Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Wild Tangent Malware and other trojans

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Wild Tangent Malware and other trojans

Unread postby Curley » September 4th, 2009, 8:53 am

Hello. I recently acquired a bunch of virusus and trojans while attempting to change out my virus program. In any event, it started with several viruses and only one malware originating from Wild Tangent that my anti-virus program could clean, so I was given the option to delte or quaranteen and I opted to delete it. I attempted to manually remove Wild Tangent from My Programs as it came with my HP and I never use the games. However, I did not remove the driver and updater before I uninstalled the main channel, so it would not later let me uninstall the driver and updater. I have learned since getting this malware, that Wild Tangent has an automatic silent updater, and this must be how the malware/spware got through. I did go to the C: drive to try and uninstall the driver and updater there, but it would not allow me to. I ran this analyzer and saw the following for wild tangent: O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch, and I did have hijackthis "fix it", so it is no longer showing on a subsequent log. I have made no other changes.

So, first I want to make sure there is nothing else for Wild Tangent, which I do not see, and that is the only issue I understand.

Also, after my first attempt at manual removal of Wild Tangent, and having done a system restore to undue changes from major windows update, which caused my computer to work dreadfully slowly, I acquired 10 trojans upon immediately running another deep system scan. Again, the wild tangent malware showed up but was cleaned, but again, another trojan popped up that could could not be cleaned and this time I quaranteed it as I really don't know if it is better to quaranteen or delete an uncleaned virus, malware or trojan. Most were steeming from the "system restore".

This is the anti-virus log:
Object Name Threat Name Final Status
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP411\A0099653.exe DeepScan:Generic.Malware.P!.5F1AEB08 Moved to Quarantine
C:\WINDOWS\Temp\23125234.tmp Trojan.Generic.1775849 Deleted
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe Trojan.Generic.1869566 Deleted
C:\hp\bin\AUTOPLAY.EXE Trojan.Generic.1869566 Deleted
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP416\A0102127.exe Trojan.Generic.1869566 Deleted
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP416\A0102389.EXE Trojan.Generic.1869566 Deleted
C:\hp\bin\Terminator.exe Trojan.Generic.IS.563031 Deleted
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP416\A0102391.exe Trojan.Generic.IS.563031 Deleted
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP411\A0099652.dll Trojan.Spy.Wildtangent.A Deleted
C:\WINDOWS\Temp\gaopdx23145609 Trojan.Zlob.55823 Deleted






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:01 AM, on 9/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\PCSecurityShield\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PCSecurityShield\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PCSecurityShield\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: The Shield Deluxe 2009 Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\PCSecurityShield\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\PCSecurityShield\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\PCSecurityShield\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O23 - Service: The Shield Deluxe 2009 Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: The Shield Deluxe 2009 Desktop Update Service (LIVESRV) - PCSecurityShield - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: The Shield Deluxe 2009 Virus Shield (VSSERV) - PCSecurityShield - C:\Program Files\PCSecurityShield\BitDefender 2009\vsserv.exe

--
End of file - 6935 bytes
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am
Advertisement
Register to Remove

Re: Wild Tangent Malware and other trojans

Unread postby Dakeyras » September 8th, 2009, 10:11 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi Curley and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Scan with Rooter:

Please download Rooter to your desktop.

  • Double click on Rooter.exe to start the application.
  • Now click on the Scan button.
  • When the scan is completed a text file called Rooter.txt will appear on your desktop, post the contents in your next reply.
  • Now click on Close button to exit Rooter.

Note: The logfile can also be located within this folder Rooter$ at the root of your installed Hard-Drive. EG: C:\Rooter$

Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Rooter Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Wild Tangent Malware and other trojans

Unread postby Curley » September 8th, 2009, 11:30 pm

Thank you. Since my initial post, I have done several things. I have installed and ran CCleaner cleanup and registry, and Defraggler. I have also installed and ran Driver Detective and have updated only a few drivers to this point out of the many I need to update. This has also opened up a lot of windows and microsoft updates that I have been installing lately. Today I installed an update of "windows maleware removal." So because of all the installing and cleaning, it is hard for me to judge how my computer is actually doing. It has run very slow at times and has locked up on me twice. At other times, it has run faster than I have seen in many months. There is a "NoRemove" my registry cleanup keeps picking up on but never seems to get rid of, so I am suspicious of it.

Here is the Rooter log you asked for:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 1 Stepping 3, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.0.10 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:52 Go - Free:30 Go )
D:\ [Fixed-FAT32] .. ( Total:5 Go - Free:1 Go )
E:\ [CD_Rom]
.
Scan : 23:22.40
Path : C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DOPNLIZ1\Rooter[1].exe
User : Owner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (464)
______ \??\C:\WINDOWS\system32\csrss.exe (512)
______ \??\C:\WINDOWS\system32\winlogon.exe (536)
______ C:\WINDOWS\system32\services.exe (580)
______ C:\WINDOWS\system32\lsass.exe (592)
______ C:\WINDOWS\system32\svchost.exe (764)
______ C:\WINDOWS\system32\svchost.exe (808)
______ C:\WINDOWS\System32\svchost.exe (876)
______ C:\WINDOWS\System32\svchost.exe (920)
______ C:\WINDOWS\System32\svchost.exe (964)
______ C:\WINDOWS\Explorer.EXE (1300)
______ C:\WINDOWS\system32\spoolsv.exe (1332)
______ C:\windows\system\hpsysdrv.exe (1520)
______ C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe (1528)
______ C:\WINDOWS\system32\igfxtray.exe (1552)
______ C:\WINDOWS\system32\hkcmd.exe (1564)
______ C:\WINDOWS\system32\ps2.exe (1572)
______ C:\Program Files\Real\RealPlayer\RealPlay.exe (1592)
______ C:\Program Files\Java\jre6\bin\jusched.exe (1636)
______ C:\WINDOWS\system32\dla\tfswctrl.exe (1648)
______ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (1660)
______ C:\WINDOWS\SOUNDMAN.EXE (1676)
______ C:\WINDOWS\LTMSG.exe (1696)
______ C:\Program Files\Microsoft IntelliType Pro\itype.exe (1704)
______ C:\WINDOWS\system32\ctfmon.exe (1724)
______ C:\Program Files\DNA\btdna.exe (1744)
______ C:\Program Files\Logitech\SetPoint\SetPoint.exe (1760)
______ C:\Program Files\NETGEAR\WN111\wn111.exe (1776)
______ C:\Program Files\OpenOffice.org 3\program\soffice.exe (1808)
______ C:\Program Files\OpenOffice.org 3\program\soffice.bin (1840)
______ C:\WINDOWS\System32\svchost.exe (1880)
______ C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (1948)
______ C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (1980)
______ C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (216)
______ C:\Program Files\Java\jre6\bin\jqs.exe (364)
______ C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe (412)
______ C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe (504)
______ C:\WINDOWS\System32\alg.exe (2868)
______ C:\WINDOWS\System32\msiexec.exe (3900)
______ C:\Program Files\Internet Explorer\iexplore.exe (1180)
______ C:\Program Files\Internet Explorer\iexplore.exe (1440)
______ C:\Program Files\Defraggler\Defraggler.exe (3776)
______ C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DOPNLIZ1\Rooter[1].exe (3304)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:5395751424)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:5395783680 | Length:56086732800)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:23.05
.
C:\Rooter$\Rooter_1.txt - (08/09/2009 | 23:23.05)
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: Wild Tangent Malware and other trojans

Unread postby Curley » September 8th, 2009, 11:33 pm

Okay, here is the RSIT log.txt you asked for:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-09-08 23:31:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (58%) free of 53 GB
Total RAM: 254 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:05 PM, on 9/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Defraggler\Defraggler.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\X472J79Q\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2349948046
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

--
End of file - 7497 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2002-10-09 94262]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"CamMonitor"=c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe [2002-06-18 69632]
"StorageGuard"=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-05-09 155648]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2001-12-19 212992]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-06-14 81920]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2008-08-18 26112]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2002-10-09 106551]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"LTMSG"=LTMSG.exe 7 []
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-03-26 1442888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-01-26 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
NETGEAR WN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WN111\wn111.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\hp center\137903\Program\BackWeb-137903.exe"="C:\Program Files\hp center\137903\Program\BackWeb-137903.exe:*:Enabled:BackWeb-137903"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"="C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe:*:Enabled:The Shield Deluxe 2008"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Disabled:Halo"
"C:\Q3Ademo\quake3.exe"="C:\Q3Ademo\quake3.exe:*:Disabled:quake3"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe"="C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe:*:Enabled:Media Manager for PSP 3.0"
"C:\Documents and Settings\Owner\My Documents\GBA EMU\VisualBoyAdvance.exe"="C:\Documents and Settings\Owner\My Documents\GBA EMU\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator"
"C:\Documents and Settings\Owner\My Documents\My Podcasts\PiMPStreamer-0.65-fw15\Windoze\PimpStreamer.exe"="C:\Documents and Settings\Owner\My Documents\My Podcasts\PiMPStreamer-0.65-fw15\Windoze\PimpStreamer.exe:*:Enabled:PimpStreamer, Streams video from PC to PSP Realtime!"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting"
"C:\Program Files\SPSSInc\PASWStatistics17\statistics.com"="C:\Program Files\SPSSInc\PASWStatistics17\statistics.com:*:Disabled:Statistics17:deprecated com"
"C:\Program Files\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe"="C:\Program Files\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"C:\Program Files\SPSSInc\PASWStatistics17\paswstat.exe"="C:\Program Files\SPSSInc\PASWStatistics17\paswstat.exe:*:Disabled:Statistics17:exe"
"C:\Program Files\SPSSInc\PASWStatistics17\statistics.exe"="C:\Program Files\SPSSInc\PASWStatistics17\statistics.exe:*:Disabled:Statistics17:deprecated exe"
"C:\Program Files\SPSSInc\PASWStatistics17\paswstat.com"="C:\Program Files\SPSSInc\PASWStatistics17\paswstat.com:*:Disabled:Statistics17:com"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-08 23:31:20 ----DC---- C:\rsit
2009-09-08 23:23:05 ----DC---- C:\Rooter$
2009-09-08 20:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-08 20:19:00 ----A---- C:\WINDOWS\imsins.BAK
2009-09-08 20:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-08 17:00:50 ----A---- C:\WINDOWS\Language_trs.ini
2009-09-08 16:59:43 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-09-08 16:58:52 ----DC---- C:\Intel
2009-09-08 12:59:44 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2009-09-08 12:57:49 ----D---- C:\Program Files\Common Files\Logishrd
2009-09-08 12:16:42 ----DC---- C:\Update Drivers
2009-09-08 11:36:43 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-08 11:36:41 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-08 11:29:59 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem.txt
2009-09-07 22:56:00 ----D---- C:\Program Files\Motorola
2009-09-07 22:55:59 ----D---- C:\Program Files\Common Files\Motorola Shared
2009-09-07 22:47:44 ----D---- C:\Program Files\Microsoft IntelliType Pro
2009-09-07 22:44:47 ----D---- C:\Program Files\Intel
2009-09-07 22:41:06 ----N---- C:\WINDOWS\ltremove.exe
2009-09-07 22:40:44 ----N---- C:\WINDOWS\ltmsg.exe
2009-09-07 22:39:51 ----D---- C:\WINDOWS\Options
2009-09-07 21:55:18 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-09-07 21:17:00 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-09-07 21:16:28 ----D---- C:\Documents and Settings\Owner\Application Data\Logitech
2009-09-07 21:07:53 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-09-07 21:03:55 ----A---- C:\WINDOWS\KHALMNPR.Exe
2009-09-07 21:03:50 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2009-09-07 21:03:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\KemXML.dll
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\KemWnd.dll
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\KemUtil.dll
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\kemutb.dll
2009-09-07 21:01:52 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-09-07 21:01:43 ----D---- C:\Program Files\Logitech
2009-09-07 21:01:35 ----D---- C:\Program Files\Common Files\Logitech
2009-09-07 21:01:06 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2009-09-07 20:46:29 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-09-07 20:43:36 ----D---- C:\Program Files\Realtek AC97
2009-09-07 20:43:33 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2009-09-07 20:43:30 ----A---- C:\WINDOWS\soundman.exe
2009-09-07 20:43:28 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-09-07 20:43:21 ----A---- C:\WINDOWS\alcupd.exe
2009-09-07 20:43:21 ----A---- C:\WINDOWS\Alcrmv.exe
2009-09-07 18:35:20 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-07 18:34:55 ----D---- C:\Program Files\PC Drivers HeadQuarters
2009-09-06 16:57:10 ----D---- C:\Program Files\Windows Installer Clean Up
2009-09-06 16:36:00 ----DC---- C:\Install Quicken New User Edition 2002
2009-09-06 16:35:59 ----DC---- C:\setupdlx
2009-09-06 16:35:56 ----D---- C:\Program Files\PC-Doctor for Windows XP
2009-09-06 16:35:56 ----D---- C:\Program Files\IObit
2009-09-06 16:35:56 ----D---- C:\Program Files\InterVideo
2009-09-06 16:26:25 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-09-06 16:26:05 ----D---- C:\Program Files\Common Files\BitDefender
2009-09-06 15:04:51 ----D---- C:\Program Files\Perfect Uninstaller
2009-09-06 13:26:25 ----D---- C:\Program Files\ESET
2009-09-06 13:26:25 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-09-05 20:10:09 ----D---- C:\Program Files\Defraggler
2009-09-05 17:29:36 ----D---- C:\Program Files\CCleaner
2009-09-04 19:21:12 ----A---- C:\WINDOWS\system32\tfswapi.dll
2009-09-04 19:21:10 ----A---- C:\WINDOWS\dla.exe
2009-09-04 19:18:17 ----D---- C:\Program Files\DLA
2009-09-04 17:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2009-09-04 08:12:23 ----D---- C:\Program Files\Trend Micro
2009-09-03 22:38:29 ----DC---- C:\Config.Msi
2009-09-03 14:55:30 ----DC---- C:\WINDOWS\$NtUninstallbasecsp$
2009-09-03 14:52:40 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-09-03 14:52:40 ----D---- C:\Program Files\Windows Desktop Search
2009-09-03 14:51:50 ----DC---- C:\WINDOWS\$NtUninstallKB940157$
2009-09-03 14:50:55 ----DC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-09-03 14:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-02 13:18:14 ----D---- C:\WINDOWS\pss
2009-09-02 13:14:06 ----D---- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4A9EA7DE
2009-08-28 23:02:41 ----A---- C:\WINDOWS\system32\clauth2.dll
2009-08-28 23:02:41 ----A---- C:\WINDOWS\system32\clauth1.dll
2009-08-28 23:02:40 ----A---- C:\WINDOWS\system32\ssprs.dll
2009-08-28 23:02:40 ----A---- C:\WINDOWS\system32\nsprs.dll
2009-08-28 22:58:31 ----D---- C:\Program Files\Common Files\Data Dynamics
2009-08-28 22:18:56 ----A---- C:\WINDOWS\system32\grcauth2.dll
2009-08-28 22:18:56 ----A---- C:\WINDOWS\system32\grcauth1.dll
2009-08-28 22:18:55 ----A---- C:\WINDOWS\system32\prsgrc.dll
2009-08-28 22:10:31 ----D---- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
2009-08-28 22:05:36 ----D---- C:\Documents and Settings\All Users\Application Data\SPSS
2009-08-28 22:05:32 ----D---- C:\Program Files\Common Files\SPSS
2009-08-28 21:55:39 ----D---- C:\Program Files\SPSSInc
2009-08-28 21:54:26 ----A---- C:\WINDOWS\system32\sysprs7.dll
2009-08-28 21:54:26 ----A---- C:\WINDOWS\system32\lsprst7.dll
2009-08-26 14:41:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-13 21:21:24 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-08-13 21:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 21:12:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 21:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 21:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 21:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 21:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 21:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 21:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 21:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 19:40:17 ----D---- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

======List of files/folders modified in the last 1 months======

2009-09-08 23:31:21 ----D---- C:\WINDOWS\Prefetch
2009-09-08 23:30:48 ----D---- C:\WINDOWS\Temp
2009-09-08 23:24:34 ----D---- C:\Documents and Settings\Owner\Application Data\DNA
2009-09-08 23:14:32 ----RSD---- C:\WINDOWS\assembly
2009-09-08 23:13:19 ----SHD---- C:\WINDOWS\Installer
2009-09-08 22:58:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-08 20:37:59 ----D---- C:\WINDOWS
2009-09-08 20:33:50 ----D---- C:\Program Files\DNA
2009-09-08 20:33:35 ----D---- C:\WINDOWS\system32
2009-09-08 20:33:35 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-08 20:32:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-08 20:24:24 ----D---- C:\WINDOWS\inf
2009-09-08 20:24:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-08 20:23:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-08 20:19:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-08 20:19:28 ----D---- C:\WINDOWS\Debug
2009-09-08 17:54:10 ----D---- C:\WINDOWS\Minidump
2009-09-08 17:24:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-08 17:19:03 ----D---- C:\WINDOWS\system32\drivers
2009-09-08 12:57:49 ----D---- C:\Program Files\Common Files
2009-09-08 12:47:23 ----D---- C:\Temp
2009-09-07 22:57:20 ----D---- C:\WINDOWS\WinSxS
2009-09-07 22:56:00 ----RD---- C:\Program Files
2009-09-07 22:52:46 ----SD---- C:\WINDOWS\Tasks
2009-09-07 22:48:03 ----D---- C:\WINDOWS\Fonts
2009-09-07 22:41:07 ----D---- C:\WINDOWS\Driver Cache
2009-09-07 22:37:40 ----D---- C:\Program Files\WinRAR
2009-09-07 21:56:11 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2009-09-07 19:43:03 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-09-07 14:59:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-06 16:56:52 ----D---- C:\Program Files\MSECache
2009-09-06 16:37:21 ----D---- C:\WINDOWS\system32\config
2009-09-06 16:36:49 ----D---- C:\WINDOWS\system32\wbem
2009-09-06 16:36:48 ----D---- C:\WINDOWS\Registration
2009-09-06 16:36:04 ----D---- C:\Program Files\QuickenFC
2009-09-04 19:21:51 ----A---- C:\WINDOWS\wininit.ini
2009-09-04 19:21:16 ----D---- C:\WINDOWS\system32\dla
2009-09-03 22:38:45 ----D---- C:\Program Files\Internet Explorer
2009-09-03 22:10:48 ----D---- C:\Program Files\Mozilla Firefox
2009-09-03 15:02:11 ----D---- C:\WINDOWS\security
2009-09-03 14:58:19 ----D---- C:\WINDOWS\ie8updates
2009-09-03 14:54:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-03 14:52:45 ----D---- C:\WINDOWS\system32\en-us
2009-09-02 23:23:43 ----D---- C:\WINDOWS\system32\FxsTmp
2009-09-02 14:29:17 ----D---- C:\WINDOWS\network diagnostic
2009-09-02 14:19:02 ----D---- C:\Documents and Settings\All Users\Application Data\PCSecurityShield
2009-09-02 14:02:44 ----A---- C:\WINDOWS\win.ini
2009-09-02 13:19:46 ----RASHC---- C:\BOOT.INI
2009-09-02 13:19:46 ----A---- C:\WINDOWS\system.ini
2009-08-28 17:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-13 21:11:21 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2002-10-10 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2002-10-10 23027]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-08-18 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2002-10-07 40400]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2002-10-09 23671]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2002-10-09 34807]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2002-10-09 4119]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2002-10-09 2203]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2002-10-09 55222]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2002-10-09 14039]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2002-10-09 6327]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2002-10-09 91158]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2002-10-09 95479]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-29 36224]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2005-05-05 652689]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2002-07-24 28164]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-03-09 13780]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-05-22 90336]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-05-22 69504]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-08 158140]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-08 12479]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-08 12031]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-08 11679]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-08 11999]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-08 19359]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-08 29215]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-08 19199]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-08 33503]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-08 23519]
S3 MRVW245;Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x); C:\WINDOWS\System32\DRIVERS\MRVW245.sys [2007-11-18 461952]
S3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-13 155008]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-04-09 188032]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [2009-07-18 91392]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: Wild Tangent Malware and other trojans

Unread postby Curley » September 8th, 2009, 11:36 pm

Last log request for RSIT info.txt:

info.txt logfile of random's system information tool 1.06 2009-09-08 23:32:17

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.60 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
AbiWord 2.6.4-->C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
Accent on Interactivity 1.6-->C:\WINDOWS\iun506.exe C:\Program Files\Accent on Interactivity\irunin.ini
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Amos 17.0-->MsiExec.exe /X{9DB2E18E-2A1F-4D65-A258-9CB446903C3E}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Driver Detective-->MsiExec.exe /X{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}
easy Internet sign-up-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\Setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Memories Disc-->MsiExec.exe /X{FF384BDE-429B-45AD-A0C6-E593393D9D1C}
HP Photo and Imaging 1.1 - Photosmart Cameras-->MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
hp toolkit-->c:\Windows\HPTK\unhptkit.exe
Inactive HP Printer Drivers (Remove only)-->RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013F0}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{2515BF88-E42E-4AFA-A8E7-DF272762589B}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
MotoConnect-->MsiExec.exe /I{AD8F0BB4-FF91-4C7A-9B47-EE0AD60B76E7}
Motorola Driver Installation 3.9.0-->MsiExec.exe /I{FB068BA4-C6EA-4D47-A491-C40E23E77F89}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MUSICMATCH Jukebox-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
NETGEAR WN111 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{AFCE4D19-D385-4232-9B0E-809D85A25A10}\setup.exe -runfromtemp -l0x0409
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
PASW Statistics GradPack 17.0-->MsiExec.exe /X{2ECDE974-69D9-47A9-9EB0-10EC49F8468A}
PlayStation(R)Network Downloader-->MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}
PlayStation(R)Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
PSP Video 9 2.25-->C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken Financial Center-->C:\PROGRA~1\QUICKE~1\rem\UNWISE.EXE /s C:\PROGRA~1\QUICKE~1\rem\INSTALL.LOG
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
Rhapsody MP3 Download Manager-->MsiExec.exe /I{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sony Media Manager for PSP 3.0-->MsiExec.exe /X{21C6344A-918B-4D35-ADB6-7614F97B78EA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u
vixy converter uninstall-->"C:\Program Files\vixy.net\unins000.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\Uninst32.exe
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\uninst32.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch [2009-09-04]

======Security center information======

AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: YOUR-US67PI6LUV
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 22943
Source Name: Service Control Manager
Time Written: 20090903232001.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 22940
Source Name: Service Control Manager
Time Written: 20090903232001.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 22937
Source Name: Service Control Manager
Time Written: 20090903232001.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 22934
Source Name: Service Control Manager
Time Written: 20090903232001.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 22931
Source Name: Service Control Manager
Time Written: 20090903232001.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-US67PI6LUV
Event Code: 485
Message: wuauclt (27560) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 2440
Source Name: ESENT
Time Written: 20090906022921.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 485
Message: wuauclt (27560) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 2439
Source Name: ESENT
Time Written: 20090906022921.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 485
Message: wuauclt (27560) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 2438
Source Name: ESENT
Time Written: 20090906022921.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 485
Message: wuauclt (27560) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 2437
Source Name: ESENT
Time Written: 20090906022921.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 485
Message: wuauclt (27560) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 2436
Source Name: ESENT
Time Written: 20090906022920.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program files\PC-Doctor for Windows XP\WINDSAPI;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: Wild Tangent Malware and other trojans

Unread postby Dakeyras » September 9th, 2009, 10:09 am

Hi :)

Thank you. Since my initial post, I have done several things. I have installed and ran CCleaner cleanup and registry, and Defraggler. I have also installed and ran Driver Detective and have updated only a few drivers to this point out of the many I need to update. This has also opened up a lot of windows and microsoft updates that I have been installing lately.
You're welcome!

All what you mentioned is fine, however I do have some friendly advice about so called registry cleaners(this would include the Scan For Issues feature of CCleaner). The use of any form of registry cleaning application and or system tweaking etc is not a wise move and will very often create more problems than actually do any good. This topic explains in greater detail why the aforementioned are not recommended.

Random Access Memory Advice:
Total RAM: 254 MB (35% free)
Though Microsoft claims XP will run with a mere 128 MB installed in my opinion a minimum of 1 GB is far better.

If you wish to upgrade the installed memory, Crucial have a small scanner(CrucialScan.exe)which is perfectly safe to download and run. Which will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.

Next:

Take you time with all of the below and if you encounter any problems inform myself straight away please.

Please move RSIT.exe to the Desktop, as in its current location it may not function correctly and or return accurate logs, thank you.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\X472J79Q\RSIT[1].exe

Peer to Peer Forum Policy:

Please read this forum policy then remove BitTorrent DNA from your computer, thank you.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Java(TM) 6 Update 13 <-- Older versions left installed pose a security risk.
Viewpoint Media Player <-- If you did not install this yourself I would remove because it has undesirible characteristics.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Reset Host File:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
Code: Select all
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Image

Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

Next:

Run your installed CCleaner application to remove all temp' files etc.

Then:-

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

Please make sure that RSIT.exe is now on the Desktop.(if not inform myself straight away please)

  • Double click once on RSIT.exe
  • RSIT will start running, at the disclaimer click on Continue.
  • When done, 1 log will be produced.
  • Post that in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • Malwarebytes' Anti-Malware Log.
  • A new RSIT log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Wild Tangent Malware and other trojans

Unread postby Curley » September 9th, 2009, 3:39 pm

Thank you. My computer has been running very slow, as in difficult slow, since I started your instructions. I had to exit out of my response and the actual page, prepare the response on my WP document and then try again. In the past 15 to 30 minutes only, other than trying to document my response, my computer has run more normally.

Please note that I have not been able to delete InterVideo WinDVD. Although it appears harmless, I always get suspicious about anything that gives me difficulty in removing it. Which leads me to ask you the question about the Malware program I installed. It offers the "file Assassin" to remove locked files. I did not know if InterVideo WindDVD was considered a lock file, but regardless, is it safe to run the File Assassin?

Okay, the logs you requested,

the Malware Anti-Malware found 1 trojan - log as follows:

Malwarebytes' Anti-Malware 1.40
Database version: 2765
Windows 5.1.2600 Service Pack 3

9/9/2009 1:18:44 PM
mbam-log-2009-09-09 (13-18-43).txt

Scan type: Quick Scan
Objects scanned: 90164
Time elapsed: 23 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.


**The RSIT log is as follows:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-09-09 15:09:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (58%) free of 53 GB
Total RAM: 254 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:59 PM, on 9/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2349948046
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

--
End of file - 7278 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2002-10-09 94262]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"CamMonitor"=c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe [2002-06-18 69632]
"StorageGuard"=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-05-09 155648]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2001-12-19 212992]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-06-14 81920]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2008-08-18 26112]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2002-10-09 106551]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"LTMSG"=LTMSG.exe 7 []
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-03-26 1442888]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-01-26 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
NETGEAR WN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WN111\wn111.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\hp center\137903\Program\BackWeb-137903.exe"="C:\Program Files\hp center\137903\Program\BackWeb-137903.exe:*:Enabled:BackWeb-137903"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"="C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe:*:Enabled:The Shield Deluxe 2008"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Disabled:Halo"
"C:\Q3Ademo\quake3.exe"="C:\Q3Ademo\quake3.exe:*:Disabled:quake3"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe"="C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe:*:Enabled:Media Manager for PSP 3.0"
"C:\Documents and Settings\Owner\My Documents\GBA EMU\VisualBoyAdvance.exe"="C:\Documents and Settings\Owner\My Documents\GBA EMU\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator"
"C:\Documents and Settings\Owner\My Documents\My Podcasts\PiMPStreamer-0.65-fw15\Windoze\PimpStreamer.exe"="C:\Documents and Settings\Owner\My Documents\My Podcasts\PiMPStreamer-0.65-fw15\Windoze\PimpStreamer.exe:*:Enabled:PimpStreamer, Streams video from PC to PSP Realtime!"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting"
"C:\Program Files\SPSSInc\PASWStatistics17\statistics.com"="C:\Program Files\SPSSInc\PASWStatistics17\statistics.com:*:Disabled:Statistics17:deprecated com"
"C:\Program Files\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe"="C:\Program Files\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"C:\Program Files\SPSSInc\PASWStatistics17\paswstat.exe"="C:\Program Files\SPSSInc\PASWStatistics17\paswstat.exe:*:Disabled:Statistics17:exe"
"C:\Program Files\SPSSInc\PASWStatistics17\statistics.exe"="C:\Program Files\SPSSInc\PASWStatistics17\statistics.exe:*:Disabled:Statistics17:deprecated exe"
"C:\Program Files\SPSSInc\PASWStatistics17\paswstat.com"="C:\Program Files\SPSSInc\PASWStatistics17\paswstat.com:*:Disabled:Statistics17:com"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-09 12:36:21 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-09-09 12:35:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-09 12:35:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-09 12:20:59 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-09 12:20:59 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-09 12:20:56 ----A---- C:\WINDOWS\system32\java.exe
2009-09-08 23:31:20 ----DC---- C:\rsit
2009-09-08 23:23:05 ----DC---- C:\Rooter$
2009-09-08 20:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-08 20:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-08 17:00:50 ----A---- C:\WINDOWS\Language_trs.ini
2009-09-08 16:59:43 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-09-08 16:58:52 ----DC---- C:\Intel
2009-09-08 12:59:44 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2009-09-08 12:57:49 ----D---- C:\Program Files\Common Files\Logishrd
2009-09-08 12:16:42 ----DC---- C:\Update Drivers
2009-09-08 11:36:43 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-08 11:36:41 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-08 11:29:59 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem.txt
2009-09-07 22:56:00 ----D---- C:\Program Files\Motorola
2009-09-07 22:55:59 ----D---- C:\Program Files\Common Files\Motorola Shared
2009-09-07 22:47:44 ----D---- C:\Program Files\Microsoft IntelliType Pro
2009-09-07 22:44:47 ----D---- C:\Program Files\Intel
2009-09-07 22:41:06 ----N---- C:\WINDOWS\ltremove.exe
2009-09-07 22:40:44 ----N---- C:\WINDOWS\ltmsg.exe
2009-09-07 22:39:51 ----D---- C:\WINDOWS\Options
2009-09-07 21:55:18 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-09-07 21:17:00 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-09-07 21:16:28 ----D---- C:\Documents and Settings\Owner\Application Data\Logitech
2009-09-07 21:07:53 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-09-07 21:03:55 ----A---- C:\WINDOWS\KHALMNPR.Exe
2009-09-07 21:03:50 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2009-09-07 21:03:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\KemXML.dll
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\KemWnd.dll
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\KemUtil.dll
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\kemutb.dll
2009-09-07 21:01:52 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-09-07 21:01:43 ----D---- C:\Program Files\Logitech
2009-09-07 21:01:35 ----D---- C:\Program Files\Common Files\Logitech
2009-09-07 21:01:06 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2009-09-07 20:46:29 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-09-07 20:43:36 ----D---- C:\Program Files\Realtek AC97
2009-09-07 20:43:33 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2009-09-07 20:43:30 ----A---- C:\WINDOWS\soundman.exe
2009-09-07 20:43:28 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-09-07 20:43:21 ----A---- C:\WINDOWS\alcupd.exe
2009-09-07 20:43:21 ----A---- C:\WINDOWS\Alcrmv.exe
2009-09-07 18:35:20 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-07 18:34:55 ----D---- C:\Program Files\PC Drivers HeadQuarters
2009-09-06 16:57:10 ----D---- C:\Program Files\Windows Installer Clean Up
2009-09-06 16:36:00 ----DC---- C:\Install Quicken New User Edition 2002
2009-09-06 16:35:59 ----DC---- C:\setupdlx
2009-09-06 16:35:56 ----D---- C:\Program Files\PC-Doctor for Windows XP
2009-09-06 16:35:56 ----D---- C:\Program Files\IObit
2009-09-06 16:35:56 ----D---- C:\Program Files\InterVideo
2009-09-06 16:26:25 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-09-06 16:26:05 ----D---- C:\Program Files\Common Files\BitDefender
2009-09-06 15:04:51 ----D---- C:\Program Files\Perfect Uninstaller
2009-09-06 13:26:25 ----D---- C:\Program Files\ESET
2009-09-06 13:26:25 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-09-05 20:10:09 ----D---- C:\Program Files\Defraggler
2009-09-05 17:29:36 ----D---- C:\Program Files\CCleaner
2009-09-04 19:21:12 ----A---- C:\WINDOWS\system32\tfswapi.dll
2009-09-04 19:21:10 ----A---- C:\WINDOWS\dla.exe
2009-09-04 19:18:17 ----D---- C:\Program Files\DLA
2009-09-04 17:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2009-09-04 08:12:23 ----D---- C:\Program Files\Trend Micro
2009-09-03 22:38:29 ----DC---- C:\Config.Msi
2009-09-03 14:55:30 ----DC---- C:\WINDOWS\$NtUninstallbasecsp$
2009-09-03 14:52:40 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-09-03 14:52:40 ----D---- C:\Program Files\Windows Desktop Search
2009-09-03 14:51:50 ----DC---- C:\WINDOWS\$NtUninstallKB940157$
2009-09-03 14:50:55 ----DC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-09-03 14:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-02 13:18:14 ----D---- C:\WINDOWS\pss
2009-09-02 13:14:06 ----D---- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4A9EA7DE
2009-08-28 23:02:41 ----A---- C:\WINDOWS\system32\clauth2.dll
2009-08-28 23:02:41 ----A---- C:\WINDOWS\system32\clauth1.dll
2009-08-28 23:02:40 ----A---- C:\WINDOWS\system32\ssprs.dll
2009-08-28 23:02:40 ----A---- C:\WINDOWS\system32\nsprs.dll
2009-08-28 22:58:31 ----D---- C:\Program Files\Common Files\Data Dynamics
2009-08-28 22:18:56 ----A---- C:\WINDOWS\system32\grcauth2.dll
2009-08-28 22:18:56 ----A---- C:\WINDOWS\system32\grcauth1.dll
2009-08-28 22:18:55 ----A---- C:\WINDOWS\system32\prsgrc.dll
2009-08-28 22:10:31 ----D---- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
2009-08-28 22:05:36 ----D---- C:\Documents and Settings\All Users\Application Data\SPSS
2009-08-28 22:05:32 ----D---- C:\Program Files\Common Files\SPSS
2009-08-28 21:55:39 ----D---- C:\Program Files\SPSSInc
2009-08-28 21:54:26 ----A---- C:\WINDOWS\system32\sysprs7.dll
2009-08-28 21:54:26 ----A---- C:\WINDOWS\system32\lsprst7.dll
2009-08-26 14:41:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-13 21:21:24 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-08-13 21:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 21:12:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 21:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 21:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 21:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 21:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 21:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 21:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 21:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 19:40:17 ----D---- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

======List of files/folders modified in the last 1 months======

2009-09-09 15:04:01 ----D---- C:\Documents and Settings\Owner\Application Data\DNA
2009-09-09 14:53:06 ----D---- C:\WINDOWS\Temp
2009-09-09 14:50:51 ----D---- C:\WINDOWS\Prefetch
2009-09-09 13:26:52 ----D---- C:\WINDOWS
2009-09-09 13:23:46 ----D---- C:\Program Files\DNA
2009-09-09 13:22:54 ----D---- C:\WINDOWS\system32\drivers
2009-09-09 13:22:54 ----D---- C:\WINDOWS\system32
2009-09-09 13:22:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-09 12:35:52 ----RD---- C:\Program Files
2009-09-09 12:31:42 ----D---- C:\WINDOWS\Debug
2009-09-09 12:21:58 ----SHD---- C:\WINDOWS\Installer
2009-09-09 12:21:47 ----D---- C:\Program Files\Java
2009-09-08 23:14:32 ----RSD---- C:\WINDOWS\assembly
2009-09-08 23:10:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-08 20:33:35 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-08 20:24:24 ----D---- C:\WINDOWS\inf
2009-09-08 20:24:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-08 20:23:43 ----D---- C:\WINDOWS\ie8updates
2009-09-08 20:23:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-08 20:19:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-08 17:54:10 ----D---- C:\WINDOWS\Minidump
2009-09-08 17:24:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-08 17:00:17 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-08 12:57:49 ----D---- C:\Program Files\Common Files
2009-09-08 12:47:23 ----D---- C:\Temp
2009-09-07 22:57:20 ----D---- C:\WINDOWS\WinSxS
2009-09-07 22:52:46 ----SD---- C:\WINDOWS\Tasks
2009-09-07 22:48:03 ----D---- C:\WINDOWS\Fonts
2009-09-07 22:41:07 ----D---- C:\WINDOWS\Driver Cache
2009-09-07 22:37:40 ----D---- C:\Program Files\WinRAR
2009-09-07 21:56:11 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2009-09-07 19:43:03 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-09-07 14:59:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-06 16:56:52 ----D---- C:\Program Files\MSECache
2009-09-06 16:37:21 ----D---- C:\WINDOWS\system32\config
2009-09-06 16:36:49 ----D---- C:\WINDOWS\system32\wbem
2009-09-06 16:36:48 ----D---- C:\WINDOWS\Registration
2009-09-06 16:36:04 ----D---- C:\Program Files\QuickenFC
2009-09-04 19:21:51 ----A---- C:\WINDOWS\wininit.ini
2009-09-04 19:21:16 ----D---- C:\WINDOWS\system32\dla
2009-09-03 22:38:45 ----D---- C:\Program Files\Internet Explorer
2009-09-03 22:10:48 ----D---- C:\Program Files\Mozilla Firefox
2009-09-03 15:02:11 ----D---- C:\WINDOWS\security
2009-09-03 14:54:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-03 14:52:45 ----D---- C:\WINDOWS\system32\en-us
2009-09-02 23:23:43 ----D---- C:\WINDOWS\system32\FxsTmp
2009-09-02 14:29:17 ----D---- C:\WINDOWS\network diagnostic
2009-09-02 14:19:02 ----D---- C:\Documents and Settings\All Users\Application Data\PCSecurityShield
2009-09-02 14:02:44 ----A---- C:\WINDOWS\win.ini
2009-09-02 13:19:46 ----RASHC---- C:\BOOT.INI
2009-09-02 13:19:46 ----A---- C:\WINDOWS\system.ini
2009-08-28 17:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-13 21:11:21 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2002-10-10 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2002-10-10 23027]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-08-18 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2002-10-07 40400]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2002-10-09 23671]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2002-10-09 34807]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2002-10-09 4119]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2002-10-09 2203]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2002-10-09 55222]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2002-10-09 14039]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2002-10-09 6327]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2002-10-09 91158]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2002-10-09 95479]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-29 36224]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2005-05-05 652689]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2002-07-24 28164]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-03-09 13780]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-05-22 90336]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-05-22 69504]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-08 158140]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-08 12479]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-08 12031]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-08 11679]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-08 11999]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-08 19359]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-08 29215]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-08 19199]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-08 33503]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-08 23519]
S3 MRVW245;Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x); C:\WINDOWS\System32\DRIVERS\MRVW245.sys [2007-11-18 461952]
S3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-13 155008]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-04-09 188032]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [2009-07-18 91392]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Thank you for your assistance.
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: Wild Tangent Malware and other trojans

Unread postby Dakeyras » September 10th, 2009, 3:36 am

Hi :)

Which leads me to ask you the question about the Malware program I installed. It offers the "file Assassin" to remove locked files. I did not know if InterVideo WindDVD was considered a lock file, but regardless, is it safe to run the File Assassin?
No this feature is for removing locked files of a malware nature not for removing entries from the Add/Remove list.

InterVideo WinDVD is a legitmate program. The problems you are currently experiencing with your computer apart from malware related are due to running registry cleaners and the lack of installed Random Access Memory.

Nothing I have advised so far would account for another system degradation. Please do not do anything else to your computer at all unless I advice so, thank you.

Stick to the above and I will do my utmost to get your system both malware free and more stable. :thumbup:

Did you experience a problem removing the P2P application BitTorrent DNA? Not a problem we can remove the start up in due course and then eventually target the actual rest of the installation.

Next:

Please re-open HiJackThis and select Do a system scan only. Check the boxes next to all the entries listed below (if present):

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"


Now click on Fix Checked. Close HiJackThis.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now Reboot(restart) your computer. <-- This step must be completed.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper


When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Wild Tangent Malware and other trojans

Unread postby Curley » September 10th, 2009, 4:07 pm

Hello! I really appreciate your time and help. Start up has been very slow, but after awhile, this computer has been running super fast. I can't remember the last time my internet moved this quickly, and opening up programs, minimizing/maximizing, etc ran this quickly, so I am very excited.

I was tested the efficiency of my computer before I responded to you and discovered something unexpected, however. I ran the Detective Driver which has always been extremely slow to get opened, up and running. After reboot, it opened very quickly but something unexpected came up on the rescan. I now have no monitor driver and it does not offer me an option to update or download. I will assume this has something to do with the steps you had me take because I ran a scan before I shut down my computer yesterday and all drivers used was updated, and none were missing. However, obviously my monitor is working.

Here is the ComboFix log:



ComboFix 09-09-09.09 - Owner 09/10/2009 14:14.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.113 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\259bd97.msi
c:\windows\Installer\45d784.msi
c:\windows\Installer\51d3b9.msi
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\ps2.bat
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 08:48 . 2009-09-10 08:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ESET
2009-09-10 02:15 . 2009-09-10 02:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 23:33 . 2009-09-09 23:33 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-09 20:04 . 2009-09-09 20:04 -------- dc----w- C:\S3Graphics
2009-09-09 16:36 . 2009-09-09 16:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-09 16:35 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 16:35 . 2009-09-09 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-09 16:35 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 16:35 . 2009-09-09 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 03:31 . 2009-09-09 03:32 -------- dc----w- C:\rsit
2009-09-09 03:23 . 2009-09-09 03:24 -------- dc----w- C:\Rooter$
2009-09-09 03:15 . 2009-09-09 03:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PC_Drivers_Headquarters
2009-09-08 21:01 . 2009-09-08 21:01 -------- d-----w- c:\windows\system32\drivers\INF
2009-09-08 21:01 . 2009-09-08 21:01 -------- d-----w- c:\windows\system32\drivers\system32
2009-09-08 20:59 . 2009-06-16 16:05 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-09-08 20:58 . 2009-09-08 20:58 -------- dc----w- C:\Intel
2009-09-08 16:59 . 2008-05-02 06:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-09-08 16:57 . 2009-09-08 18:07 -------- d-----w- c:\program files\Common Files\Logishrd
2009-09-08 16:16 . 2009-09-10 00:09 -------- dc----w- C:\Drivers
2009-09-08 15:36 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-08 02:56 . 2009-09-08 02:56 -------- d-----w- c:\program files\Motorola
2009-09-08 02:55 . 2009-09-08 02:55 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-09-08 02:47 . 2009-09-08 02:48 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-09-08 02:44 . 2009-09-08 02:44 -------- d-----w- c:\program files\Intel
2009-09-08 02:41 . 2005-05-05 13:31 65024 ------w- c:\windows\ltremove.exe
2009-09-08 02:40 . 2005-05-05 13:31 40960 ------w- c:\windows\ltmsg.exe
2009-09-08 02:39 . 2009-09-08 02:39 -------- d-----w- c:\windows\Options
2009-09-08 01:55 . 2005-06-21 20:43 163840 ----a-w- c:\windows\system32\igfxres.dll
2009-09-08 01:17 . 2009-09-08 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-09-08 01:16 . 2009-09-08 01:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Logitech
2009-09-08 01:03 . 2008-02-29 07:13 36880 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2009-09-08 01:03 . 2008-02-29 07:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
2009-09-08 01:03 . 2008-02-29 07:13 35344 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2009-09-08 01:03 . 2008-02-29 07:13 28944 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys
2009-09-08 01:03 . 2007-06-22 16:34 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2009-09-08 01:03 . 2009-09-08 20:59 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-08 01:02 . 2008-05-02 06:40 84496 ----a-w- c:\windows\system32\KemXML.dll
2009-09-08 01:02 . 2008-05-02 06:40 117264 ----a-w- c:\windows\system32\KemWnd.dll
2009-09-08 01:02 . 2008-05-02 06:39 145936 ----a-w- c:\windows\system32\KemUtil.dll
2009-09-08 01:02 . 2008-05-02 06:39 170512 ----a-w- c:\windows\system32\kemutb.dll
2009-09-08 01:01 . 2009-09-08 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-09-08 01:01 . 2009-09-08 01:01 -------- d-----w- c:\program files\Logitech
2009-09-08 01:01 . 2009-09-08 17:00 -------- d-----w- c:\program files\Common Files\Logitech
2009-09-08 01:01 . 2009-09-08 01:01 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2009-09-08 00:46 . 2006-08-01 19:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2009-09-08 00:43 . 2009-09-08 00:43 -------- d-----w- c:\program files\Realtek AC97
2009-09-08 00:43 . 2006-12-08 19:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2009-09-08 00:43 . 2007-04-16 19:28 577536 ----a-w- c:\windows\soundman.exe
2009-09-08 00:43 . 2006-10-18 06:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-09-08 00:43 . 2006-07-31 15:27 217088 ----a-w- c:\windows\Alcrmv.exe
2009-09-08 00:43 . 2006-07-31 15:19 315392 ----a-w- c:\windows\alcupd.exe
2009-09-07 22:35 . 2009-09-07 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-07 22:34 . 2009-09-07 22:34 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-09-06 20:57 . 2009-09-06 20:57 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-09-06 20:36 . 2009-09-06 20:36 -------- dc----w- C:\Install Quicken New User Edition 2002
2009-09-06 20:35 . 2009-09-06 20:36 -------- dc----w- C:\setupdlx
2009-09-06 20:35 . 2009-09-06 20:35 -------- d-----w- c:\program files\InterVideo
2009-09-06 20:35 . 2009-09-06 20:35 -------- d-----w- c:\program files\PC-Doctor for Windows XP
2009-09-06 20:35 . 2009-09-06 20:35 -------- d-----w- c:\program files\IObit
2009-09-06 20:26 . 2009-09-06 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-09-06 20:26 . 2009-09-06 20:35 -------- d-----w- c:\program files\Common Files\BitDefender
2009-09-06 19:04 . 2009-09-06 20:35 -------- d-----w- c:\program files\Perfect Uninstaller
2009-09-06 17:26 . 2009-09-06 17:26 -------- d-----w- c:\program files\ESET
2009-09-06 17:26 . 2009-09-06 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-06 00:10 . 2009-09-06 00:10 -------- d-----w- c:\program files\Defraggler
2009-09-05 21:29 . 2009-09-05 21:29 -------- d-----w- c:\program files\CCleaner
2009-09-04 23:21 . 2002-10-24 07:21 82784 ----a-w- c:\windows\system32\drivers\drvmcdb.sys
2009-09-04 23:21 . 2002-10-07 06:56 40400 ----a-w- c:\windows\system32\drivers\drvnddm.sys
2009-09-04 23:21 . 2002-10-10 20:11 5621 ----a-w- c:\windows\system32\drivers\sscdbhk5.sys
2009-09-04 23:21 . 2002-10-10 20:11 23027 ----a-w- c:\windows\system32\drivers\ssrtln.sys
2009-09-04 23:21 . 2002-10-09 07:50 61494 ----a-w- c:\windows\system32\tfswapi.dll
2009-09-04 23:21 . 2002-10-09 07:50 98354 ----a-w- c:\windows\dla.exe
2009-09-04 23:18 . 2009-09-04 23:20 -------- d-----w- c:\program files\DLA
2009-09-04 21:37 . 2009-09-04 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-09-04 12:12 . 2009-09-04 12:12 -------- d-----w- c:\program files\Trend Micro
2009-09-03 21:18 . 2009-09-04 02:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-09-03 20:44 . 2009-09-06 20:34 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-03 19:02 . 2009-09-03 19:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-03 18:52 . 2009-09-04 02:38 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-03 18:52 . 2009-09-03 18:52 -------- d-----w- c:\windows\system32\GroupPolicy
2009-09-02 18:30 . 2009-09-02 18:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-02 18:28 . 2009-09-02 18:28 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-09-02 17:14 . 2009-09-02 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Bomgar-SCC-4A9EA7DE
2009-08-29 03:02 . 2009-08-29 03:02 1024 ----a-w- c:\windows\system32\clauth2.dll
2009-08-29 03:02 . 2009-08-29 03:02 1024 ----a-w- c:\windows\system32\clauth1.dll
2009-08-29 02:58 . 2009-08-29 02:58 -------- d-----w- c:\program files\Common Files\Data Dynamics
2009-08-29 02:18 . 2009-08-29 02:18 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-08-29 02:18 . 2009-08-29 02:18 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-08-29 02:10 . 2009-08-29 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2009-08-29 02:05 . 2009-08-29 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SPSS
2009-08-29 02:05 . 2009-08-29 02:05 -------- d-----w- c:\program files\Common Files\SPSS
2009-08-29 01:55 . 2009-08-29 02:55 -------- d-----w- c:\program files\SPSSInc
2009-08-29 01:54 . 2009-08-29 01:54 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-08-14 01:21 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-13 23:40 . 2009-08-13 23:40 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
2009-08-13 15:23 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-08-13 15:23 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-08-13 15:21 . 2009-06-10 14:13 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 17:06 . 2008-08-26 21:16 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-09-10 16:16 . 2008-08-26 21:16 -------- d-----w- c:\program files\DNA
2009-09-09 16:21 . 2009-04-16 18:08 -------- d-----w- c:\program files\Java
2009-09-09 03:10 . 2002-07-24 23:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 16:18 . 2008-08-19 22:15 47672 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-08 01:11 . 2009-09-08 01:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-08 01:10 . 2009-09-08 01:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-08 01:10 . 2009-09-08 01:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-09-08 01:09 . 2009-09-08 01:09 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-06 20:56 . 2009-04-09 22:34 -------- d-----w- c:\program files\MSECache
2009-09-06 20:36 . 2002-07-25 00:03 -------- d-----w- c:\program files\QuickenFC
2009-09-02 18:19 . 2008-08-19 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSecurityShield
2009-08-05 09:01 . 2009-08-05 09:01 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 18:20 . 2009-07-28 18:20 -------- d-----w- c:\program files\MSBuild
2009-07-28 18:19 . 2009-07-28 18:19 -------- d-----w- c:\program files\Reference Assemblies
2009-07-28 00:17 . 2009-07-26 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-28 00:17 . 2009-07-26 01:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-07-25 09:23 . 2009-04-16 18:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2008-08-19 06:04 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2008-08-19 09:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2008-08-19 08:55 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-08-19 06:35 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-08-04 01:46 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-08-04 01:46 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-08-04 01:45 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2002-07-24 07:05 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-24 22:48 . 2009-01-31 00:26 1244 -c--a-w- c:\windows\checkip.dat
2009-06-24 11:18 . 2002-07-24 07:05 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-08-04 01:46 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2002-08-04 01:44 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-03-05 22:08 . 2009-09-02 19:26 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 69632]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 155648]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"PS2"="c:\windows\system32\ps2.exe" [2002-06-14 81920]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-08-19 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-10-09 106551]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-03-26 1442888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2005-05-05 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-7 805392]
NETGEAR WN111 Smart Wizard.lnk - c:\program files\NETGEAR\WN111\wn111.exe [2008-11-7 2138112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2009-07-18 91392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-08 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-03-26 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us6.hpwis.com/
mSearch Bar = hxxp://srch-us6.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
Trusted Zone: campuscruiser.com\my
Trusted Zone: waldenu.edu\my
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\bdxokais.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 14:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,c2,9b,fc,eb,dc,20,4d,a4,40,dd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1e,c2,9b,fc,eb,dc,20,4d,a4,40,dd,\

[HKEY_USERS\S-1-5-21-2796713857-2802022764-568186159-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0.0002 0.3504 0.5171 0.7068 0.8796 0.9444 0.9528 "
"Increment"=".000728"
"FRT"="pVQ1t/ML/bQLuQdw77OmSb586VDUJ5HTP+PAAfVOK8hVpUevop81IA=="
"PLCK"="hqtrTaDHBul8QnWsUXsfp1b8fm5tT9xZ"
"PHSH"=""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-09-10 14:42
ComboFix-quarantined-files.txt 2009-09-10 18:41

Pre-Run: 33,989,660,672 bytes free
Post-Run: 34,492,334,080 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

272 --- E O F --- 2009-09-09 00:43
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: Wild Tangent Malware and other trojans

Unread postby Curley » September 10th, 2009, 4:22 pm

BTW, you had asked me about BitTorrent DNA. When I first started working on my computer, I had uininstalled it before I started worrying about Wild Tangent. It was one of my first concerns that I had addressed. I thought it was already off my computer; however, it was still on the HiJack This log. So it is now removed per your instructions. Other than this, I have had no problems with its removal.

Also, I noticed PC Doctors and Perfect Uninstaller are still showing on my log(s). These both should be removed from my computer. When Shield Deluxe was removing its 2008 version from my computer, they took out PC Doctors from remove programs. Shortly thereafter, I took out the 2009 version of Shield Deluxe as well and got a refund because their system was a piece of crap. I had always had my computer protected by them and kept running my scans and there is no reason for my computer to have gotten as infected as it had. Now I use ESET NOD32 and I seem to trust it thus far. I didn't purchase Perfect Uninstaller, uninstalled the trial scan, and it should not be on my computer anymore.

Okay, here is the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:52 PM, on 9/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2349948046
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

--
End of file - 6455 bytes

I am extremely excited that my computer is running so efficiently. You are wonderful. :D
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: Wild Tangent Malware and other trojans

Unread postby Dakeyras » September 10th, 2009, 4:53 pm

Hi :)

Some advice about Detective Driver........though it is a legitimate application it employs dubious tactic's to convince the unwitting to take further action and pay for something not needed.

I will advise you how to correctly go about downloading/installing needed drivers for your system once I am satisfied your computer is malware free.

What you have mentioned about your monitor:
I now have no monitor driver
Is a known malware and or sale feature for a so called legitimate check your computer ploy.

Trust me, you computer does not need any of the drivers/upgrades these puerile/ take advantage of the unwitting the various software you have tried.......they are freeware(scumware in my opinion) for a reason.......convince the unwitting.........then you part with your money and next thing email spam city at the very least.........

Next:

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this folder (if present):

C:\Program Files\DNA

Next click Start >> Run and type cleanmgr in the box and press OK.

  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Yes.
  • Now Reboot(restart) your computer.

F-Secure Blacklight:

Please download Blacklight from here to your desktop.

or

Link to it from the ftp site: ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
and save it to your desktop from there.

Go to Start-->Run, copy in the following text, and press Enter:
"%userprofile%\desktop\fsbl.exe" /expert

Accept the license agreement.
Click > scan, wait for it to finish, then click Close

There will be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • Blacklight Log.
  • checkhd.txt
  • A new RSIT log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Wild Tangent Malware and other trojans

Unread postby Curley » September 10th, 2009, 8:18 pm

Hi. Sometimes computer runs slow, but mostly fast and no problems that I am aware of. I do want to make note that I didn't realize until your last response that I had not removed BitTorrent DNA I am confused as I am sure I had before under the program name "BitTorrent DNA", but then I realized there was another program on my computer just entitled "DNA," and when I opened the publisher info, it reflected BitTorrent was its publisher. The reason I recall the name BitTorrent DNA on my programs, and that I had removed it, was because I was also looking at the uTorrent to make sure these were two different things, and I had determined UTorrent was entirely different/unassociated program and okay to leave on my computer, and I removed the BitTorrent. Of course, if I am wrong about Utorrent, let me know. At this point, I can't recall anymore what that program is about. Anyway, I just now removed the "DNA" from add/remove programs, did system clean up, rebooted, and then I ran Blacklight.

Other than this, I really can't identify with any problems or issues other than it had reverted back to running a little slow at times.

Also, it was unclear whether you wanted these logs on different response posts, or all in one, so I went ahead and posted it all in one.


BlackLight Log:

09/10/09 19:17:34 [Info]: BlackLight Engine 2.2.1092 initialized
09/10/09 19:17:34 [Info]: OS: 5.1 build 2600 (Service Pack 3)
09/10/09 19:17:49 [Note]: 7019 4
09/10/09 19:17:49 [Note]: 7005 0
09/10/09 19:18:06 [Note]: 7006 0
09/10/09 19:18:06 [Note]: 7022 0
09/10/09 19:18:08 [Note]: 7011 1312
09/10/09 19:18:09 [Note]: 7035 0
09/10/09 19:18:09 [Note]: 7026 0
09/10/09 19:18:10 [Note]: 7026 0
09/10/09 19:18:10 [Note]: FSRAW library version 1.7.1024


Checkhd.txt log:

The type of the file system is NTFS.
Volume label is HP_PAVILION.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

54772199 KB total disk space.
20698304 KB in 90306 files.
70220 KB in 7544 indexes.
0 KB in bad sectors.
231731 KB in use by the system.
65536 KB occupied by the log file.
33771944 KB available on disk.

4096 bytes in each allocation unit.
13693049 total allocation units on disk.
8442986 allocation units available on disk.


RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-09-10 20:07:39
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 33 GB (62%) free of 53 GB
Total RAM: 254 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:44 PM, on 9/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AbiSuite2\AbiWord\bin\AbiWord.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2349948046
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

--
End of file - 6552 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2002-10-09 94262]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"CamMonitor"=c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe [2002-06-18 69632]
"StorageGuard"=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-05-09 155648]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2001-12-19 212992]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-06-14 81920]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2008-08-18 26112]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2002-10-09 106551]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"LTMSG"=LTMSG.exe 7 []
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-03-26 1442888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
NETGEAR WN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WN111\wn111.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"_NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-09-10 18:09:37 ----SHDC---- C:\RECYCLER
2009-09-10 14:42:29 ----D---- C:\WINDOWS\temp
2009-09-10 14:10:08 ----AC---- C:\Boot.bak
2009-09-10 14:09:49 ----RASHDC---- C:\cmdcons
2009-09-10 14:06:20 ----A---- C:\WINDOWS\zip.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\SWSC.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\SWREG.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\sed.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\PEV.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\grep.exe
2009-09-10 14:06:10 ----D---- C:\WINDOWS\ERDNT
2009-09-10 14:06:07 ----DC---- C:\ComboFix
2009-09-10 14:04:55 ----DC---- C:\Qoobox
2009-09-09 22:15:14 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 19:17:59 ----A---- C:\WINDOWS\system32\spmsg.dll
2009-09-09 18:55:52 ----A---- C:\WINDOWS\system32\VGAunistlog.ini
2009-09-09 16:04:12 ----DC---- C:\S3Graphics
2009-09-09 12:36:21 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-09-09 12:35:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-09 12:35:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-09 12:20:59 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-09 12:20:59 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-09 12:20:56 ----A---- C:\WINDOWS\system32\java.exe
2009-09-08 23:31:20 ----DC---- C:\rsit
2009-09-08 23:23:05 ----DC---- C:\Rooter$
2009-09-08 20:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-08 20:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-08 17:00:50 ----A---- C:\WINDOWS\Language_trs.ini
2009-09-08 16:59:43 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-09-08 16:58:52 ----DC---- C:\Intel
2009-09-08 12:59:44 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2009-09-08 12:57:49 ----D---- C:\Program Files\Common Files\Logishrd
2009-09-08 12:16:42 ----DC---- C:\Drivers
2009-09-08 11:36:43 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-08 11:36:41 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-08 11:29:59 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem.txt
2009-09-07 22:56:00 ----D---- C:\Program Files\Motorola
2009-09-07 22:55:59 ----D---- C:\Program Files\Common Files\Motorola Shared
2009-09-07 22:47:44 ----D---- C:\Program Files\Microsoft IntelliType Pro
2009-09-07 22:44:47 ----D---- C:\Program Files\Intel
2009-09-07 22:41:06 ----N---- C:\WINDOWS\ltremove.exe
2009-09-07 22:40:44 ----N---- C:\WINDOWS\ltmsg.exe
2009-09-07 22:39:51 ----D---- C:\WINDOWS\Options
2009-09-07 21:55:18 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-09-07 21:17:00 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-09-07 21:16:28 ----D---- C:\Documents and Settings\Owner\Application Data\Logitech
2009-09-07 21:07:53 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-09-07 21:03:55 ----A---- C:\WINDOWS\KHALMNPR.Exe
2009-09-07 21:03:50 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2009-09-07 21:03:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\KemXML.dll
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\KemWnd.dll
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\KemUtil.dll
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\kemutb.dll
2009-09-07 21:01:52 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-09-07 21:01:43 ----D---- C:\Program Files\Logitech
2009-09-07 21:01:35 ----D---- C:\Program Files\Common Files\Logitech
2009-09-07 21:01:06 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2009-09-07 20:46:29 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-09-07 20:43:36 ----D---- C:\Program Files\Realtek AC97
2009-09-07 20:43:33 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2009-09-07 20:43:30 ----A---- C:\WINDOWS\soundman.exe
2009-09-07 20:43:28 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-09-07 20:43:21 ----A---- C:\WINDOWS\alcupd.exe
2009-09-07 20:43:21 ----A---- C:\WINDOWS\Alcrmv.exe
2009-09-07 18:35:20 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-07 18:34:55 ----D---- C:\Program Files\PC Drivers HeadQuarters
2009-09-06 16:57:10 ----D---- C:\Program Files\Windows Installer Clean Up
2009-09-06 16:36:00 ----DC---- C:\Install Quicken New User Edition 2002
2009-09-06 16:35:59 ----DC---- C:\setupdlx
2009-09-06 16:35:56 ----D---- C:\Program Files\InterVideo
2009-09-06 16:26:25 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-09-06 16:26:05 ----D---- C:\Program Files\Common Files\BitDefender
2009-09-06 13:26:25 ----D---- C:\Program Files\ESET
2009-09-06 13:26:25 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-09-05 20:10:09 ----D---- C:\Program Files\Defraggler
2009-09-05 17:29:36 ----D---- C:\Program Files\CCleaner
2009-09-04 19:21:12 ----A---- C:\WINDOWS\system32\tfswapi.dll
2009-09-04 19:21:10 ----A---- C:\WINDOWS\dla.exe
2009-09-04 19:18:17 ----D---- C:\Program Files\DLA
2009-09-04 17:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2009-09-04 08:12:23 ----D---- C:\Program Files\Trend Micro
2009-09-03 22:38:29 ----DC---- C:\Config.Msi
2009-09-03 14:55:30 ----DC---- C:\WINDOWS\$NtUninstallbasecsp$
2009-09-03 14:52:40 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-09-03 14:52:40 ----D---- C:\Program Files\Windows Desktop Search
2009-09-03 14:51:50 ----DC---- C:\WINDOWS\$NtUninstallKB940157$
2009-09-03 14:50:55 ----DC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-09-03 14:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-02 13:18:14 ----D---- C:\WINDOWS\pss
2009-09-02 13:14:06 ----D---- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4A9EA7DE
2009-08-28 23:02:41 ----A---- C:\WINDOWS\system32\clauth2.dll
2009-08-28 23:02:41 ----A---- C:\WINDOWS\system32\clauth1.dll
2009-08-28 22:58:31 ----D---- C:\Program Files\Common Files\Data Dynamics
2009-08-28 22:18:56 ----A---- C:\WINDOWS\system32\grcauth2.dll
2009-08-28 22:18:56 ----A---- C:\WINDOWS\system32\grcauth1.dll
2009-08-28 22:10:31 ----D---- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
2009-08-28 22:05:36 ----D---- C:\Documents and Settings\All Users\Application Data\SPSS
2009-08-28 22:05:32 ----D---- C:\Program Files\Common Files\SPSS
2009-08-28 21:55:39 ----D---- C:\Program Files\SPSSInc
2009-08-28 21:54:26 ----A---- C:\WINDOWS\system32\sysprs7.dll
2009-08-26 14:41:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-13 21:21:24 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-08-13 21:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 21:12:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 21:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 21:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 21:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 21:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 21:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 21:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 21:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 19:40:17 ----D---- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

======List of files/folders modified in the last 1 months======

2009-09-10 20:07:45 ----D---- C:\WINDOWS\Prefetch
2009-09-10 19:56:06 ----D---- C:\WINDOWS\system32\FxsTmp
2009-09-10 19:08:46 ----D---- C:\WINDOWS
2009-09-10 19:06:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-10 19:03:06 ----RD---- C:\Program Files
2009-09-10 14:42:33 ----D---- C:\WINDOWS\system32
2009-09-10 14:32:51 ----AC---- C:\WINDOWS\system.ini
2009-09-10 14:30:36 ----SHD---- C:\WINDOWS\Installer
2009-09-10 14:21:38 ----D---- C:\WINDOWS\system32\drivers
2009-09-10 14:21:38 ----D---- C:\WINDOWS\AppPatch
2009-09-10 14:21:22 ----D---- C:\Program Files\Common Files
2009-09-10 14:13:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-10 14:10:08 ----RASHC---- C:\BOOT.INI
2009-09-09 19:54:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-09 19:33:30 ----D---- C:\WINDOWS\system32\config
2009-09-09 19:33:06 ----D---- C:\WINDOWS\system32\wbem
2009-09-09 19:33:06 ----D---- C:\WINDOWS\Registration
2009-09-09 19:32:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-09 19:32:29 ----D---- C:\WINDOWS\inf
2009-09-09 17:41:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-09 12:31:42 ----D---- C:\WINDOWS\Debug
2009-09-09 12:21:47 ----D---- C:\Program Files\Java
2009-09-08 23:14:32 ----RSD---- C:\WINDOWS\assembly
2009-09-08 23:10:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-08 20:23:43 ----D---- C:\WINDOWS\ie8updates
2009-09-08 20:23:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-08 17:54:10 ----D---- C:\WINDOWS\Minidump
2009-09-08 12:47:23 ----D---- C:\Temp
2009-09-07 22:57:20 ----D---- C:\WINDOWS\WinSxS
2009-09-07 22:52:46 ----SD---- C:\WINDOWS\Tasks
2009-09-07 22:48:03 ----D---- C:\WINDOWS\Fonts
2009-09-07 22:41:07 ----D---- C:\WINDOWS\Driver Cache
2009-09-07 22:37:40 ----D---- C:\Program Files\WinRAR
2009-09-07 21:56:11 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2009-09-07 19:43:03 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-09-07 14:59:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-06 16:56:52 ----D---- C:\Program Files\MSECache
2009-09-06 16:36:04 ----D---- C:\Program Files\QuickenFC
2009-09-04 19:21:51 ----A---- C:\WINDOWS\wininit.ini
2009-09-04 19:21:16 ----D---- C:\WINDOWS\system32\dla
2009-09-03 22:38:45 ----D---- C:\Program Files\Internet Explorer
2009-09-03 22:10:48 ----D---- C:\Program Files\Mozilla Firefox
2009-09-03 15:02:11 ----D---- C:\WINDOWS\security
2009-09-03 14:54:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-03 14:52:45 ----D---- C:\WINDOWS\system32\en-us
2009-09-02 14:29:17 ----D---- C:\WINDOWS\network diagnostic
2009-09-02 14:19:02 ----D---- C:\Documents and Settings\All Users\Application Data\PCSecurityShield
2009-09-02 14:02:44 ----A---- C:\WINDOWS\win.ini
2009-08-28 17:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-13 21:11:21 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2002-10-10 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2002-10-10 23027]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-08-18 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2002-10-07 40400]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2002-10-09 23671]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2002-10-09 34807]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2002-10-09 4119]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2002-10-09 2203]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2002-10-09 55222]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2002-10-09 14039]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2002-10-09 6327]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2002-10-09 91158]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2002-10-09 95479]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-29 36224]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2005-05-05 652689]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2002-07-24 28164]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-03-09 13780]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-05-22 90336]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-05-22 69504]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-08 158140]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-08 12479]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-08 12031]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-08 11679]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-08 11999]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-08 19359]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-08 29215]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-08 19199]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-08 33503]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-08 23519]
S3 MRVW245;Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x); C:\WINDOWS\System32\DRIVERS\MRVW245.sys [2007-11-18 461952]
S3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-13 155008]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-04-09 188032]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [2009-07-18 91392]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: Wild Tangent Malware and other trojans

Unread postby Dakeyras » September 10th, 2009, 8:43 pm

Hi :)

What you have mentioned about leftovers from software applications no longer installed we can deal with in due course, so not need to worry OK. :thumbup:

As it stands the situation for your computer is improving but end of the day you do really need to install new/upgraded memory modules(random access memory) if the actual motherboard can support them. You can check this as I outlined here.

Next:

Run your installed CCleaner application to remove all temp' files etc.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
"%userprofile%\desktop\rsit.exe" /info
and click on OK

  • Click on Run and RSIT will start.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Wild Tangent Malware and other trojans

Unread postby Curley » September 11th, 2009, 12:48 pm

Hello. The only issue I've seem to come up with appears to be an isolated issue. My Hotmail on My Favorites bar would not respond/open. It did open when I selected it from My Favorites list. The other items on My Favorites bar were working, so I deleted the prompt for my hotmail page, and re-saved it to the bar and now it appears to respond/open.

Computer, for the most part, is so super fast, it is actual a little annoying at times. Not complaining, but I have to get used to it scrolling so fast so that I can actually read the content/page. Oh, yes and sometimes today the word processing functions, and minimizing/maximizing internet windows get slowed or stuck or delayed in processing its requested function. These are slight pauses in comparison to the issues of getting stuck that I was having before, but the pauses had gone away altogether yesterday and now I am experiencing slight pauses/delays ever so often.

Oh, and the RAM, it has to wait a couple of weeks.


Okay, here is the RSIT log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-09-11 12:16:41
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 33 GB (62%) free of 53 GB
Total RAM: 254 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:43 PM, on 9/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\desktop\rsit.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2349948046
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

--
End of file - 6501 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2002-10-09 94262]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"CamMonitor"=c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe [2002-06-18 69632]
"StorageGuard"=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-05-09 155648]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2001-12-19 212992]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-06-14 81920]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2008-08-18 26112]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2002-10-09 106551]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"LTMSG"=LTMSG.exe 7 []
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-03-26 1442888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
NETGEAR WN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WN111\wn111.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"_NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-09-10 18:09:37 ----SHDC---- C:\RECYCLER
2009-09-10 14:42:29 ----D---- C:\WINDOWS\temp
2009-09-10 14:10:08 ----AC---- C:\Boot.bak
2009-09-10 14:09:49 ----RASHDC---- C:\cmdcons
2009-09-10 14:06:20 ----A---- C:\WINDOWS\zip.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\SWSC.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\SWREG.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\sed.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\PEV.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-10 14:06:20 ----A---- C:\WINDOWS\grep.exe
2009-09-10 14:06:10 ----D---- C:\WINDOWS\ERDNT
2009-09-10 14:06:07 ----DC---- C:\ComboFix
2009-09-10 14:04:55 ----DC---- C:\Qoobox
2009-09-09 22:15:14 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 19:17:59 ----A---- C:\WINDOWS\system32\spmsg.dll
2009-09-09 18:55:52 ----A---- C:\WINDOWS\system32\VGAunistlog.ini
2009-09-09 16:04:12 ----DC---- C:\S3Graphics
2009-09-09 12:36:21 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-09-09 12:35:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-09 12:35:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-09 12:20:59 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-09 12:20:59 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-09 12:20:56 ----A---- C:\WINDOWS\system32\java.exe
2009-09-08 23:31:20 ----DC---- C:\rsit
2009-09-08 23:23:05 ----DC---- C:\Rooter$
2009-09-08 20:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-08 20:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-08 17:00:50 ----A---- C:\WINDOWS\Language_trs.ini
2009-09-08 16:59:43 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-09-08 16:58:52 ----DC---- C:\Intel
2009-09-08 12:59:44 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2009-09-08 12:57:49 ----D---- C:\Program Files\Common Files\Logishrd
2009-09-08 12:16:42 ----DC---- C:\Drivers
2009-09-08 11:36:43 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-08 11:36:41 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-08 11:29:59 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem.txt
2009-09-07 22:56:00 ----D---- C:\Program Files\Motorola
2009-09-07 22:55:59 ----D---- C:\Program Files\Common Files\Motorola Shared
2009-09-07 22:47:44 ----D---- C:\Program Files\Microsoft IntelliType Pro
2009-09-07 22:44:47 ----D---- C:\Program Files\Intel
2009-09-07 22:41:06 ----N---- C:\WINDOWS\ltremove.exe
2009-09-07 22:40:44 ----N---- C:\WINDOWS\ltmsg.exe
2009-09-07 22:39:51 ----D---- C:\WINDOWS\Options
2009-09-07 21:55:18 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-09-07 21:17:00 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-09-07 21:16:28 ----D---- C:\Documents and Settings\Owner\Application Data\Logitech
2009-09-07 21:07:53 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-09-07 21:03:55 ----A---- C:\WINDOWS\KHALMNPR.Exe
2009-09-07 21:03:50 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2009-09-07 21:03:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\KemXML.dll
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\KemWnd.dll
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\KemUtil.dll
2009-09-07 21:02:15 ----A---- C:\WINDOWS\system32\kemutb.dll
2009-09-07 21:01:52 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-09-07 21:01:43 ----D---- C:\Program Files\Logitech
2009-09-07 21:01:35 ----D---- C:\Program Files\Common Files\Logitech
2009-09-07 21:01:06 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2009-09-07 20:46:29 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-09-07 20:43:36 ----D---- C:\Program Files\Realtek AC97
2009-09-07 20:43:33 ----A---- C:\WINDOWS\system32\RTLCPL.exe
2009-09-07 20:43:30 ----A---- C:\WINDOWS\soundman.exe
2009-09-07 20:43:28 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-09-07 20:43:21 ----A---- C:\WINDOWS\alcupd.exe
2009-09-07 20:43:21 ----A---- C:\WINDOWS\Alcrmv.exe
2009-09-07 18:35:20 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-07 18:34:55 ----D---- C:\Program Files\PC Drivers HeadQuarters
2009-09-06 16:57:10 ----D---- C:\Program Files\Windows Installer Clean Up
2009-09-06 16:36:00 ----DC---- C:\Install Quicken New User Edition 2002
2009-09-06 16:35:59 ----DC---- C:\setupdlx
2009-09-06 16:35:56 ----D---- C:\Program Files\InterVideo
2009-09-06 16:26:25 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-09-06 16:26:05 ----D---- C:\Program Files\Common Files\BitDefender
2009-09-06 13:26:25 ----D---- C:\Program Files\ESET
2009-09-06 13:26:25 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-09-05 20:10:09 ----D---- C:\Program Files\Defraggler
2009-09-05 17:29:36 ----D---- C:\Program Files\CCleaner
2009-09-04 19:21:12 ----A---- C:\WINDOWS\system32\tfswapi.dll
2009-09-04 19:21:10 ----A---- C:\WINDOWS\dla.exe
2009-09-04 19:18:17 ----D---- C:\Program Files\DLA
2009-09-04 17:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2009-09-04 08:12:23 ----D---- C:\Program Files\Trend Micro
2009-09-03 22:38:29 ----DC---- C:\Config.Msi
2009-09-03 14:55:30 ----DC---- C:\WINDOWS\$NtUninstallbasecsp$
2009-09-03 14:52:40 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-09-03 14:52:40 ----D---- C:\Program Files\Windows Desktop Search
2009-09-03 14:51:50 ----DC---- C:\WINDOWS\$NtUninstallKB940157$
2009-09-03 14:50:55 ----DC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-09-03 14:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-02 13:18:14 ----D---- C:\WINDOWS\pss
2009-09-02 13:14:06 ----D---- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4A9EA7DE
2009-08-28 23:02:41 ----A---- C:\WINDOWS\system32\clauth2.dll
2009-08-28 23:02:41 ----A---- C:\WINDOWS\system32\clauth1.dll
2009-08-28 22:58:31 ----D---- C:\Program Files\Common Files\Data Dynamics
2009-08-28 22:18:56 ----A---- C:\WINDOWS\system32\grcauth2.dll
2009-08-28 22:18:56 ----A---- C:\WINDOWS\system32\grcauth1.dll
2009-08-28 22:10:31 ----D---- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
2009-08-28 22:05:36 ----D---- C:\Documents and Settings\All Users\Application Data\SPSS
2009-08-28 22:05:32 ----D---- C:\Program Files\Common Files\SPSS
2009-08-28 21:55:39 ----D---- C:\Program Files\SPSSInc
2009-08-28 21:54:26 ----A---- C:\WINDOWS\system32\sysprs7.dll
2009-08-26 14:41:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-13 21:21:24 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-08-13 21:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 21:12:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 21:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 21:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 21:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 21:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 21:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 21:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 21:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 19:40:17 ----D---- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

======List of files/folders modified in the last 1 months======

2009-09-11 01:17:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-10 23:49:46 ----D---- C:\WINDOWS\Prefetch
2009-09-10 23:48:59 ----D---- C:\WINDOWS
2009-09-10 23:09:08 ----D---- C:\WINDOWS\system32\drivers
2009-09-10 22:36:21 ----D---- C:\WINDOWS\system32\FxsTmp
2009-09-10 19:03:06 ----RD---- C:\Program Files
2009-09-10 14:42:33 ----D---- C:\WINDOWS\system32
2009-09-10 14:32:51 ----AC---- C:\WINDOWS\system.ini
2009-09-10 14:30:36 ----SHD---- C:\WINDOWS\Installer
2009-09-10 14:21:38 ----D---- C:\WINDOWS\AppPatch
2009-09-10 14:21:22 ----D---- C:\Program Files\Common Files
2009-09-10 14:13:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-10 14:10:08 ----RASHC---- C:\BOOT.INI
2009-09-09 19:54:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-09 19:33:30 ----D---- C:\WINDOWS\system32\config
2009-09-09 19:33:06 ----D---- C:\WINDOWS\system32\wbem
2009-09-09 19:33:06 ----D---- C:\WINDOWS\Registration
2009-09-09 19:32:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-09 19:32:29 ----D---- C:\WINDOWS\inf
2009-09-09 17:41:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-09 12:31:42 ----D---- C:\WINDOWS\Debug
2009-09-09 12:21:47 ----D---- C:\Program Files\Java
2009-09-08 23:14:32 ----RSD---- C:\WINDOWS\assembly
2009-09-08 23:10:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-08 20:23:43 ----D---- C:\WINDOWS\ie8updates
2009-09-08 20:23:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-08 17:54:10 ----D---- C:\WINDOWS\Minidump
2009-09-08 12:47:23 ----D---- C:\Temp
2009-09-07 22:57:20 ----D---- C:\WINDOWS\WinSxS
2009-09-07 22:52:46 ----SD---- C:\WINDOWS\Tasks
2009-09-07 22:48:03 ----D---- C:\WINDOWS\Fonts
2009-09-07 22:41:07 ----D---- C:\WINDOWS\Driver Cache
2009-09-07 22:37:40 ----D---- C:\Program Files\WinRAR
2009-09-07 21:56:11 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2009-09-07 19:43:03 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-09-07 14:59:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-06 16:56:52 ----D---- C:\Program Files\MSECache
2009-09-06 16:36:04 ----D---- C:\Program Files\QuickenFC
2009-09-04 19:21:51 ----A---- C:\WINDOWS\wininit.ini
2009-09-04 19:21:16 ----D---- C:\WINDOWS\system32\dla
2009-09-03 22:38:45 ----D---- C:\Program Files\Internet Explorer
2009-09-03 22:10:48 ----D---- C:\Program Files\Mozilla Firefox
2009-09-03 15:02:11 ----D---- C:\WINDOWS\security
2009-09-03 14:54:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-03 14:52:45 ----D---- C:\WINDOWS\system32\en-us
2009-09-02 14:29:17 ----D---- C:\WINDOWS\network diagnostic
2009-09-02 14:19:02 ----D---- C:\Documents and Settings\All Users\Application Data\PCSecurityShield
2009-09-02 14:02:44 ----A---- C:\WINDOWS\win.ini
2009-08-28 17:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-13 21:11:21 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2002-10-10 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2002-10-10 23027]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-08-18 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2002-10-07 40400]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2002-10-09 23671]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2002-10-09 34807]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2002-10-09 4119]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2002-10-09 2203]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2002-10-09 55222]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2002-10-09 14039]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2002-10-09 6327]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2002-10-09 91158]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2002-10-09 95479]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-29 36224]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2005-05-05 652689]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2002-07-24 28164]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-03-09 13780]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-05-22 90336]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-05-22 69504]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-08 158140]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-08 12479]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-08 12031]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-08 11679]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-08 11999]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-08 19359]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-08 29215]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-08 19199]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-08 33503]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-08 23519]
S3 MRVW245;Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x); C:\WINDOWS\System32\DRIVERS\MRVW245.sys [2007-11-18 461952]
S3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-13 155008]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-04-09 188032]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [2009-07-18 91392]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am

Re: Wild Tangent Malware and other trojans

Unread postby Curley » September 11th, 2009, 12:49 pm

Okay, here is the info.txt log:

info.txt logfile of random's system information tool 1.06 2009-09-11 12:17:57

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.60 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
AbiWord 2.6.4-->C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
Accent on Interactivity 1.6-->C:\WINDOWS\iun506.exe C:\Program Files\Accent on Interactivity\irunin.ini
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Amos 17.0-->MsiExec.exe /X{9DB2E18E-2A1F-4D65-A258-9CB446903C3E}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Driver Detective-->MsiExec.exe /X{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}
easy Internet sign-up-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\Setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Memories Disc-->MsiExec.exe /X{FF384BDE-429B-45AD-A0C6-E593393D9D1C}
HP Photo and Imaging 1.1 - Photosmart Cameras-->MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
hp toolkit-->c:\Windows\HPTK\unhptkit.exe
Inactive HP Printer Drivers (Remove only)-->RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{2515BF88-E42E-4AFA-A8E7-DF272762589B}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
MotoConnect-->MsiExec.exe /I{AD8F0BB4-FF91-4C7A-9B47-EE0AD60B76E7}
Motorola Driver Installation 3.9.0-->MsiExec.exe /I{FB068BA4-C6EA-4D47-A491-C40E23E77F89}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MUSICMATCH Jukebox-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
NETGEAR WN111 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{AFCE4D19-D385-4232-9B0E-809D85A25A10}\setup.exe -runfromtemp -l0x0409
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
PASW Statistics GradPack 17.0-->MsiExec.exe /X{2ECDE974-69D9-47A9-9EB0-10EC49F8468A}
PlayStation(R)Network Downloader-->MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}
PlayStation(R)Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
PSP Video 9 2.25-->C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken Financial Center-->C:\PROGRA~1\QUICKE~1\rem\UNWISE.EXE /s C:\PROGRA~1\QUICKE~1\rem\INSTALL.LOG
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
Rhapsody MP3 Download Manager-->MsiExec.exe /I{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sony Media Manager for PSP 3.0-->MsiExec.exe /X{21C6344A-918B-4D35-ADB6-7614F97B78EA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
vixy converter uninstall-->"C:\Program Files\vixy.net\unins000.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\uninst32.exe
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\Uninst32.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch [2009-09-04]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-09-10]
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE [2009-09-10]
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" [2009-09-10]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-09-10]
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-09-10]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: YOUR-US67PI6LUV
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 23793
Source Name: Service Control Manager
Time Written: 20090906144751.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 23790
Source Name: Service Control Manager
Time Written: 20090906144751.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 23787
Source Name: Service Control Manager
Time Written: 20090906144751.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 23784
Source Name: Service Control Manager
Time Written: 20090906144751.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 23781
Source Name: Service Control Manager
Time Written: 20090906144751.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-US67PI6LUV
Event Code: 490
Message: wuauclt (27560) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Record Number: 2472
Source Name: ESENT
Time Written: 20090906022932.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 485
Message: wuauclt (27560) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 2471
Source Name: ESENT
Time Written: 20090906022922.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 485
Message: wuauclt (27560) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 2470
Source Name: ESENT
Time Written: 20090906022921.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 485
Message: wuauclt (27560) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 2469
Source Name: ESENT
Time Written: 20090906022921.000000-240
Event Type: error
User:

Computer Name: YOUR-US67PI6LUV
Event Code: 485
Message: wuauclt (27560) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8).

Record Number: 2468
Source Name: ESENT
Time Written: 20090906022921.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program files\PC-Doctor for Windows XP\WINDSAPI;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
Curley
Regular Member
 
Posts: 36
Joined: September 4th, 2009, 8:30 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 283 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware