The Logon User Interface DLL xtgina.dll failed to load

Solved
By zobbin
Sep 1, 2012
  1. Two days ago I ran a complete scan of my computer using AVG 2012 free edition. The scan uncovered files containing the win32 heur virus, and upon completion of the scan I followed the computer restart instruction. After restarting a message saying "The Logon User Interface DLL xtgina.dll failed to load" appeared. Now I can no longer log on to my pc properly and I don't know how to fix this. I can get into safe mode, but from that point I'm not sure what to do. Could someone please help me solve this problem and possibly guide me through steps necessary to remove any malicious files that remain on my pc?

    Your help is greatly appreciated and thank you in advance.

    (The pc is a Dell Dimension 9150 running Windows XP)
  2. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    Hi again,

    I am using another computer at the moment to post in this thread, but if the logon issue can be resolved then I will follow the 5-step preliminary instructions and post the log's required to clean my machine. You'll have to forgive me for not finding this site sooner, but it wasn't until I couldn't logon to my desktop anymore that I found you guys and your instructions for tackling this type of issue.

    Thank you again, and please let me know if I can provide any other necessary information that could help solve my problem.

    Cheers!
  3. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================

    First, boot to safe mode and see if you can use restore point form before the issue started.
  4. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    Ok, so in safe mode I selected a restore point from the day before the issue began. My pc just restarted but the error message remains. Also, I have tried booting using the last known good configuration but that did not work either :oops:
  5. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Please post EXACT full error message.
  6. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    The error message reads: The Logon User Interface DLL xtgina.dll failed to load. Contact your system administrator to replace the DLL, or restore the original DLL.
  7. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    And there is also a button beneath that message, within the box, allowing me to restart.
  8. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Xtgina.dll doesn't look like a legit file so we have to try couple of options.

    First of all what Windows version is it?
  9. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    Windows XP, sp3
  10. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Does safe mode with networking work or just only safe mode?
  11. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    Safe mode with networking did not work. The same error message just appeared when I attempted that.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Use your working computer and USB flash drive to download and transfer necessary tools to.....
    ....complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    IMPORTANT!
    Install Panda USB Vaccine, or BitDefenderā€™s USB Immunizer on GOOD computer to protect it from any infected USB device.
  13. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    Here are the logs, GMER did not produce a log.

    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.03.05

    Windows XP Service Pack 3 x86 NTFS (Safe Mode)
    Internet Explorer 8.0.6001.18702
    Boz :: DUBSONE [administrator]

    01/09/2012 9:54:05 PM
    mbam-log-2012-09-01 (21-54-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 279686
    Time elapsed: 16 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\Adobe Direct CVS Service (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADOBE_DIRECT_CVS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5555 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 38
    C:\Documents and Settings\Boz\Local Settings\Temp\{01236567-0901-3213-7690-465890103787}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{01898782-0785-5636-7856-898912345691}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{07677656-8965-5545-3434-028876309874}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{09181098-2221-2345-3256-567678902343}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{09856567-3234-7678-0126-870124547678}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{10254323-3677-7090-0102-412343467674}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{10987654-4232-0767-5431-985652129076}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{12567763-9892-2321-0901-568921434546}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{13436545-7789-3430-8987-236745655410}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{21343454-4529-2109-1098-901234543098}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{21907432-0985-5428-1890-898010125679}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{23434545-8987-3452-8912-478912365894}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{34123410-1256-6710-2343-121567810132}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{43265898-6790-0123-5467-787823498901}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{43456870-0323-3225-3090-876434321878}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{47890136-2367-9345-7236-215676541210}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{50986545-3212-0190-8987-543457454543}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{54132109-7678-2120-0781-943010076541}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{54348901-5691-1010-2125-890987654336}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{56558903-5321-5476-1212-678792345890}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{63218543-1876-7412-2785-567565632107}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{74309430-0909-8541-9876-635132109654}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{74344565-5212-2210-4560-876365412578}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{76765232-3098-2109-7665-101096769109}.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{76890345-7101-3452-5112-434798909090}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{78789878-6896-4187-3413-565412329177}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{79098763-1457-7890-0930-256563545454}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{87011456-6799-4589-7781-903235698525}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{87652987-5435-1854-2109-095765432187}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{89012122-2121-9858-6652-896521074343}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{89672347-0123-3257-7890-347690929345}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{90763210-8763-0763-7432-898763099852}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{96632096-3299-5421-8541-874430076330}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{98554118-4410-7431-9663-096532996542}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{98776987-9245-3434-2939-212101232210}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Boz\Local Settings\Temp\{98965458-1432-0789-2323-987434578763}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\svc2dll.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\svc2dll.dat (Malware.Trace) -> Quarantined and deleted successfully.

    (end)

    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
    Internet Explorer: 8.0.6001.18702
    Run by Boz at 22:20:16 on 2012-09-01
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.800 [GMT -6:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\Explorer.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    uWindows: load=c:\docume~1\boz\locals~1\temp\{21907~1.EXE
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Spyware Doctor] c:\documents and settings\boz\desktop\sdsetup_revwire207.exe -min
    uRun: [Hewlett-Packard] Rundll32.exe "c:\documents and settings\boz\local settings\application data\hewlett-packard\vmhzupwr.dll",_resetstkoflw
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [<NO NAME>]
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{DF22A413-2461-4F28-94D3-D2A401206326} : DhcpNameServer = 154.11.129.59 154.11.129.187 209.115.152.130
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    S0 BeTwinVideo;BeTwinVideo;c:\windows\system32\drivers\BeTwinVF.sys [2012-6-27 20800]
    S1 BeTwinSystem;BeTwinSystem;c:\windows\system32\drivers\BeTwinSystem.sys [2012-6-27 13640]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S3 176c4fad-29f4-4e2e-95da-51997f700a46;176c4fad-29f4-4e2e-95da-51997f700a46;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
    S3 BeTwinKeyboard;BeTwinKeyboard;c:\windows\system32\drivers\BeTwinKF.sys [2012-6-27 16192]
    S3 BeTwinMouse;BeTwinMouse;c:\windows\system32\drivers\BeTwinMF.sys [2012-6-27 16192]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-1-29 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-1-29 40552]
    S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [2005-10-27 79616]
    .
    =============== Created Last 30 ================
    .
    2012-09-02 03:52:02--------d-----w-c:\documents and settings\boz\application data\Malwarebytes
    2012-09-02 03:51:47--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
    2012-09-02 03:51:4622344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-02 03:51:46--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-09-02 02:59:39--------d-----w-c:\windows\system32\wbem\repository\FS
    2012-09-02 02:59:39--------d-----w-c:\windows\system32\wbem\Repository
    2012-08-31 04:18:55--------d-----w-c:\windows\LastGood.Tmp
    2012-08-31 04:17:35--------d-----w-C:\$AVG
    2012-08-31 04:17:34--------d-----w-c:\windows\system32\drivers\AVG
    2012-08-31 04:17:34--------d-----w-c:\documents and settings\all users\application data\AVG2012
    2012-08-31 04:16:29--------d-----w-c:\program files\AVG
    2012-08-31 04:12:50--------d-----w-c:\documents and settings\all users\application data\Common Files
    2012-08-31 04:12:49--------d-----w-c:\documents and settings\all users\application data\MFAData
    2012-08-30 05:37:09--------d-----w-c:\documents and settings\boz\application data\SUPERAntiSpyware.com
    2012-08-30 05:34:45--------d-----w-c:\documents and settings\boz\local settings\application data\Google
    2012-08-30 05:34:25--------d-----w-c:\program files\SUPERAntiSpyware
    2012-08-30 05:34:25--------d-----w-c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-08-30 05:33:57--------d-----w-c:\documents and settings\all users\application data\SUPERSetup
    .
    ==================== Find3M ====================
    .
    2012-08-16 17:40:4970344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-16 17:40:49426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-07-06 13:58:5178336----a-w-c:\windows\system32\browser.dll
    2012-07-04 14:05:18139784----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40:151866112----a-w-c:\windows\system32\win32k.sys
    2012-07-02 17:49:33916992----a-w-c:\windows\system32\wininet.dll
    2012-07-02 17:49:3243520----a-w-c:\windows\system32\licmgr10.dll
    2012-07-02 17:49:321469440------w-c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05:43385024----a-w-c:\windows\system32\html.iec
    2012-06-29 00:50:5173728----a-w-c:\windows\system32\javacpl.cpl
    2012-06-19 22:11:05190---ha-w-C:\aaw7boot.cmd
    2012-06-05 15:50:251372672----a-w-c:\windows\system32\msxml6.dll
    2012-06-05 15:50:251172480----a-w-c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08152576----a-w-c:\windows\system32\schannel.dll
    2010-08-16 06:00:2710864104----a-w-c:\program files\PokerStarsInstall.exe
    .
    ============= FINISH: 22:21:43.09 ===============

    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 25/10/2005 9:01:27 PM
    System Uptime: 01/09/2012 10:15:54 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0YC523
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 230 GiB total, 122.471 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP265: 04/06/2012 3:00:24 AM - Software Distribution Service 3.0
    RP266: 05/06/2012 3:00:32 AM - Software Distribution Service 3.0
    RP267: 06/06/2012 3:00:39 AM - Software Distribution Service 3.0
    RP268: 07/06/2012 3:00:23 AM - Software Distribution Service 3.0
    RP269: 08/06/2012 3:00:23 AM - Software Distribution Service 3.0
    RP270: 09/06/2012 3:00:24 AM - Software Distribution Service 3.0
    RP271: 10/06/2012 3:00:44 AM - Software Distribution Service 3.0
    RP272: 11/06/2012 3:00:23 AM - Software Distribution Service 3.0
    RP273: 12/06/2012 3:00:32 AM - Software Distribution Service 3.0
    RP274: 13/06/2012 3:00:30 AM - Software Distribution Service 3.0
    RP275: 14/06/2012 3:00:27 AM - Software Distribution Service 3.0
    RP276: 15/06/2012 3:00:21 AM - Software Distribution Service 3.0
    RP277: 16/06/2012 3:00:28 AM - Software Distribution Service 3.0
    RP278: 17/06/2012 3:00:20 AM - Software Distribution Service 3.0
    RP279: 18/06/2012 3:00:20 AM - Software Distribution Service 3.0
    RP280: 19/06/2012 3:00:37 AM - Software Distribution Service 3.0
    RP281: 19/06/2012 5:11:31 PM - Software Distribution Service 3.0
    RP282: 20/06/2012 3:00:58 AM - Software Distribution Service 3.0
    RP283: 21/06/2012 3:02:54 AM - Software Distribution Service 3.0
    RP284: 22/06/2012 3:00:38 AM - Software Distribution Service 3.0
    RP285: 23/06/2012 3:03:40 AM - Software Distribution Service 3.0
    RP286: 24/06/2012 3:07:45 AM - Software Distribution Service 3.0
    RP287: 25/06/2012 3:15:31 AM - Software Distribution Service 3.0
    RP288: 26/06/2012 3:16:00 AM - Software Distribution Service 3.0
    RP289: 26/06/2012 1:52:43 PM - Removed Ad-Aware Antivirus.
    RP290: 26/06/2012 2:30:56 PM - Installed Java(TM) 6 Update 33
    RP291: 26/06/2012 2:32:04 PM - Software Distribution Service 3.0
    RP292: 27/06/2012 3:00:34 AM - Software Distribution Service 3.0
    RP293: 28/06/2012 3:00:23 AM - Software Distribution Service 3.0
    RP294: 29/06/2012 3:00:23 AM - Software Distribution Service 3.0
    RP295: 30/06/2012 3:00:23 AM - Software Distribution Service 3.0
    RP296: 01/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP297: 02/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP298: 03/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP299: 04/07/2012 3:00:25 AM - Software Distribution Service 3.0
    RP300: 05/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP301: 06/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP302: 07/07/2012 12:44:26 PM - Software Distribution Service 3.0
    RP303: 08/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP304: 09/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP305: 10/07/2012 3:00:34 AM - Software Distribution Service 3.0
    RP306: 11/07/2012 10:25:45 PM - Software Distribution Service 3.0
    RP307: 12/07/2012 3:00:30 AM - Software Distribution Service 3.0
    RP308: 13/07/2012 3:00:20 AM - Software Distribution Service 3.0
    RP309: 14/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP310: 15/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP311: 16/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP312: 17/07/2012 2:20:49 AM - Software Distribution Service 3.0
    RP313: 24/07/2012 9:48:33 PM - System Checkpoint
    RP314: 25/07/2012 3:00:35 AM - Software Distribution Service 3.0
    RP315: 25/07/2012 11:56:17 PM - Installed Java(TM) 6 Update 33
    RP316: 26/07/2012 3:00:30 AM - Software Distribution Service 3.0
    RP317: 27/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP318: 28/07/2012 3:00:36 AM - Software Distribution Service 3.0
    RP319: 29/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP320: 30/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP321: 30/07/2012 2:04:17 PM - Software Distribution Service 3.0
    RP322: 30/07/2012 2:38:49 PM - Software Distribution Service 3.0
    RP323: 30/07/2012 3:09:32 PM - Software Distribution Service 3.0
    RP324: 31/07/2012 3:00:23 AM - Software Distribution Service 3.0
    RP325: 01/08/2012 3:00:29 AM - Software Distribution Service 3.0
    RP326: 02/08/2012 3:00:36 AM - Software Distribution Service 3.0
    RP327: 03/08/2012 3:00:31 AM - Software Distribution Service 3.0
    RP328: 04/08/2012 3:00:23 AM - Software Distribution Service 3.0
    RP329: 05/08/2012 3:00:29 AM - Software Distribution Service 3.0
    RP330: 06/08/2012 3:00:29 AM - Software Distribution Service 3.0
    RP331: 07/08/2012 3:00:34 AM - Software Distribution Service 3.0
    RP332: 08/08/2012 3:00:27 AM - Software Distribution Service 3.0
    RP333: 09/08/2012 3:00:30 AM - Software Distribution Service 3.0
    RP334: 10/08/2012 3:00:33 AM - Software Distribution Service 3.0
    RP335: 11/08/2012 3:00:24 AM - Software Distribution Service 3.0
    RP336: 12/08/2012 3:00:29 AM - Software Distribution Service 3.0
    RP337: 13/08/2012 3:00:24 AM - Software Distribution Service 3.0
    RP338: 14/08/2012 3:00:29 AM - Software Distribution Service 3.0
    RP339: 15/08/2012 3:00:39 AM - Software Distribution Service 3.0
    RP340: 16/08/2012 3:00:46 AM - Software Distribution Service 3.0
    RP341: 17/08/2012 3:00:31 AM - Software Distribution Service 3.0
    RP342: 18/08/2012 3:00:24 AM - Software Distribution Service 3.0
    RP343: 19/08/2012 3:00:24 AM - Software Distribution Service 3.0
    RP344: 19/08/2012 9:34:41 PM - Software Distribution Service 3.0
    RP345: 20/08/2012 3:00:33 AM - Software Distribution Service 3.0
    RP346: 21/08/2012 3:00:34 AM - Software Distribution Service 3.0
    RP347: 22/08/2012 3:00:24 AM - Software Distribution Service 3.0
    RP348: 23/08/2012 3:00:33 AM - Software Distribution Service 3.0
    RP349: 24/08/2012 3:00:23 AM - Software Distribution Service 3.0
    RP350: 25/08/2012 3:00:24 AM - Software Distribution Service 3.0
    RP351: 26/08/2012 3:00:36 AM - Software Distribution Service 3.0
    RP352: 27/08/2012 3:00:24 AM - Software Distribution Service 3.0
    RP353: 28/08/2012 3:00:24 AM - Software Distribution Service 3.0
    RP354: 29/08/2012 3:03:39 AM - Software Distribution Service 3.0
    RP355: 29/08/2012 11:09:54 PM - Software Distribution Service 3.0
    RP356: 30/08/2012 3:00:38 AM - Software Distribution Service 3.0
    RP357: 30/08/2012 10:16:27 PM - Installed AVG 2012
    RP358: 30/08/2012 10:17:15 PM - Installed AVG 2012
    RP359: 31/08/2012 11:42:40 AM - Software Distribution Service 3.0
    RP360: 01/09/2012 2:18:41 PM - Restore Operation
    RP361: 01/09/2012 3:20:45 PM - Software Distribution Service 3.0
    RP362: 01/09/2012 8:58:27 PM - Restore Operation
    RP363: 01/09/2012 9:16:27 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    888poker
    Ad-Aware Browsing Protection
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Media Player
    Adobe Reader 7.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Camera Suite 1.3
    ATI Control Panel
    ATI Display Driver
    BitTorrent
    BlackBerry Desktop Software 6.1
    Bonjour
    BufferChm
    Citrix Web Client
    Classic PhoneTools
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Copy
    CutePDF Writer 2.8
    Dell Driver Reset Tool
    Dell Picture Studio v3.0
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Destinations
    DeviceDiscovery
    Digital Line Detect
    DJ_AIO_05_F4400_Software_Min
    Download Updater (AOL LLC)
    F4400
    GPBaseService2
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 13.0
    HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
    HP Imaging Device Functions 13.0
    HP Print Projects 1.0
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Update
    hpPrintProjects
    HPProductAssistant
    HPSSupply
    hpWLPGInstaller
    Intel Matrix Storage Manager
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    iPod for Windows 2005-03-23
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 33
    Java(TM) 6 Update 7
    Learn2 Player (Uninstall Only)
    Linksys Wireless-G USB Network Adapter
    Macromedia Shockwave Player
    Malwarebytes Anti-Malware version 1.62.0.1300
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MINITAB 14 Student
    Modem Helper
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Musicmatch for Windows Media Player
    NetWaiting
    PeerBlock 1.1 (r518)
    PokerStars
    PowerDVD 5.5
    Python 2.5.2
    QuickTime
    R for Windows 2.9.0
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shop for HP Supplies
    SmartWebPrinting
    SolutionCenter
    Spelling Dictionaries For Adobe Reader Package
    Status
    The Rosetta Stone
    Toolbox
    TrayApp
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    XP Codec Pack
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/08/2012 12:17:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip
    31/08/2012 1:20:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip
    31/08/2012 1:20:02 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    31/08/2012 1:20:02 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    31/08/2012 1:20:02 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    31/08/2012 1:20:02 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    31/08/2012 1:20:02 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    31/08/2012 1:20:02 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    31/08/2012 1:18:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    31/08/2012 1:13:01 AM, error: Service Control Manager [7000] - The Adobe Direct CVS Service service failed to start due to the following error: The system cannot find the file specified.
    30/08/2012 9:16:49 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
    30/08/2012 9:16:49 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    29/08/2012 11:09:47 PM, error: NetDDE [206] - Listen failed: 15:
    29/08/2012 11:09:21 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
    28/08/2012 9:49:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: General access denied error
    28/08/2012 8:49:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: General access denied error
    28/08/2012 7:49:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
    28/08/2012 6:49:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
    28/08/2012 5:49:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
    28/08/2012 4:49:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
    28/08/2012 3:54:06 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    28/08/2012 3:53:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
    28/08/2012 3:53:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Direct CVS Service service to connect.
    28/08/2012 3:53:01 PM, error: Service Control Manager [7000] - The Service service failed to start due to the following error: The system cannot find the file specified.
    28/08/2012 3:53:01 PM, error: Service Control Manager [7000] - The Adobe Direct CVS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    28/08/2012 3:49:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
    28/08/2012 3:03:16 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2584052).
    28/08/2012 3:01:48 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2597086).
    28/08/2012 2:49:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
    28/08/2012 12:49:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
    28/08/2012 10:49:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error
    28/08/2012 1:49:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
    27/08/2012 9:49:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: General access denied error
    27/08/2012 8:49:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: General access denied error
    27/08/2012 7:49:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: General access denied error
    27/08/2012 6:49:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: General access denied error
    27/08/2012 5:49:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: General access denied error
    27/08/2012 4:49:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: General access denied error
    27/08/2012 3:49:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: General access denied error
    27/08/2012 2:49:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: General access denied error
    27/08/2012 12:49:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: General access denied error
    27/08/2012 11:49:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error
    27/08/2012 11:49:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error
    27/08/2012 10:49:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error
    27/08/2012 1:49:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: General access denied error
    01/09/2012 9:27:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SBRE
    01/09/2012 9:27:13 PM, error: Service Control Manager [7023] - The Terminal Services service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    01/09/2012 3:35:15 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    01/09/2012 2:46:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    01/09/2012 2:30:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    01/09/2012 2:28:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SBRE Tcpip
    .
    ==== End Of File ===========================
  14. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    =================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  15. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    Here are the rkilll and aswMBR logs. To be clear, I have not restarted my computer since I was instructed to at the end of the mbam scan. I mention this because in the rkill section of your latest post it says "if normal mode still doesn't work, run the tool from safe mode." My computer has been running in safe mode since the last restart, so I do not know if normal mode still doesn't work, and the rkill tool was run in safe mode.

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Rkill 2.3.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/02/2012 01:11:56 PM in x86 mode.
    Windows Version: Microsoft Windows XP Service Pack 3

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * No malware processes found to kill.

    Checking Registry for malware related settings.

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks.

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    Checking Windows Service Integrity:

    * AFD (AFD) is not Running.
    Startup Type set to: System

    * Background Intelligent Transfer Service (BITS) is not Running.
    Startup Type set to: Automatic

    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic

    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Manual

    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic

    * Automatic Updates (wuauserv) is not Running.
    Startup Type set to: Automatic

    * AFD (AFD) is not Running.
    Startup Type set to: System

    * IPSEC driver (IPSec) is not Running.
    Startup Type set to: System

    * NetBios over Tcpip (NetBT) is not Running.
    Startup Type set to: System

    * TCP/IP Protocol Driver (Tcpip) is not Running.
    Startup Type set to: System

    Searching for Missing Digital Signatures:

    * No issues found.

    Program finished at: 09/02/2012 01:12:47 PM
    Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)
    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-02 13:17:16
    -----------------------------
    13:17:16.453 OS Version: Windows 5.1.2600 Service Pack 3
    13:17:16.453 Number of processors: 2 586 0x403
    13:17:16.468 ComputerName: DUBSONE UserName: Boz
    13:17:17.156 Initialize success
    13:17:45.531 AVAST engine download error: 0
    13:18:24.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    13:18:24.156 Disk 0 Vendor: Maxtor_7 BANC Size: 238418MB BusType: 3
    13:18:24.171 Disk 0 MBR read successfully
    13:18:24.203 Disk 0 MBR scan
    13:18:24.218 Disk 0 unknown MBR code
    13:18:24.234 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
    13:18:24.265 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 235280 MB offset 112455
    13:18:24.312 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 481966065
    13:18:24.343 Disk 0 scanning sectors +488263545
    13:18:24.468 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:18:33.984 Service scanning
    13:18:38.531 Service 176c4fad-29f4-4e2e-95da-51997f700a46 D:\Player\cds300.dll **LOCKED** 21
    13:18:51.578 Modules scanning
    13:18:54.828 Disk 0 trace - called modules:
    13:18:55.000 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    13:18:55.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87358ab8]
    13:18:55.234 3 CLASSPNP.SYS[f75a4fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86e57030]
    13:18:55.343 Scan finished successfully
    13:22:02.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Boz\Desktop\MBR.dat"
    13:22:02.421 The log file has been saved successfully to "C:\Documents and Settings\Boz\Desktop\aswMBR.txt"
  16. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  17. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    ComboFix has given me the following warning:
    --------------------------------------------------------------------------------------------
    ComboFix has detected the following real time scanner(s) to be active:

    antivirus: McAfee Anti-Virus and Anti-Spyware

    Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.

    Please disable these scanners before clicking 'OK'.
    --------------------------------------------------------------------------------------------

    McAfee was uninstalled from my pc long before we began this cleaning process. I cannot see it in add/remove programs. Is it alright to click 'ok' and proceed?
  18. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Disregard that warning.
  19. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    I proceeded to run combofix and now see this:

    This machine does not have the 'Microsoft Windows recovery console' installed. Alternately, an existing installation of the recovery console may be present but requires updating.

    Without it, ComboFix shall not attempt the fixing of some serious infections.

    Click 'Yes' to have ComboFix download/install it.

    Note: this requires an active internet connection.

    (end)

    How should I proceed? I'm still running in safe mode without an internet connection.
  20. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Skip recovery console installation for now.
  21. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    As combofix ran, it abruptly stopped after reaching stage 20-something. The screen went blue and this is what the display reads:

    A problem has been detected and windows has been shut down to prevent damage to your computer.

    Plug and Play detected an error most likely caused by a faulty driver.

    If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

    Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

    If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select safe mode.

    *** STOP: 0x000000CA (0x00000004, 0x869010A8, 0x00000000, 0x00000000)

    Beginning dump of physical memory
    Physical memory dump complete.
    Contact your system administrator or technical support group for further assistance.

    (end)

    How should I proceed?
  22. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Delete your Combofix file, download fresh one and try again.
  23. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    ComboFix 12-09-03.07 - Boz 03/09/2012 12:50:31.1.2 - x86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.792 [GMT -6:00]
    Running from: c:\documents and settings\Boz\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    C:\install.exe
    c:\windows\system32\msxml6.dll.tmp
    c:\windows\system32\SET132.tmp
    c:\windows\system32\SET134.tmp
    c:\windows\system32\SET143.tmp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_SERVICE
    -------\Service_Service
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-02 03:52 . 2012-09-02 03:52--------d-----w-c:\documents and settings\Boz\Application Data\Malwarebytes
    2012-09-02 03:51 . 2012-09-02 03:51--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-09-02 03:51 . 2012-09-02 03:51--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-09-02 03:51 . 2012-07-03 19:4622344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-02 02:59 . 2012-09-02 02:59--------d-----w-c:\windows\system32\wbem\Repository
    2012-08-31 04:18 . 2012-08-31 04:19--------d-----w-c:\windows\LastGood.Tmp
    2012-08-31 04:17 . 2012-09-02 02:59--------d-----w-C:\$AVG
    2012-08-31 04:17 . 2012-09-02 02:59--------d-----w-c:\documents and settings\All Users\Application Data\AVG2012
    2012-08-31 04:17 . 2012-08-31 17:47--------d-----w-c:\windows\system32\drivers\AVG
    2012-08-31 04:16 . 2012-08-31 04:16--------d-----w-c:\program files\AVG
    2012-08-31 04:12 . 2012-08-31 04:12--------d-----w-c:\documents and settings\All Users\Application Data\Common Files
    2012-08-31 04:12 . 2012-09-02 02:59--------d-----w-c:\documents and settings\All Users\Application Data\MFAData
    2012-08-30 05:37 . 2012-08-30 05:37--------d-----w-c:\documents and settings\Boz\Application Data\SUPERAntiSpyware.com
    2012-08-30 05:34 . 2012-09-02 02:59--------d-----w-c:\documents and settings\Boz\Local Settings\Application Data\Google
    2012-08-30 05:34 . 2012-09-02 02:59--------d-----w-c:\program files\Google
    2012-08-30 05:34 . 2012-09-02 02:59--------d-----w-c:\program files\SUPERAntiSpyware
    2012-08-30 05:34 . 2012-08-30 05:34--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-08-30 05:33 . 2012-08-30 05:33--------d-----w-c:\documents and settings\All Users\Application Data\SUPERSetup
    2012-08-14 19:02 . 2012-09-02 02:59--------d-----w-c:\documents and settings\Guest248
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-16 17:40 . 2012-04-05 04:23426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-08-16 17:40 . 2011-10-05 15:4570344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-06 13:58 . 2004-08-10 17:5078336----a-w-c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2004-08-10 18:01139784----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40 . 2004-08-10 17:511866112----a-w-c:\windows\system32\win32k.sys
    2012-07-02 17:49 . 2004-08-10 17:51916992----a-w-c:\windows\system32\wininet.dll
    2012-07-02 17:49 . 2004-08-10 17:5143520----a-w-c:\windows\system32\licmgr10.dll
    2012-07-02 17:49 . 2004-08-10 17:511469440------w-c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05 . 2004-08-10 17:51385024----a-w-c:\windows\system32\html.iec
    2012-06-29 00:50 . 2008-09-18 05:4973728----a-w-c:\windows\system32\javacpl.cpl
    2012-06-19 22:11 . 2012-06-19 22:11190---ha-w-C:\aaw7boot.cmd
    2010-08-16 06:00 . 2010-08-16 06:0010864104----a-w-c:\program files\PokerStarsInstall.exe
    .
    Code:
    <pre>
    c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
    c:\program files\Common Files\InstallShield\UpdateService\issch .exe
    c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent .exe
    c:\program files\CyberLink\PowerDVD\DVDLauncher .exe
    c:\program files\Dell Support Center\bin\sprtcmd .exe
    c:\program files\Dell Support Center\gs_agent\custom\dsca .exe
    c:\program files\DellSupport\DSAgnt .exe
    c:\program files\HP\HP Software Update\HPWuSchd2 .exe
    c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
    c:\program files\iTunes\iTunesHelper .exe
    c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3 .exe
    c:\program files\QuickTime\QTTask  .exe
    c:\program files\Spybot - Search & Destroy\TeaTimer .exe
    c:\program files\VMware\VMware Player\hqtray .exe
    </pre>
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spyware Doctor"="c:\documents and settings\Boz\Desktop\sdsetup_revwire207.exe" [N/A]
    "Hewlett-Packard"="c:\documents and settings\Boz\Local Settings\Application Data\Hewlett-Packard\vmhzupwr.dll" [N/A]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    "ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-13 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jmnkqrgu]
    c:\documents and settings\Boz\Local Settings\Application Data\ndggll\qsybsysguard.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
    .
    S0 BeTwinVideo;BeTwinVideo;c:\windows\system32\drivers\BeTwinVF.sys [27/06/2012 10:32 AM 20800]
    S1 BeTwinSystem;BeTwinSystem;c:\windows\system32\drivers\BeTwinSystem.sys [27/06/2012 10:32 AM 13640]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S3 176c4fad-29f4-4e2e-95da-51997f700a46;176c4fad-29f4-4e2e-95da-51997f700a46;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04/04/2012 10:23 PM 250056]
    S3 BeTwinKeyboard;BeTwinKeyboard;c:\windows\system32\drivers\BeTwinKF.sys [27/06/2012 10:32 AM 16192]
    S3 BeTwinMouse;BeTwinMouse;c:\windows\system32\drivers\BeTwinMF.sys [27/06/2012 10:32 AM 16192]
    S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [27/10/2005 7:27 PM 79616]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:40]
    .
    2012-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-03 13:05
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Hewlett-Packard = Rundll32.exe "c:\documents and settings\Boz\Local Settings\Application Data\Hewlett-Packard\vmhzupwr.dll",_resetstkoflw?78???????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(232)
    c:\windows\system32\l3codeca.acm
    c:\windows\system32\ac3filter.acm
    .
    - - - - - - - > 'explorer.exe'(596)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2012-09-03 13:10:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-03 19:10
    .
    Pre-Run: 131,394,056,192 bytes free
    Post-Run: 132,713,803,776 bytes free
    .
    - - End Of File - - C75E77231173CDCC9EBEB0EC98D7AC0E
  24. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    RenV::
    c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
    c:\program files\Common Files\InstallShield\UpdateService\issch .exe
    c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent .exe
    c:\program files\CyberLink\PowerDVD\DVDLauncher .exe
    c:\program files\Dell Support Center\bin\sprtcmd .exe
    c:\program files\Dell Support Center\gs_agent\custom\dsca .exe
    c:\program files\DellSupport\DSAgnt .exe
    c:\program files\HP\HP Software Update\HPWuSchd2 .exe
    c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
    c:\program files\iTunes\iTunesHelper .exe
    c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3 .exe
    c:\program files\QuickTime\QTTask  .exe
    c:\program files\Spybot - Search & Destroy\TeaTimer .exe
    c:\program files\VMware\VMware Player\hqtray .exe
    
    File::
    c:\documents and settings\Boz\Local Settings\Application Data\Hewlett-Packard\vmhzupwr.dll
    
    DDS::
    uInternet Settings,ProxyOverride = <local>;*.local
    
    Driver::
    176c4fad-29f4-4e2e-95da-51997f700a46
    
    Registry::
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Hewlett-Packard" =-
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  25. zobbin

    zobbin Newcomer, in training Topic Starter Posts: 48

    ComboFix 12-09-03.07 - Boz 03/09/2012 18:14:31.2.2 - x86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.614 [GMT -6:00]
    Running from: c:\documents and settings\Boz\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Boz\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    FILE ::
    "c:\documents and settings\Boz\Local Settings\Application Data\Hewlett-Packard\vmhzupwr.dll"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_176c4fad-29f4-4e2e-95da-51997f700a46
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-02 03:52 . 2012-09-02 03:52--------d-----w-c:\documents and settings\Boz\Application Data\Malwarebytes
    2012-09-02 03:51 . 2012-09-02 03:51--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-09-02 03:51 . 2012-09-02 03:51--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-09-02 03:51 . 2012-07-03 19:4622344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-02 02:59 . 2012-09-02 02:59--------d-----w-c:\windows\system32\wbem\Repository
    2012-08-31 04:18 . 2012-08-31 04:19--------d-----w-c:\windows\LastGood.Tmp
    2012-08-31 04:17 . 2012-09-02 02:59--------d-----w-C:\$AVG
    2012-08-31 04:17 . 2012-09-02 02:59--------d-----w-c:\documents and settings\All Users\Application Data\AVG2012
    2012-08-31 04:17 . 2012-08-31 17:47--------d-----w-c:\windows\system32\drivers\AVG
    2012-08-31 04:16 . 2012-08-31 04:16--------d-----w-c:\program files\AVG
    2012-08-31 04:12 . 2012-08-31 04:12--------d-----w-c:\documents and settings\All Users\Application Data\Common Files
    2012-08-31 04:12 . 2012-09-02 02:59--------d-----w-c:\documents and settings\All Users\Application Data\MFAData
    2012-08-30 05:37 . 2012-08-30 05:37--------d-----w-c:\documents and settings\Boz\Application Data\SUPERAntiSpyware.com
    2012-08-30 05:34 . 2012-09-02 02:59--------d-----w-c:\documents and settings\Boz\Local Settings\Application Data\Google
    2012-08-30 05:34 . 2012-09-02 02:59--------d-----w-c:\program files\Google
    2012-08-30 05:34 . 2012-09-02 02:59--------d-----w-c:\program files\SUPERAntiSpyware
    2012-08-30 05:34 . 2012-08-30 05:34--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-08-30 05:33 . 2012-08-30 05:33--------d-----w-c:\documents and settings\All Users\Application Data\SUPERSetup
    2012-08-14 19:02 . 2012-09-02 02:59--------d-----w-c:\documents and settings\Guest248
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-16 17:40 . 2012-04-05 04:23426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-08-16 17:40 . 2011-10-05 15:4570344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-06 13:58 . 2004-08-10 17:5078336----a-w-c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2004-08-10 18:01139784----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40 . 2004-08-10 17:511866112----a-w-c:\windows\system32\win32k.sys
    2012-07-02 17:49 . 2004-08-10 17:51916992----a-w-c:\windows\system32\wininet.dll
    2012-07-02 17:49 . 2004-08-10 17:5143520----a-w-c:\windows\system32\licmgr10.dll
    2012-07-02 17:49 . 2004-08-10 17:511469440------w-c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05 . 2004-08-10 17:51385024----a-w-c:\windows\system32\html.iec
    2012-06-29 00:50 . 2008-09-18 05:4973728----a-w-c:\windows\system32\javacpl.cpl
    2012-06-19 22:11 . 2012-06-19 22:11190---ha-w-C:\aaw7boot.cmd
    2010-08-16 06:00 . 2010-08-16 06:0010864104----a-w-c:\program files\PokerStarsInstall.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    "ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-13 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
    .
    S0 BeTwinVideo;BeTwinVideo;c:\windows\system32\drivers\BeTwinVF.sys [27/06/2012 10:32 AM 20800]
    S1 BeTwinSystem;BeTwinSystem;c:\windows\system32\drivers\BeTwinSystem.sys [27/06/2012 10:32 AM 13640]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04/04/2012 10:23 PM 250056]
    S3 BeTwinKeyboard;BeTwinKeyboard;c:\windows\system32\drivers\BeTwinKF.sys [27/06/2012 10:32 AM 16192]
    S3 BeTwinMouse;BeTwinMouse;c:\windows\system32\drivers\BeTwinMF.sys [27/06/2012 10:32 AM 16192]
    S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [27/10/2005 7:27 PM 79616]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:40]
    .
    2012-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Spyware Doctor - c:\documents and settings\Boz\Desktop\sdsetup_revwire207.exe
    HKCU-Run-Hewlett-Packard - c:\documents and settings\Boz\Local Settings\Application Data\Hewlett-Packard\vmhzupwr.dll
    MSConfigStartUp-jmnkqrgu - c:\documents and settings\Boz\Local Settings\Application Data\ndggll\qsybsysguard.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-09-03 18:23
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Hewlett-Packard = Rundll32.exe "c:\documents and settings\Boz\Local Settings\Application Data\Hewlett-Packard\vmhzupwr.dll",_resetstkoflw?78???????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(232)
    c:\windows\system32\l3codeca.acm
    c:\windows\system32\ac3filter.acm
    .
    - - - - - - - > 'explorer.exe'(1924)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2012-09-03 18:28:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-04 00:28
    .
    Pre-Run: 132,724,412,416 bytes free
    Post-Run: 132,714,229,760 bytes free
    .
    - - End Of File - - 096B6F6DC250A59AE39458C10B82ED76


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.