Jump to content


Photo

Can't run Trendmicro house call


  • This topic is locked This topic is locked
21 replies to this topic

#1 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 05 June 2009 - 12:35 PM

Dear administrator

I tired to run "Trendmicro house call". It asked me to load JAVA and Activax. I did all that, but it got stuck at the first step, load Trenmicro files for hours. I'm very frustrated and start to think this may be a spyware, whcih is trying to copy all my files.

Please advise thanks.

EDIT: Please read the FAQ and post a log... Our helpers can't help without details to review...

Edited by Budfred, 05 June 2009 - 01:24 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 08 June 2009 - 12:52 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 10 June 2009 - 11:42 AM

Hi,

Please read the FAQ as requested on your first post.

Submit a HijackThis log for my review.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 19 June 2009 - 07:53 PM

Dear nasdaq

Here is my hijakthis log. Thanks in advance.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:51 PM, on 6/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 2456 bytes

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 20 June 2009 - 07:22 AM

Your log is clean.

Why are you trying to run TrendMicro?

Dowload and run this tool. Let see what else I can find.

Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

These reports are long, please post the contents of both logs (in separate post) in your next reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 23 June 2009 - 04:55 PM

Dear nasdaq

Here is one of the log. 'm trying to find the other one.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run by mli at 2009-06-23 18:49:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 17 GB (58%) free of 29 GB
Total RAM: 383 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:59 PM, on 6/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\sessmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\mli\Desktop\RSIT.exe
C:\Documents and Settings\mli\Desktop\RSIT.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\trend micro\mli.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\OFFICE10\EXCEL.EXE/3000
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 2922 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Tune-up Application Start.job
C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
C:\WINDOWS\tasks\Scan for Viruses.job
C:\WINDOWS\tasks\Maintenance-Disk cleanup.job
C:\WINDOWS\tasks\Uninstall Expiration Reminder.job
C:\WINDOWS\tasks\Backup My Documents.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2002-04-15 44032]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Works Calendar Reminders.lnk - C:\WINDOWS\Application Data\Microsoft\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-02 11952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Funshion Online\Funshion\Funshion.exe"="C:\Program Files\Funshion Online\Funshion\Funshion.exe:*:Enabled:Funshion"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-06-23 18:49:05 ----D---- C:\rsit
2009-06-19 22:56:14 ----A---- C:\WINDOWS\OEWABLog.txt
2009-06-04 21:35:05 ----A---- C:\WINDOWS\system32\REN13.tmp
2009-06-04 21:35:05 ----A---- C:\WINDOWS\system32\REN12.tmp
2009-06-04 21:35:05 ----A---- C:\WINDOWS\system32\REN11.tmp
2009-06-04 21:32:21 ----D---- C:\Program Files\Java
2009-06-04 21:30:04 ----D---- C:\Program Files\Common Files\Java
2009-06-03 19:03:36 ----SHD---- C:\FOUND.002
2009-06-02 20:50:18 ----D---- C:\Program Files\Trend Micro
2009-06-01 22:31:34 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-31 12:31:32 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2009-06-23 07:59:50 ----A---- C:\WINDOWS\SchedLgU.Txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-11 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-19 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-02 108552]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2002-04-16 12160]
R1 ikhfile;File Security Kernel Anti-Spyware Driver; \??\C:\WINDOWS\System32\drivers\ikhfile.sys []
R1 ikhlayer;Kernel Anti-Spyware Driver; \??\C:\WINDOWS\System32\drivers\ikhlayer.sys []
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-04-16 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1998-11-12 25920]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 Ptserlp;PCTEL Serial Device Driver for PCI; C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 112574]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
R3 WMP11;Instant Wireless PCI Card Driver; C:\WINDOWS\System32\DRIVERS\WMP11NDS.sys [2002-05-16 54083]
S1 CTSYN;Creative S/W Synth; C:\WINDOWS\System32\drivers\CTSYN.SYS [1999-07-04 161376]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 emu10k;Creative SB Live! Value (WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2000-01-31 274487]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\System32\drivers\ctlface.sys [1999-09-01 9612]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-04-16 5888]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\System32\drivers\sfman.sys [1999-08-24 41524]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 38496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-19 906520]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-02 298776]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 183280]
S2 MOSearch;Microsoft Office Search; C:\Program Files\Common Files\System\MOSearch\Bin\mosearch.exe [2001-01-19 69632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]

-----------------EOF-----------------

#7 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 23 June 2009 - 05:02 PM

Dear nasdaq

Here is another one.

Thanks in advance
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

info.txt logfile of random's system information tool 1.06 2009-06-23 18:52:04

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\CreateCD\UNINST.ISU"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Launcher\Launcher.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\PlayCenter\Player.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Recorder\Recorder.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Keytar\Keytar.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Rhythmania\Rhythm.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Wstudio.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive2k\PlayCenter\MDC.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive2k\SBLiveXP.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive2k\Vienna\vienna.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\mrun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02CAD0B6-C706-4981-A09A-08C088B9233F}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adaptec DirectCD-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\DirectCD\DCDUnins.isu" -cC:\PROGRA~1\ADAPTEC\DIRECTCD\Dcduhlp.dll
Adaptec Easy CD Creator 4-->"C:\Program Files\Common Files\Adaptec\ECDCUNIN\SETUP.EXE" -l0009 -fECDC.INS
Adaptec Easy CD Creator-->C:\WINDOWS\uninst.exe -fc:\progra~1\easycd~1\deisl3.isu
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Agnitum Outpost Firewall Pro-->C:\WINDOWS\uninst.exe
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AXIS Media Control Embedded-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Citrix Presentation Server Client-->MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Creative CD Burner Drive Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02CAD0B6-C706-4981-A09A-08C088B9233F}\Setup.exe" -l0x9 /remove
Creative Digital Audio Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative Digital Audio Center\Uninst.isu" -cC:\PROGRA~1\Creative\CREATI~1\unmatch.dll
Creative PlayCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\SETUP.EXE" -l0x9 /remove
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
Garmin Communicator Plugin-->MsiExec.exe /X{86B879A5-927E-4536-B5FC-17CA96B60078}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Garmin WebUpdater-->MsiExec.exe /X{E0783143-EAE2-4047-A8D6-E155523C594C}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB896344)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Hotfix for Windows XP (KB926239)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia 2000-->"C:\Program Files\Microsoft Encarta\Encarta Encyclopedia 2000\unee2000.exe" /uninstall
Microsoft Expedia Streets & Trips 2000-->C:\PROGRA~1\COMMON~1\MICROS~1\Geography\Setup\acmsetup.exe /T SUT70409.stf
Microsoft Home Publishing 2000-->MsiExec.exe /I{9944aa9e-362d-11d3-81ab-00c04fb932ba}
Microsoft Money 2000 Standard Edition-->C:\Program Files\Microsoft Money\setup\setup.exe
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 2000-->MsiExec.exe /I{A586D09E-1D2C-11D3-9A6B-00105A98B681}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 2000 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe D:\
Microsoft Works 2000-->MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSP5900-U Modem Drivers-->ptuninst.exe
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Norton SystemWorks 2001-->C:\WINDOWS\NSUNINST.EXE
Olympus Digital Wave Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
RegCure 1.5.1.3-->C:\Program Files\RegCure\uninst.exe
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB898458)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows Media Player (KB911564)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows Media Player 10 (KB917734)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows Media Player 9 (KB917734)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB890046)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB893756)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB896358)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB896423)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB896424)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB896428)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB899587)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB899589)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB899591)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB900725)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB901017)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB901214)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB902400)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB904706)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB905414)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB905749)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB908519)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB911562)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB911567)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB911927)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB912919)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB913580)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB914388)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB914389)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB917159)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB917344)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB917422)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB917953)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB918439)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB918899)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB920214)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB920670)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB920683)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB921398)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB921883)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Security Update for Windows XP (KB922616)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Sound Blaster Live!-->C:\Program Files\Creative\SBLive\PROGRAM\CTUNINST.EXE
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
Update for Windows XP (KB894391)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Update for Windows XP (KB898461)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Update for Windows XP (KB900485)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Update for Windows XP (KB904942)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Update for Windows XP (KB908531)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Update for Windows XP (KB910437)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Update for Windows XP (KB911280)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Update for Windows XP (KB914882)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Update for Windows XP (KB916595)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
VIA AGP 4x/133 Driver Setup Program-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\TEMP\_ISTMP16.DIR\_ISTMP0.DIR\Uninst.isu
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A9469BDAE635AC0807AE\grmnusb.inf
Windows Installer 3.1 (KB893803)-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Windows Live Safety Scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format SDK Hotfix - KB891122-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall
Windows XP Hotfix - KB873339-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Windows XP Hotfix - KB890859-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Wireless PCI Card Configuration Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FADC8AB-5575-4D87-8870-EE527D86163F}\Setup.EXE" -l0x9
Word in Works Suite add-in-->MsiExec.exe /I{0DB93918-2A77-11D3-805A-00C04FA329AA}
Yahoo! Toolbar-->C:\PROGRA~1\YAHOO!\COMMON\unyt.exe

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: REMOTE
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
CTSYN

Record Number: 51614
Source Name: Service Control Manager
Time Written: 20090411142043.000000-240
Event Type: error
User:

Computer Name: REMOTE
Event Code: 7000
Message: The Microsoft Office Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 51613
Source Name: Service Control Manager
Time Written: 20090411142041.000000-240
Event Type: error
User:

Computer Name: REMOTE
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Microsoft Office Search service to connect.

Record Number: 51612
Source Name: Service Control Manager
Time Written: 20090411142041.000000-240
Event Type: error
User:

Computer Name: REMOTE
Event Code: 3095
Message: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Record Number: 51610
Source Name: NETLOGON
Time Written: 20090411141949.000000-240
Event Type: error
User:

Computer Name: REMOTE
Event Code: 876
Message: Driver Cdr4vsd.SYS has been blocked from loading.

Record Number: 51607
Source Name: Application Popup
Time Written: 20090411141948.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: REMOTE
Event Code: 1517
Message: Windows saved user REMOTE\Christina registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 12421
Source Name: Userenv
Time Written: 20081024003305.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: REMOTE
Event Code: 1517
Message: Windows saved user REMOTE\mli registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 12420
Source Name: Userenv
Time Written: 20081024003214.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: REMOTE
Event Code: 1001
Message: Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'OUTLOOKNonBootFiles' failed during request for component '{8ED1DAC0-0D32-11D2-A182-00A0C90AB50F}'

Record Number: 12419
Source Name: MsiInstaller
Time Written: 20081023210146.000000-240
Event Type: warning
User: REMOTE\Christina

Computer Name: REMOTE
Event Code: 1001
Message: Detection of product '{9944AA9E-362D-11D3-81AB-00C04FB932BA}', feature '_F3056_Calendar' failed during request for component '{6A7A37EC-BC79-11D2-8008-00C04FA329AA}'

Record Number: 12418
Source Name: MsiInstaller
Time Written: 20081023210140.000000-240
Event Type: warning
User: REMOTE\Christina

Computer Name: REMOTE
Event Code: 1001
Message: Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'OUTLOOKNonBootFiles' failed during request for component '{8ED1DAC0-0D32-11D2-A182-00A0C90AB50F}'

Record Number: 12417
Source Name: MsiInstaller
Time Written: 20081023210136.000000-240
Event Type: warning
User: REMOTE\Christina

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\PROGRA~1\COMMON~1\MICROS~1\MSInfo\;%SYSTEMROOT%\COMMAND;C:\Program Files\Common Files\STOPzilla!;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=C:\WINDOWS
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0803
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=C:\WINDOWS\TEMP
"TMP"=C:\WINDOWS\TEMP
"BLASTER"=A220 I5 D1 H5 P330 T6
"CTSYN"=C:\WINDOWS
"winbootdir"=C:\WINDOWS
"PROMPT"=$p$g
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 24 June 2009 - 08:24 AM

Why are you trying to run TrendMicro House call?

Go to your Add/Remove programs list and delete these old versions of Java.
J2SE Runtime Environment 5.0 Update 3
Java™ 6 Update 3



Keep this one.
Java™ 6 Update 13
===

How is it now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 24 June 2009 - 02:19 PM

Dear Nasdaq

The reason I'm constantly running Trendmicro is becasue I am extremely nervous about all these spywares and trojan horses and key loggers. My wife is using the computer to do banking and I really don't like that idea and believe me it is either her way or the highway! :-(

You did not give me an verdict, is my computer infected or not? Thanks.

Best

Mikeylia

#10 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 24 June 2009 - 08:18 PM

Hi nasdaq

I could not delete Java version 6.3 (uninstallation error)

So I ran the SDfix

report.txt file attached below
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


SDFix: Version 1.240
Run on 06/24/2009 Wed at 09:54 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\Uninst2.htm - Deleted
C:\WINDOWS\Unist1.htm - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 22:11:30
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Funshion Online\\Funshion\\Funshion.exe"="C:\\Program Files\\Funshion Online\\Funshion\\Funshion.exe:*:Enabled:Funshion"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 10 Sep 2005 291 ..SH. --- "C:\AUTOEXEC.BAK"
Thu 8 Jun 2000 129,078 ..SH. --- "C:\LOGO.SYS"
Mon 13 Mar 2006 4,348 ..SH. --- "C:\WINDOWS\DRM\DRMv1.bak"
Sun 21 Aug 2005 1,454,112 ...HR --- "C:\Documents and Settings\mli\USER.BAK"
Sun 8 Apr 2007 0 A.SH. --- "C:\WINDOWS\DRM\Cache\Indiv01.tmp"
Wed 11 Feb 2009 36,864 ...H. --- "C:\Documents and Settings\mli\My Documents\~WRL0259.tmp"
Thu 2 Nov 2000 58,880 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL0004.tmp"
Mon 6 Nov 2000 63,488 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL1463.tmp"
Tue 7 Nov 2000 64,512 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL0982.tmp"
Wed 15 Nov 2000 67,072 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL3269.tmp"
Mon 18 Dec 2000 78,336 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL0005.tmp"
Sun 14 Jan 2001 84,992 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL3776.tmp"
Wed 6 Jun 2001 112,640 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL2277.tmp"
Wed 6 Jun 2001 113,152 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL1276.tmp"
Mon 11 Jun 2001 113,152 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL2261.tmp"
Tue 12 Jun 2001 113,664 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL2919.tmp"
Thu 14 Jun 2001 114,176 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL3306.tmp"
Mon 23 Jul 2001 117,760 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL0420.tmp"
Mon 23 Jul 2001 117,760 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL2283.tmp"
Wed 25 Jul 2001 119,296 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL2390.tmp"
Wed 25 Jul 2001 119,808 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL0311.tmp"
Mon 20 Aug 2001 121,344 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL1713.tmp"
Mon 27 Aug 2001 121,344 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL2053.tmp"
Sun 1 Dec 2002 141,824 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL1916.tmp"
Sun 30 Mar 2003 155,136 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL0003.tmp"
Mon 5 May 2003 180,736 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL0838.tmp"
Wed 28 May 2003 198,656 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL0686.tmp"
Mon 28 Jun 2004 228,352 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL1389.tmp"
Mon 28 Jun 2004 228,864 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Templates\~WRL3393.tmp"
Tue 28 Nov 2000 24,064 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL2305.tmp"
Tue 2 Jan 2001 20,480 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL0453.tmp"
Tue 2 Jan 2001 20,480 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL4050.tmp"
Tue 2 Jan 2001 21,504 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL2493.tmp"
Tue 2 Jan 2001 22,016 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL2137.tmp"
Tue 2 Jan 2001 23,040 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL1138.tmp"
Tue 2 Jan 2001 23,040 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL1896.tmp"
Tue 24 Jul 2001 28,672 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL3163.tmp"
Fri 15 Feb 2002 19,968 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL0130.tmp"
Fri 15 Feb 2002 20,992 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL2737.tmp"
Fri 15 Feb 2002 20,992 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL3800.tmp"
Sun 28 Nov 2004 21,504 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL1980.tmp"
Sun 28 Nov 2004 25,088 ...H. --- "C:\WINDOWS\Application Data\Microsoft\Word\~WRL0487.tmp"
Thu 2 Nov 2000 58,880 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL0004.tmp"
Mon 6 Nov 2000 63,488 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL1463.tmp"
Tue 7 Nov 2000 64,512 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL0982.tmp"
Wed 15 Nov 2000 67,072 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL3269.tmp"
Mon 18 Dec 2000 78,336 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL0005.tmp"
Sun 14 Jan 2001 84,992 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL3776.tmp"
Wed 6 Jun 2001 112,640 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL2277.tmp"
Wed 6 Jun 2001 113,152 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL1276.tmp"
Mon 11 Jun 2001 113,152 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL2261.tmp"
Tue 12 Jun 2001 113,664 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL2919.tmp"
Thu 14 Jun 2001 114,176 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL3306.tmp"
Mon 23 Jul 2001 117,760 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL0420.tmp"
Mon 23 Jul 2001 117,760 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL2283.tmp"
Wed 25 Jul 2001 119,296 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL2390.tmp"
Wed 25 Jul 2001 119,808 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL0311.tmp"
Mon 20 Aug 2001 121,344 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL1713.tmp"
Mon 27 Aug 2001 121,344 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL2053.tmp"
Sun 1 Dec 2002 141,824 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL1916.tmp"
Sun 30 Mar 2003 155,136 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL0003.tmp"
Mon 5 May 2003 180,736 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL0838.tmp"
Wed 28 May 2003 198,656 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL0686.tmp"
Sat 24 Jan 2004 229,376 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL2227.tmp"
Mon 8 Mar 2004 252,928 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL2377.tmp"
Fri 1 Oct 2004 276,480 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL1940.tmp"
Sat 2 Oct 2004 278,016 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL3300.tmp"
Tue 18 Jan 2005 289,280 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL2819.tmp"
Wed 8 Jun 2005 310,784 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Templates\~WRL1444.tmp"
Tue 28 Nov 2000 24,064 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Word\~WRL2305.tmp"
Tue 2 Jan 2001 20,480 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Word\~WRL0453.tmp"
Tue 2 Jan 2001 20,480 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Word\~WRL4050.tmp"
Tue 2 Jan 2001 21,504 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Word\~WRL2493.tmp"
Tue 2 Jan 2001 22,016 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Word\~WRL2137.tmp"
Tue 2 Jan 2001 23,040 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Word\~WRL1138.tmp"
Tue 2 Jan 2001 23,040 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Word\~WRL1896.tmp"
Tue 24 Jul 2001 28,672 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Word\~WRL3163.tmp"
Fri 15 Feb 2002 19,968 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Word\~WRL0130.tmp"
Fri 15 Feb 2002 20,992 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Word\~WRL2737.tmp"
Fri 15 Feb 2002 20,992 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Word\~WRL3800.tmp"
Fri 27 Feb 2004 245,760 ...H. --- "C:\Documents and Settings\mli\Application Data\Microsoft\Word\~WRL3248.tmp"

Finished!

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 25 June 2009 - 07:13 AM

All the logs that I have seen are clean.

Just want to run an other tool just to make sure we catch everything that may be hidden.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 25 June 2009 - 05:52 PM

Hi nasdaq

I loaded combofix.exe, but I could not find where its folder is located. How do I remove combofix after the test?
Where is the "system tray icon"? I could not disable the antivirus.

Best regards,

mikeylia

#13 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 25 June 2009 - 06:18 PM

I loaded combofix from link 1, I could not find where the files are located. I ran a search and could not find any combofix files, I double clicked the combofix.exe on desktop. nothing happened. only a bar showed up and green dots moved and then nothing happened- there is no prompt. The computer was very slow after loading this file. I tried to uninstalled it and I could find where it is located.

#14 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 25 June 2009 - 09:15 PM

ComboFix 09-06-25.01 - mli 5/2009 Thu 20:40.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.950.886.1033.18.383.60 [GMT -4:00]
執行位置: c:\documents and settings\mli\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

注意 - 這台電腦沒有安裝恢復控制台 !!
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IA
c:\windows\patch.exe
c:\windows\start.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\Sp3.dll
c:\windows\system32\stera.job
c:\windows\system32\stera.log
c:\windows\system32\windows.scr
c:\windows\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_NETWORK_MONITOR
-------\Legacy_VSPF
-------\Legacy_VSPF_HK


((((((((((((((((((((((((( 2009-05-26 至 2009-06-26 的新的檔案 )))))))))))))))))))))))))))))))
.

2009-06-25 23:58 . 2009-06-25 23:59 -------- d-----w- c:\documents and settings\mli\Application Data\InstallShield
2009-06-25 23:58 . 2009-06-25 23:59 -------- d-----w- c:\documents and settings\mli\Application Data\InstallShield
2009-06-25 01:52 . 2009-06-25 01:52 577024 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-06-25 01:50 . 2009-06-25 01:50 -------- d-----w- c:\windows\ERUNT
2009-06-25 01:46 . 2008-11-06 06:03 -------- d-----w- C:\SDFix
2009-06-25 00:09 . 2009-06-19 22:38 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-23 22:49 . 2009-06-23 22:49 -------- d-----w- C:\rsit
2009-06-19 22:42 . 2009-06-12 00:18 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-19 22:42 . 2009-06-12 00:18 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-19 22:42 . 2009-06-12 00:18 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-12 00:25 . 2009-06-12 00:19 826624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-12 00:17 . 2009-06-12 00:16 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-03 23:03 . 2009-06-03 23:03 -------- d-sh--w- C:\FOUND.002
2009-06-03 00:50 . 2009-06-03 00:50 -------- d-----w- c:\program files\Trend Micro
2009-05-31 16:31 . 2009-05-31 16:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-31 16:26 . 2009-05-31 16:26 152576 ----a-w- c:\documents and settings\mli\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 01:01 . 2007-11-15 03:24 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-00000011-00001102-00000002-80401102}.dat
2009-06-26 01:01 . 2007-11-15 03:24 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-00000011-00001102-00000002-80401102}.dat
2009-06-25 00:50 . 2009-06-25 00:49 0 ----a-w- c:\windows\system32\REN5.tmp
2009-06-25 00:50 . 2009-06-25 00:49 0 ----a-w- c:\windows\system32\REN4.tmp
2009-06-25 00:50 . 2009-06-25 00:49 0 ----a-w- c:\windows\system32\REN3.tmp
2009-06-19 22:38 . 2007-10-14 18:36 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-12 00:19 . 2008-12-26 21:57 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-05 01:35 . 2009-06-05 01:35 0 ----a-w- c:\windows\system32\REN13.tmp
2009-06-05 01:35 . 2009-06-05 01:35 0 ----a-w- c:\windows\system32\REN12.tmp
2009-06-05 01:35 . 2009-06-05 01:35 0 ----a-w- c:\windows\system32\REN11.tmp
2009-05-07 01:54 . 2009-05-07 01:54 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-05-07 01:50 . 2009-05-07 01:50 -------- d-----w- c:\documents and settings\mli\Application Data\GARMIN
2009-05-07 01:48 . 2009-05-07 01:48 -------- d-----w- c:\program files\DIFX
2009-05-07 01:48 . 2009-05-07 01:48 -------- d-----w- c:\program files\Garmin
2009-05-02 12:22 . 2008-12-26 21:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-02 12:21 . 2008-12-26 21:57 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2000-06-28 17:37 . 1980-01-01 04:00 23357 ---h--w- c:\program files\folder.htt
2007-04-08 20:56 . 2007-04-08 20:56 0 --sha-w- c:\windows\DRM\Cache\Indiv01.tmp
.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-04-16 44032]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - c:\windows\Application Data\Microsoft\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2000-7-19 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-02 12:22 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe"
"Taskbar Display Controls"=RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
"AIM"=c:\program files\AIM95\aim.exe -cnetwait.odl
"ctfmon.exe"=ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Creative Launcher"=c:\program files\Creative\Launcher\CTLauncher.exe
"WinampAgent"="c:\program files\WINAMP\WINAMPa.exe"
"PCHealth"=c:\windows\PCHealth\Support\PCHSchd.exe -s
"CountrySelection"=pctptt.exe
"Adaptec DirectCD"=c:\progra~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
"TgSet"="c:\program files\Tioga\Client\bin\tgshell.exe" /ds "c:\program files\Tioga\lserver\\"
"TgStart"="c:\program files\Tioga\Client\bin\tgsched.exe"
"LexStart"=Lexstart.exe
"LexmarkPrinTray"=PrinTray.exe
"Disc Detector"=c:\program files\Creative\ShareDLL\CtNotify.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NPROTECT"=c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Norton Auto-Protect"=c:\progra~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
"Norton eMail Protect"=c:\program files\Norton SystemWorks\Norton AntiVirus\POPROXY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"SchedulingAgent"=mstask.exe
"StillImageMonitor"=c:\windows\SYSTEM32\STIMON.EXE
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NPROTECT"=c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
"MDM7"="c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
"CSINJECT.EXE"=c:\program files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [12/26/2008 5:57 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [12/26/2008 5:57 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/26/2008 5:56 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/26/2008 5:56 PM 298776]
R3 WMP11;Instant Wireless PCI Card Driver;c:\windows\SYSTEM32\DRIVERS\WMP11NDS.sys [8/4/2007 9:30 PM 54083]
S0 Cdr4vsd;Cdr4vsd;c:\windows\SYSTEM32\DRIVERS\CDR4VSD.SYS [9/10/2005 8:10 PM 60560]
S2 MOSearch;Microsoft Office Search;c:\program files\Common Files\SYSTEM\MOSearch\Bin\mosearch.exe [1/19/2001 3:28 PM 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\^RNA]
rundll rnasetup.dll,installoptionalcomponent rna

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}.Restore]
rundll32.exe advpack.dll,UserUnInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}.Restore]
rundll32.exe advpack.dll,UserUnInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
‘計劃任務’ 文件夾 裡的內容

2005-08-30 c:\windows\Tasks\Scan for Viruses.job
- c:\program files\Norton SystemWorks\Norton AntiVirus\NAVW32.EXE [2000-11-02 09:00]

2005-09-15 c:\windows\Tasks\Uninstall Expiration Reminder.job
- c:\windows\System32\OOBE\oobebaln.exe [2005-09-10 07:56]

2009-06-25 c:\windows\Tasks\Backup My Documents.job
- c:\windows\system32\ntbackup.exe [2002-04-16 07:56]

2009-01-17 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 17:55]

2009-06-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 17:55]

2009-06-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-25 00:02]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard


.
------- 而外的掃描 -------
.
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~5\OFFICE10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 21:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI

掃描被隱藏的進程 ...

掃描被隱藏的啟動組 ...

掃描被隱藏的文件 ...

掃描完成
被隱藏的檔案: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\$$$\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

- - - - - - - > 'explorer.exe'(6392)
c:\windows\system32\msi.dll
.
------------------------ 其他運行進程 ------------------------
.
c:\windows\SYSTEM32\SCARDSVR.EXE
c:\windows\system32\conime.exe
c:\windows\SYSTEM32\NETDDE.EXE
c:\windows\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE.EXE
c:\program files\AVG\AVG8\AVGWDSVC.EXE
c:\windows\SYSTEM32\CLIPSRV.EXE
c:\windows\SYSTEM32\DLLHOST.EXE
c:\windows\SYSTEM32\MSDTC.EXE
c:\program files\AVG\AVG8\AVGRSX.EXE
c:\windows\SYSTEM32\MSIEXEC.EXE
c:\program files\AVG\AVG8\AVGNSX.EXE
c:\windows\SYSTEM32\SESSMGR.EXE
c:\windows\SYSTEM32\LOCATOR.EXE
c:\windows\SYSTEM32\DLLHOST.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\windows\SYSTEM32\VSSVC.EXE
c:\program files\WINDOWS MEDIA CONNECT 2\WMCCDS.EXE
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
c:\program files\AVG\AVG8\AVGEMC.EXE
c:\program files\CANON\CAL\CALMAIN.EXE
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
完成時間: 2009-06-26 21:10 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2009-06-26 01:10
ComboFix2.txt 2006-07-26 22:52

Pre-Run: 17,394,794,496 bytes free
Post-Run: 17,301,684,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe

223

#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 26 June 2009 - 07:28 AM

The log is clean.

Any problems remaining?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 26 June 2009 - 09:05 AM

Hi nasdaq

I did not run Trendmicro, I guess there is no need to do that after your help. The computer works fine and I just could not turn the AVG Free 8.5 off yesterday when I did the Combofix scan. The computer beeped and warnings were given, but I had no choice but to let it go on.

Where are these tools and their associated folders located, RSIT, SDfix and Combofix? It seems to me that they are all over the place, i.e., in the C drive root and also in the Windows folder under all kinds of diffent file names. Do we need to delete them to save disk space?

#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 26 June 2009 - 09:51 AM

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

The other programs you can delete the normal way.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#18 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 29 June 2009 - 06:53 AM

Now my SB Live does not work, it seems that the media player is playing but no sound came out from the speakers.
I tried to follow the MS instruction

Start
All programs
Accessories
Entertainment
Volume control
options
adv. controls
Advanced options
play control
check off digital outplay only box

But I could not find the advanced options bottoms
I tried to run AudioHQU, but the driver AUQTBU.exe is there but not working

Please help, Thanks in advance

Edited by Mikeylia, 29 June 2009 - 06:54 AM.


#19 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 29 June 2009 - 07:11 AM

I had tried to download the "updated driver" from the following site

http://www.softwarep...ecurity-dl.html

But it is still did not work

My hijack this log attached again, I think that I might have visited another spyware site, because my mouse paused a lot, it appears that someone is controlling my computer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:05 AM, on 6/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\OFFICE10\EXCEL.EXE/3000
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 2528 bytes

#20 Mikeylia

Mikeylia

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 29 June 2009 - 09:05 AM

Sorry forgot to mention that the Sound Blaster Live! MP+3 was purchased around 1999, the computer was windows ME, since then the computer has been updated to windows XP, but Creative labs is no longer supporting this hardware sometime in 2007. The drivers in the original hardware are no longer compatible with the windows XP causing a lot of issues.

Edited by Mikeylia, 29 June 2009 - 09:06 AM.


#21 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 29 June 2009 - 03:00 PM

Then this is not a malware issue.

It's possible to upgrade from ME to XP provided your hardware are compatible and the drivers are available.
I have a new Windows Vista but cannot run my Epson printer because the drivers are not available.

Goog luck,
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#22 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,326 posts

Posted 14 July 2009 - 08:15 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button