Win32 Iksmas.ai infection

M

Mirrabooka

New member
My computer has been infected with this malware for at least the last month. Currently my computer is practically frozen and my ISP has now suspended my email account for spam activity.

I have run numerous scans with Spybot S&D 1.6.2 It has been telling me that I am infected with Iksmas.ai but it is unable to resolve the problem. I downloaded Norton antivirus on the recommendation of my ISP and this has been blocking intrusion attempts almost continuously, with the result that the computer more or less freezes up.

Norton's advice for cleaning this malware, which they call HTTP W32 Waledac, was to disable System Restore and run a full system scan. I tried this. The Norton system scan was unable to disinfect the computer, with the result that I no longer have any restore points. Prior to disabling System Restore I tried to do a restore but it wouldn't work. Apparently the malware was interfering with it. The same appears to be happening with Windows Update.

I have also tried the Spybot S&D recommendation for removal of this Malware, however RunAlyzer does not show any entries named "PromoReg"

Following is my HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:08 PM, on 7/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\hpb2ksrv.exe
C:\WINDOWS\system32\hpbhksrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hpnra.exe
C:\WINDOWS\system32\hpstatus.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\HPBSPSVR.EXE
C:\WINDOWS\system32\HPBJDSNT.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 4409 bytes

Best Regards,

Mirrabooka
 
Hi,

First of all, please re-enable your system restore if possible. Infected system restore point is better than not a single one at all.

I need you to create a few reports for me.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.
 
Hi,

Hope you don't mind wading through all this. Your efforts are much appreciated

DDS (Ver_09-06-26.01) - NTFSx86
Run by RW at 20:11:03.29 on Sun 07/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.355 [GMT 10:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\hpb2ksrv.exe
C:\WINDOWS\system32\hpbhksrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
svchost.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hpnra.exe
C:\WINDOWS\system32\hpstatus.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\HPBSPSVR.EXE
C:\WINDOWS\system32\HPBJDSNT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\RW\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
uSearch Page = hxxp://www.telstra.com/
uSearch Bar = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
uDefault_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070109
uWindow Title = Telstra BigPond Home Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070109
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.0.0.125\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: BigPond Wireless Broadband 2.0 Auto Dial: {db92ec3f-697d-4c3b-9a3b-3abbd23d4a85} - c:\program files\telstra\bigpond wireless broadband 2.0\bpwbb2ad.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [EPSON Stylus Photo R250 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAHP.EXE /P30 "EPSON Stylus Photo R250 Series" /O6 "USB001" /M "Stylus Photo R250"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Network Registry Agent] c:\windows\system32\hpnra.exe
mRun: [HP Status] c:\windows\system32\hpstatus.exe
mRun: [HPLJ Config] c:\program files\hewlett-packard\clj2500\SetConfig.exe
mRun: [HP Proxy Server] c:\program files\hewlett-packard\proxyservice\ProxyService.lnk
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [BigPondWirelessBroadbandCM] "c:\program files\telstra\bigpond wireless broadband 2.0\BigPond_CM.exe" -tsr
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [WMDM PMSP Service] c:\windows\system32\cssrss.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://furano.miemasu.net:86/SysCamInst.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1000000.07d\SymEFA.sys [2009-6-24 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1000000.07d\BHDrvx86.sys [2009-6-24 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1000000.07d\ccHPx86.sys [2009-6-24 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090625.003\IDSXpx86.sys [2009-7-1 276344]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.0.0.125\ccSvcHst.exe [2009-6-24 115560]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-23 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090704.020\NAVENG.SYS [2009-7-5 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090704.020\NAVEX15.SYS [2009-7-5 876144]
S1 etpde65;etpde65;c:\windows\system32\drivers\etpde65.sys [2009-6-10 33856]
S2 aspimgr;Microsoft ASPI Manager;c:\windows\system32\aspimgr.exe --> c:\windows\system32\aspimgr.exe [?]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2007-1-30 57744]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2007-1-30 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2007-1-30 93328]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2007-11-16 34064]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2007-3-12 155648]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [2007-11-19 164480]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2007-11-19 140672]

=============== Created Last 30 ================

2009-06-25 16:53 <DIR> --d-h--- c:\windows\PIF
2009-06-24 17:48 <DIR> --d--r-- c:\program files\Norton Support
2009-06-24 15:40 35,888 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-24 15:40 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-24 15:40 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-24 15:40 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-24 15:40 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-24 15:40 <DIR> --d----- c:\program files\Symantec
2009-06-24 15:40 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-24 15:39 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-06-24 15:39 <DIR> --d----- c:\program files\Norton AntiVirus
2009-06-24 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-24 15:39 <DIR> --d----- c:\program files\NortonInstaller
2009-06-24 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-24 15:04 <DIR> --d----- c:\program files\Trend Micro
2009-06-10 22:45 33,856 a------- c:\windows\system32\drivers\etpde65.sys
2009-06-06 20:17 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-06 20:17 <DIR> --d----- C:\Digital Pictures
2009-06-06 20:17 <DIR> --d----- C:\Mary Graduation pics
2009-06-06 20:17 <DIR> --d----- C:\Hot Flashes

==================== Find3M ====================

2007-01-31 08:48 124 a------- c:\docume~1\rw\applic~1\wklnhst.dat
2008-11-22 11:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat

============= FINISH: 20:11:59.62 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/17/2007 2:35:26 PM
System Uptime: 7/5/2009 7:29:58 PM (1 hours ago)

Motherboard: Dell Inc. | | 0RT486
Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | Microprocessor | 1830/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 26.306 GiB free.
D: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3C74D038424FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3C74D038424FC000
Service: NIC1394

==== System Restore Points ===================

RP1: 7/5/2009 8:02:02 PM - System Checkpoint

==== Installed Programs ======================

Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Reader 8.1.5
ArcSoft PhotoStudio 5.5
BigPond Wireless Broadband 2.10.5
BlackBerry Desktop Software 4.3
Broadcom Management Programs
Canon iP1300
Canon iP4200
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
DataView
Dell Support 3.2.1
Dell System Restore
Digital Line Detect
doPDF 5.3 printer
EPSON Easy Photo Print
EPSON Printer Software
ERUNT 1.1j
ESPR250 User's Guide
ffvfw (uninstall only)
FLV Player 2.0, build 23
GemMaster Mystic
Google Desktop
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
hp color LaserJet 2500 Uninstaller
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KB408682
MapInfo Professional 8.5
mCore
MCU
mDrWiFi
MediaDirect
MetaFrame Presentation Server Web Client for Win32
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Works
mIWA
Mixer
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
Norton AntiVirus
OutlookAddinSetup
Petrosys 15.3 for Windows
PetroView
PetroView MapInfo
QuickSet
QuickTime
RealPlayer Basic
Roxio DLA
Roxio Media Manager
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
RunAlyzer
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sentinel Protection Installer 7.2.2
Skype 3.0
Skype add-on for IE
Skype Plugin Manager
Sonic Encoders
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB Demo
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Synaptics Pointing Device Driver
Telstra ISDN Setup Program
The KINGDOM Software 8.0 (32-bit)
Ulead VideoStudio 8.0 SE DVD
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VGA USB Camera
Viewpoint Media Player (Remove Only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

7/5/2009 8:11:08 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
7/4/2009 9:31:09 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/4/2009 9:30:58 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/4/2009 9:30:45 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/4/2009 9:30:33 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/4/2009 9:29:28 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/4/2009 9:09:27 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/4/2009 9:09:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
7/4/2009 9:00:19 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0019D200119E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/3/2009 9:40:52 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Windows Genuine Advantage Validation Tool (KB892130).
7/3/2009 9:40:47 AM, error: WGA [4379] - Windows XP Hotfix KB892130 installation failed.
Failed to add registry entry.
7/3/2009 8:19:53 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0019D200119E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/3/2009 3:01:50 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/3/2009 3:01:42 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/3/2009 3:01:35 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/3/2009 3:01:26 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/3/2009 3:00:53 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/3/2009 11:34:05 AM, error: Service Control Manager [7022] - The DCOM Server Process Launcher service hung on starting.
7/3/2009 10:27:56 PM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/3/2009 10:27:50 PM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/3/2009 10:27:42 PM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/3/2009 10:27:32 PM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/3/2009 10:27:03 PM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/2/2009 9:24:35 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/2/2009 9:24:09 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/2/2009 9:23:48 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/2/2009 9:23:17 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/2/2009 9:21:12 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/2/2009 9:14:35 AM, error: Service Control Manager [7000] - The Microsoft ASPI Manager service failed to start due to the following error: The system cannot find the file specified.
7/2/2009 9:12:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/2/2009 9:12:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/2/2009 5:22:19 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0019D200119E has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
7/2/2009 2:16:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DCOM Server Process Launcher service to connect.
7/2/2009 2:16:14 PM, error: Service Control Manager [7000] - The DCOM Server Process Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/2/2009 10:03:10 PM, error: Dhcp [1002] - The IP address lease 192.168.0.106 for the Network Card with network address 0019D200119E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/1/2009 9:46:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SYMTDI Tcpip
7/1/2009 9:46:38 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/1/2009 9:46:38 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/1/2009 9:46:38 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/1/2009 9:46:38 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/1/2009 12:37:00 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Security Update for Windows XP (KB961501).
7/1/2009 12:37:00 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/1/2009 12:36:53 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Update Rollup for ActiveX Killbits for Windows XP (KB969898).
7/1/2009 12:36:52 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/1/2009 12:36:45 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Security Update for Windows XP (KB970238).
7/1/2009 12:36:45 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/1/2009 12:36:35 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Cumulative Security Update for Internet Explorer 7 for Windows XP (KB969897).
7/1/2009 12:36:35 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/1/2009 12:36:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Security Update for Windows XP (KB968537).
7/1/2009 12:36:05 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/1/2009 11:35:15 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
6/30/2009 12:53:14 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
6/30/2009 12:53:03 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
6/30/2009 12:52:52 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
6/30/2009 12:52:41 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
6/30/2009 12:52:05 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
6/29/2009 8:54:54 PM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
6/29/2009 8:54:47 PM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
6/29/2009 8:54:40 PM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
6/29/2009 8:54:31 PM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
6/29/2009 8:53:50 PM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
6/29/2009 3:02:25 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
6/29/2009 3:02:17 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
6/29/2009 3:02:10 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
6/29/2009 3:02:00 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
6/29/2009 3:01:31 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.

==== End Of File ===========================

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-05 23:52:58
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 86E05688 ZwAlertResumeThread
SSDT 86B91D98 ZwAlertThread
SSDT 86E039F0 ZwAllocateVirtualMemory
SSDT 86B280D8 ZwAssignProcessToJobObject
SSDT 86BB77D0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA108020]
SSDT 8695D810 ZwCreateMutant
SSDT 86B3BCF0 ZwCreateSymbolicLinkObject
SSDT 869BD748 ZwCreateThread
SSDT 86B5FAB0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA1082A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA108800]
SSDT 869F5078 ZwDuplicateObject
SSDT 860529E0 ZwEnumerateValueKey
SSDT 86A11CB8 ZwFreeVirtualMemory
SSDT 86B36BD8 ZwImpersonateAnonymousToken
SSDT 86B96C38 ZwImpersonateThread
SSDT 86E31E80 ZwLoadDriver
SSDT 86C5C600 ZwMapViewOfSection
SSDT 86B4E110 ZwOpenEvent
SSDT 869F53D8 ZwOpenProcess
SSDT 86E43CD8 ZwOpenProcessToken
SSDT 86B677F8 ZwOpenSection
SSDT 869F5248 ZwOpenThread
SSDT 86B747B8 ZwProtectVirtualMemory
SSDT 869D9228 ZwResumeThread
SSDT 86B96910 ZwSetContextThread
SSDT 86A11918 ZwSetInformationProcess
SSDT 86BAA690 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA108A50]
SSDT 86B59238 ZwSuspendProcess
SSDT 86B682B0 ZwSuspendThread
SSDT 86B64D90 ZwTerminateProcess
SSDT 86B66BA0 ZwTerminateThread
SSDT 86E41D40 ZwUnmapViewOfSection
SSDT 86E03620 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8604EAD0
Device \FileSystem\Mup \Dfs 8604EAD0
Device \Driver\Tcpip \Device\Ip 860513F0

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\RAW \Device\RawTape 8604EAD0
Device \FileSystem\DLACDBHM \Device\sscdbhook1 8604EAD0
Device \Driver\Tcpip \Device\Tcp 860513F0

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\SRTSP \Device\NAVAP 8604EAD0
Device \FileSystem\Mup \Device\Mup 8604EAD0
Device \Driver\Tcpip \Device\Udp 860513F0

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp 860513F0

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\SRTSP \Device\SAVRT 8604EAD0
Device \FileSystem\RAW \Device\RawDisk 8604EAD0
Device \FileSystem\SymEFA \Device\SYMEFA 8604EAD0
Device \Driver\Tcpip \Device\IPMULTICAST 860513F0
Device \FileSystem\SRTSP \Device\SRTSP 8604EAD0
Device \FileSystem\RAW \Device\RawCdRom 8604EAD0
Device \FileSystem\Mup \Device\WinDfs\Root 8604EAD0

AttachedDevice \FileSystem\Fastfat \Fat 8604EAD0
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread System [4:644] 86052670

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@PromoReg C:\WINDOWS\System32\svchost.exe
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

---- EOF - GMER 1.0.15 ----
 
Helping gladly where I can :)

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
ComboFix 09-07-05.01 - RW 07/06/2009 6:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.224 [GMT 10:00]
Running from: c:\documents and settings\RW\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\RW\My Documents\My Documents.url
c:\documents and settings\RW\My Documents\My Music\My Music.url
c:\documents and settings\RW\My Documents\My Pictures\My Pictures.url
c:\documents and settings\RW\My Documents\My Videos\My Video.url
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\g32.txt
c:\windows\gs32.txt
c:\windows\Installer\434bd.msi
c:\windows\Installer\a4260.msi
c:\windows\Installer\c5fe.msp
c:\windows\kb913800.exe
c:\windows\s32.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\rpcss(3)(2).dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\ws386.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASPIMGR
-------\Legacy_NPF
-------\Service_aspimgr
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-05 20:28 . 2009-06-23 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\NAVEX32A.DLL
2009-07-05 20:28 . 2009-06-23 08:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\NAVENG.SYS
2009-07-05 20:28 . 2009-06-23 08:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\NAVEX15.SYS
2009-07-05 20:28 . 2009-06-23 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\NAVENG32.DLL
2009-07-05 20:28 . 2009-06-23 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\EECTRL.SYS
2009-07-05 20:28 . 2009-06-23 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\ECMSVR32.DLL
2009-07-05 20:28 . 2009-06-23 08:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\CCERASER.DLL
2009-07-05 20:28 . 2009-06-23 08:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.003\ERASER.SYS
2009-07-03 23:14 . 2009-06-23 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVEX32A.DLL
2009-07-03 23:14 . 2009-06-23 08:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVEX15.SYS
2009-07-03 23:14 . 2009-06-23 08:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVENG.SYS
2009-07-03 23:14 . 2009-06-23 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVENG32.DLL
2009-07-03 23:14 . 2009-06-23 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\EECTRL.SYS
2009-07-03 23:14 . 2009-06-23 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\ECMSVR32.DLL
2009-07-03 23:14 . 2009-06-23 08:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\ERASER.SYS
2009-07-03 23:14 . 2009-06-23 08:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\CCERASER.DLL
2009-07-03 03:10 . 2009-07-03 03:10 -------- d-----w- c:\program files\ERUNT
2009-06-30 23:52 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll
2009-06-30 23:52 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys
2009-06-30 23:52 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys
2009-06-30 23:52 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll
2009-06-30 23:52 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys
2009-06-25 06:53 . 2009-06-25 06:53 -------- d--h--w- c:\windows\PIF
2009-06-24 07:48 . 2009-06-24 07:48 -------- d-----r- c:\program files\Norton Support
2009-06-24 07:46 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-24 07:46 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.sys
2009-06-24 07:46 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-24 07:46 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-24 07:46 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvia64.sys
2009-06-24 07:26 . 2009-06-24 07:26 -------- d-----w- c:\documents and settings\RW\Local Settings\Application Data\Symantec
2009-06-24 05:39 . 2009-06-24 05:39 -------- d-----w- c:\program files\NortonInstaller
2009-06-24 05:39 . 2009-06-24 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-24 05:04 . 2009-06-24 05:04 -------- d-----w- c:\program files\Trend Micro
2009-06-10 12:45 . 2009-06-10 12:45 33856 ----a-w- c:\windows\system32\drivers\etpde65.sys
2009-06-06 10:17 . 2009-06-06 10:17 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-06 10:17 . 2009-06-25 01:37 -------- d-----w- C:\Digital Pictures
2009-06-06 10:17 . 2009-06-06 10:17 -------- d-----w- C:\Mary Graduation pics
2009-06-06 10:17 . 2009-06-06 10:17 -------- d-----w- C:\Hot Flashes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 21:05 . 2007-02-04 20:38 -------- d-----w- c:\documents and settings\RW\Application Data\Skype
2009-07-03 06:05 . 2007-02-13 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-24 05:42 . 2009-06-24 05:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-24 05:41 . 2007-01-30 08:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-24 05:40 . 2009-06-24 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-24 05:40 . 2009-06-24 05:40 -------- d-----w- c:\program files\Symantec
2009-06-24 05:40 . 2009-06-24 05:40 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-24 05:40 . 2009-06-24 05:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-24 05:40 . 2009-06-24 05:40 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-24 05:40 . 2009-06-24 05:40 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-24 05:39 . 2009-06-24 05:40 35888 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-24 05:39 . 2009-06-24 05:39 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-24 05:39 . 2009-06-24 05:39 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-24 05:39 . 2009-06-24 05:39 288104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CPDOEM\CPDOEM.dll
2009-06-24 05:39 . 2009-06-24 05:39 791920 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-24 05:39 . 2009-06-24 05:39 -------- d-----w- c:\program files\Norton AntiVirus
2009-06-24 05:39 . 2009-06-24 05:39 -------- d-----w- c:\program files\Windows Sidebar
2009-06-24 04:19 . 2007-02-13 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 03:56 . 2009-06-02 03:56 -------- d-----w- c:\program files\Safer Networking
2009-06-02 01:22 . 2007-01-09 10:52 79032 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 00:02 . 2009-06-01 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\16916404
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-09 20480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-29 25370152]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-06 136600]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-01-09 26112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-07 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"EPSON Stylus Photo R250 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE" [2005-04-25 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-01 155648]
"HP Network Registry Agent"="c:\windows\system32\hpnra.exe" [2000-10-26 49152]
"HP Status"="c:\windows\system32\hpstatus.exe" [2002-03-04 106496]
"HPLJ Config"="c:\program files\Hewlett-Packard\CLJ2500\SetConfig.exe" [2002-01-28 24576]
"HP Proxy Server"="c:\program files\Hewlett-Packard\ProxyService\ProxyService.lnk" [2007-03-14 888]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-02-26 2162688]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-15 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\hpbspsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1000000.07D\SymEFA.sys [6/24/2009 3:39 PM 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [6/24/2009 3:39 PM 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1000000.07D\ccHPx86.sys [6/24/2009 3:39 PM 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys [7/1/2009 9:52 AM 276344]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/23/2009 6:00 PM 101936]
S1 etpde65;etpde65;c:\windows\system32\drivers\etpde65.sys [6/10/2009 10:45 PM 33856]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [1/30/2007 6:02 PM 57744]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [1/30/2007 6:03 PM 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [1/30/2007 6:03 PM 93328]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [3/12/2007 11:00 AM 155648]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [11/19/2007 5:06 PM 164480]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [11/19/2007 5:06 PM 140672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-07-05 c:\windows\Tasks\User_Feed_Synchronization-{FF301D7E-380D-484C-8D3F-4D6686D978DF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 00:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070109
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://furano.miemasu.net:86/SysCamInst.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 07:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-792168025-4015722930-3137413640-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\BRSS01A.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\hpb2ksrv.exe
c:\windows\system32\hpbhksrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\stacsv.exe
c:\windows\system32\PAStiSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\CNAB3RPK.EXE
c:\windows\system32\dllhost.exe
c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Digital Line Detect\DLG.exe
c:\windows\system32\hpbspsvr.exe
c:\windows\system32\hpbjdsnt.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-07-05 7:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-05 21:33

Pre-Run: 28,115,460,096 bytes free
Post-Run: 28,018,970,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

248 --- E O F --- 2009-07-05 14:13
 
Dear Blade81,
It seems weird that a guy in Finland is helping a guy in Jakarta, Indonesia. Makes the world seem very small.

This post is concerning your request for a report entitled New dds.txt log.

I presume that you wanted me to re-run DDS and post the new log. Here it is, with my apologies if I have misunderstood:

DDS (Ver_09-06-26.01) - NTFSx86
Run by RW at 14:01:45.25 on Mon 07/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.546 [GMT 10:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\hpb2ksrv.exe
C:\WINDOWS\system32\hpbhksrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
svchost.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hpnra.exe
C:\WINDOWS\system32\hpstatus.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\WINDOWS\system32\HPBSPSVR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\HPBJDSNT.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\RW\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070109
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.0.0.125\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: BigPond Wireless Broadband 2.0 Auto Dial: {db92ec3f-697d-4c3b-9a3b-3abbd23d4a85} - c:\program files\telstra\bigpond wireless broadband 2.0\bpwbb2ad.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [EPSON Stylus Photo R250 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAHP.EXE /P30 "EPSON Stylus Photo R250 Series" /O6 "USB001" /M "Stylus Photo R250"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Network Registry Agent] c:\windows\system32\hpnra.exe
mRun: [HP Status] c:\windows\system32\hpstatus.exe
mRun: [HPLJ Config] c:\program files\hewlett-packard\clj2500\SetConfig.exe
mRun: [HP Proxy Server] c:\program files\hewlett-packard\proxyservice\ProxyService.lnk
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [BigPondWirelessBroadbandCM] "c:\program files\telstra\bigpond wireless broadband 2.0\BigPond_CM.exe" -tsr
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://furano.miemasu.net:86/SysCamInst.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1000000.07d\SymEFA.sys [2009-6-24 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1000000.07d\BHDrvx86.sys [2009-6-24 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1000000.07d\ccHPx86.sys [2009-6-24 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090625.003\IDSXpx86.sys [2009-7-1 276344]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.0.0.125\ccSvcHst.exe [2009-6-24 115560]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-23 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090705.003\NAVENG.SYS [2009-7-6 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090705.003\NAVEX15.SYS [2009-7-6 876144]
S1 etpde65;etpde65;c:\windows\system32\drivers\etpde65.sys [2009-6-10 33856]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2007-1-30 57744]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2007-1-30 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2007-1-30 93328]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2007-3-12 155648]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [2007-11-19 164480]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2007-11-19 140672]

=============== Created Last 30 ================

2009-07-06 07:28 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-06 06:44 <DIR> a-dshr-- C:\cmdcons
2009-07-06 06:41 161,792 a------- c:\windows\SWREG.exe
2009-07-06 06:41 155,136 a------- c:\windows\PEV.exe
2009-07-06 06:41 98,816 a------- c:\windows\sed.exe
2009-06-25 16:53 <DIR> --d-h--- c:\windows\PIF
2009-06-24 17:48 <DIR> --d--r-- c:\program files\Norton Support
2009-06-24 15:40 35,888 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-24 15:40 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-24 15:40 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-24 15:40 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-24 15:40 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-24 15:40 <DIR> --d----- c:\program files\Symantec
2009-06-24 15:40 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-24 15:39 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-06-24 15:39 <DIR> --d----- c:\program files\Norton AntiVirus
2009-06-24 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-24 15:39 <DIR> --d----- c:\program files\NortonInstaller
2009-06-24 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-24 15:04 <DIR> --d----- c:\program files\Trend Micro
2009-06-10 22:45 33,856 a------- c:\windows\system32\drivers\etpde65.sys
2009-06-06 20:17 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-06 20:17 <DIR> --d----- C:\Digital Pictures
2009-06-06 20:17 <DIR> --d----- C:\Mary Graduation pics
2009-06-06 20:17 <DIR> --d----- C:\Hot Flashes

==================== Find3M ====================

2007-01-31 08:48 124 a------- c:\docume~1\rw\applic~1\wklnhst.dat
2008-11-22 11:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat

============= FINISH: 14:02:42.18 ===============
 
It occurred to me that you might also want to know what effect running ComboFix had on my computer. Unfortunately it still has a major problem with continuously writing to disk.
 
Hi,

Windows has tried to install some updates. Please disable updates until we've got the system clean.


Uninstall these:
Ad-Aware SE Personal <-- not supported anymore, get Ad-Aware AE here
Adobe Flash Player ActiveX <-- outdated, get the latest one here



Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Driver::
etpde65

DDS::
uInternet Settings,ProxyOverride = <local>

DirLook::
c:\documents and settings\All Users\Application Data\16916404

File::
c:\windows\system32\drivers\etpde65.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=-
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=-
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one (9.1 + update 9.1.2 for it) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.


It seems weird that a guy in Finland is helping a guy in Jakarta, Indonesia. Makes the world seem very small.
Click to expand...
Yes, the world is pretty small indeed :laugh:
 
Dear Blade81,

I've done everything you suggested. You will find the ComboFix and Kaspersky logs posted below. The Kaspersky scan took 8 hours! Note on the Kaspersky report it identified an object called cuteFTP. This is actually a useful tool that I sometimes use. Hope it is not a problem.

Thanks and regards,

Mirrabooka

ComboFix 09-07-05.01 - RW 07/07/2009 10:17.2 - NTFSx86
Running from: c:\documents and settings\RW\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\RW\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\etpde65.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etpde65.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_etpde65


((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-06 23:43 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090703.001\Scxpx86.dll
2009-07-06 23:43 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090703.001\IDSxpx86.sys
2009-07-06 23:43 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090703.001\IDSxpx86.dll
2009-07-06 23:43 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090703.001\IDSvix86.sys
2009-07-06 23:43 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090703.001\IDSvia64.sys
2009-07-06 06:22 . 2009-06-23 08:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\NAVENG.SYS
2009-07-06 06:22 . 2009-06-23 08:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\NAVEX15.SYS
2009-07-06 06:22 . 2009-06-23 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\EECTRL.SYS
2009-07-06 06:22 . 2009-06-23 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\ECMSVR32.DLL
2009-07-06 06:22 . 2009-06-23 08:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\CCERASER.DLL
2009-07-06 06:22 . 2009-06-23 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\NAVENG32.DLL
2009-07-06 06:22 . 2009-06-23 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\NAVEX32A.DLL
2009-07-06 06:22 . 2009-06-23 08:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090705.020\ERASER.SYS
2009-07-03 23:14 . 2009-06-23 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVEX32A.DLL
2009-07-03 23:14 . 2009-06-23 08:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVEX15.SYS
2009-07-03 23:14 . 2009-06-23 08:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVENG.SYS
2009-07-03 23:14 . 2009-06-23 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\NAVENG32.DLL
2009-07-03 23:14 . 2009-06-23 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\EECTRL.SYS
2009-07-03 23:14 . 2009-06-23 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\ECMSVR32.DLL
2009-07-03 23:14 . 2009-06-23 08:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\ERASER.SYS
2009-07-03 23:14 . 2009-06-23 08:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.023\CCERASER.DLL
2009-07-03 03:10 . 2009-07-03 03:10 -------- d-----w- c:\program files\ERUNT
2009-06-30 23:52 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll
2009-06-30 23:52 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys
2009-06-30 23:52 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys
2009-06-30 23:52 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll
2009-06-30 23:52 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys
2009-06-25 06:53 . 2009-06-25 06:53 -------- d--h--w- c:\windows\PIF
2009-06-24 07:48 . 2009-06-24 07:48 -------- d-----r- c:\program files\Norton Support
2009-06-24 07:46 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-24 07:46 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.sys
2009-06-24 07:46 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-24 07:46 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-24 07:46 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvia64.sys
2009-06-24 07:26 . 2009-06-24 07:26 -------- d-----w- c:\documents and settings\RW\Local Settings\Application Data\Symantec
2009-06-24 05:39 . 2009-06-24 05:39 -------- d-----w- c:\program files\NortonInstaller
2009-06-24 05:39 . 2009-06-24 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-24 05:04 . 2009-06-24 05:04 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 23:43 . 2007-02-04 20:38 -------- d-----w- c:\documents and settings\RW\Application Data\Skype
2009-07-06 23:40 . 2007-02-10 08:49 -------- d-----w- c:\program files\Lavasoft
2009-07-06 23:40 . 2007-02-10 08:50 -------- d-----w- c:\documents and settings\RW\Application Data\Lavasoft
2009-07-03 06:05 . 2007-02-13 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-24 05:42 . 2009-06-24 05:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-24 05:41 . 2007-01-30 08:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-24 05:40 . 2009-06-24 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-24 05:40 . 2009-06-24 05:40 -------- d-----w- c:\program files\Symantec
2009-06-24 05:40 . 2009-06-24 05:40 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-24 05:40 . 2009-06-24 05:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-24 05:40 . 2009-06-24 05:40 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-24 05:40 . 2009-06-24 05:40 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-24 05:39 . 2009-06-24 05:40 35888 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-24 05:39 . 2009-06-24 05:39 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-24 05:39 . 2009-06-24 05:39 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-24 05:39 . 2009-06-24 05:39 288104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CPDOEM\CPDOEM.dll
2009-06-24 05:39 . 2009-06-24 05:39 791920 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-24 05:39 . 2009-06-24 05:39 -------- d-----w- c:\program files\Norton AntiVirus
2009-06-24 05:39 . 2009-06-24 05:39 -------- d-----w- c:\program files\Windows Sidebar
2009-06-24 04:19 . 2007-02-13 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 03:56 . 2009-06-02 03:56 -------- d-----w- c:\program files\Safer Networking
2009-06-02 01:22 . 2007-01-09 10:52 79032 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 00:02 . 2009-06-01 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\16916404
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\16916404 ----

2009-06-01 14:44 . 2009-06-01 14:47 0 ----a-w- c:\documents and settings\All Users\Application Data\16916404\pc16916404ins
2009-06-01 14:44 . 2009-06-01 14:44 56 ----a-w- c:\documents and settings\All Users\Application Data\16916404\pc16916404cnf
2009-06-01 12:26 . 2009-06-01 12:26 64784 ----a-w- c:\documents and settings\All Users\Application Data\16916404\16916404.glu


((((((((((((((((((((((((((((( SnapShot@2009-07-05_21.03.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-07 00:34 . 2009-07-07 00:34 16384 c:\windows\Temp\Perflib_Perfdata_3cc.dat
+ 2009-07-07 00:34 . 2009-07-07 00:34 16384 c:\windows\Temp\Perflib_Perfdata_368.dat
+ 2009-07-06 23:56 . 2009-07-06 23:56 16384 c:\windows\Temp\Perflib_Perfdata_108.dat
+ 2007-05-20 01:11 . 2009-07-06 23:46 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-09-15 03:22 . 2008-09-15 03:22 59719 c:\windows\system32\Macromed\Download\Install.exe
+ 2008-09-15 20:21 . 2008-09-15 20:21 67984 c:\windows\system32\Macromed\Download\Download.exe
- 2007-01-17 03:31 . 2009-07-05 21:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-01-17 03:31 . 2009-07-06 23:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-01-17 03:31 . 2009-07-05 21:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-01-17 03:31 . 2009-07-06 23:55 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2008-09-15 03:22 . 2008-09-15 03:22 112016 c:\windows\system32\Macromed\Download\Download.dll
- 2007-01-17 03:31 . 2009-07-05 21:01 720896 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-01-17 03:31 . 2009-07-06 23:55 720896 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-09 20480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-29 25370152]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-06 136600]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-01-09 26112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-07 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"EPSON Stylus Photo R250 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE" [2005-04-25 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-01 155648]
"HP Network Registry Agent"="c:\windows\system32\hpnra.exe" [2000-10-26 49152]
"HP Status"="c:\windows\system32\hpstatus.exe" [2002-03-04 106496]
"HPLJ Config"="c:\program files\Hewlett-Packard\CLJ2500\SetConfig.exe" [2002-01-28 24576]
"HP Proxy Server"="c:\program files\Hewlett-Packard\ProxyService\ProxyService.lnk" [2007-03-14 888]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-02-26 2162688]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-15 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-9 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\hpbspsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1000000.07D\SymEFA.sys [6/24/2009 3:39 PM 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [6/24/2009 3:39 PM 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1000000.07D\ccHPx86.sys [6/24/2009 3:39 PM 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys [7/1/2009 9:52 AM 276344]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [6/24/2009 3:39 PM 115560]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/23/2009 6:00 PM 101936]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [1/30/2007 6:02 PM 57744]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [1/30/2007 6:03 PM 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [1/30/2007 6:03 PM 93328]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [3/12/2007 11:00 AM 155648]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [11/19/2007 5:06 PM 164480]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [11/19/2007 5:06 PM 140672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\User_Feed_Synchronization-{FF301D7E-380D-484C-8D3F-4D6686D978DF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 00:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070109
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://furano.miemasu.net:86/SysCamInst.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 10:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-792168025-4015722930-3137413640-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\BRSS01A.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\hpb2ksrv.exe
c:\windows\system32\hpbhksrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\stacsv.exe
c:\windows\system32\PAStiSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\CNAB3RPK.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\windows\system32\hpbspsvr.exe
c:\windows\system32\hpbjdsnt.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-07-07 10:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 00:44
ComboFix2.txt 2009-07-05 21:34

Pre-Run: 27,648,819,200 bytes free
Post-Run: 27,632,254,976 bytes free

246 --- E O F --- 2009-07-06 14:10

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, July 7, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, July 07, 2009 04:27:39
Records in database: 2434657
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 195245
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 08:31:16


File name / Threat name / Threats count
C:\Bin\cute3532.exe Infected: not-a-virus:AdWare.Win32.Aureate 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_etpde65_.sys.zip Infected: Rootkit.Win32.Agent.lok 1

The selected area was scanned.
 
The Kaspersky scan took 8 hours! Note on the Kaspersky report it identified an object called cuteFTP. This is actually a useful tool that I sometimes use. Hope it is not a problem.
Click to expand...
Hi,

Yes, the scan may take longer sometimes. We may leave cuteFTP alone.

Delete c:\documents and settings\All Users\Application Data\16916404 folder.

How's the system running now?
 
Unfortunately still having trouble. The system started up OK but after a few minutes it started writing continuously to disk again with the result that the programs I was trying to run (Outlook, Excel etc) slowed to zero. Any ideas?
 
Please post a fresh dds log (both dds.txt and attach.txt).
 
As requested. Hope this helps

DDS (Ver_09-06-26.01) - NTFSx86
Run by RW at 21:51:34.14 on Wed 07/08/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.528 [GMT 10:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
svchost.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Documents and Settings\RW\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070109
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: BigPond Wireless Broadband 2.0 Auto Dial: {db92ec3f-697d-4c3b-9a3b-3abbd23d4a85} - c:\program files\telstra\bigpond wireless broadband 2.0\bpwbb2ad.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [EPSON Stylus Photo R250 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAHP.EXE /P30 "EPSON Stylus Photo R250 Series" /O6 "USB001" /M "Stylus Photo R250"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [BigPondWirelessBroadbandCM] "c:\program files\telstra\bigpond wireless broadband 2.0\BigPond_CM.exe" -tsr
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://furano.miemasu.net:86/SysCamInst.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1005000.086\SymEFA.sys [2009-7-8 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-7-8 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-7-8 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090707.001\IDSxpx86.sys [2009-7-8 276344]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.5.0.134\ccSvcHst.exe [2009-7-8 115560]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-23 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090706.032\naveng.sys [2009-7-6 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090706.032\navex15.sys [2009-7-6 876144]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2007-1-30 57744]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2007-1-30 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2007-1-30 93328]
S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2007-3-12 155648]
S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [2007-11-19 164480]
S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2007-11-19 140672]

=============== Created Last 30 ================

2009-07-07 12:39 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-06 07:28 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-07-06 06:44 <DIR> a-dshr-- C:\cmdcons
2009-07-06 06:41 161,792 a------- c:\windows\SWREG.exe
2009-07-06 06:41 155,136 a------- c:\windows\PEV.exe
2009-07-06 06:41 98,816 a------- c:\windows\sed.exe
2009-06-25 16:53 <DIR> --d-h--- c:\windows\PIF
2009-06-24 17:48 <DIR> --d--r-- c:\program files\Norton Support
2009-06-24 15:40 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-24 15:40 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-24 15:40 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-24 15:40 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-24 15:40 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-24 15:40 <DIR> --d----- c:\program files\Symantec
2009-06-24 15:40 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-24 15:39 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-06-24 15:39 <DIR> --d----- c:\program files\Norton AntiVirus
2009-06-24 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-24 15:39 <DIR> --d----- c:\program files\NortonInstaller
2009-06-24 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-24 15:04 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-07-07 12:38 410,984 a------- c:\windows\system32\deploytk.dll
2007-01-31 08:48 124 a------- c:\docume~1\rw\applic~1\wklnhst.dat
2008-11-22 11:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112220081123\index.dat

============= FINISH: 21:51:44.32 ===============

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/17/2007 2:35:26 PM
System Uptime: 7/8/2009 9:35:29 PM (0 hours ago)

Motherboard: Dell Inc. | | 0RT486
Processor: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz | Microprocessor | 1830/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 25.552 GiB free.
D: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3C74D038424FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3C74D038424FC000
Service: NIC1394

==== System Restore Points ===================

RP1: 7/5/2009 8:02:02 PM - System Checkpoint
RP2: 7/6/2009 12:11:01 AM - Software Distribution Service 3.0
RP3: 7/6/2009 8:00:52 AM - Software Distribution Service 3.0
RP4: 7/6/2009 9:08:36 AM - Software Distribution Service 3.0
RP5: 7/6/2009 3:03:37 PM - Software Distribution Service 3.0
RP6: 7/7/2009 12:07:45 AM - Software Distribution Service 3.0
RP7: 7/7/2009 10:46:53 AM - Removed Adobe Reader 8.1.5
RP8: 7/7/2009 11:03:55 AM - Installed Adobe Reader 9.1.
RP9: 7/7/2009 12:23:46 PM - Removed J2SE Runtime Environment 5.0 Update 11
RP10: 7/7/2009 12:25:42 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP11: 7/7/2009 12:29:55 PM - Removed Java(TM) 6 Update 11
RP12: 7/7/2009 12:30:49 PM - Removed Java(TM) 6 Update 5
RP13: 7/7/2009 12:31:46 PM - Removed Java(TM) 6 Update 7
RP14: 7/7/2009 12:38:36 PM - Installed Java(TM) 6 Update 14

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2
ArcSoft PhotoStudio 5.5
BigPond Wireless Broadband 2.10.5
BlackBerry Desktop Software 4.3
Broadcom Management Programs
Canon iP1300
Canon iP4200
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
DataView
Dell Support 3.2.1
Dell System Restore
Digital Line Detect
doPDF 5.3 printer
EPSON Easy Photo Print
EPSON Printer Software
ERUNT 1.1j
ESPR250 User's Guide
ffvfw (uninstall only)
FLV Player 2.0, build 23
GemMaster Mystic
Google Desktop
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 14
MapInfo Professional 8.5
mCore
MCU
mDrWiFi
MediaDirect
MetaFrame Presentation Server Web Client for Win32
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Works
mIWA
Mixer
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
Norton AntiVirus
OutlookAddinSetup
Petrosys 15.3 for Windows
PetroView
PetroView MapInfo
QuickSet
QuickTime
RealPlayer Basic
Roxio DLA
Roxio Media Manager
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
RunAlyzer
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sentinel Protection Installer 7.2.2
Skype 3.0
Skype add-on for IE
Skype Plugin Manager
Sonic Encoders
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB Demo
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Synaptics Pointing Device Driver
Telstra ISDN Setup Program
The KINGDOM Software 8.0 (32-bit)
Ulead VideoStudio 8.0 SE DVD
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VGA USB Camera
Viewpoint Media Player (Remove Only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

7/8/2009 5:23:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IDSxpx86
7/7/2009 9:58:19 AM, error: System Error [1003] - Error code 10000050, parameter1 e161c000, parameter2 00000000, parameter3 8053bab2, parameter4 00000001.
7/7/2009 12:10:32 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/7/2009 12:10:22 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/7/2009 12:10:10 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/7/2009 12:09:57 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/7/2009 12:09:04 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/6/2009 9:10:54 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/6/2009 9:10:45 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/6/2009 9:10:33 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/6/2009 9:09:52 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/6/2009 8:02:57 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/6/2009 8:02:47 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/6/2009 8:02:41 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/6/2009 8:02:33 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/6/2009 8:02:02 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/6/2009 6:58:58 AM, error: PlugPlayManager [11] - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
7/6/2009 6:50:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
7/6/2009 3:05:48 PM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/6/2009 3:05:39 PM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/6/2009 3:05:32 PM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/6/2009 3:05:24 PM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/6/2009 3:04:54 PM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/6/2009 12:12:59 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/6/2009 12:12:51 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/6/2009 12:12:44 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/6/2009 12:12:36 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/6/2009 12:12:05 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/5/2009 8:11:08 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
7/4/2009 9:31:09 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/4/2009 9:30:58 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/4/2009 9:30:45 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/4/2009 9:30:33 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/4/2009 9:29:28 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/4/2009 9:09:27 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/4/2009 9:09:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
7/4/2009 9:00:19 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0019D200119E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/3/2009 9:40:52 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Windows Genuine Advantage Validation Tool (KB892130).
7/3/2009 9:40:47 AM, error: WGA [4379] - Windows XP Hotfix KB892130 installation failed.
Failed to add registry entry.
7/3/2009 8:19:53 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0019D200119E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/3/2009 3:01:50 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/3/2009 3:01:42 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/3/2009 3:01:35 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/3/2009 3:01:26 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/3/2009 3:00:53 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/3/2009 11:34:05 AM, error: Service Control Manager [7022] - The DCOM Server Process Launcher service hung on starting.
7/3/2009 10:27:56 PM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/3/2009 10:27:50 PM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/3/2009 10:27:42 PM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/3/2009 10:27:32 PM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/3/2009 10:27:03 PM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/2/2009 9:25:40 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Security Update for Windows XP (KB961501).
7/2/2009 9:24:35 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/2/2009 9:24:14 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Update Rollup for ActiveX Killbits for Windows XP (KB969898).
7/2/2009 9:24:09 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/2/2009 9:23:53 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Security Update for Windows XP (KB970238).
7/2/2009 9:23:48 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/2/2009 9:23:23 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Cumulative Security Update for Internet Explorer 7 for Windows XP (KB969897).
7/2/2009 9:23:17 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/2/2009 9:21:20 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f01f: Security Update for Windows XP (KB968537).
7/2/2009 9:21:12 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/2/2009 5:22:19 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0019D200119E has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
7/2/2009 2:16:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DCOM Server Process Launcher service to connect.
7/2/2009 2:16:14 PM, error: Service Control Manager [7000] - The Microsoft ASPI Manager service failed to start due to the following error: The system cannot find the file specified.
7/2/2009 2:16:14 PM, error: Service Control Manager [7000] - The DCOM Server Process Launcher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/2/2009 2:14:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/2/2009 2:14:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/2/2009 2:08:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SYMTDI Tcpip
7/2/2009 2:08:50 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/2/2009 2:08:50 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/2/2009 2:08:50 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/2/2009 2:08:50 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/2/2009 10:03:10 PM, error: Dhcp [1002] - The IP address lease 192.168.0.106 for the Network Card with network address 0019D200119E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/1/2009 12:37:00 AM, error: NtServicePack [4379] - Windows XP Hotfix KB961501 installation failed.
KB961501 installation did not complete.
7/1/2009 12:36:52 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969898 installation failed.
KB969898 installation did not complete.
7/1/2009 12:36:45 AM, error: NtServicePack [4379] - Windows XP Hotfix KB970238 installation failed.
KB970238 installation did not complete.
7/1/2009 12:36:35 AM, error: NtServicePack [4379] - Windows XP Hotfix KB969897-IE7 installation failed.
KB969897 installation did not complete.
7/1/2009 12:36:05 AM, error: NtServicePack [4379] - Windows XP Hotfix KB968537 installation failed.
KB968537 installation did not complete.
7/1/2009 11:35:15 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

==== End Of File ===========================
 
Hi,

I'm not sure but writing to disk may be related to those hot fixes that have failed to get installed according to the error log. How have you set the updates to be installed in Windows security center settings (can be checked in security center in control panel)?
 
Ok. Let's run one more scanner before doing anything else.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.
 
Malwarebytes' Anti-Malware 1.38
Database version: 2392
Windows 5.1.2600 Service Pack 3

7/9/2009 12:30:28 AM
mbam-log-2009-07-09 (00-30-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 186368
Time elapsed: 45 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\start menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
 
I started my computer this morning with Norton and Windows Update disabled. It seemed to be working fine. I then turned on Windows Update and allowed automatic updates. It installed all updates other than Internet Explorer 8, which I declined to install.

I then enabled Norton. The system continued to work OK until I attempted to look at the history. At that point the computer commenced writing to disk continuously and froze all the running programs, including Norton itself. I then rebooted the computer and it seemed to be working fine. No excessive writing to disk and no freeze ups, although I didn't try to open the history again. After about 30 minutes I was talking on Skype to my head office when the computer started writing continually to disk again and Skype froze up. I managed to close Skype after about 5 minutes and the computer has started working again, albeit slower than normal.

Any ideas?
 
Hi,

Remaining problem doesn't look like malware thing. Have you defragged hard drive lately?

Please follow instructions here to check disk for errors. After that run defragger like Jkdefrag for example.
 
I don't recall ever defragging this computer so I will try it.

Since my last post I have been able to work on the machine OK, writing a report in Word and receiving and sending emails. It seemed fine for a few hours then all of a sudden it started writing to disk again, freezing up Word and Outlook. I just had Word and Outlook open, no browser window. After a while a message window came up saying "Volume control not responding" and then another window saying "Windows ended the non-responsive program CTSVolFE.exe, do you want to send an error report" I was typing in word at the time and can't recall touching anything to do with volume control. After 10 minutes and a cup of coffee (local Java - very good) it all went back to normal. Any idea what this might mean?

I'll do a defrag anyway and let you know how it works out.

Regards,
M
 
You must log in or register to reply here.
Back
Top