Solved The Logon User Interface DLL xtgina.dll failed to load

Z

zobbin

Posts: 86   +0
[FONT=Verdana]Two days ago I ran a complete scan of my computer using AVG[/FONT][FONT=Verdana] 2012 free edition. The scan uncovered files containing the win32 heur virus, and upon completion of the scan I followed the computer restart instruction. After restarting a message saying "The Logon User Interface DLL xtgina.dll failed to load" appeared. Now I can no longer log on to my pc properly and I don't know how to fix this. I can get into safe mode[/FONT][FONT=Verdana], but from that point I'm not sure what to do. Could someone please help me solve this problem and possibly guide me through steps necessary to remove any malicious files that remain on my pc? [/FONT]

[FONT=Verdana]Your help is greatly appreciated and thank you in advance.[/FONT]

[FONT=Verdana](The pc is a Dell Dimension 9150 running Windows XP)[/FONT]
 
Hi again,

I am using another computer at the moment to post in this thread, but if the logon issue can be resolved then I will follow the 5-step preliminary instructions and post the log's required to clean my machine. You'll have to forgive me for not finding this site sooner, but it wasn't until I couldn't logon to my desktop anymore that I found you guys and your instructions for tackling this type of issue.

Thank you again, and please let me know if I can provide any other necessary information that could help solve my problem.

Cheers!
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================================

First, boot to safe mode and see if you can use restore point form before the issue started.
 
Ok, so in safe mode I selected a restore point from the day before the issue began. My pc just restarted but the error message remains. Also, I have tried booting using the last known good configuration but that did not work either :D
 
The error message reads: The Logon User Interface DLL xtgina.dll failed to load. Contact your system administrator to replace the DLL, or restore the original DLL.
 
Xtgina.dll doesn't look like a legit file so we have to try couple of options.

First of all what Windows version is it?
 
Safe mode with networking did not work. The same error message just appeared when I attempted that.
 
Use your working computer and USB flash drive to download and transfer necessary tools to.....
....complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

IMPORTANT!
Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.
 
Here are the logs, GMER did not produce a log.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Boz :: DUBSONE [administrator]

01/09/2012 9:54:05 PM
mbam-log-2012-09-01 (21-54-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279686
Time elapsed: 16 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Adobe Direct CVS Service (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADOBE_DIRECT_CVS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5555 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 38
C:\Documents and Settings\Boz\Local Settings\Temp\{01236567-0901-3213-7690-465890103787}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{01898782-0785-5636-7856-898912345691}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{07677656-8965-5545-3434-028876309874}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{09181098-2221-2345-3256-567678902343}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{09856567-3234-7678-0126-870124547678}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{10254323-3677-7090-0102-412343467674}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{10987654-4232-0767-5431-985652129076}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{12567763-9892-2321-0901-568921434546}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{13436545-7789-3430-8987-236745655410}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{21343454-4529-2109-1098-901234543098}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{21907432-0985-5428-1890-898010125679}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{23434545-8987-3452-8912-478912365894}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{34123410-1256-6710-2343-121567810132}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{43265898-6790-0123-5467-787823498901}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{43456870-0323-3225-3090-876434321878}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{47890136-2367-9345-7236-215676541210}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{50986545-3212-0190-8987-543457454543}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{54132109-7678-2120-0781-943010076541}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{54348901-5691-1010-2125-890987654336}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{56558903-5321-5476-1212-678792345890}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{63218543-1876-7412-2785-567565632107}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{74309430-0909-8541-9876-635132109654}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{74344565-5212-2210-4560-876365412578}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{76765232-3098-2109-7665-101096769109}.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{76890345-7101-3452-5112-434798909090}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{78789878-6896-4187-3413-565412329177}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{79098763-1457-7890-0930-256563545454}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{87011456-6799-4589-7781-903235698525}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{87652987-5435-1854-2109-095765432187}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{89012122-2121-9858-6652-896521074343}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{89672347-0123-3257-7890-347690929345}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{90763210-8763-0763-7432-898763099852}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{96632096-3299-5421-8541-874430076330}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{98554118-4410-7431-9663-096532996542}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{98776987-9245-3434-2939-212101232210}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boz\Local Settings\Temp\{98965458-1432-0789-2323-987434578763}.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svc2dll.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svc2dll.dat (Malware.Trace) -> Quarantined and deleted successfully.

(end)

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702
Run by Boz at 22:20:16 on 2012-09-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.800 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uWindows: load=c:\docume~1\boz\locals~1\temp\{21907~1.EXE
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spyware Doctor] c:\documents and settings\boz\desktop\sdsetup_revwire207.exe -min
uRun: [Hewlett-Packard] Rundll32.exe "c:\documents and settings\boz\local settings\application data\hewlett-packard\vmhzupwr.dll",_resetstkoflw
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [<NO NAME>]
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{DF22A413-2461-4F28-94D3-D2A401206326} : DhcpNameServer = 154.11.129.59 154.11.129.187 209.115.152.130
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
S0 BeTwinVideo;BeTwinVideo;c:\windows\system32\drivers\BeTwinVF.sys [2012-6-27 20800]
S1 BeTwinSystem;BeTwinSystem;c:\windows\system32\drivers\BeTwinSystem.sys [2012-6-27 13640]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 176c4fad-29f4-4e2e-95da-51997f700a46;176c4fad-29f4-4e2e-95da-51997f700a46;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 BeTwinKeyboard;BeTwinKeyboard;c:\windows\system32\drivers\BeTwinKF.sys [2012-6-27 16192]
S3 BeTwinMouse;BeTwinMouse;c:\windows\system32\drivers\BeTwinMF.sys [2012-6-27 16192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-1-29 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-1-29 40552]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [2005-10-27 79616]
.
=============== Created Last 30 ================
.
2012-09-02 03:52:02--------d-----w-c:\documents and settings\boz\application data\Malwarebytes
2012-09-02 03:51:47--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
2012-09-02 03:51:4622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-02 03:51:46--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-09-02 02:59:39--------d-----w-c:\windows\system32\wbem\repository\FS
2012-09-02 02:59:39--------d-----w-c:\windows\system32\wbem\Repository
2012-08-31 04:18:55--------d-----w-c:\windows\LastGood.Tmp
2012-08-31 04:17:35--------d-----w-C:\$AVG
2012-08-31 04:17:34--------d-----w-c:\windows\system32\drivers\AVG
2012-08-31 04:17:34--------d-----w-c:\documents and settings\all users\application data\AVG2012
2012-08-31 04:16:29--------d-----w-c:\program files\AVG
2012-08-31 04:12:50--------d-----w-c:\documents and settings\all users\application data\Common Files
2012-08-31 04:12:49--------d-----w-c:\documents and settings\all users\application data\MFAData
2012-08-30 05:37:09--------d-----w-c:\documents and settings\boz\application data\SUPERAntiSpyware.com
2012-08-30 05:34:45--------d-----w-c:\documents and settings\boz\local settings\application data\Google
2012-08-30 05:34:25--------d-----w-c:\program files\SUPERAntiSpyware
2012-08-30 05:34:25--------d-----w-c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-08-30 05:33:57--------d-----w-c:\documents and settings\all users\application data\SUPERSetup
.
==================== Find3M ====================
.
2012-08-16 17:40:4970344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 17:40:49426184----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-07-06 13:58:5178336----a-w-c:\windows\system32\browser.dll
2012-07-04 14:05:18139784----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:151866112----a-w-c:\windows\system32\win32k.sys
2012-07-02 17:49:33916992----a-w-c:\windows\system32\wininet.dll
2012-07-02 17:49:3243520----a-w-c:\windows\system32\licmgr10.dll
2012-07-02 17:49:321469440------w-c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43385024----a-w-c:\windows\system32\html.iec
2012-06-29 00:50:5173728----a-w-c:\windows\system32\javacpl.cpl
2012-06-19 22:11:05190---ha-w-C:\aaw7boot.cmd
2012-06-05 15:50:251372672----a-w-c:\windows\system32\msxml6.dll
2012-06-05 15:50:251172480----a-w-c:\windows\system32\msxml3.dll
2012-06-04 04:32:08152576----a-w-c:\windows\system32\schannel.dll
2010-08-16 06:00:2710864104----a-w-c:\program files\PokerStarsInstall.exe
.
============= FINISH: 22:21:43.09 ===============

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 25/10/2005 9:01:27 PM
System Uptime: 01/09/2012 10:15:54 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 230 GiB total, 122.471 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP265: 04/06/2012 3:00:24 AM - Software Distribution Service 3.0
RP266: 05/06/2012 3:00:32 AM - Software Distribution Service 3.0
RP267: 06/06/2012 3:00:39 AM - Software Distribution Service 3.0
RP268: 07/06/2012 3:00:23 AM - Software Distribution Service 3.0
RP269: 08/06/2012 3:00:23 AM - Software Distribution Service 3.0
RP270: 09/06/2012 3:00:24 AM - Software Distribution Service 3.0
RP271: 10/06/2012 3:00:44 AM - Software Distribution Service 3.0
RP272: 11/06/2012 3:00:23 AM - Software Distribution Service 3.0
RP273: 12/06/2012 3:00:32 AM - Software Distribution Service 3.0
RP274: 13/06/2012 3:00:30 AM - Software Distribution Service 3.0
RP275: 14/06/2012 3:00:27 AM - Software Distribution Service 3.0
RP276: 15/06/2012 3:00:21 AM - Software Distribution Service 3.0
RP277: 16/06/2012 3:00:28 AM - Software Distribution Service 3.0
RP278: 17/06/2012 3:00:20 AM - Software Distribution Service 3.0
RP279: 18/06/2012 3:00:20 AM - Software Distribution Service 3.0
RP280: 19/06/2012 3:00:37 AM - Software Distribution Service 3.0
RP281: 19/06/2012 5:11:31 PM - Software Distribution Service 3.0
RP282: 20/06/2012 3:00:58 AM - Software Distribution Service 3.0
RP283: 21/06/2012 3:02:54 AM - Software Distribution Service 3.0
RP284: 22/06/2012 3:00:38 AM - Software Distribution Service 3.0
RP285: 23/06/2012 3:03:40 AM - Software Distribution Service 3.0
RP286: 24/06/2012 3:07:45 AM - Software Distribution Service 3.0
RP287: 25/06/2012 3:15:31 AM - Software Distribution Service 3.0
RP288: 26/06/2012 3:16:00 AM - Software Distribution Service 3.0
RP289: 26/06/2012 1:52:43 PM - Removed Ad-Aware Antivirus.
RP290: 26/06/2012 2:30:56 PM - Installed Java(TM) 6 Update 33
RP291: 26/06/2012 2:32:04 PM - Software Distribution Service 3.0
RP292: 27/06/2012 3:00:34 AM - Software Distribution Service 3.0
RP293: 28/06/2012 3:00:23 AM - Software Distribution Service 3.0
RP294: 29/06/2012 3:00:23 AM - Software Distribution Service 3.0
RP295: 30/06/2012 3:00:23 AM - Software Distribution Service 3.0
RP296: 01/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP297: 02/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP298: 03/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP299: 04/07/2012 3:00:25 AM - Software Distribution Service 3.0
RP300: 05/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP301: 06/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP302: 07/07/2012 12:44:26 PM - Software Distribution Service 3.0
RP303: 08/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP304: 09/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP305: 10/07/2012 3:00:34 AM - Software Distribution Service 3.0
RP306: 11/07/2012 10:25:45 PM - Software Distribution Service 3.0
RP307: 12/07/2012 3:00:30 AM - Software Distribution Service 3.0
RP308: 13/07/2012 3:00:20 AM - Software Distribution Service 3.0
RP309: 14/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP310: 15/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP311: 16/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP312: 17/07/2012 2:20:49 AM - Software Distribution Service 3.0
RP313: 24/07/2012 9:48:33 PM - System Checkpoint
RP314: 25/07/2012 3:00:35 AM - Software Distribution Service 3.0
RP315: 25/07/2012 11:56:17 PM - Installed Java(TM) 6 Update 33
RP316: 26/07/2012 3:00:30 AM - Software Distribution Service 3.0
RP317: 27/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP318: 28/07/2012 3:00:36 AM - Software Distribution Service 3.0
RP319: 29/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP320: 30/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP321: 30/07/2012 2:04:17 PM - Software Distribution Service 3.0
RP322: 30/07/2012 2:38:49 PM - Software Distribution Service 3.0
RP323: 30/07/2012 3:09:32 PM - Software Distribution Service 3.0
RP324: 31/07/2012 3:00:23 AM - Software Distribution Service 3.0
RP325: 01/08/2012 3:00:29 AM - Software Distribution Service 3.0
RP326: 02/08/2012 3:00:36 AM - Software Distribution Service 3.0
RP327: 03/08/2012 3:00:31 AM - Software Distribution Service 3.0
RP328: 04/08/2012 3:00:23 AM - Software Distribution Service 3.0
RP329: 05/08/2012 3:00:29 AM - Software Distribution Service 3.0
RP330: 06/08/2012 3:00:29 AM - Software Distribution Service 3.0
RP331: 07/08/2012 3:00:34 AM - Software Distribution Service 3.0
RP332: 08/08/2012 3:00:27 AM - Software Distribution Service 3.0
RP333: 09/08/2012 3:00:30 AM - Software Distribution Service 3.0
RP334: 10/08/2012 3:00:33 AM - Software Distribution Service 3.0
RP335: 11/08/2012 3:00:24 AM - Software Distribution Service 3.0
RP336: 12/08/2012 3:00:29 AM - Software Distribution Service 3.0
RP337: 13/08/2012 3:00:24 AM - Software Distribution Service 3.0
RP338: 14/08/2012 3:00:29 AM - Software Distribution Service 3.0
RP339: 15/08/2012 3:00:39 AM - Software Distribution Service 3.0
RP340: 16/08/2012 3:00:46 AM - Software Distribution Service 3.0
RP341: 17/08/2012 3:00:31 AM - Software Distribution Service 3.0
RP342: 18/08/2012 3:00:24 AM - Software Distribution Service 3.0
RP343: 19/08/2012 3:00:24 AM - Software Distribution Service 3.0
RP344: 19/08/2012 9:34:41 PM - Software Distribution Service 3.0
RP345: 20/08/2012 3:00:33 AM - Software Distribution Service 3.0
RP346: 21/08/2012 3:00:34 AM - Software Distribution Service 3.0
RP347: 22/08/2012 3:00:24 AM - Software Distribution Service 3.0
RP348: 23/08/2012 3:00:33 AM - Software Distribution Service 3.0
RP349: 24/08/2012 3:00:23 AM - Software Distribution Service 3.0
RP350: 25/08/2012 3:00:24 AM - Software Distribution Service 3.0
RP351: 26/08/2012 3:00:36 AM - Software Distribution Service 3.0
RP352: 27/08/2012 3:00:24 AM - Software Distribution Service 3.0
RP353: 28/08/2012 3:00:24 AM - Software Distribution Service 3.0
RP354: 29/08/2012 3:03:39 AM - Software Distribution Service 3.0
RP355: 29/08/2012 11:09:54 PM - Software Distribution Service 3.0
RP356: 30/08/2012 3:00:38 AM - Software Distribution Service 3.0
RP357: 30/08/2012 10:16:27 PM - Installed AVG 2012
RP358: 30/08/2012 10:17:15 PM - Installed AVG 2012
RP359: 31/08/2012 11:42:40 AM - Software Distribution Service 3.0
RP360: 01/09/2012 2:18:41 PM - Restore Operation
RP361: 01/09/2012 3:20:45 PM - Software Distribution Service 3.0
RP362: 01/09/2012 8:58:27 PM - Restore Operation
RP363: 01/09/2012 9:16:27 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
888poker
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Reader 7.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite 1.3
ATI Control Panel
ATI Display Driver
BitTorrent
BlackBerry Desktop Software 6.1
Bonjour
BufferChm
Citrix Web Client
Classic PhoneTools
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copy
CutePDF Writer 2.8
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Destinations
DeviceDiscovery
Digital Line Detect
DJ_AIO_05_F4400_Software_Min
Download Updater (AOL LLC)
F4400
GPBaseService2
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 33
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
Linksys Wireless-G USB Network Adapter
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MINITAB 14 Student
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch for Windows Media Player
NetWaiting
PeerBlock 1.1 (r518)
PokerStars
PowerDVD 5.5
Python 2.5.2
QuickTime
R for Windows 2.9.0
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spelling Dictionaries For Adobe Reader Package
Status
The Rosetta Stone
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
XP Codec Pack
.
==== Event Viewer Messages From Past Week ========
.
31/08/2012 12:17:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip
31/08/2012 1:20:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip
31/08/2012 1:20:02 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
31/08/2012 1:20:02 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
31/08/2012 1:20:02 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
31/08/2012 1:20:02 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
31/08/2012 1:20:02 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
31/08/2012 1:20:02 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
31/08/2012 1:18:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
31/08/2012 1:13:01 AM, error: Service Control Manager [7000] - The Adobe Direct CVS Service service failed to start due to the following error: The system cannot find the file specified.
30/08/2012 9:16:49 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
30/08/2012 9:16:49 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
29/08/2012 11:09:47 PM, error: NetDDE [206] - Listen failed: 15:
29/08/2012 11:09:21 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
28/08/2012 9:49:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: General access denied error
28/08/2012 8:49:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: General access denied error
28/08/2012 7:49:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
28/08/2012 6:49:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
28/08/2012 5:49:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
28/08/2012 4:49:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
28/08/2012 3:54:06 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
28/08/2012 3:53:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
28/08/2012 3:53:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Direct CVS Service service to connect.
28/08/2012 3:53:01 PM, error: Service Control Manager [7000] - The Service service failed to start due to the following error: The system cannot find the file specified.
28/08/2012 3:53:01 PM, error: Service Control Manager [7000] - The Adobe Direct CVS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28/08/2012 3:49:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
28/08/2012 3:03:16 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2584052).
28/08/2012 3:01:48 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2597086).
28/08/2012 2:49:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
28/08/2012 12:49:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
28/08/2012 10:49:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error
28/08/2012 1:49:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
27/08/2012 9:49:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: General access denied error
27/08/2012 8:49:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: General access denied error
27/08/2012 7:49:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: General access denied error
27/08/2012 6:49:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: General access denied error
27/08/2012 5:49:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: General access denied error
27/08/2012 4:49:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: General access denied error
27/08/2012 3:49:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: General access denied error
27/08/2012 2:49:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: General access denied error
27/08/2012 12:49:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: General access denied error
27/08/2012 11:49:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error
27/08/2012 11:49:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error
27/08/2012 10:49:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error
27/08/2012 1:49:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: General access denied error
01/09/2012 9:27:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SBRE
01/09/2012 9:27:13 PM, error: Service Control Manager [7023] - The Terminal Services service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
01/09/2012 3:35:15 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
01/09/2012 2:46:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
01/09/2012 2:30:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
01/09/2012 2:28:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SBRE Tcpip
.
==== End Of File ===========================
 
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

=================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Here are the rkilll and aswMBR logs. To be clear, I have not restarted my computer since I was instructed to at the end of the mbam scan. I mention this because in the rkill section of your latest post it says "if normal mode still doesn't work, run the tool from safe mode." My computer has been running in safe mode since the last restart, so I do not know if normal mode still doesn't work, and the rkill tool was run in safe mode.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/02/2012 01:11:56 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* AFD (AFD) is not Running.
Startup Type set to: System

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

* AFD (AFD) is not Running.
Startup Type set to: System

* IPSEC driver (IPSec) is not Running.
Startup Type set to: System

* NetBios over Tcpip (NetBT) is not Running.
Startup Type set to: System

* TCP/IP Protocol Driver (Tcpip) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/02/2012 01:12:47 PM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-02 13:17:16
-----------------------------
13:17:16.453 OS Version: Windows 5.1.2600 Service Pack 3
13:17:16.453 Number of processors: 2 586 0x403
13:17:16.468 ComputerName: DUBSONE UserName: Boz
13:17:17.156 Initialize success
13:17:45.531 AVAST engine download error: 0
13:18:24.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:18:24.156 Disk 0 Vendor: Maxtor_7 BANC Size: 238418MB BusType: 3
13:18:24.171 Disk 0 MBR read successfully
13:18:24.203 Disk 0 MBR scan
13:18:24.218 Disk 0 unknown MBR code
13:18:24.234 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
13:18:24.265 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 235280 MB offset 112455
13:18:24.312 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 481966065
13:18:24.343 Disk 0 scanning sectors +488263545
13:18:24.468 Disk 0 scanning C:\WINDOWS\system32\drivers
13:18:33.984 Service scanning
13:18:38.531 Service 176c4fad-29f4-4e2e-95da-51997f700a46 D:\Player\cds300.dll **LOCKED** 21
13:18:51.578 Modules scanning
13:18:54.828 Disk 0 trace - called modules:
13:18:55.000 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
13:18:55.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87358ab8]
13:18:55.234 3 CLASSPNP.SYS[f75a4fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86e57030]
13:18:55.343 Scan finished successfully
13:22:02.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Boz\Desktop\MBR.dat"
13:22:02.421 The log file has been saved successfully to "C:\Documents and Settings\Boz\Desktop\aswMBR.txt"
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix has given me the following warning:
--------------------------------------------------------------------------------------------
ComboFix has detected the following real time scanner(s) to be active:

antivirus: McAfee Anti-Virus and Anti-Spyware

Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking 'OK'.
--------------------------------------------------------------------------------------------

McAfee was uninstalled from my pc long before we began this cleaning process. I cannot see it in add/remove programs. Is it alright to click 'ok' and proceed?
 
I proceeded to run combofix and now see this:

This machine does not have the 'Microsoft Windows recovery console' installed. Alternately, an existing installation of the recovery console may be present but requires updating.

Without it, ComboFix shall not attempt the fixing of some serious infections.

Click 'Yes' to have ComboFix download/install it.

Note: this requires an active internet connection.

(end)

How should I proceed? I'm still running in safe mode without an internet connection.
 
As combofix ran, it abruptly stopped after reaching stage 20-something. The screen went blue and this is what the display reads:

A problem has been detected and windows has been shut down to prevent damage to your computer.

Plug and Play detected an error most likely caused by a faulty driver.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select safe mode.

*** STOP: 0x000000CA (0x00000004, 0x869010A8, 0x00000000, 0x00000000)

Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for further assistance.

(end)

How should I proceed?
 
ComboFix 12-09-03.07 - Boz 03/09/2012 12:50:31.1.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.792 [GMT -6:00]
Running from: c:\documents and settings\Boz\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
C:\install.exe
c:\windows\system32\msxml6.dll.tmp
c:\windows\system32\SET132.tmp
c:\windows\system32\SET134.tmp
c:\windows\system32\SET143.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SERVICE
-------\Service_Service
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-02 03:52 . 2012-09-02 03:52--------d-----w-c:\documents and settings\Boz\Application Data\Malwarebytes
2012-09-02 03:51 . 2012-09-02 03:51--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-02 03:51 . 2012-09-02 03:51--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-09-02 03:51 . 2012-07-03 19:4622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-02 02:59 . 2012-09-02 02:59--------d-----w-c:\windows\system32\wbem\Repository
2012-08-31 04:18 . 2012-08-31 04:19--------d-----w-c:\windows\LastGood.Tmp
2012-08-31 04:17 . 2012-09-02 02:59--------d-----w-C:\$AVG
2012-08-31 04:17 . 2012-09-02 02:59--------d-----w-c:\documents and settings\All Users\Application Data\AVG2012
2012-08-31 04:17 . 2012-08-31 17:47--------d-----w-c:\windows\system32\drivers\AVG
2012-08-31 04:16 . 2012-08-31 04:16--------d-----w-c:\program files\AVG
2012-08-31 04:12 . 2012-08-31 04:12--------d-----w-c:\documents and settings\All Users\Application Data\Common Files
2012-08-31 04:12 . 2012-09-02 02:59--------d-----w-c:\documents and settings\All Users\Application Data\MFAData
2012-08-30 05:37 . 2012-08-30 05:37--------d-----w-c:\documents and settings\Boz\Application Data\SUPERAntiSpyware.com
2012-08-30 05:34 . 2012-09-02 02:59--------d-----w-c:\documents and settings\Boz\Local Settings\Application Data\Google
2012-08-30 05:34 . 2012-09-02 02:59--------d-----w-c:\program files\Google
2012-08-30 05:34 . 2012-09-02 02:59--------d-----w-c:\program files\SUPERAntiSpyware
2012-08-30 05:34 . 2012-08-30 05:34--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-30 05:33 . 2012-08-30 05:33--------d-----w-c:\documents and settings\All Users\Application Data\SUPERSetup
2012-08-14 19:02 . 2012-09-02 02:59--------d-----w-c:\documents and settings\Guest248
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 17:40 . 2012-04-05 04:23426184----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-08-16 17:40 . 2011-10-05 15:4570344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-10 17:5078336----a-w-c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-10 18:01139784----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-10 17:511866112----a-w-c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-10 17:51916992----a-w-c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-10 17:5143520----a-w-c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-10 17:511469440------w-c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-10 17:51385024----a-w-c:\windows\system32\html.iec
2012-06-29 00:50 . 2008-09-18 05:4973728----a-w-c:\windows\system32\javacpl.cpl
2012-06-19 22:11 . 2012-06-19 22:11190---ha-w-C:\aaw7boot.cmd
2010-08-16 06:00 . 2010-08-16 06:0010864104----a-w-c:\program files\PokerStarsInstall.exe
.
Code: 
<pre>
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent .exe
c:\program files\CyberLink\PowerDVD\DVDLauncher .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\Dell Support Center\gs_agent\custom\dsca .exe
c:\program files\DellSupport\DSAgnt .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3 .exe
c:\program files\QuickTime\QTTask  .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\VMware\VMware Player\hqtray .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\documents and settings\Boz\Desktop\sdsetup_revwire207.exe" [N/A]
"Hewlett-Packard"="c:\documents and settings\Boz\Local Settings\Application Data\Hewlett-Packard\vmhzupwr.dll" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-13 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jmnkqrgu]
c:\documents and settings\Boz\Local Settings\Application Data\ndggll\qsybsysguard.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
.
S0 BeTwinVideo;BeTwinVideo;c:\windows\system32\drivers\BeTwinVF.sys [27/06/2012 10:32 AM 20800]
S1 BeTwinSystem;BeTwinSystem;c:\windows\system32\drivers\BeTwinSystem.sys [27/06/2012 10:32 AM 13640]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 176c4fad-29f4-4e2e-95da-51997f700a46;176c4fad-29f4-4e2e-95da-51997f700a46;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04/04/2012 10:23 PM 250056]
S3 BeTwinKeyboard;BeTwinKeyboard;c:\windows\system32\drivers\BeTwinKF.sys [27/06/2012 10:32 AM 16192]
S3 BeTwinMouse;BeTwinMouse;c:\windows\system32\drivers\BeTwinMF.sys [27/06/2012 10:32 AM 16192]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [27/10/2005 7:27 PM 79616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:40]
.
2012-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 13:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Hewlett-Packard = Rundll32.exe "c:\documents and settings\Boz\Local Settings\Application Data\Hewlett-Packard\vmhzupwr.dll",_resetstkoflw?78???????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\l3codeca.acm
c:\windows\system32\ac3filter.acm
.
- - - - - - - > 'explorer.exe'(596)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-09-03 13:10:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-03 19:10
.
Pre-Run: 131,394,056,192 bytes free
Post-Run: 132,713,803,776 bytes free
.
- - End Of File - - C75E77231173CDCC9EBEB0EC98D7AC0E
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
RenV::
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent .exe
c:\program files\CyberLink\PowerDVD\DVDLauncher .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\Dell Support Center\gs_agent\custom\dsca .exe
c:\program files\DellSupport\DSAgnt .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3 .exe
c:\program files\QuickTime\QTTask  .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\VMware\VMware Player\hqtray .exe

File::
c:\documents and settings\Boz\Local Settings\Application Data\Hewlett-Packard\vmhzupwr.dll

DDS::
uInternet Settings,ProxyOverride = <local>;*.local

Driver::
176c4fad-29f4-4e2e-95da-51997f700a46

Registry::
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Hewlett-Packard" =-

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-09-03.07 - Boz 03/09/2012 18:14:31.2.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.614 [GMT -6:00]
Running from: c:\documents and settings\Boz\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Boz\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\documents and settings\Boz\Local Settings\Application Data\Hewlett-Packard\vmhzupwr.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_176c4fad-29f4-4e2e-95da-51997f700a46
.
.
((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 )))))))))))))))))))))))))))))))
.
.
2012-09-02 03:52 . 2012-09-02 03:52--------d-----w-c:\documents and settings\Boz\Application Data\Malwarebytes
2012-09-02 03:51 . 2012-09-02 03:51--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-02 03:51 . 2012-09-02 03:51--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-09-02 03:51 . 2012-07-03 19:4622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-02 02:59 . 2012-09-02 02:59--------d-----w-c:\windows\system32\wbem\Repository
2012-08-31 04:18 . 2012-08-31 04:19--------d-----w-c:\windows\LastGood.Tmp
2012-08-31 04:17 . 2012-09-02 02:59--------d-----w-C:\$AVG
2012-08-31 04:17 . 2012-09-02 02:59--------d-----w-c:\documents and settings\All Users\Application Data\AVG2012
2012-08-31 04:17 . 2012-08-31 17:47--------d-----w-c:\windows\system32\drivers\AVG
2012-08-31 04:16 . 2012-08-31 04:16--------d-----w-c:\program files\AVG
2012-08-31 04:12 . 2012-08-31 04:12--------d-----w-c:\documents and settings\All Users\Application Data\Common Files
2012-08-31 04:12 . 2012-09-02 02:59--------d-----w-c:\documents and settings\All Users\Application Data\MFAData
2012-08-30 05:37 . 2012-08-30 05:37--------d-----w-c:\documents and settings\Boz\Application Data\SUPERAntiSpyware.com
2012-08-30 05:34 . 2012-09-02 02:59--------d-----w-c:\documents and settings\Boz\Local Settings\Application Data\Google
2012-08-30 05:34 . 2012-09-02 02:59--------d-----w-c:\program files\Google
2012-08-30 05:34 . 2012-09-02 02:59--------d-----w-c:\program files\SUPERAntiSpyware
2012-08-30 05:34 . 2012-08-30 05:34--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-30 05:33 . 2012-08-30 05:33--------d-----w-c:\documents and settings\All Users\Application Data\SUPERSetup
2012-08-14 19:02 . 2012-09-02 02:59--------d-----w-c:\documents and settings\Guest248
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 17:40 . 2012-04-05 04:23426184----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-08-16 17:40 . 2011-10-05 15:4570344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-10 17:5078336----a-w-c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-10 18:01139784----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-10 17:511866112----a-w-c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-10 17:51916992----a-w-c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-10 17:5143520----a-w-c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-10 17:511469440------w-c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-10 17:51385024----a-w-c:\windows\system32\html.iec
2012-06-29 00:50 . 2008-09-18 05:4973728----a-w-c:\windows\system32\javacpl.cpl
2012-06-19 22:11 . 2012-06-19 22:11190---ha-w-C:\aaw7boot.cmd
2010-08-16 06:00 . 2010-08-16 06:0010864104----a-w-c:\program files\PokerStarsInstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Malwarebytes Anti-Malware (cleanup)"="c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-13 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\WINDOWS\\system32\\WUAUCLT.EXE"=
.
S0 BeTwinVideo;BeTwinVideo;c:\windows\system32\drivers\BeTwinVF.sys [27/06/2012 10:32 AM 20800]
S1 BeTwinSystem;BeTwinSystem;c:\windows\system32\drivers\BeTwinSystem.sys [27/06/2012 10:32 AM 13640]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04/04/2012 10:23 PM 250056]
S3 BeTwinKeyboard;BeTwinKeyboard;c:\windows\system32\drivers\BeTwinKF.sys [27/06/2012 10:32 AM 16192]
S3 BeTwinMouse;BeTwinMouse;c:\windows\system32\drivers\BeTwinMF.sys [27/06/2012 10:32 AM 16192]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [27/10/2005 7:27 PM 79616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:40]
.
2012-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Spyware Doctor - c:\documents and settings\Boz\Desktop\sdsetup_revwire207.exe
HKCU-Run-Hewlett-Packard - c:\documents and settings\Boz\Local Settings\Application Data\Hewlett-Packard\vmhzupwr.dll
MSConfigStartUp-jmnkqrgu - c:\documents and settings\Boz\Local Settings\Application Data\ndggll\qsybsysguard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 18:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Hewlett-Packard = Rundll32.exe "c:\documents and settings\Boz\Local Settings\Application Data\Hewlett-Packard\vmhzupwr.dll",_resetstkoflw?78???????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\l3codeca.acm
c:\windows\system32\ac3filter.acm
.
- - - - - - - > 'explorer.exe'(1924)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-09-03 18:28:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-04 00:28
.
Pre-Run: 132,724,412,416 bytes free
Post-Run: 132,714,229,760 bytes free
.
- - End Of File - - 096B6F6DC250A59AE39458C10B82ED76
 
You must log in or register to reply here.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
B
Solved Bestprosoft
Replies
23
Views
3K
Broni
Broni

Latest posts

Back