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4284 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5560] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4482 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/>.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5560] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E42E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) <br/> <br/>---- User IAT/EAT - GMER 1.0.15 ---- <br/> <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61449CEC] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6144AE29] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6144A3BA] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61449C27] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61449B56] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61449B94] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61449CEC] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6144ADE9] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6144AE77] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6144AE29] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61449D87] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61449B94] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6144A3BA] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61449C27] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [6144A3BA] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61449CF2] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61449B56] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6144ADA9] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2124] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [6144A7A3] C:\Program Files\Yahoo!\Messenger\yui.dll <br/>IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[5508] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) <br/> <br/>---- Devices - GMER 1.0.15 ---- <br/> <br/>AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.) <br/>AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) <br/>AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) <br/>AttachedDevice \Driver\Tcpip \Device\Ip Interceptor.sys <br/>AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) <br/>AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) <br/>AttachedDevice \Driver\Tcpip \Device\Tcp Interceptor.sys <br/>AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) <br/>AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) <br/>AttachedDevice \Driver\Tcpip \Device\Udp Interceptor.sys <br/>AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) <br/>AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) <br/>AttachedDevice \Driver\Tcpip \Device\RawIp Interceptor.sys <br/>AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) <br/> <br/>---- Files - GMER 1.0.15 ---- <br/> <br/>File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\streamlock.dat 0 bytes <br/>File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\tmpeaa.tmp 0 bytes <br/>File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Lue\Downloads\1262693972jtun_streamset.zip 805 bytes <br/>File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Lue\Downloads\streaming 0 bytes <br/>File C:\WINDOWS\SoftwareDistribution\Download\Install 0 bytes <br/> <br/>---- EOF - GMER 1.0.15 ----
Posted 1/6/2010 12:37 AM
#81660
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Not seeing any malware, though one unknown file that needs checking. Let's do that, as well as scan for Sality or other infected files there. <br/> <br/> <br/>Make sure you can [URL="http://www.cybertechhelp.com/tutorial/article/how-to-show-hidden-files"]View Hidden Files[/URL]. Also uncheck "Hide Extensions for Known File Types" <br/> <br/>Then just go here, press new topic, fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select the following file on your computer. <br/> <br/>C:\Documents and Settings\All Users\Application Data\hpe1767.dll <---- <br/> <br/>You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded. <br/> <br/>Then, for now, locate that file and Rename it to hpe1767.bad <br/> <br/>---------------- <br/> <br/>Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes: <br/> <br/>Remove found threats <br/>Scan unwanted applications <br/> <br/>Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives). <br/> <br/>Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please. <br/> <br/> <br/>If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, December 5, 2016, 3:42 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 2 new threads and 3 reply posts.

Who's online

This forum has 37,965 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.