Solved WinXp Control Panel/Settings Problem

andrewsauce32 · 2009/06/23

[Resolved] WinXp Control Panel/Settings Problem

Hello All! I am posting the logs that were requested earlier in my other post.
(link: http://www.windowsbbs.com/windows-xp/85072-winxp-control-panel-settings-problem.html)
I think it was Broni that requested them... Anyway, here are the logs.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Andrew at 21:01:33.42 on Tue 06/23/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.257 [GMT -4:00]

AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [Ink Monitor] c:\program files\epson\ink monitor\InkMonitor.exe
mRun: [nwiz] nwiz.exe /install
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
dRun: [Symantec Network Driver Update Warning] c:\progra~1\symantec\liveup~1\SNDWarn.EXE
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1.lnk - c:\program files\panasonic\videocamsuite\VideoCamSuiteAutoStart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} - hxxp://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2006-1-11 192104]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2006-1-11 202344]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2006-1-11 169576]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-12-19 54968]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-10 1251720]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2006-2-5 139888]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070201.020\NAVENG.Sys [2007-2-1 80472]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070201.020\NavEx15.Sys [2007-2-1 852600]
S3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-12-19 337592]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-12-19 198416]

=============== Created Last 30 ================

==================== Find3M ====================

2009-06-22 17:47 36,884 a------- c:\windows\DIIUnin.dat
2009-06-22 17:46 43,520 a------- c:\windows\system32\CmdLineExt03.dll

============= FINISH: 21:02:22.82 ===============
DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/12/2003 9:31:53 PM
System Uptime: 6/23/2009 9:47:48 AM (12 hours ago)

Motherboard: Dell Computer Corporation | | Dimension 8200
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Microprocessor | 1993/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 49.699 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_0EE09004&REV_02\4&19FD8D60&0&3AF0
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_0EE09004&REV_02\4&19FD8D60&0&3AF0
Service:

==== System Restore Points ===================

RP1459: 3/26/2009 1:59:55 PM - System Checkpoint
RP1460: 4/1/2009 4:48:11 PM - System Checkpoint
RP1461: 4/2/2009 8:25:15 PM - System Checkpoint
RP1462: 4/7/2009 1:56:05 PM - System Checkpoint
RP1463: 4/9/2009 9:32:32 PM - System Checkpoint
RP1464: 4/13/2009 4:16:56 PM - System Checkpoint
RP1465: 4/15/2009 4:38:56 PM - System Checkpoint
RP1466: 4/17/2009 1:14:51 PM - System Checkpoint
RP1467: 4/18/2009 9:26:49 PM - System Checkpoint
RP1468: 4/20/2009 4:31:09 PM - System Checkpoint
RP1469: 4/21/2009 5:28:34 PM - System Checkpoint
RP1470: 4/24/2009 11:07:37 PM - System Checkpoint
RP1471: 4/26/2009 3:04:15 PM - System Checkpoint
RP1472: 4/27/2009 7:27:31 PM - System Checkpoint
RP1473: 4/29/2009 4:25:15 PM - System Checkpoint
RP1474: 5/10/2009 5:40:25 PM - System Checkpoint
RP1475: 5/12/2009 8:36:39 PM - System Checkpoint
RP1476: 5/14/2009 4:08:38 PM - System Checkpoint
RP1477: 5/15/2009 4:14:06 PM - System Checkpoint
RP1478: 5/21/2009 7:09:25 PM - System Checkpoint
RP1479: 5/30/2009 1:38:05 PM - System Checkpoint
RP1480: 6/9/2009 5:57:44 PM - System Checkpoint
RP1481: 6/10/2009 7:02:47 PM - System Checkpoint
RP1482: 6/19/2009 12:04:49 PM - System Checkpoint
RP1483: 6/20/2009 4:03:45 PM - System Checkpoint
RP1484: 6/22/2009 2:36:50 PM - System Checkpoint
RP1485: 6/23/2009 3:39:12 PM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 4.0 Sprint
Acrobat.com
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe PhotoDeluxe Home Edition 4.0
Adobe Reader 9
Adobe Shockwave Player
CC_ccProxyExt
ccCommon
ccPxyCore
Click'N Design 3D
Dell ResourceCD
Diablo
Diablo II
Easy CD Creator 5 Basic
EPSON Printer Software
Family Tree Maker
Google Gmail Notifier
Google Toolbar for Internet Explorer
Hero Editor V0.96
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Ink Monitor
Intel A/V Codecs V2.0
Kazoo Player
LiveUpdate 3.0 (Symantec Corporation)
MAGIX music maker 7
Mavis Beacon Teaches Typing 16
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft Picture It! Photo Premium 7.0
Microsoft Web Publishing Wizard 1.52
Microsoft XML Parser
Modem User Guide
MSRedist
MUSICMATCH Jukebox
Netscape Communicator 4.79
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
Oblivion
Paint Shop Pro 7
PaperPort 8.0
PhoneTools
PowerDVD
Print Workshop 2004
PrintMaster 12
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
SoundMAX
SPBBC
SymNet
The Print Shop 12
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoCam Suite
VideoCam Suite 1.0
Warcraft III
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/19/2009 9:17:27 PM, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: Access is denied.
6/19/2009 9:16:15 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/19/2009 12:24:58 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{15BDE7BB-F888-4C81-B144-9BC5BEAF9A66} because another computer on the network has the same name. The server could not start.
6/19/2009 12:21:57 PM, error: DM9102 [5002] - CNet PRO200WL PCI Fast Ethernet Adapter : Has determined that the adapter is not functioning properly.
6/19/2009 10:30:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Norton AntiVirus Auto-Protect Service service to connect.
6/19/2009 10:30:31 PM, error: Service Control Manager [7000] - The Norton AntiVirus Auto-Protect Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

broni · 2009/06/23

Do you want to get rid of Norton right now?
AV part is listed as disabled anyway.
Does the computer have internet connection working?

andrewsauce32 · 2009/06/24

Erm, yeah, the computer has an internet connection. And, yeah, I would like to uninstall Norton ASAP, but since I cant do Add/Remove Programs, and cant find a "Norton Uninstall" anywhere, im not exactly sure how to do it.

broni · 2009/06/24

OK, let's wait with Norton for a moment.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

andrewsauce32 · 2009/06/24

Ok, here is the log from ComboFix Broni!

ComboFix 09-06-23.01 - Andrew 06/24/2009 20:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.289 [GMT -4:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AntiSpywareMaster

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-24 03:28 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-24 03:28 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-24 03:28 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-24 03:28 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-24 03:28 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-24 03:28 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-06-24 03:26 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 00:49 . 2003-08-17 21:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-22 21:47 . 2007-11-04 19:13 -------- d-----w- c:\program files\Diablo II
2009-06-22 21:47 . 2007-11-04 19:27 36884 ----a-w- c:\windows\DIIUnin.dat
2009-06-22 21:46 . 2007-11-06 01:29 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-07 15:44 . 2001-08-18 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-01-08 19:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 14:35 . 2008-03-01 04:01 -------- d-----w- c:\documents and settings\Nichole\Application Data\Yahoo!
2009-04-17 09:58 . 2001-08-18 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-05-03 20:58 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2001-08-18 12:00 12800 0F7D9C87B0CE1FA520473119752C6F79 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[7] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2003-09-26 18:51 528896 7C30507D3D251BF5B88048BB2D226DE9 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2002-11-22 17:16 528896 !HASH: ERROR_LOCK_VIOLATION ! c:\windows\$NtUninstallKB824141$\user32.dll
[7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2001-08-18 12:00 561152 BE57A5C3ABD240514B98F6BCA872FB21 c:\windows\$NtUninstallQ328310$\user32.dll
[-] 2003-09-25 16:49 560128 32173306185F603E75C477E117F3BB8D c:\windows\$xpsp1hfm$\KB824141\user32.dll
[7] 2002-11-01 20:26 528896 68E1F4EF02DF52CA9C5E157045D23582 c:\windows\$xpsp1hfm$\Q328310\user32.dll
[7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll

[-] 2001-08-18 12:00 75264 8529C295DF59B564D37A73B5629162B1 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll

[7] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[7] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[7] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[7] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[7] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[7] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[7] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[7] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[7] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2004-01-08 19:23 585216 6626545292428AE1ED5B4237404B346A c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB834707$\wininet.dll
[7] 2004-09-29 18:47 656896 CBA65B573C66FE23F647FF96E3A10994 c:\windows\$NtUninstallKB867282$\wininet.dll
[7] 2005-03-10 08:02 656896 6F018D6319BE4F96426EA829B79E05D5 c:\windows\$NtUninstallKB883939$\wininet.dll
[7] 2005-01-27 17:13 656896 B5E043E440B210014E021B24CF0A72E3 c:\windows\$NtUninstallKB890923$\wininet.dll
[7] 2005-07-03 02:11 658432 5B5FF992C0FA762CCF8655FC290E6E52 c:\windows\$NtUninstallKB896688$\wininet.dll
[7] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB896727$\wininet.dll
[7] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[7] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[7] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[7] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\ie7\wininet.dll
[7] 2006-11-08 02:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3gdr\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3qfe\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\wininet.dll

[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2001-08-18 12:00 327168 E7774698BB0D14B0710A9A31E209F9B6 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[7] 2001-08-18 12:00 429056 C605FFF733AAD029D6B533E609C8A6E6 c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe

[-] 2001-08-18 12:00 161536 3EFD4F59BA0A340DE0A3AB984001DBF7 c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[7] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 20:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2002-12-12 23:09 1902080 21385934893FDAF12A713017B4F66671 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2004-08-04 05:58 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:22 2057728 BA002228743B6824D87F0551DBC86D45 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2001-08-18 12:00 1897856 01FD1F7C82B263F1667A1CEA095756C5 c:\windows\$NtUninstallQ811493$\ntkrnlpa.exe
[7] 2003-04-24 13:57 1949440 46AE6F2D416C39FFDCFC8BCB01203EA3 c:\windows\$xpsp1hfm$\Q811493\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2004-08-04 05:58 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 21:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2002-12-12 23:08 1879936 DB499BE143D626FC8778BE7E18185EB3 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2004-08-04 06:19 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 10:00 2180352 21C91DA9CB53AA8A37041BA9684A8458 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2001-08-18 12:00 1875584 257AAFD1F77990355BB6E83650D52680 c:\windows\$NtUninstallQ811493$\ntoskrnl.exe
[7] 2003-04-24 13:57 1925760 97EC4AB4650DA6FC521CF16F8A6DDCB0 c:\windows\$xpsp1hfm$\Q811493\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2004-08-04 06:19 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2001-08-18 12:00 1000960 5A26FC6010886D25B3E412493DD95ED8 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\explorer.exe

[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2001-08-18 12:00 101376 E3DF4A0252D287C44606EE55355E1623 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\dllcache\services.exe

[-] 2001-08-18 12:00 11776 8A590EA109B5E0C7629E022F8A6B17C5 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2001-08-18 12:00 13312 85B1054DB58D13AA42D7DCA778C30F57 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2001-08-18 12:00 51200 9B4155BA58192D4073082B8FC5D42612 c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[-] 2001-08-18 12:00 21504 585398603F570F9705774D65D292E5D1 c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[7] 2001-08-18 12:00 197632 344784BB9B02891E813260C192F271DE c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll

[7] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2001-08-18 12:00 926720 379B0B31D7F8D2C9F7FF302B454A6C54 c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[7] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2gdr\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2qfe\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\kernel32.dll

[-] 2001-08-18 12:00 14848 865AD7CCB20856727D5BD994B094DC5E c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2001-08-18 12:00 96768 E046037FD5BCDF92CE1A122B749B9B09 c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll

[7] 2001-10-16 14:37 1560576 DC0E27326EA64001B486EBA4DB1A74C9 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2001-08-18 12:00 1562112 !HASH: ERROR_LOCK_VIOLATION ! c:\windows\$NtUninstallQ309521$\sfcfiles.dll
[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll

[-] 2001-08-18 12:00 23424 9C30CD464D87102497FD7C32910E6253 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray "= "c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-02-27 90112]
"AdaptecDirectCD "= "c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"PaperPort PTD "= "c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-02-13 45108]
"IndexSearch "= "c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-02-14 36864]
"Microsoft Works Update Detection "= "c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-10 28672]
"Ink Monitor "= "c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2001-12-07 258118]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-23 52840]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"nwiz "= "nwiz.exe" - c:\windows\system32\nwiz.exe [2003-10-06 741376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert "= "c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2006-05-15 67264]
"Symantec NetDriver Warning "= "c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2008-8-20 161160]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2003-12-23 135680]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2003-8-17 331776]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Debi.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-02-05 16:13]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Symantec Network Driver Update Warning - c:\progra~1\Symantec\LIVEUP~1\SNDWarn.EXE

.
------- Supplementary Scan -------
.
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 20:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe????????3?@???0???4???@}?w8??w???????w.??w??3?????3??w?????????????#?w0????????uW??????????????>?w0 ?w????3??w???g???????g????H?X?8?X?????0???g?W?????2???????J @?|uW??uW??????????????????nX??????WQ?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\l3codecx.acm
.
Completion time: 2009-06-25 20:53
ComboFix-quarantined-files.txt 2009-06-25 00:53

Pre-Run: 52,808,814,592 bytes free
Post-Run: 55,966,449,664 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

350 --- E O F --- 2009-06-24 05:03

broni · 2009/06/24

Hmmm....not much here.

Uninstall Combofix:

Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u "
Restart computer.

Please download DrWeb CureIt (http://www.freedrweb.com/) & save it to your desktop.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe and then click Start. Click OK in a pop-up window allowing Express Scan
o This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the Scan tab and uncheck Heuristic analysis and click OK
* Back at the main window, select the Complete scan button.
* Then click the Green Arrow Start Scanning button on the right and the scan will start.
o Click Yes to all if it asks if you want to cure/move any file(s).
* When the scan is done...
* In the Dr.Web CureIt menu on top left, click File and choose Save report list.
* Save the DrWeb.csv report to your Desktop.
* Exit Dr.Web Cureit.

* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot. Leave the Dr. Web CureIt log on the desktop.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan a pop-up window will appear, asking you to buy a full version. Simply close the pop-up window.

andrewsauce32 · 2009/06/25

Ok Broni, here you go!

05EB15E9;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
05F02673;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0630079D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
06384223;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
066E2559;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
067335E3;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
06AE29A2;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
06BC1503;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
06EC475E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
06FD5CBB;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
07303912;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
076E56CE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
07DA4058;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
08153417;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
085027D6;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
086C029F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
088A1B95;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
08C50F55;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
09032D10;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
091B74AF;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
093E20D0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
09703851;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0979148F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
09B7324B;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
09B85402;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
09F1260A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
09F671BE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0A336DC2;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0A3A6373;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0A6E6182;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0A78012E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0AB61EEA;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0AC9791D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0B046CDC;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0B050E94;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0B420A98;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0B432C50;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0B7D200F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0B7D7E57;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0BB77217;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0BBB3DCB;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0BCE0048;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0BF939CF;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0BFA5B86;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0C0C1E04;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0C344F46;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0C5D37AA;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0C7616FE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0C982B69;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0CB434B9;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0CD97322;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0CF57C72;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0D1B3ADA;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0D307031;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0D557776;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0D595895;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0D6E0DED;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0D963F2E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0DA17446;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0DC67B8C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0DDB30E3;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0DDF1202;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0DE66E97;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0E016F4B;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0E234C94;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0E262DB3;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0E3F0D07;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0E64144C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0E654B6F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0E6C2803;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0E8A52B4;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0E9F3F2E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0EA71571;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0EAC2FFD;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0ECE4469;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0ED8118D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0EDA32ED;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0EE5332D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0EF121B1;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0F093828;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0F1526AD;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0F23573A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0F351366;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0F374CD3;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0F4101EB;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0F501A6C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0F714092;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0F784BAE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0F805913;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0F9B6019;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0FAC3451;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0FC93483;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0FCA6554;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0FCB1EC1;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
0FE72811;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
10080310;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
101D3867;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
101E71D4;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
10351E0C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
104620CB;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
10596593;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
107C79FF;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
107E6A8E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1097034F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
10A10796;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
10BC084A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
10CD13A5;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
10D94B07;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
110079FE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
111768C3;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
11176F14;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
111F2D4B;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
113B6DBE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
11515C82;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
116A72F8;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
11892C96;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
11895D68;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
118C5041;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
11BC0C9E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
11C11DFD;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Beagle.based;Deleted.;
11CA6DFD;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
11E44432;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
11EB48FC;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1204284F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
120F5FB1;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
122966B7;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
125D4F5B;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1261307A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
12715197;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
129F1713;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
129F4E36;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
12D90AD3;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
12DA41F5;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
131435B5;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
13212684;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
13535370;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
135C1A43;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1391712C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
139A37FF;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
13CB64EB;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
13F17282;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
13FF4D8F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
140658AB;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
143D6B4B;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
14651A43;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1475350E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
14A00E02;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
14DA01C1;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
15157580;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1A62003F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1AA447F7;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1ADE3BB6;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1B1C5972;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1B574D31;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1BA212DF;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1BE70493;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1C227853;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1C7311F9;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1CB12FB5;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1D624215;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1DA05FD1;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1DD82994;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1E6436F9;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1EA254B5;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1EDD4874;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1F1B6630;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1F5903EC;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1F9721A8;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
1FD21567;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
20103323;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
204B26E2;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
2089449E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
20C4385D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
20FB0220;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
213675DF;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
216D3FA2;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
21B55B53;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
21E13CE3;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
21F04F12;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
222E6CCE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
226C0A8A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
227E1C36;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
22A4544D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
22DE480C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
23142791;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
23193BCB;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
232D78DB;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
23575987;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
23686C9A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
2398213F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
23D06B02;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
240E08BE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
244C267A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
26CD5455;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
28480183;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
28804B46;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
28BE6901;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
28F532C4;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
29335080;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
29716E3C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
29AC61FB;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
29ED29B3;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
2A354564;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
2A770D1C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
2AFD4689;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
2B373A48;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
33A915DB;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
33E73396;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
34222756;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
345C1B15;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
34970ED4;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
34D8568C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
35134A4C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
354E3E0B;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
35884B52;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
358931CA;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
35CA7982;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
39A76A1D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
39E507D8;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3A207B98;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3A5E1953;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3AB032F9;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3B082098;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3B5D643B;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3BB87BD6;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3C106975;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3C4E0731;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3C897AF0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3CC46EB0;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3D020C6B;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3D435424;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3D8171DF;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3DB93BA2;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3DF7595E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3E3F750F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3E7968CE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3EBB3086;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3EF62446;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3F376BFE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3F7509B9;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3FB97B6E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
3FF7192A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
404608D3;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
4084268F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
40D64035;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
411D5BE6;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
41721F89;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
41B46741;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
42092AE4;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
42431EA3;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
4285665B;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
42C95810;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
43044BCF;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
433F3F8E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
437D5D4A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
43BB7B06;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
43FC42BE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
43FF7E75;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
4440462D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
44413472;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
447C2832;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
448B0BDA;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
44BD6FEA;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
44CC5392;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
44FB0DA5;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
450E1B4A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
45392B61;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
455C0AF4;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
4577491D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
45A17CA9;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
45B566D9;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
45E56E5D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
45F05A98;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
462624B2;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
462E7854;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
46833BF6;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
46C159B2;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
46FF776E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
47403F26;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
477E5CE1;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
47B950A1;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
47F76E5D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
48383615;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
487329D4;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
48D60899;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Klez.4;Deleted.;
48DC2A86;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
49211C3B;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
495B0FFA;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
499603B9;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
49B65F0F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
49DE1F6A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
4B0E759C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
4F027186;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Klez.4;Deleted.;
4F6E5B0F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Klez.4;Deleted.;
54C43F6A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
54FF332A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
553A26E9;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
557270AC;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
55AC646B;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
55E7582A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
562C49DF;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
56663D9E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
56A1315E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
56DC251D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
571718DC;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
57586094;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
57935454;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
57CA1E17;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
58083BD2;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
58540180;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
588E753F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
58C968FE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
59045CBE;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
593F507D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
59801835;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
59C833E6;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
5A0327A5;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
5C34655D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Beagle.based;Deleted.;
6A905B7E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
6F917D5C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
6F9F2F50;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
6FBE0FBD;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
6FC249B6;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
6FDC4309;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
6FFF5775;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
7004116E;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
702808B7;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
70362138;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
704C2D1F;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
706C7A6B;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
708510E1;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
708D74D7;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
70C32E9D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
70E835E3;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
71014C59;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
71305193;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
71421411;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
7175046D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
71754348;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
718031CD;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
71B0782C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
71B60B00;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
71FB3DDA;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
720150AD;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
72464262;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
72870A1A;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
72CF25CB;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
73131780;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
735B3331;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
73A34EE1;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
73EB6A92;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
742F5C47;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
74744DFB;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
74B515B4;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
74FA0768;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
753F791D;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
75836AD1;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
75D50477;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
76301C13;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
76750DC7;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
76B97F7C;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Reteras;Deleted.;
7A7018ED.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Beagle.19829;Deleted.;
7AEC5464.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Beagle.19829;Deleted.;

broni · 2009/06/25

Not much here, either. All those infected files were simply in Quarantine folder.

Let's try to uninstall Norton. Run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

Make sure to turn Windows firewall on.

andrewsauce32 · 2009/06/25

broni, I uninstalled norton and my internet connection wont work, called the internet provider and the connection is fine, they said it must be the computer, so what next.

broni · 2009/06/25

What about accessing Control Panel now?

As for connection, try some basic steps...

Turn off computer. Disconnect router, and modem from power source for 30 seconds.
Power them back on.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew

Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.

If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.

andrewsauce32 · 2009/06/26

Ok Broni, I have got good news and bad news. The good news is is that the internet connection is back up. (Yay!) But the bad news is is that I still cant do anything in Control Panel or Desktop Properties. I would like to install AVG soon, but I just wanted to clear everything with you to make sure something bad doesnt happen again.
Edit: Now when I start up the computer, it says something about this: (Not sure if it is exact, but here it is.
"Plug and Play error "
Press F1 to continue or F2 for Setup Utilites

broni · 2009/06/26

I'm glad, your connection is back

Your computer was definitely infected as Norton's quarantined files show, but it seems to be pretty clean now.
We'll check couple more things, but I'm not sure yet, where your exact problem is.
It may be just some system files corruption caused by former infection.
BTW, I really don't recommend AVG. Unfortunately, it became little bit bloated with the latest versions. Some other problems has been plaguing it as well.

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

andrewsauce32 · 2009/06/26

Hey Broni, just a quick question. Before I do this scan (which im only delaying because my mother needs to use it for a bit, no worries there though, shes not doing anything bad, just filling out a resume), I was wondering if there were any other free AV's that you would recommend? Or, on another note, how would you recommend an AV that was from Comcast (our internet provider)? Just wondering, because I have always heard good things about AVG, but if you say otherwise, then im gonna listen to you. (Seeing as you're the computer savvy person here!)

broni · 2009/06/26

would you recommend an AV that was from Comcast
Click to expand...

God forbid

I was using AVG for many years, until ver. 8.0 came out. Nothing, but problems.

This is what I use on various Windows installation:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/index.html

- free PC Tools Antivirus: http://www.pctools.com/free-antivirus/
- free PC Tools Firewall Plus: http://www.pctools.com/firewall/

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use PC Tools Firewall Plus, or Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

andrewsauce32 · 2009/06/26

My mother (who owns the computer) INSISTS that I ask WHY you say we SHOULDNT use Comcast's AV. So yeah, she would appreciate it if she knew why it was a bad idea. However, I think that im going to install Avira and use Comodo Firewall. Sound good to you?

broni · 2009/06/26

Very good choice.
Comcast offers McAfee security suite, which is more, or less worthless.

andrewsauce32 · 2009/06/26

Oh, here is the HijackThis log Broni.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:27 PM, on 6/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Auto run of VideoCam Suite 1.0.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe

--
End of file - 5703 bytes

BTW, downloading Avira and Comodo Firewall cant mess up my computer, can they? Because I just want to make sure, seeing as my mother keeps pestering me since the whole internet problem.

broni · 2009/06/26

Malware-wise, your computer is clean, so let's run some final steps.
Currently, you don't have any protection, so install, and download those security programs, as soon, as possible.
For now, at least turn Windows firewall on.

=================================================================

Please download [color= "#FF8C00"]JavaRa[/color] to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Open JavaRa.exe again and select Search For Updates.

Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

=================================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
- O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
- O4 - Global Startup: Auto run of VideoCam Suite 1.0.lnk = ?
-O4 - Global Startup: Event Reminder.lnk = ?
- O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

4. You may also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
- O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
- O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
- O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
- O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
- O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
- O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
- O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
- O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
- O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

5. Click on Fix checked button.

6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

7. Delete following files/folders (if present):
Note. If deletion doesn't work, attempt it in Safe Mode - restart computer, and keep tapping F8 key, until menu appears.

- Symantec folder from C:\Program Files

8. Restart computer.

9. Post new HijackThis log.

andrewsauce32 · 2009/06/26

Here's the log Broni. Thanks for all the help, I really appreciate it! Oh, and on another note, my Control Panel still isnt working. :\ Got any good news on that whole thing? Hopefully this log helps out.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:34 PM, on 6/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe

--
End of file - 4112 bytes

broni · 2009/06/26

Avira, and Comodo installation won't mess up anything.
Is Control Panel your only issue? What does exactly happen? You click Start>Control Panel, and nothing opens?

Last cleaning step.

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

Log in or Sign up

Solved WinXp Control Panel/Settings Problem

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved WinXp Control Panel/Settings Problem

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

andrewsauce32 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches