Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dds/rr troubleshooting


  • This topic is locked This topic is locked
6 replies to this topic

#1 mr.eric56

mr.eric56

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 09 September 2009 - 07:06 AM

My computer has problems running IE, it is very slow and freezes a lot. The toolbar also freezes, i usually bring up task manager to un- freeze or speed up the waiting process. I downloaded firefox browser, but this runs even slower. I have a wireless cable internet connection, so internet speed shouldnt be a problem... This is why i decided to come to the site for help.. I went through, step by step, in your "read this before posting a log," and downloaded dds and saved both files. I then downloaded RR, and proceeded to run the program. As soon as it tried to "run," the screen turned black and then immediatley went to a Blue screen error. I couldn't really read what it said, but i did get "irq_not_less_not_equal" out of the quick glance(the blue screen was only up for about 2 seconds before computer restarted.) After computer restarted, i tried running RR again, with the same exact result. The computer is a E-machines model: w2047- Here is the DDS log file:Attached File  Attach.txt   2.41KB   16 downloads


DDS (Ver_09-07-30.01) - NTFSx86
Run by eric at 11:37:14.17 on Mon 09/07/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.95.9 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\eric kraemer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.emachines.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.emachines.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\erickr~1\applic~1\mozilla\firefox\profiles\qs9ucf97.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-8-5 644096]

=============== Created Last 30 ================

2009-09-06 19:20 <DIR> --d----- c:\program files\Trend Micro
2009-09-06 18:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RegCure
2009-08-09 10:50 5,632 a------- c:\windows\system32\ptpusb.dll
2009-08-09 10:50 150,528 a------- c:\windows\system32\ptpusd.dll
2009-08-09 10:50 14,208 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-08-09 10:50 14,208 a------- c:\windows\system32\drivers\usbscan.sys

==================== Find3M ====================

2009-08-04 21:35 35,570 a------- c:\windows\DIIUnin.dat
2009-08-04 21:34 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-08-04 21:34 17,212 a------- c:\windows\system32\SIntf32.dll
2009-08-04 21:34 12,067 a------- c:\windows\system32\SIntf16.dll
2009-08-04 21:26 94,208 a------- c:\windows\DIIUnin.exe
2009-08-04 21:26 2,829 a------- c:\windows\DIIUnin.pif

============= FINISH: 11:37:46.37 ===============

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 23 September 2009 - 09:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 mr.eric56

mr.eric56
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 26 September 2009 - 07:42 PM

Ive come to the conclusion that my video card( s3 prosavage8), and that my computer is only 128 mb is the problem that i'm having. I really just want to run a game, diablo 2, but i don't think that my computer is fast enough...with that said, i would like someone to look at my log file and tell me if the promblem that i have is just and old computer or if its infected with malware or something. The game runs and everything, but once it lags when there is other people in the room or there is a lot of action going on. Also, when i downloaded RR, i received a blue screen error, IRQ not eqaul or less, and my computer restarted.



DDS (Ver_09-07-30.01) - NTFSx86
Run by eric kraemer at 20:30:29.29 on Sat 09/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95.11 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\eric kraemer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.emachines.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [VTPreset] VTPreset.exe
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-8-5 644096]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

=============== Created Last 30 ================

2009-09-24 17:00 <DIR> --d----- C:\S3Graphics
2009-09-24 16:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-09-24 16:48 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-09-24 15:51 <DIR> --d----- c:\program files\AMD
2009-09-23 21:45 <DIR> --dsh--- c:\documents and settings\eric kraemer\PrivacIE
2009-09-23 20:52 <DIR> --dsh--- c:\documents and settings\eric kraemer\IETldCache
2009-09-23 20:10 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-09-23 20:09 <DIR> --d----- c:\windows\ie8updates
2009-09-23 20:08 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-09-23 20:08 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-09-23 20:08 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-23 20:08 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-09-23 20:08 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-09-23 20:08 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-09-23 20:06 <DIR> -cd-h--- c:\windows\ie8
2009-09-23 19:31 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-23 19:29 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-09-23 19:29 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-09-23 19:25 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-09-23 19:25 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-09-23 19:24 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-09-23 19:24 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-09-23 19:24 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-09-23 19:24 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-09-23 19:23 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-09-23 19:23 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-09-23 16:16 <DIR> --d----- c:\windows\system32\scripting
2009-09-23 16:15 <DIR> --d----- c:\windows\l2schemas
2009-09-23 16:15 <DIR> --d----- c:\windows\system32\en
2009-09-23 16:10 <DIR> --d----- c:\windows\network diagnostic
2009-09-23 13:03 193,024 -------- c:\windows\system32\napmontr.dll
2009-09-23 13:02 1,261 -------- c:\windows\system32\pid.inf
2009-09-23 12:33 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-09-23 12:04 316,640 a------- c:\windows\WMSysPr9.prx
2009-09-23 12:02 <DIR> --d----- c:\windows\peernet
2009-09-23 12:02 <DIR> --d----- c:\windows\provisioning
2009-09-23 11:59 <DIR> --d----- c:\windows\ServicePackFiles
2009-09-23 11:52 <DIR> --d----- c:\windows\EHome
2009-09-23 10:56 11,264 -------- c:\windows\system32\spnpinst.exe
2009-09-23 10:56 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-09-23 10:56 7,208 -------- c:\windows\system32\secupd.sig
2009-09-23 10:56 4,569 -------- c:\windows\system32\secupd.dat
2009-09-23 10:40 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-09-23 10:40 <DIR> --d----- c:\windows\system32\PreInstall
2009-09-23 10:40 <DIR> --d-h--- c:\windows\$hf_mig$
2009-09-23 10:39 <DIR> --d----- c:\windows\system32\bits
2009-09-23 10:39 438,784 a------- c:\windows\system32\xpob2res.dll
2009-09-23 10:39 354,304 a------- c:\windows\system32\winhttp.dll
2009-09-23 10:39 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-09-23 10:39 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-09-23 10:39 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-09-22 23:38 <DIR> --d----- c:\windows\pss
2009-09-06 19:20 <DIR> --d----- c:\program files\Trend Micro
2009-09-06 18:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RegCure

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 21:35 35,570 a------- c:\windows\DIIUnin.dat
2009-08-04 21:34 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-08-04 21:34 17,212 a------- c:\windows\system32\SIntf32.dll
2009-08-04 21:34 12,067 a------- c:\windows\system32\SIntf16.dll
2009-08-04 21:26 94,208 a------- c:\windows\DIIUnin.exe
2009-08-04 21:26 2,829 a------- c:\windows\DIIUnin.pif
2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-12 12:21 233,472 -------- c:\windows\system32\wmpdxm.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll

============= FINISH: 20:31:20.00 ===============

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:44 PM

Posted 30 September 2009 - 12:30 PM

Hi mr.eric56,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, :(
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2

Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please post back:


1.GMER log
2.MBAM log
3.RSIT log.txt and info.txt. Thanks.

#5 mr.eric56

mr.eric56
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 01 October 2009 - 05:29 PM

Ok, after i ran and saved GMER, i recieved a blue screen error. The computer freezed for like 20 seconds then went to the blue screen error, this was what it said

***STOP: 0x0000007e (0xC0000005,0xFA358481,0xFD65B984,0xFD65B680)
***rt2870.sys-Address FA358481 base at FA3o2000,Datestamp490803FF

When i restarted, it went to a checkdisk scan where it passes all three steps and proceeded to load windows with no problem, where i continued to run the rest of the log programs, which ran with no problems. Here is the following logs that you requested:


GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-01 17:32:24
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ERICKR~1\LOCALS~1\Temp\ufxyrpod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- EOF - GMER 1.0.15 ----




Malwarebytes' Anti-Malware 1.41
Database version: 2889
Windows 5.1.2600 Service Pack 3

10/1/2009 6:09:50 PM
mbam-log-2009-10-01 (18-09-50).txt

Scan type: Quick Scan
Objects scanned: 95967
Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of random's system information tool 1.06 (written by random/random)
Run by eric kraemer at 2009-10-01 18:15:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (81%) free of 38 GB
Total RAM: 95 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:43 PM, on 10/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\eric kraemer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\eric kraemer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4077 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-27 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-10 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-10 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"=C:\WINDOWS\system32\VTPreset.exe [2004-02-24 45056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-05 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-05 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WmdmPmSp"=2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-10-01 18:15:23 ----D---- C:\rsit
2009-10-01 17:54:09 ----D---- C:\Documents and Settings\eric kraemer\Application Data\Malwarebytes
2009-10-01 17:53:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-01 17:53:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-24 17:00:03 ----D---- C:\S3Graphics
2009-09-24 16:49:05 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-24 16:48:57 ----D---- C:\Program Files\PC Drivers HeadQuarters
2009-09-24 16:36:46 ----RSD---- C:\WINDOWS\assembly
2009-09-24 16:35:10 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-24 15:51:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-24 15:51:02 ----D---- C:\Program Files\AMD
2009-09-24 15:50:25 ----D---- C:\Documents and Settings\eric kraemer\Application Data\InstallShield
2009-09-24 09:34:16 ----D---- C:\WINDOWS\Prefetch
2009-09-23 20:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-23 20:13:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-23 20:10:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-23 20:09:12 ----D---- C:\WINDOWS\ie8updates
2009-09-23 20:07:49 ----D---- C:\WINDOWS\WBEM
2009-09-23 20:06:12 ----HDC---- C:\WINDOWS\ie8
2009-09-23 20:04:06 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-23 19:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-23 19:38:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-23 19:38:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-23 19:38:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-23 19:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-23 19:38:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-23 19:37:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-23 19:37:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-23 19:37:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-23 19:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-23 19:37:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-23 19:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-23 19:36:49 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-23 19:36:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-23 19:36:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-23 19:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-23 19:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-23 19:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-23 19:36:11 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-23 19:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-23 19:35:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-23 19:35:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-23 19:35:14 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-23 19:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-23 19:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-23 19:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-23 19:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-23 19:34:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-23 19:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-09-23 19:34:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-23 19:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-23 19:34:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-23 19:34:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-09-23 19:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-23 19:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-23 19:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-23 19:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-23 19:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-23 19:33:23 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-23 19:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-23 19:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-23 19:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-09-23 19:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-23 19:32:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-23 19:26:37 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-09-23 16:16:03 ----D---- C:\WINDOWS\system32\en-us
2009-09-23 16:16:01 ----D---- C:\WINDOWS\system32\scripting
2009-09-23 16:15:58 ----D---- C:\WINDOWS\l2schemas
2009-09-23 16:15:56 ----D---- C:\WINDOWS\system32\en
2009-09-23 16:10:33 ----D---- C:\WINDOWS\network diagnostic
2009-09-23 13:05:03 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-09-23 13:05:02 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-09-23 13:04:57 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-09-23 13:04:52 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-09-23 13:04:49 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-09-23 13:04:49 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-09-23 13:04:46 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-09-23 13:04:41 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-09-23 13:04:41 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-09-23 13:04:40 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-09-23 13:04:24 ----N---- C:\WINDOWS\system32\setupn.exe
2009-09-23 13:04:19 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-09-23 13:04:18 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-09-23 13:04:17 ----N---- C:\WINDOWS\system32\qutil.dll
2009-09-23 13:04:16 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-09-23 13:04:15 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-09-23 13:04:15 ----N---- C:\WINDOWS\system32\qagent.dll
2009-09-23 13:04:13 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-09-23 13:04:09 ----N---- C:\WINDOWS\system32\onex.dll
2009-09-23 13:03:58 ----N---- C:\WINDOWS\system32\napstat.exe
2009-09-23 13:03:58 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-09-23 13:03:58 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-09-23 13:03:56 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-09-23 13:03:56 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-09-23 13:03:53 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-09-23 13:03:53 ----N---- C:\WINDOWS\system32\mssha.dll
2009-09-23 13:03:32 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-09-23 13:03:30 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-09-23 13:03:30 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-09-23 13:03:30 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-09-23 13:03:09 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-09-23 13:03:07 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-09-23 13:03:04 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-09-23 13:03:04 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-09-23 13:03:04 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-09-23 13:03:04 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-09-23 13:02:42 ----A---- C:\WINDOWS\004855_.tmp
2009-09-23 13:02:40 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-09-23 13:02:40 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-09-23 13:02:40 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-09-23 13:02:40 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-09-23 13:02:40 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-09-23 13:02:39 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-09-23 13:02:39 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-09-23 13:02:39 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-09-23 13:02:34 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-09-23 13:02:34 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-09-23 13:02:34 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-09-23 13:02:34 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-09-23 13:02:34 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-09-23 13:02:34 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-09-23 13:02:34 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-09-23 13:02:30 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-09-23 13:02:30 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-09-23 13:02:30 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-09-23 13:02:26 ----N---- C:\WINDOWS\system32\credssp.dll
2009-09-23 13:02:18 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-09-23 13:02:18 ----N---- C:\WINDOWS\system32\azroles.dll
2009-09-23 13:02:07 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-09-23 12:02:31 ----D---- C:\WINDOWS\peernet
2009-09-23 12:02:30 ----D---- C:\WINDOWS\provisioning
2009-09-23 11:59:17 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-23 11:52:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-09-23 11:52:15 ----D---- C:\WINDOWS\EHome
2009-09-23 10:56:10 ----N---- C:\WINDOWS\system32\spnpinst.exe
2009-09-23 10:45:28 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-09-23 10:40:49 ----D---- C:\WINDOWS\system32\PreInstall
2009-09-23 10:40:49 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-09-23 10:40:48 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-09-23 10:40:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-23 10:40:07 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-09-23 10:39:33 ----D---- C:\WINDOWS\system32\bits
2009-09-23 10:39:28 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-09-23 10:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-09-23 10:39:02 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-09-23 10:39:02 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-09-23 10:39:02 ----A---- C:\WINDOWS\system32\xpob2res.dll
2009-09-23 10:39:02 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-09-23 10:39:02 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-09-22 23:38:24 ----D---- C:\WINDOWS\pss
2009-09-07 11:43:12 ----D---- C:\WINDOWS\Minidump
2009-09-06 19:20:38 ----D---- C:\Program Files\Trend Micro
2009-09-06 18:44:23 ----D---- C:\Documents and Settings\All Users\Application Data\RegCure
2009-09-06 18:44:21 ----D---- C:\Program Files\RegCure
2009-09-03 16:38:43 ----A---- C:\WINDOWS\ModemLog_56Kbps Internal Modem.txt

======List of files/folders modified in the last 1 months======

2009-10-01 17:53:58 ----D---- C:\WINDOWS\system32\drivers
2009-10-01 17:53:55 ----RD---- C:\Program Files
2009-10-01 17:46:50 ----HD---- C:\WINDOWS\inf
2009-10-01 17:44:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-01 17:44:04 ----D---- C:\WINDOWS
2009-10-01 09:19:33 ----D---- C:\WINDOWS\temp
2009-09-30 23:47:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-26 20:21:42 ----SHD---- C:\RECYCLER
2009-09-24 17:18:07 ----D---- C:\Program Files\Diablo II
2009-09-24 17:03:18 ----AD---- C:\WINDOWS\system32
2009-09-24 17:01:07 ----D---- C:\WINDOWS\Help
2009-09-24 17:01:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-24 16:52:46 ----SHD---- C:\WINDOWS\Installer
2009-09-24 16:43:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-24 16:36:51 ----D---- C:\WINDOWS\WinSxS
2009-09-24 16:35:43 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-24 16:35:24 ----D---- C:\WINDOWS\system32\mui
2009-09-24 15:50:56 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-24 09:35:00 ----SHD---- C:\System Volume Information
2009-09-24 09:35:00 ----D---- C:\WINDOWS\system32\Restore
2009-09-24 09:34:29 ----D---- C:\WINDOWS\Debug
2009-09-24 09:33:09 ----RASH---- C:\boot.ini
2009-09-24 09:33:09 ----A---- C:\WINDOWS\win.ini
2009-09-24 09:33:09 ----A---- C:\WINDOWS\system.ini
2009-09-23 20:52:20 ----D---- C:\WINDOWS\system32\wbem
2009-09-23 20:52:20 ----D---- C:\WINDOWS\AppPatch
2009-09-23 20:52:20 ----D---- C:\Program Files\Internet Explorer
2009-09-23 20:13:36 ----A---- C:\WINDOWS\imsins.BAK
2009-09-23 20:07:36 ----D---- C:\WINDOWS\Media
2009-09-23 19:37:56 ----D---- C:\Program Files\Outlook Express
2009-09-23 19:33:25 ----D---- C:\Program Files\Messenger
2009-09-23 18:26:44 ----A---- C:\WINDOWS\OEWABLog.txt
2009-09-23 18:26:12 ----A---- C:\WINDOWS\setuplog.txt
2009-09-23 18:23:37 ----D---- C:\WINDOWS\system32\Setup
2009-09-23 18:23:36 ----RSD---- C:\WINDOWS\Fonts
2009-09-23 18:22:54 ----D---- C:\WINDOWS\security
2009-09-23 16:21:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-23 16:16:39 ----D---- C:\Program Files\Windows Media Player
2009-09-23 16:16:21 ----D---- C:\WINDOWS\ime
2009-09-23 16:16:03 ----D---- C:\WINDOWS\system32\usmt
2009-09-23 16:15:55 ----D---- C:\Program Files\Movie Maker
2009-09-23 16:13:01 ----D---- C:\WINDOWS\system32\npp
2009-09-23 16:13:00 ----D---- C:\WINDOWS\msagent
2009-09-23 16:12:59 ----D---- C:\WINDOWS\srchasst
2009-09-23 16:12:57 ----D---- C:\Program Files\NetMeeting
2009-09-23 16:12:54 ----D---- C:\WINDOWS\system32\Com
2009-09-23 16:12:45 ----D---- C:\Program Files\Windows NT
2009-09-23 16:12:24 ----D---- C:\Program Files\Common Files\System
2009-09-23 16:12:02 ----AD---- C:\WINDOWS\system32\oobe
2009-09-23 16:12:01 ----D---- C:\WINDOWS\system
2009-09-23 16:08:57 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-23 12:33:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-23 11:56:59 ----RD---- C:\WINDOWS\Web
2009-09-23 11:56:45 ----RASH---- C:\NTDETECT.COM
2009-09-23 10:37:16 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-23 00:38:54 ----D---- C:\Program Files\BigFix
2009-09-16 17:51:36 ----SD---- C:\Documents and Settings\eric kraemer\Application Data\Microsoft
2009-09-07 11:46:08 ----D---- C:\Program Files\Mozilla Firefox
2009-09-06 18:44:35 ----SD---- C:\WINDOWS\Tasks
2009-09-03 16:39:31 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2003-01-28 8552]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-11-27 730700]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2002-09-24 197152]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\System32\DRIVERS\rt2870.sys [2008-12-05 644096]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-03 46976]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-13 167168]
R3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2002-07-02 418720]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2002-07-02 39348]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2002-07-02 1807568]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2002-07-02 161976]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\System32\drivers\rootrepeal.sys []
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2002-07-02 84720]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2002-07-02 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-05 182768]

-----------------EOF-----------------







info.txt logfile of random's system information tool 1.06 2009-10-01 18:15:52

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
56Kbps Internal Modem-->C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Driver Detective-->MsiExec.exe /X{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
ICQ-->C:\PROGRA~1\ICQ\ICQUninstall.EXE
Java 2 Runtime Environment Standard Edition v1.3.1_02-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Netscape 6 (6.2.1)-->C:\WINDOWS\N6Uninst.exe /ua "6.2.1 (en)"
ProSavageDDR and Utilities-->C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
RegCure 1.6.0.0-->C:\Program Files\RegCure\uninst.exe
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======System event log======

Computer Name: YOUR-6PDPT9YPA2
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 1810
Source Name: W32Time
Time Written: 20090819013347.000000-240
Event Type: error
User:

Computer Name: YOUR-6PDPT9YPA2
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 1809
Source Name: W32Time
Time Written: 20090819011847.000000-240
Event Type: error
User:

Computer Name: YOUR-6PDPT9YPA2
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 1808
Source Name: W32Time
Time Written: 20090819011847.000000-240
Event Type: error
User:

Computer Name: YOUR-6PDPT9YPA2
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 1807
Source Name: W32Time
Time Written: 20090819010444.000000-240
Event Type: warning
User:

Computer Name: YOUR-6PDPT9YPA2
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001EE5EA5FC8. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1806
Source Name: Dhcp
Time Written: 20090818235154.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: YOUR-6PDPT9YPA2
Event Code: 1001
Message: Fault bucket 23165381.

Record Number: 150
Source Name: Application Error
Time Written: 20090906190518.000000-240
Event Type: error
User:

Computer Name: YOUR-6PDPT9YPA2
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2800.1106, faulting module mshtml.dll, version 6.0.2800.1106, fault address 0x000e8906.

Record Number: 149
Source Name: Application Error
Time Written: 20090906190451.000000-240
Event Type: error
User:

Computer Name: YOUR-6PDPT9YPA2
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2800.1106, faulting module mshtml.dll, version 6.0.2800.1106, fault address 0x000e8906.

Record Number: 147
Source Name: Application Error
Time Written: 20090906190206.000000-240
Event Type: error
User:

Computer Name: YOUR-6PDPT9YPA2
Event Code: 1002
Message: Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module jscript.dll, version 5.6.0.6626, hang address 0x0000705b.

Record Number: 146
Source Name: Application Hang
Time Written: 20090906135301.000000-240
Event Type: error
User:

Computer Name: YOUR-6PDPT9YPA2
Event Code: 1002
Message: Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module jscript.dll, version 5.6.0.6626, hang address 0x0000705b.

Record Number: 145
Source Name: Application Hang
Time Written: 20090906135301.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0800
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------


Thanks,
Mr.Eric56

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:44 PM

Posted 01 October 2009 - 09:30 PM

Hi mr.eric56,


Logfile of random's system information tool 1.06 (written by random/random)
Run by eric kraemer at 2009-10-01 18:15:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (81%) free of 38 GB
Total RAM: 95 MB (14% free)



Form your log header, It seemed that your system ran out of RAM. Having too little ram on your system can compromise the system performance.

It will lead to an unstable system when you're running applications and cause the shutdown for unknown reason. You are well advised to shop some Ram for your own asap.


Step1

Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:

    Java 2 Runtime Environment Standard Edition v1.3.1_02

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
Step2

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.



Step3

Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


Please post back the logs in your next reply.


1.Kas Online Scan Report


Tell me how your pc is running now

Edited by sundavis, 02 October 2009 - 09:42 PM.


#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:44 PM

Posted 06 October 2009 - 02:10 AM

Due to Lack of feedback, this topic is now Closed.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users