Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Cyber Security Trojan


  • This topic is locked This topic is locked
12 replies to this topic

#1 J3SSEB

J3SSEB

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 05 February 2010 - 10:50 AM

Hey guys, noob here, first of all thanks for all your help and please pardon my ignorance for I'm not too savvy with this kind of stuff. As far as I know I was infected with a Cyber Security Trojan. I have tried several things to remove it (I used rkill and malwarebytes) and have not prevailed. Also, in the process I believe I made my laptop worse and removed or changed a bunch of stuff (I changed some of the registry following advice intended for others) I wasn't supposed to. Here is a list of noticeable changes and problems I have had recently. FYI this laptop is older and doesn't get much use, it's not my main computer.

Does not shut down at all.
Stuck on computer being updated screen.
Can't access the add/remove programs menu.
General slowness.
Here is my log.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Jesse Bernal at 9:18:42.45 on Fri 02/05/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.45 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jesse Bernal\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BackupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177173234448
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jesseb~1\applic~1\mozilla\firefox\profiles\aeog4579.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-26 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-26 26184]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-26 282904]

=============== Created Last 30 ================

2010-02-05 14:28:30 0 d-----w- c:\program files\CCleaner
2010-02-05 14:00:59 0 d-----w- c:\program files\Free Window Registry Repair
2010-02-05 03:37:37 0 d-----w- c:\program files\UPHClean
2010-02-04 23:40:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-04 23:16:28 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-04 23:16:23 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-04 23:16:17 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-04 23:16:12 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-04 23:16:05 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-04 23:15:55 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-04 23:15:55 28288 ----a-w- c:\windows\system32\dllcache\xjis.nls
2010-02-04 23:15:30 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-02-04 23:15:28 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-02-04 23:15:23 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-02-04 23:15:14 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-02-04 23:13:58 11935 ----a-w- c:\windows\system32\dllcache\wadv11nt.sys
2010-02-04 23:12:58 11325 ----a-w- c:\windows\system32\dllcache\vchnt5.dll
2010-02-04 23:11:55 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-02-04 23:11:50 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-02-04 23:11:45 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-02-04 23:11:40 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-02-04 23:11:35 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-02-04 23:11:29 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-02-04 23:11:24 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-02-04 23:11:19 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-02-04 23:11:14 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2010-02-04 23:11:09 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2010-02-04 23:11:04 36736 ----a-w- c:\windows\system32\dllcache\ultra.sys
2010-02-04 23:11:01 44672 ----a-w- c:\windows\system32\dllcache\uagp35.sys
2010-02-04 23:10:55 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2010-02-04 23:10:54 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-02-04 23:10:48 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-02-04 23:10:43 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2010-02-04 23:10:38 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-02-04 23:10:33 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2010-02-04 23:10:28 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-02-04 23:10:23 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2010-02-04 23:10:17 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2010-02-04 23:10:12 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2010-02-04 23:10:11 82432 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-02-04 23:10:06 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2010-02-04 23:08:57 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2010-02-04 23:08:53 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-02-04 23:08:48 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-02-04 23:08:41 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-02-04 23:08:36 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2010-02-04 23:08:32 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-02-04 23:08:27 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-02-04 23:08:20 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2010-02-04 23:08:16 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2010-02-04 23:08:11 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-02-04 23:08:07 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-02-04 23:08:02 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-02-04 23:07:57 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-02-04 23:07:53 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-02-04 23:07:52 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-02-04 23:07:47 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-02-04 23:07:42 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-02-04 23:07:37 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-02-04 23:07:32 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2010-02-04 23:07:24 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-02-04 23:07:00 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-02-04 23:07:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-02-04 23:05:58 236544 ----a-w- c:\windows\system32\dllcache\smi2smir.exe
2010-02-04 23:04:59 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2010-02-04 23:04:54 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2010-02-04 23:04:50 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2010-02-04 23:04:46 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2010-02-04 23:04:41 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-02-04 23:04:40 41088 ----a-w- c:\windows\system32\dllcache\sisagp.sys
2010-02-04 23:04:35 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-02-04 23:04:31 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-02-04 23:04:26 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-02-04 23:04:21 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2010-02-04 23:04:21 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-02-04 23:04:18 3901 ----a-w- c:\windows\system32\dllcache\siint5.dll
2010-02-04 23:03:19 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-02-04 23:03:15 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-02-04 23:03:10 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-02-04 23:03:06 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-02-04 23:03:01 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-02-04 23:01:55 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2010-02-04 23:00:56 24576 ----a-w- c:\windows\system32\dllcache\rw430ext.dll
2010-02-04 22:59:55 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-02-04 22:58:59 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2010-02-04 22:57:57 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2010-02-04 22:56:58 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2010-02-04 22:56:53 39424 ----a-w- c:\windows\system32\dllcache\ovcoms.exe
2010-02-04 22:56:49 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll
2010-02-04 22:56:45 351616 ----a-w- c:\windows\system32\dllcache\ovcodek2.sys
2010-02-04 22:56:41 116736 ----a-w- c:\windows\system32\dllcache\ovcodec2.dll
2010-02-04 22:56:37 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys
2010-02-04 22:56:32 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2010-02-04 22:56:28 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2010-02-04 22:56:24 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2010-02-04 22:56:19 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-02-04 22:56:15 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2010-02-04 22:56:10 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2010-02-04 22:56:04 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2010-02-04 22:54:57 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2010-02-04 22:53:57 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2010-02-04 22:52:57 40960 ----a-w- c:\windows\system32\dllcache\msiregmv.exe
2010-02-04 22:52:57 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-02-04 22:52:56 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-02-04 22:52:56 1875968 ----a-w- c:\windows\system32\dllcache\msir3jp.lex
2010-02-04 22:52:39 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-02-04 22:52:33 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2010-02-04 22:52:32 56832 ----a-w- c:\windows\system32\dllcache\msdvbnp.ax
2010-02-04 22:52:28 51328 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-02-04 22:52:18 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-02-04 22:52:17 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-02-04 22:52:07 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-02-04 22:51:58 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2010-02-04 22:51:57 7680 ----a-w- c:\windows\system32\dllcache\migregdb.exe
2010-02-04 22:51:56 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe
2010-02-04 22:51:51 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2010-02-04 22:51:47 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2010-02-04 22:51:47 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2010-02-04 22:51:10 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2010-02-04 22:51:06 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2010-02-04 22:51:02 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2010-02-04 22:49:57 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys
2010-02-04 22:48:59 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-02-04 22:47:58 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2010-02-04 22:46:47 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-02-04 22:45:57 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys
2010-02-04 22:45:54 391199 ----a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2010-02-04 22:45:50 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2010-02-04 22:45:47 115807 ----a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2010-02-04 22:45:43 199711 ----a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2010-02-04 22:45:40 289887 ----a-w- c:\windows\system32\dllcache\hsf_fall.sys
2010-02-04 22:45:36 67167 ----a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2010-02-04 22:45:33 150239 ----a-w- c:\windows\system32\dllcache\hsf_amos.sys
2010-02-04 22:45:11 19456 ----a-w- c:\windows\system32\dllcache\hr1w.dll
2010-02-04 22:45:07 5760 ----a-w- c:\windows\system32\dllcache\hpt4qic.sys
2010-02-04 22:45:04 13312 ----a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2010-02-04 22:45:01 324608 ----a-w- c:\windows\system32\dllcache\hpojwia.dll
2010-02-04 22:43:56 907456 ----a-w- c:\windows\system32\dllcache\hcf_msft.sys
2010-02-04 22:42:58 444416 ----a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-02-04 22:41:58 347550 ----a-w- c:\windows\system32\dllcache\es56tpi.sys
2010-02-04 22:40:58 241206 ----a-w- c:\windows\system32\dllcache\el656se5.sys
2010-02-04 22:39:59 236060 ----a-w- c:\windows\system32\dllcache\ditrace.exe
2010-02-04 22:38:58 20928 ----a-w- c:\windows\system32\dllcache\defpa.sys
2010-02-04 22:37:59 57399 ----a-w- c:\windows\system32\dllcache\cplexe.exe
2010-02-04 22:34:49 15872 ----a-w- c:\windows\system32\dllcache\chgport.exe
2010-02-04 22:33:59 66082 ----a-w- c:\windows\system32\dllcache\c_1145.nls
2010-02-04 22:32:30 37568 ----a-w- c:\windows\system32\dllcache\avmwan.sys
2010-02-04 22:31:59 104960 ----a-w- c:\windows\system32\dllcache\atinrvxx.sys
2010-02-04 22:30:59 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-02-04 22:28:50 32827 ----a-w- c:\windows\system32\dllcache\tcptest.exe
2010-02-04 22:28:50 16384 ----a-w- c:\windows\system32\dllcache\tcptsat.dll
2010-02-04 22:28:46 16437 ----a-w- c:\windows\system32\dllcache\shtml.exe
2010-02-04 22:28:44 20536 ----a-w- c:\windows\system32\dllcache\shtml.dll
2010-02-04 22:26:56 188480 ----a-w- c:\windows\system32\dllcache\cfgwiz.exe
2010-02-04 22:26:56 16439 ----a-w- c:\windows\system32\dllcache\author.exe
2010-02-04 22:26:55 20540 ----a-w- c:\windows\system32\dllcache\author.dll
2010-02-04 22:26:52 16439 ----a-w- c:\windows\system32\dllcache\admin.exe
2010-02-04 22:26:51 20540 ----a-w- c:\windows\system32\dllcache\admin.dll
2010-02-03 22:38:21 0 d-----w- c:\docume~1\jesseb~1\applic~1\Malwarebytes
2010-02-03 22:38:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 22:38:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 22:38:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-03 22:38:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================


============= FINISH: 9:20:19.64 ===============

Attached Files


Edited by J3SSEB, 05 February 2010 - 04:23 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:54 PM

Posted 12 February 2010 - 03:21 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg


#3 J3SSEB

J3SSEB
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 February 2010 - 04:00 PM

Hey thanks for your help Syler, here are the log files as requested.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jesse Bernal at 2010-02-12 14:41:01
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 43 GB (75%) free of 57 GB
Total RAM: 222 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:04 PM, on 2/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jesse Bernal\Desktop\RSIT.exe
C:\Program Files\trend micro\Jesse Bernal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177173234448
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {6f822f67-3f67-4da0-8ce9-a5be490fa604} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7265 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-05-26 419096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-04 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-10-30 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-10-30 118784]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-26 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-26 536576]
"HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2003-05-22 483328]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-07-30 286720]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BackupNotify"=C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-05-26 1177368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-04-30 208958]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-08-04 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-01-10 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2010-02-04 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-30 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f123f5e1-612b-11dd-b328-00c09f65cd69}]
shell\AutoRun\command - D:\rcaeasyrip_setup.exe
shell\install\command - D:\rcaeasyrip_setup.exe
shell\usermanualEnglish\command - D:\rcaeasyrip_setup.exe /pdf_English
shell\usermanualFrench\command - D:\rcaeasyrip_setup.exe /pdf_French
shell\usermanualSpanish\command - D:\rcaeasyrip_setup.exe /pdf_Spanish


======List of files/folders created in the last 1 months======

2010-02-12 14:41:08 ----D---- C:\Program Files\trend micro
2010-02-12 14:41:01 ----D---- C:\rsit
2010-02-05 09:34:39 ----A---- C:\RootRepeal report 02-05-10 (09-34-39).txt
2010-02-05 08:41:47 ----A---- C:\WINDOWS\resetlog.txt
2010-02-05 08:28:30 ----D---- C:\Program Files\CCleaner
2010-02-05 08:00:59 ----D---- C:\Program Files\Free Window Registry Repair
2010-02-04 21:37:37 ----D---- C:\Program Files\UPHClean
2010-02-04 17:40:04 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-04 17:40:04 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-04 17:40:04 ----A---- C:\WINDOWS\system32\java.exe
2010-02-04 17:40:04 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-03 16:38:21 ----D---- C:\Documents and Settings\Jesse Bernal\Application Data\Malwarebytes
2010-02-03 16:38:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-03 16:38:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of files/folders modified in the last 1 months======

2010-02-12 14:41:08 ----RD---- C:\Program Files
2010-02-12 14:41:02 ----D---- C:\WINDOWS\Prefetch
2010-02-05 09:24:08 ----D---- C:\Program Files\Mozilla Firefox
2010-02-05 09:24:06 ----D---- C:\WINDOWS\system32\drivers
2010-02-05 09:22:01 ----D---- C:\WINDOWS\Temp
2010-02-05 09:14:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-05 08:41:47 ----D---- C:\WINDOWS
2010-02-05 08:00:15 ----D---- C:\WINDOWS\system32
2010-02-04 21:41:57 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2010-02-04 21:37:50 ----SHD---- C:\WINDOWS\Installer
2010-02-04 21:37:50 ----D---- C:\Config.Msi
2010-02-04 20:35:31 ----SH---- C:\boot.ini
2010-02-04 20:35:31 ----A---- C:\WINDOWS\win.ini
2010-02-04 20:35:31 ----A---- C:\WINDOWS\system.ini
2010-02-04 20:35:19 ----D---- C:\WINDOWS\pss
2010-02-04 18:29:14 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-04 17:48:46 ----D---- C:\Documents and Settings\Jesse Bernal\Application Data\Mozilla
2010-02-04 17:39:03 ----D---- C:\Program Files\Java
2010-02-04 17:17:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-04 16:23:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-04 15:32:31 ----A---- C:\WINDOWS\imsins.BAK
2010-02-04 08:56:55 ----D---- C:\WINDOWS\security
2010-02-03 23:17:33 ----D---- C:\Program Files\Common Files
2010-02-03 23:17:30 ----SD---- C:\WINDOWS\Tasks
2010-02-03 23:17:30 ----D---- C:\Program Files\Shared
2010-02-03 23:17:29 ----D---- C:\Program Files\CS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2003-05-03 43672]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-05-26 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-05-26 26184]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-07 120798]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-07 98938]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-11-07 33847]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-08-04 341760]
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-04-29 292352]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-04-29 274688]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-03-10 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-03-10 199552]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-11-07 94075]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2004-04-27 69504]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-26 182720]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-03-10 682624]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-03-22 1657344]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-26 282904]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-04 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-07-27 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-02-12 14:42:12

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conexant AC-Link Audio-->CIAunwdm.exe
Free Window Registry Repair-->C:\PROGRA~1\FREEWI~1\UNWISE.EXE C:\PROGRA~1\FREEWI~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Quick Launch Buttons 5.00 B3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_3080103C\HXFSETUP.EXE -U -Ihpm30805.inf
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Zone Deluxe Games-->MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}

======Security center information======

AV: AVG Anti-Virus Free (outdated)

======System event log======

Computer Name: MCBERNIE
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 108711
Source Name: Disk
Time Written: 20100204110517.000000-360
Event Type: error
User:

Computer Name: MCBERNIE
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 108710
Source Name: Disk
Time Written: 20100204110509.000000-360
Event Type: error
User:

Computer Name: MCBERNIE
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 108709
Source Name: Disk
Time Written: 20100204110500.000000-360
Event Type: error
User:

Computer Name: MCBERNIE
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 108708
Source Name: Disk
Time Written: 20100204110452.000000-360
Event Type: error
User:

Computer Name: MCBERNIE
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 108707
Source Name: Disk
Time Written: 20100204110443.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: MCBERNIE
Event Code: 490
Message: wuauclt (4060) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" for read / write access failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ". The open file operation will fail with error -1022 (0xfffffc02).

Record Number: 28291
Source Name: ESENT
Time Written: 20080413020811.000000-300
Event Type: error
User:

Computer Name: MCBERNIE
Event Code: 485
Message: wuauclt (4060) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Record Number: 28290
Source Name: ESENT
Time Written: 20080413020811.000000-300
Event Type: error
User:

Computer Name: MCBERNIE
Event Code: 439
Message: wuauclt (1468) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1022.

Record Number: 28289
Source Name: ESENT
Time Written: 20080413020810.000000-300
Event Type: error
User:

Computer Name: MCBERNIE
Event Code: 490
Message: wuauclt (1468) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" for read / write access failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ". The open file operation will fail with error -1022 (0xfffffc02).

Record Number: 28288
Source Name: ESENT
Time Written: 20080413020810.000000-300
Event Type: error
User:

Computer Name: MCBERNIE
Event Code: 485
Message: wuauclt (1468) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).

Record Number: 28287
Source Name: ESENT
Time Written: 20080413020810.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-12 14:54:23
Windows 5.1.2600 Service Pack 2
Running: oc2ef9zw.exe; Driver: C:\DOCUME~1\JESSEB~1\LOCALS~1\Temp\kxtyypow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xED8636D0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

---- EOF - GMER 1.0.15 ----


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:54 PM

Posted 12 February 2010 - 04:25 PM

Hi J3SSEB,

I don't see much wrong in your log, however im not supprised the machine is running slow.

I notice that you don't have alot of RAM on your machine this could explain some of the issues you are having.
Total RAM: 222 MB (11% free)

Although microsoft's minimum requirement for Windows XP is 128MB, I would recommend at least 512MB for a decent performance, so you
may want to consider getting some more RAM for your machine.



Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy the content of the following codebox into the main textfield :
    CODE
    :regfind
    {6f822f67-3f67-4da0-8ce9-a5be490fa604}
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan, Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

unite.jpg


#5 J3SSEB

J3SSEB
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 February 2010 - 04:53 PM

Hi Syler,

I guess the rkill and malwarebytes must have deleted most of it, but that still doesn't explain why I cant access my "add or remove a program" and why my machine won't shut down or restart without holding down the power button.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:49 on 12/02/2010 by Jesse Bernal (Administrator - Elevation successful)

========== regfind ==========

Searching for "{6f822f67-3f67-4da0-8ce9-a5be490fa604}"
No data found.

-=End Of File=-

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:54 PM

Posted 12 February 2010 - 05:12 PM

Your rite it doesn't explain them issues but they sound more like general computer issues to me not malware, although we can still do a couple
of checks to make sure their is nothing hiding.

One thing you said though.

QUOTE
(I changed some of the registry following advice intended for others)


Changing the registry without knowing what you are changing is a dangerous thing to do and can lead to all kind of trouble, it may
even explain some of the problems you are having.

Can you tell me what happens when you try to shutdown, any error messages or does it just stop?
Also what happens when you try to access add/remove programs?


unite.jpg


#7 J3SSEB

J3SSEB
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 February 2010 - 05:21 PM

Ok. First, when I try to access add/remove programs I just get the "hourglass" for half a second and then nothing happens. Second, if I try to restart I will get a message that say's "Installing 1 of 21 updates, please do not turn off or unplug..." I left it that way over night one day and it stayed stuck on that screen all night. Lastly, if I try to shut down it will usually just stay on the blue screen and never shut down. As far as I know this is the extent of my issues, there could be more.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:54 PM

Posted 12 February 2010 - 05:38 PM

Ok lets run combofix, if this doesn't find anything then I will refer you to another forum where you can be better assisted with these
issues.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#9 J3SSEB

J3SSEB
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 February 2010 - 06:29 PM

Ok Mr. Syler here is my log. Oh and I closed my AVG 2 times but it insisted that it was still activated so I ran it anyway.


ComboFix 10-02-12.01 - Jesse Bernal 02/12/2010 17:00:06.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.104 [GMT -6:00]
Running from: c:\documents and settings\Jesse Bernal\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Shared
c:\recycler\S-1-5-21-1390067357-1606980848-839522115-1003
c:\recycler\S-1-5-21-3824830721-3646771149-391280437-1003
c:\windows\EventSystem.log
c:\windows\system32\drivers\OCA_LOG.TXT

.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 20:41 . 2010-02-12 20:42 -------- d-----w- c:\program files\trend micro
2010-02-12 20:41 . 2010-02-12 20:42 -------- d-----w- C:\rsit
2010-02-05 14:28 . 2010-02-05 14:28 -------- d-----w- c:\program files\CCleaner
2010-02-05 14:00 . 2010-02-05 14:22 -------- d-----w- c:\program files\Free Window Registry Repair
2010-02-05 03:37 . 2010-02-05 03:37 -------- d-----w- c:\program files\UPHClean
2010-02-04 23:40 . 2010-02-04 23:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-04 23:38 . 2010-02-04 23:38 152576 ----a-w- c:\documents and settings\Jesse Bernal\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-04 23:37 . 2010-02-04 23:37 79488 ----a-w- c:\documents and settings\Jesse Bernal\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-04 23:16 . 2004-08-04 06:56 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-04 23:16 . 2001-08-18 04:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-04 23:16 . 2001-08-18 04:36 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-04 23:16 . 2001-08-18 04:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-04 23:16 . 2001-08-18 04:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-04 23:15 . 2001-08-18 04:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-04 23:15 . 2001-08-17 18:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-02-04 23:15 . 2004-08-04 04:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-02-04 23:15 . 2004-08-04 05:10 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-02-04 23:15 . 2004-08-04 04:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-02-04 23:13 . 2004-08-04 04:29 11935 ----a-w- c:\windows\system32\dllcache\wadv11nt.sys
2010-02-04 23:12 . 2004-08-04 06:56 11325 ----a-w- c:\windows\system32\dllcache\vchnt5.dll
2010-02-04 23:11 . 2001-08-18 04:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-02-04 23:11 . 2001-08-18 04:36 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-02-04 23:11 . 2001-08-18 04:36 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-02-04 23:11 . 2001-08-18 04:36 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-02-04 23:11 . 2001-08-18 04:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-02-04 23:11 . 2001-08-17 19:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-02-04 23:11 . 2001-08-18 04:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-02-04 23:11 . 2001-08-18 04:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-02-04 23:11 . 2001-08-18 04:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2010-02-04 23:11 . 2001-08-18 04:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2010-02-04 23:11 . 2001-08-17 19:52 36736 ----a-w- c:\windows\system32\dllcache\ultra.sys
2010-02-04 23:11 . 2004-08-04 05:07 44672 ----a-w- c:\windows\system32\dllcache\uagp35.sys
2010-02-04 23:10 . 2001-08-17 19:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2010-02-04 23:10 . 2004-08-04 13:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-02-04 23:10 . 2001-08-17 18:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-02-04 23:10 . 2001-08-18 04:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2010-02-04 23:10 . 2001-08-17 18:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-02-04 23:10 . 2001-08-17 20:56 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2010-02-04 23:10 . 2001-08-17 18:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-02-04 23:10 . 2001-08-17 20:56 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2010-02-04 23:10 . 2001-08-17 18:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2010-02-04 23:10 . 2001-08-18 04:35 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2010-02-04 23:10 . 2004-08-04 06:56 82432 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-02-04 23:10 . 2001-08-18 04:36 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2010-02-04 23:08 . 2001-08-17 19:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2010-02-04 23:08 . 2001-08-17 18:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-02-04 23:08 . 2001-08-17 20:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-02-04 23:08 . 2001-08-17 20:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2010-02-04 23:08 . 2001-08-17 20:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2010-02-04 23:08 . 2001-08-17 20:07 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys
2010-02-04 23:08 . 2001-08-17 20:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys
2010-02-04 23:08 . 2001-08-18 04:36 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2010-02-04 23:08 . 2001-08-17 19:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2010-02-04 23:08 . 2001-08-17 20:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-02-04 23:08 . 2001-08-18 04:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-02-04 23:08 . 2001-08-18 04:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-02-04 23:07 . 2001-08-18 04:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-02-04 23:07 . 2001-08-18 04:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-02-04 23:07 . 2004-08-04 05:10 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-02-04 23:07 . 2001-08-18 04:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-02-04 23:07 . 2001-08-18 04:36 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-02-04 23:07 . 2001-08-17 18:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-02-04 23:07 . 2001-08-17 19:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2010-02-04 23:07 . 2001-08-17 18:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-02-04 23:07 . 2004-08-04 13:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-02-04 23:07 . 2001-08-18 04:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-02-04 23:05 . 2004-08-04 13:00 236544 ----a-w- c:\windows\system32\dllcache\smi2smir.exe
2010-02-04 23:04 . 2001-08-17 20:56 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2010-02-04 23:04 . 2001-08-17 18:50 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2010-02-04 23:04 . 2004-08-04 04:31 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2010-02-04 23:04 . 2001-08-18 04:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2010-02-04 23:04 . 2001-08-17 18:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-02-04 23:04 . 2004-08-04 05:07 41088 ----a-w- c:\windows\system32\dllcache\sisagp.sys
2010-02-04 23:04 . 2001-08-17 20:56 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-02-04 23:04 . 2001-08-17 18:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-02-04 23:04 . 2001-08-17 20:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-02-04 23:04 . 2004-08-04 13:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2010-02-04 23:04 . 2001-08-17 18:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-02-04 23:04 . 2004-08-04 06:56 3901 ----a-w- c:\windows\system32\dllcache\siint5.dll
2010-02-04 23:03 . 2001-07-21 20:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-02-04 23:03 . 2001-07-21 20:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-02-04 23:03 . 2001-08-17 18:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-02-04 23:03 . 2001-08-18 04:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-02-04 23:03 . 2001-08-17 18:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-02-04 23:01 . 2001-08-17 18:50 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2010-02-04 23:00 . 2001-08-18 04:36 24576 ----a-w- c:\windows\system32\dllcache\rw430ext.dll
2010-02-04 22:59 . 2001-08-17 19:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-02-04 22:58 . 2001-08-17 19:28 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2010-02-04 22:57 . 2001-08-18 04:36 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2010-02-04 22:56 . 2001-08-17 20:05 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2010-02-04 22:56 . 2001-08-18 04:36 39424 ----a-w- c:\windows\system32\dllcache\ovcoms.exe
2010-02-04 22:56 . 2001-08-18 04:36 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll
2010-02-04 22:56 . 2001-08-17 20:05 351616 ----a-w- c:\windows\system32\dllcache\ovcodek2.sys
2010-02-04 22:56 . 2001-08-18 04:36 116736 ----a-w- c:\windows\system32\dllcache\ovcodec2.dll
2010-02-04 22:56 . 2001-08-17 20:05 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys
2010-02-04 22:56 . 2001-08-17 20:05 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2010-02-04 22:56 . 2001-08-17 20:05 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2010-02-04 22:56 . 2001-08-17 20:05 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2010-02-04 22:56 . 2001-08-17 19:28 54186 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-02-04 22:56 . 2001-08-17 18:12 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2010-02-04 22:56 . 2001-08-17 18:12 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2010-02-04 22:56 . 2001-08-17 18:20 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2010-02-04 22:54 . 2001-08-17 18:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2010-02-04 22:53 . 2001-08-17 19:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2010-02-04 22:52 . 2004-08-04 13:00 40960 ----a-w- c:\windows\system32\dllcache\msiregmv.exe
2010-02-04 22:52 . 2004-08-04 05:00 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-02-04 22:52 . 2004-08-04 13:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-02-04 22:52 . 2001-08-17 20:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-02-04 22:52 . 2001-08-17 19:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2010-02-04 22:52 . 2004-08-04 05:10 51328 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-02-04 22:52 . 2001-08-17 19:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-02-04 22:52 . 2004-08-04 05:10 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-02-04 22:52 . 2001-08-17 19:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-02-04 22:51 . 2001-08-17 19:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2010-02-04 22:51 . 2004-08-04 13:00 7680 ----a-w- c:\windows\system32\dllcache\migregdb.exe
2010-02-04 22:51 . 2004-08-04 13:00 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe
2010-02-04 22:51 . 2001-08-17 18:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2010-02-04 22:51 . 2004-08-04 13:00 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2010-02-04 22:51 . 2001-08-17 20:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2010-02-04 22:51 . 2004-08-04 05:00 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2010-02-04 22:51 . 2001-08-18 04:36 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2010-02-04 22:51 . 2001-08-17 19:58 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2010-02-04 22:49 . 2001-08-17 18:11 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys
2010-02-04 22:48 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-02-04 22:47 . 2001-08-18 04:36 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 03:41 . 2008-05-26 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-04 23:39 . 2003-05-04 01:33 -------- d-----w- c:\program files\Java
2010-02-04 05:17 . 2009-10-24 04:17 -------- d-----w- c:\program files\CS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-30 118784]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 536576]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-23 483328]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 286720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2008-05-26 18:34 1177368 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-04-30 17:32 208958 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 15:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-05 00:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-10 21:27 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-04 23:39 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2008 12:35 PM 96520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/26/2008 12:34 PM 282904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KXTYYPOW
*Deregistered* - kxtyypow
*Deregistered* - uphcleanhlp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
FF - ProfilePath - c:\documents and settings\Jesse Bernal\Application Data\Mozilla\Firefox\Profiles\aeog4579.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?.home=ytff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BackupNotify - c:\program files\HP\Digital Imaging\bin\backupnotify.exe
MSConfigStartUp-DXDllRegExe - dxdllreg.exe
MSConfigStartUp-HPHUPD05 - c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 17:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(452)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2010-02-12 17:23:13
ComboFix-quarantined-files.txt 2010-02-12 23:23

Pre-Run: 44,669,603,840 bytes free
Post-Run: 44,995,366,912 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E179362628D8316DD66C4F0EE831790F


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:54 PM

Posted 12 February 2010 - 06:45 PM

J3SSEB,

That log looks fine to me, it did remove a couple of bits, but I don't think these would have been causing your problem, although let
me know if im wrong. I think you next step should be posting in the XP forum about your other issue, you can include a link to this
topic so they can see the details you have given me.


Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /uninstall in the run box and click OK. Note the space between the X and the /, it needs to be there.



Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#11 J3SSEB

J3SSEB
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 February 2010 - 07:13 PM

Ok, well thanks for all you did anyway; I will post on the XP forum.

After I downloaded OTC and hit "clean up" it ask me to reboot and now im stuck at the "Windows is shutting down" screen. Should I go ahead and shut it off?

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:54 PM

Posted 12 February 2010 - 07:22 PM

You're welcome.

Yes you will have to just shut it down, if thier is anything left that it doesn't remove you can just delete it manualy

unite.jpg


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:54 PM

Posted 13 February 2010 - 10:16 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users