Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XML error at windows startup


  • This topic is locked This topic is locked
11 replies to this topic

#1 theoriginal

theoriginal

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:05:02 PM

Posted 15 June 2009 - 04:26 AM

Every time I start up Windows XP I get these messages: "Error in Loading String XML Error is 2" and "Resource DLL failed". I will post my hijackthis log to see if there are any problems. I have tried using various registry cleaners to fix this problem but it still doesn't fix it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:29 AM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\DOCUME~1\Yovanny\LOCALS~1\Temp\Rar$EX00.234\Firefox_Ultimate_Optimizer\Calentura_FirefoxUltimateOptimizer_Www.programasfull.net.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Yovanny\LOCALS~1\Temp\Rar$EX00.157\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [index] C:\Program Files\ClearAllHistory\index.bat
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NodEnabler] C:\Program Files\ESET\NodEnabler\NodEnabler.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FirefoxUltimateOptimizer] C:\DOCUME~1\Yovanny\LOCALS~1\Temp\Rar$EX00.234\Firefox_Ultimate_Optimizer\Calentura_FirefoxUltimateOptimizer_Www.programasfull.net.exe
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClearAllHistory] C:\Program Files\ClearAllHistory\cah.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1220397380453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210087005093
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6137 bytes

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:02 PM

Posted 22 June 2009 - 02:18 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:05:02 PM

Posted 23 June 2009 - 07:02 PM

Here are the results of the scan performed using the above steps:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Yovanny at 19:54:54.98 on Tue 06/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.384 [GMT -4:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\DOCUME~1\Yovanny\LOCALS~1\Temp\Rar$EX00.234\Firefox_Ultimate_Optimizer\Calentura_FirefoxUltimateOptimizer_Www.programasfull.net.exe
C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Yovanny\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [RAMSaverPro] c:\program files\godlike developers\ram saver pro\ramsaverpro.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ClearAllHistory] c:\program files\clearallhistory\cah.exe
uRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [index] c:\program files\clearallhistory\index.bat
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NodEnabler] c:\program files\eset\nodenabler\NodEnabler.exe /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [FirefoxUltimateOptimizer] c:\docume~1\yovanny\locals~1\temp\rar$ex00.234\firefox_ultimate_optimizer\Calentura_FirefoxUltimateOptimizer_Www.programasfull.net.exe
StartupFolder: c:\docume~1\yovanny\startm~1\programs\startup\batter~1.lnk - c:\program files\dachshund software\battery doubler\Battery Doubler.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220397380453
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210087005093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-3-13 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-3-13 472320]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-3-31 211200]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\yovanny\desktop\new folder\vcdrom.sys --> c:\documents and settings\yovanny\desktop\new folder\VCdRom.sys [?]
S3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\drivers\dsreader.sys [2008-9-14 19677]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-11 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-11 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-11 81288]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-11 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-11 1079176]
S3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\drivers\Xpad.sys [2009-1-8 13440]

=============== Created Last 30 ================

2009-06-20 11:12 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-20 02:04 <DIR> --d----- C:\Downloads
2009-06-15 03:55 <DIR> --dsh--- c:\documents and settings\yovanny\IECompatCache
2009-06-13 21:39 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-06-13 21:39 1,307,648 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-06-13 21:38 81,920 -------- c:\windows\system32\ieencode.dll
2009-06-13 21:23 42 a------- c:\windows\system32\RegistryEasy.lie
2009-06-13 21:22 <DIR> --d----- c:\program files\Registry Easy
2009-06-11 16:52 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 16:52 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-11 16:52 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 16:52 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-10 11:30 <DIR> --d----- c:\docume~1\yovanny\applic~1\Uniblue
2009-06-10 11:09 0 a------- c:\windows\SetPointInstall.ini
2009-06-10 11:00 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-10 10:59 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-06-10 10:59 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-06-10 10:59 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-06-10 10:59 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-06-10 10:59 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-06-10 10:59 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-10 10:59 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-06-10 10:59 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-06-10 10:59 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-06-10 10:59 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-10 10:59 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-10 10:59 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-10 10:55 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-10 10:55 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-10 10:55 585,216 -c------ c:\windows\system32\dllcache\rpcrt4.dll
2009-06-10 10:54 1,847,168 -c------ c:\windows\system32\dllcache\win32k.sys
2009-06-10 10:54 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-10 10:54 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-10 10:53 345,600 -c------ c:\windows\system32\dllcache\localspl.dll
2009-06-10 10:53 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-10 10:52 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-10 10:51 <DIR> --dsh--- c:\documents and settings\yovanny\PrivacIE
2009-06-10 09:51 <DIR> --d----- C:\msxml3msms
2009-06-10 09:13 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-06-10 09:11 31,744 ac------ c:\windows\system32\dllcache\smb6w.dll
2009-06-10 09:10 38,912 ac------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-06-10 09:09 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-06-10 09:09 13,463,552 ac------ c:\windows\system32\dllcache\hwxjpn.dll
2009-06-10 09:09 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-06-10 09:09 108,827 ac------ c:\windows\system32\dllcache\hanja.lex
2009-06-10 09:09 36,864 ac------ c:\windows\system32\dllcache\hanjadic.dll
2009-06-10 09:09 31,744 ac------ c:\windows\system32\dllcache\fxsroute.dll
2009-06-10 09:09 11,264 ac------ c:\windows\system32\dllcache\fxssend.exe
2009-06-10 09:09 132,608 ac------ c:\windows\system32\dllcache\fxsclntr.dll
2009-06-10 09:09 111,104 ac------ c:\windows\system32\dllcache\fxscfgwz.dll
2009-06-10 09:09 6,144 ac------ c:\windows\system32\dllcache\ftlx041e.dll
2009-06-10 09:09 14,848 ac------ c:\windows\system32\dllcache\flattemp.exe
2009-06-10 09:09 43,520 ac------ c:\windows\system32\dllcache\EXCH_fcachdll.dll
2009-06-10 09:07 66,082 ac------ c:\windows\system32\dllcache\c_20838.nls
2009-06-10 09:04 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-10 09:04 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-10 09:04 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-10 09:04 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-10 09:04 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-10 09:03 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-06-10 05:55 20,992 a------- c:\windows\system32\drivers\RTL8139.sys
2009-06-10 05:51 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-06-10 05:51 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-06-10 05:51 24,661 a------- c:\windows\system32\spxcoins.dll
2009-06-10 05:51 13,312 a------- c:\windows\system32\irclass.dll
2009-06-10 05:51 797,189 ac------ c:\windows\system32\dllcache\NT5IIS.CAT
2009-06-10 05:51 399,645 ac------ c:\windows\system32\dllcache\MAPIMIG.CAT
2009-06-10 05:51 37,484 ac------ c:\windows\system32\dllcache\MW770.CAT
2009-06-10 05:51 13,472 ac------ c:\windows\system32\dllcache\HPCRDP.CAT
2009-06-10 05:51 8,574 ac------ c:\windows\system32\dllcache\IASNT4.CAT
2009-06-10 05:51 7,382 ac------ c:\windows\system32\dllcache\OEMBIOS.CAT
2009-06-10 05:18 33,747 a------- c:\windows\diagerr.xml
2009-06-10 05:18 1,905 a------- c:\windows\diagwrn.xml
2009-06-10 03:52 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-04 23:22 <DIR> --dsh--- c:\documents and settings\yovanny\IETldCache
2009-06-04 23:14 <DIR> --d----- c:\windows\ie8updates
2009-06-04 23:09 <DIR> -cd-h--- c:\windows\ie8
2009-05-27 09:04 <DIR> --d----- c:\program files\Intelore

==================== Find3M ====================

2009-06-10 08:57 22,748 a------- c:\windows\system32\emptyregdb.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-02 15:55 217,088 a------- c:\windows\system32\ConTest.dll

============= FINISH: 19:55:27.15 ===============

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 27 June 2009 - 12:46 PM

Hello.

You look clean of malware.

Let's try disabling the startup items with HijackThis and see if it's any of those programs that are giving the error.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Do not use the NTREGOPT that comes with the installation package.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. If you are using Windows Vista, right click the icon and select "Run As Administrator." Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes only if you are using Windows XP. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished, you may, remove ERUNT using Add/Remove Programs.

Fix HijackThis Entries
  • Double click the HijackThis icon on your desktop.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • To the left of each entry you will see a box.Put a checkmark next to the following entries:

    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [index] C:\Program Files\ClearAllHistory\index.bat
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NodEnabler] C:\Program Files\ESET\NodEnabler\NodEnabler.exe /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [FirefoxUltimateOptimizer] C:\DOCUME~1\Yovanny\LOCALS~1\Temp\Rar$EX00.234\Firefox_Ultimate_Optimizer\Calentura_FirefoxUltimateOptimizer_Www.programasfull.net.exe
    O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Pro\ramsaverpro.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ClearAllHistory] C:\Program Files\ClearAllHistory\cah.exe
    O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • Close HijackThis.

Restart your computer. Tell me if the error still occurs.

With Regards,
The Panda

#5 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:05:02 PM

Posted 30 June 2009 - 03:14 AM

Hello, just wanted to say thanks for responding to my post. Anyway, I found the source of the problem: O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m. I no longer have the start up problem cause I found out that when I click APCMain.exe the same errors come up like on the start up; so I got rid of the problem by deleting the folder that contained the APCMain.exe file.

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 30 June 2009 - 09:07 AM

That's good to hear.

Do you want to run an additional scan to check for malware?

With Regards,
The Panda

#7 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:05:02 PM

Posted 01 July 2009 - 06:22 AM

Sure, why not? But what tool do you recommend to scan for malware?

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 01 July 2009 - 09:13 AM

Hello.

I didn't see anything suspicious in the logs, but we'll just run Kaspersky to be sure.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.

With Regards,
The Panda

Edited by PropagandaPanda, 01 July 2009 - 09:13 AM.


#9 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:05:02 PM

Posted 02 July 2009 - 08:51 PM

This is my Kaspersky Scan Report (I will include a copy in an attached document as well):

KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 2, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 02, 2009 23:29:58
Records in database: 2415851
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 39856
Threat name 2
Infected objects 3
Suspicious objects 0
Duration of the scan 01:56:23

File name Threat name Threats count
C:\DOCUME~1\Yovanny\LOCALS~1\Temp\Rar$EX00.234\Firefox_Ultimate_Optimizer\Calentura_FirefoxUltimateOptimizer_Www.programasfull.net.exe//PE_Patch.UPX//UPX/C:\DOCUME~1\Yovanny\LOCALS~1\Temp\Rar$EX00.234\Firefox_Ultimate_Optimizer\Calentura_FirefoxUltimateOptimizer_Www.programasfull.net.exe//PE_Patch.UPX//UPX Infected: not-a-virus:AdWare.Win32.FireOptimizer.a 1
C:\Documents and Settings\Yovanny\Local Settings\Temp\Rar$EX00.234\Firefox_Ultimate_Optimizer\Calentura_FirefoxUltimateOptimizer_Www.programasfull.net.exe Infected: not-a-virus:AdWare.Win32.FireOptimizer.a 1
C:\Documents and Settings\Yovanny\My Documents\Downloads\Programs\CryptLoad\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1
The selected area was scanned.

Attached Files



#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 03 July 2009 - 08:12 AM

Hello.

That all looks good.

Unless there are any issues, you are good to go.

With Regards,
The Panda

#11 theoriginal

theoriginal
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, NY
  • Local time:05:02 PM

Posted 04 July 2009 - 07:21 AM

Thank you for all your help. I gladly appreciate it.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 04 July 2009 - 10:58 AM

No problem.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users