Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MBAM wont install or run on my comp

Started by Mabo19 , Jun 10 2009 08:33 PM

  • Please log in to reply

#1
Mabo19
Posted 10 June 2009 - 08:33 PM

Mabo19

    Member

  • Member
  • PipPip
  • 19 posts
Hello all,

My brothers computer (desktop, Win XP) refuses to go online and I cannot use explorer or firefox. I looked online and found this site and started in the "Windows XP™, 2000, 2003, NT" Forum and was speaking with OpenOutcome. See Topic Here. Another problem I had is that whenever I tried to use an ipconfig command, as many people on this forum have done to fix the internet, I would get an error that states:

"An Internal error occurred: The request is not supported.
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name."

OpenOutcome was helping me with that issue, but we never got it resolved. Eventually I started thinking Malware and I looked at the preparation work required before posting a new topic, and I couldn't get MBAM to install or run on my brothers computer. I had saved the .exe file to a USB stick and uploaded it to my bros computer but it wouldn't run/install. I mentioned this to Broni in the other Forum and he suggested I come here.

Any help you guys can provide is greatly appreciated.

Matt
  • 0

Advertisements

#2
SpySentinel
Posted 16 June 2009 - 10:17 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Matt,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.



Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Edited by SpySentinel, 16 June 2009 - 10:17 PM.

  • 0

#3
Mabo19
Posted 17 June 2009 - 04:12 PM

Mabo19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok I love you. I did what you asked and my internet already works!!! But I will wait for your instructions before trying anything else. The Log report is below. Also, should I run Combo-Fix on every computer in my house?

LOG REPORT
ComboFix 09-06-16.05 - USER 06/17/2009 17:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.218 [GMT -4:00]
Running from: G:\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon
c:\documents and settings\USER\Application Data\ShoppingReport
c:\program files\asks~1
c:\program files\Common Files\icroso~1
c:\program files\Common Files\uninstall information
c:\program files\curity~1
c:\program files\dobe~1
c:\program files\icroso~1
c:\program files\icroso~1.net
c:\program files\icroso~2
c:\program files\sembly~1
c:\program files\sstem3~1
c:\program files\stem32~1
c:\program files\winvi
c:\temp\1cb
c:\temp\vtmp2
c:\windows\crosof~1
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92
c:\windows\Downloaded Program Files\DinerDash.1.0.0.72
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53
c:\windows\ecurit~1
c:\windows\Fonts\'
c:\windows\icroso~1.net
c:\windows\ppatch~1
c:\windows\racle~1
c:\windows\racle~2
c:\windows\system32\appatc~1
c:\windows\system32\components
c:\windows\system32\drivers\UACmkvdyiuirqomyrj.sys
c:\windows\system32\ecurit~1
c:\windows\system32\icroso~1
c:\windows\system32\sembly~1
c:\windows\system32\sks~1
c:\windows\system32\sstem3~1
c:\windows\system32\stem32~1
c:\windows\system32\UACdyidqpfufpqltit.dll
c:\windows\system32\UAChomcvnsouertjov.dll
c:\windows\system32\UACklvahbbcxrumuyd.dll
c:\windows\system32\UACkyabbncrqpykxkp.log
c:\windows\system32\UAClrrnkettfrhalxb.dat
c:\windows\system32\UACotehsskfsaqnlla.log
c:\windows\system32\UACqsyajxmpjdyleba.dll
c:\windows\system32\UACrkbwogwvtegrwik.log
c:\windows\system32\UACrsnqowvtuibdytq.dll
c:\windows\system32\ymbols~1
c:\windows\wnsxs~1
c:\documents and settings\Home\Start Menu\Programs\Startup\TA_Start.lnk
c:\documents and settings\Home\Start Menu\Programs\Startup\Think-Adz.lnk
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon\log.txt
c:\documents and settings\USER\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\USER\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\USER\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\USER\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\USER\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\USER\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\USER\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\USER\lsass.exe
c:\documents and settings\USER\services.exe
c:\documents and settings\USER\Start Menu\Programs\Startup\DW_Start.lnk
C:\lswmv.ini
c:\program files\winvi\icons\bufferthis.ico
c:\program files\winvi\icons\flashfunpages.ico
c:\program files\winvi\icons\funnies.ico
c:\program files\winvi\icons\funnyfunpages.ico
c:\program files\winvi\icons\goodcleanvideos.ico
c:\program files\winvi\icons\newfunpages.ico
c:\program files\winvi\icons\positivethoughts.ico
c:\program files\winvi\icons\removespyware.ico
c:\program files\winvi\icons\thissiterocks.ico
c:\program files\winvi\Uninst.exe
c:\program files\winvi\version.ini
C:\setup.exe
c:\temp\1cb\syscheck.log
c:\temp\vtmp2\ktnv33.log
c:\windows\BM57c2aa98.txt
c:\windows\BM57c2aa98.xml
c:\windows\cookies.ini
c:\windows\Fonts\a.zip
c:\windows\Fonts\Setup.exe
c:\windows\ieocx.dll
c:\windows\msnimport.exe
c:\windows\pskt.ini
c:\windows\system32\{ebbebdef-7431-b89e-14d4-f190e5af31e6}.dll-uninst.exe
c:\windows\system32\beedhiyc.ini
c:\windows\system32\cnnrafnd.ini
c:\windows\system32\drivers\UACmkvdyiuirqomyrj.sys
c:\windows\system32\g73.exe
c:\windows\system32\g84.exe
c:\windows\system32\gside.exe
c:\windows\system32\hmfytjno.ini
c:\windows\system32\HRYGNnmp.ini
c:\windows\system32\HRYGNnmp.ini2
c:\windows\system32\hsyfxagw.ini
c:\windows\system32\ieexplorer32.exe
c:\windows\system32\ieupdates.exe
c:\windows\system32\ivggquip.dll
c:\windows\system32\jwybuokg.ini
c:\windows\system32\kycaujdv.ini
c:\windows\system32\lnbpvxfv.ini
c:\windows\system32\mysidesearch_sidebar_uninstall.exe
c:\windows\system32\ojhkbqvx.ini
c:\windows\system32\osyepoeb.ini
c:\windows\system32\pac.txt
c:\windows\system32\pdqswnja.ini
c:\windows\system32\sksrwwuk.ini
c:\windows\system32\swiphjfu.dll
c:\windows\system32\tfunoekr.ini
c:\windows\system32\tjgawenn.ini
c:\windows\system32\UACdyidqpfufpqltit.dll
c:\windows\system32\UAChomcvnsouertjov.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACklvahbbcxrumuyd.dll
c:\windows\system32\UACkyabbncrqpykxkp.log
c:\windows\system32\UAClrrnkettfrhalxb.dat
c:\windows\system32\UACotehsskfsaqnlla.log
c:\windows\system32\UACqsyajxmpjdyleba.dll
c:\windows\system32\UACrkbwogwvtegrwik.log
c:\windows\system32\UACrsnqowvtuibdytq.dll
c:\windows\system32\vfxvpbnl.dll
c:\windows\system32\winpfz33.sys
c:\windows\system32\winsrc.dll
c:\windows\system32\xtllbiwh.ini
c:\windows\system32\zxdnt3d.cfg

----- BITS: Possible infected sites -----

hxxp://winbestsoftdownload.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-11 02:44 . 2009-06-11 02:44 -------- d-----w- c:\program files\ERUNT
2009-06-10 13:00 . 2009-06-10 13:00 -------- d-----w- c:\program files\Lavalys
2009-06-09 04:44 . 2009-06-09 04:50 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\ApplicationHistory
2009-06-09 04:39 . 2009-06-09 04:39 -------- d-----w- C:\Inetpub
2009-06-09 04:21 . 2009-06-09 04:21 0 ----a-w- c:\windows\nsreg.dat
2009-06-09 04:21 . 2009-06-09 04:21 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Mozilla
2009-06-09 04:03 . 2009-06-09 04:03 -------- d-----w- c:\documents and settings\USER\Application Data\Yahoo!
2009-06-09 04:03 . 2009-06-09 04:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-06-09 04:03 . 2009-06-09 04:03 -------- d-----w- c:\program files\Yahoo!
2009-06-09 04:03 . 2009-06-09 04:03 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 07:12 . 2008-09-01 23:58 -------- d-----w- c:\documents and settings\USER\Application Data\FrostWire
2009-04-25 22:17 . 2004-03-24 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-25 22:12 . 2009-04-25 22:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2009-04-14 13:10 . 2009-04-08 00:59 60 ----a-w- c:\windows\wpd99.drv
2009-04-08 00:59 . 2009-04-08 00:59 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-04-08 00:59 . 2009-04-08 00:59 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-04-05 20:19 . 2008-07-06 05:23 64952 ----a-w- c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-10-23 16:57 . 2007-10-23 16:57 3655488 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-10-23 16:54 . 2007-10-23 16:54 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-06-25 249856]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-03-24 1294446]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-01 67584]

c:\documents and settings\Home\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2003-4-16 24651]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
D-Link AirPlus G Configuration Utility.lnk - c:\program files\D-Link AirPlus G\AIRPLUS.exe [2005-7-12 294912]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-1-23 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/11/2009 3:00 PM 55152]
R3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\MRV8K51.sys [1/23/2008 9:44 PM 256896]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 18:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\incdsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-17 18:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-17 22:07

Pre-Run: 52,412,260,352 bytes free
Post-Run: 56,086,929,408 bytes free

240 --- E O F --- 2009-06-09 05:06
  • 0

#4
SpySentinel
Posted 17 June 2009 - 05:58 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Mabo19,

Glad to hear your internet is working now. You had some nasty infections and ComboFix took care of them. You still have 1 trojan left behind that we will deal with now. :)

Are your other computers infected? Running ComboFix is not recommended unless under trained supervision. If you want, once we clean this computer, we can work on the others.



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo...mp-t242034.html

Collect::
c:\windows\wpd99.drv


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#5
Mabo19
Posted 17 June 2009 - 07:08 PM

Mabo19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Well my comp. is running a bit slow, and I did remove alot of stuff with MBAM. Just wondering if Combo-Fix would find more. Also, I don't know if the Malware did this, but my bros computer shows "no audio devices" and plays no sound. I tried reinstalling drivers but no success.

Here are the results:
ComboFix 09-06-16.05 - USER 06/17/2009 20:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.204 [GMT -4:00]
Running from: c:\documents and settings\USER\Desktop\Virus Programs\Combo-Fix.exe
Command switches used :: c:\documents and settings\USER\Desktop\Virus Programs\CFScript.txt

file zipped: c:\windows\wpd99.drv
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\wpd99.drv

.
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-06-18 00:26 . 2009-06-18 00:26 -------- d-----w- c:\program files\IDT
2009-06-11 02:44 . 2009-06-11 02:44 -------- d-----w- c:\program files\ERUNT
2009-06-10 13:00 . 2009-06-10 13:00 -------- d-----w- c:\program files\Lavalys
2009-06-09 04:44 . 2009-06-09 04:50 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\ApplicationHistory
2009-06-09 04:39 . 2009-06-09 04:39 -------- d-----w- C:\Inetpub
2009-06-09 04:21 . 2009-06-09 04:21 0 ----a-w- c:\windows\nsreg.dat
2009-06-09 04:21 . 2009-06-09 04:21 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Mozilla
2009-06-09 04:03 . 2009-06-17 23:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-06-09 04:03 . 2009-06-09 04:03 -------- d-----w- c:\documents and settings\USER\Application Data\Yahoo!
2009-06-09 04:03 . 2009-06-09 04:03 -------- d-----w- c:\program files\Yahoo!
2009-06-09 04:03 . 2009-06-09 04:03 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 00:26 . 2004-03-24 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 23:12 . 2008-09-01 23:58 -------- d-----w- c:\documents and settings\USER\Application Data\FrostWire
2009-04-25 22:12 . 2009-04-25 22:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2009-04-08 00:59 . 2009-04-08 00:59 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-04-08 00:59 . 2009-04-08 00:59 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-04-05 20:19 . 2008-07-06 05:23 64952 ----a-w- c:\documents and settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-10-23 16:57 . 2007-10-23 16:57 3655488 -c--a-w- c:\program files\FLV PlayerRCATSetup.exe
2007-10-23 16:54 . 2007-10-23 16:54 411248 -c--a-w- c:\program files\FLV PlayerRCSetup.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-17_22.03.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-18 00:44 . 2003-07-18 01:58 36992 c:\windows\system32\ReinstallBackups\0012\DriverFiles\SISAGPX.SYS
- 2003-06-20 12:00 . 2009-06-17 22:04 60972 c:\windows\system32\perfc009.dat
+ 2003-06-20 12:00 . 2009-06-17 22:05 60972 c:\windows\system32\perfc009.dat
+ 2005-01-07 21:07 . 2005-01-07 21:07 61952 c:\windows\system32\HdAShCut.exe
+ 2005-01-07 21:07 . 2005-01-07 21:07 25088 c:\windows\system32\HdAProp.dll
+ 2008-01-23 23:41 . 2003-07-17 21:58 36992 c:\windows\system32\drivers\SISAGPX.SYS
- 2008-01-23 23:41 . 2003-07-18 01:58 36992 c:\windows\system32\drivers\SISAGPX.SYS
- 2008-01-23 23:41 . 2002-01-02 07:40 32768 c:\windows\SIS_LIB.DLL
+ 2008-01-23 23:41 . 2002-01-02 03:40 32768 c:\windows\SIS_LIB.DLL
+ 2005-01-07 21:07 . 2005-01-07 21:07 5120 c:\windows\system32\HdAudRes.dll
- 2008-01-23 23:41 . 2001-12-07 02:11 3583 c:\windows\SiSport.sys
+ 2008-01-23 23:41 . 2001-12-06 22:11 3583 c:\windows\SiSport.sys
+ 2003-06-20 12:00 . 2009-06-17 22:05 400796 c:\windows\system32\perfh009.dat
- 2003-06-20 12:00 . 2009-06-17 22:04 400796 c:\windows\system32\perfh009.dat
+ 2005-01-07 21:07 . 2005-01-07 21:07 145920 c:\windows\system32\drivers\Hdaudio.sys
+ 2005-01-07 21:07 . 2005-01-07 21:07 138752 c:\windows\system32\drivers\Hdaudbus.sys
+ 2008-01-23 23:41 . 2002-07-12 06:15 106496 c:\windows\SiSUSBrg.exe
- 2008-01-23 23:41 . 2002-07-12 10:15 106496 c:\windows\SiSUSBrg.exe
+ 2008-01-23 23:41 . 1998-01-23 16:22 304128 c:\windows\IsUninst.exe
- 2008-01-23 23:41 . 1998-01-23 17:22 304128 c:\windows\IsUninst.exe
+ 2004-03-16 14:58 . 2004-03-16 14:58 136960 c:\windows\Driver Cache\i386\portcls.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-06-25 249856]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-03-24 1294446]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-01 67584]

c:\documents and settings\Home\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2003-4-16 24651]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
D-Link AirPlus G Configuration Utility.lnk - c:\program files\D-Link AirPlus G\AIRPLUS.exe [2005-7-12 294912]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-1-23 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/11/2009 3:00 PM 55152]
R3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\MRV8K51.sys [1/23/2008 9:44 PM 256896]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 21:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-18 21:02
ComboFix-quarantined-files.txt 2009-06-18 01:02
ComboFix2.txt 2009-06-17 22:07

Pre-Run: 55,784,873,984 bytes free
Post-Run: 55,781,535,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

135 --- E O F --- 2009-06-09 05:06
Upload was successful
  • 0

#6
SpySentinel
Posted 18 June 2009 - 05:18 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Mabo19,


I don't know if the Malware did this, but my bros computer shows "no audio devices" and plays no sound. I tried reinstalling drivers but no success.


It could, see if your brother can post a log in the Malware Forum like you did.



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.



Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

  • 0

#7
Mabo19
Posted 19 June 2009 - 07:30 PM

Mabo19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
This is my brothers computer were dealing with here. DO the logs I posted show anything related to audio??

Also, Here are the logs from SuperAnti Spyware and Kapersky. I did the SuperAnti Spyware one first.

SUPER ANTI SPYWARE
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/18/2009 at 11:47 PM

Application Version : 4.26.1004

Core Rules Database Version : 3947
Trace Rules Database Version: 1889

Scan type : Complete Scan
Total Scan Time : 00:40:31

Memory items scanned : 411
Memory threats detected : 0
Registry items scanned : 5108
Registry threats detected : 9
File items scanned : 25791
File threats detected : 10

Adware.Zango/ShoppingReport
HKU\S-1-5-21-1454471165-1060284298-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Default Visible
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ButtonText
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#HotIcon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Icon
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#CLSID
HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ClsidExtension

Adware.Tracking Cookie
C:\Documents and Settings\USER\Cookies\user@atdmt[1].txt

Rogue.WinPCAntiVirus
HKU\S-1-5-21-1454471165-1060284298-1801674531-1003\Software\WinPC Antivirus

Adware.Accoona
C:\PROGRAM FILES\FILESUBMIT\ITALY WALLPAPER V1\ATOOLBAR400005.EXE

Trojan.RootKit/Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049602.DLL

Adware.180solutions/Seekmo/Zango
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049633.EXE

Trojan.Agent/Gen-IEOCX
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049636.DLL

Trojan.Dropper/Sys-NV
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049640.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049641.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049642.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049654.EXE

Trojan.Agent/Gen-M3
C:\WINDOWS\SYSTEM32\LOGXV18\LOGXV182328.EXE






KAPERSKY

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, June 19, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, June 19, 2009 16:07:33
Records in database: 2365597
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 61255
Threat name: 20
Infected objects: 54
Suspicious objects: 0
Duration of the scan: 02:38:47


File name / Threat name / Threats count
C:\Documents and Settings\USER\My Documents\FrostWire\Saved\-push feeling on 2008.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\USER\My Documents\FrostWire\Saved\benny benassi – come fly away.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\USER\My Documents\FrostWire\Saved\dancing elisa.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\USER\My Documents\FrostWire\Saved\kaskade – move foe me.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\USER\My Documents\FrostWire\Saved\leona lewis – run.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\USER\My Documents\FrostWire\Saved\leona lewis – run.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Qoobox\Quarantine\C\Documents and Settings\USER\lsass.exe.vir Infected: Trojan-Spy.Win32.VB.ahf 1
C:\Qoobox\Quarantine\C\Setup.exe.vir Infected: not-a-virus:WebToolbar.Win32.Zango.bm 1
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir Infected: Trojan-Downloader.Win32.VB.dck 1
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\Setup.exe.vir Infected: Trojan-Downloader.Win32.VB.dck 1
C:\Qoobox\Quarantine\C\WINDOWS\ieocx.dll.vir Infected: Trojan-Downloader.Win32.FraudLoad.vtvl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACmkvdyiuirqomyrj.sys.vir Infected: Rootkit.Win32.Agent.jat 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\g73.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\g84.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gside.exe.vir Infected: not-a-virus:AdWare.Win32.BHO.cdk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ieexplorer32.exe.vir Infected: Trojan.Win32.FraudPack.ghw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ieupdates.exe.vir Infected: Trojan.Win32.FraudPack.ghw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ivggquip.dll.vir Infected: Packed.Win32.Katusha.a 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\swiphjfu.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACdyidqpfufpqltit.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChomcvnsouertjov.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACklvahbbcxrumuyd.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqsyajxmpjdyleba.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACrsnqowvtuibdytq.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vfxvpbnl.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049597.sys Infected: Rootkit.Win32.Agent.jat 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049598.dll Infected: Packed.Win32.Tdss.f 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049599.dll Infected: Packed.Win32.Tdss.f 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049600.dll Infected: Packed.Win32.Tdss.f 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049601.dll Infected: Packed.Win32.Tdss.f 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049635.exe Infected: Trojan-Downloader.Win32.VB.dck 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049639.exe Infected: not-a-virus:AdWare.Win32.BHO.cdk 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049658.exe Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049659.exe Infected: not-a-virus:AdWare.Win32.Agent.byy 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049668.dll Infected: Packed.Win32.Katusha.a 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049676.dll Infected: Trojan.Win32.Mondera.gen 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP263\A0049679.dll Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{DE0116D9-A5B2-4185-9751-8085B6B49C84}\RP268\A0050257.exe Infected: Trojan-Downloader.Win32.VB.enh 1
C:\WINDOWS\system32\beqcyswy.dll Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\cnictnxw.dll Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\cvgplreo.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bkp 1
C:\WINDOWS\system32\evhaxxjy.dll Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\gllhubnj.dll Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\hwwkrgko.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bpu 1
C:\WINDOWS\system32\inmjlcls.dll Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\ioaoofdo.dll Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\pjpwsqgm.dll Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\ssvfcebv.dll Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\urrxlilp.dll Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\vsnqdbwg.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bpe 1
C:\WINDOWS\system32\wpkprcfo.dll Infected: Trojan.Win32.Mondera.gen 1
C:\WINDOWS\system32\xchxtmnc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zbf 1
C:\WINDOWS\system32\xcrwxcyt.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bpu 1
C:\WINDOWS\system32\yxuikvsl.dll Infected: Trojan.Win32.Mondera.gen 1

The selected area was scanned.
  • 0

#8
SpySentinel
Posted 20 June 2009 - 05:12 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Mabo19,

The audio my be a hardware issue.


Please download the OTM by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
explorer.exe

:Files
C:\WINDOWS\system32\beqcyswy.dll
C:\WINDOWS\system32\cnictnxw.dll
C:\WINDOWS\system32\cvgplreo.dll
C:\WINDOWS\system32\evhaxxjy.dll
C:\WINDOWS\system32\gllhubnj.dll
C:\WINDOWS\system32\hwwkrgko.dll
C:\WINDOWS\system32\inmjlcls.dll
C:\WINDOWS\system32\ioaoofdo.dll
C:\WINDOWS\system32\pjpwsqgm.dll
C:\WINDOWS\system32\ssvfcebv.dll
C:\WINDOWS\system32\urrxlilp.dll
C:\WINDOWS\system32\vsnqdbwg.dll
C:\WINDOWS\system32\wpkprcfo.dll
C:\WINDOWS\system32\xchxtmnc.dll
C:\WINDOWS\system32\xcrwxcyt.dll
C:\WINDOWS\system32\yxuikvsl.dll
C:\Documents and Settings\USER\My Documents\FrostWire

:commands
[purity]
[emptytemp]
[start explorer]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  • 0

#9
Mabo19
Posted 22 June 2009 - 03:29 PM

Mabo19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTM Log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\beqcyswy.dll
C:\WINDOWS\system32\beqcyswy.dll NOT unregistered.
C:\WINDOWS\system32\beqcyswy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cnictnxw.dll
C:\WINDOWS\system32\cnictnxw.dll NOT unregistered.
C:\WINDOWS\system32\cnictnxw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cvgplreo.dll
C:\WINDOWS\system32\cvgplreo.dll NOT unregistered.
C:\WINDOWS\system32\cvgplreo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\evhaxxjy.dll
C:\WINDOWS\system32\evhaxxjy.dll NOT unregistered.
C:\WINDOWS\system32\evhaxxjy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gllhubnj.dll
C:\WINDOWS\system32\gllhubnj.dll NOT unregistered.
C:\WINDOWS\system32\gllhubnj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hwwkrgko.dll
C:\WINDOWS\system32\hwwkrgko.dll NOT unregistered.
C:\WINDOWS\system32\hwwkrgko.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\inmjlcls.dll
C:\WINDOWS\system32\inmjlcls.dll NOT unregistered.
C:\WINDOWS\system32\inmjlcls.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ioaoofdo.dll
C:\WINDOWS\system32\ioaoofdo.dll NOT unregistered.
C:\WINDOWS\system32\ioaoofdo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pjpwsqgm.dll
C:\WINDOWS\system32\pjpwsqgm.dll NOT unregistered.
C:\WINDOWS\system32\pjpwsqgm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssvfcebv.dll
C:\WINDOWS\system32\ssvfcebv.dll NOT unregistered.
C:\WINDOWS\system32\ssvfcebv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\urrxlilp.dll
C:\WINDOWS\system32\urrxlilp.dll NOT unregistered.
C:\WINDOWS\system32\urrxlilp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vsnqdbwg.dll
C:\WINDOWS\system32\vsnqdbwg.dll NOT unregistered.
C:\WINDOWS\system32\vsnqdbwg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wpkprcfo.dll
C:\WINDOWS\system32\wpkprcfo.dll NOT unregistered.
C:\WINDOWS\system32\wpkprcfo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xchxtmnc.dll
C:\WINDOWS\system32\xchxtmnc.dll NOT unregistered.
C:\WINDOWS\system32\xchxtmnc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xcrwxcyt.dll
C:\WINDOWS\system32\xcrwxcyt.dll NOT unregistered.
C:\WINDOWS\system32\xcrwxcyt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yxuikvsl.dll
C:\WINDOWS\system32\yxuikvsl.dll NOT unregistered.
C:\WINDOWS\system32\yxuikvsl.dll moved successfully.
C:\Documents and Settings\USER\My Documents\FrostWire\Store Purchased moved successfully.
C:\Documents and Settings\USER\My Documents\FrostWire\Shared moved successfully.
C:\Documents and Settings\USER\My Documents\FrostWire\Saved moved successfully.
C:\Documents and Settings\USER\My Documents\FrostWire\Incomplete moved successfully.
C:\Documents and Settings\USER\My Documents\FrostWire moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\USER\LOCALS~1\Temp\etilqs_Dmo64qjDwjt199EhZ2MN scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\urlclassifier3.sqlite-journal scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 06222009_171311

Files moved on Reboot...
File C:\DOCUME~1\USER\LOCALS~1\Temp\etilqs_Dmo64qjDwjt199EhZ2MN not found!
File C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat not found!
C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\adyb2wgm.default\urlclassifier3.sqlite-journal moved successfully.

Registry entries deleted on Reboot...
  • 0

#10
Mabo19
Posted 22 June 2009 - 03:31 PM

Mabo19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
can you check my combo fix log, when your done with this? see post here
  • 0

#11
SpySentinel
Posted 22 June 2009 - 04:20 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Yes, but lets finish your log first :)



Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html




Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Edited by SpySentinel, 22 June 2009 - 04:22 PM.

  • 0

#12
Mabo19
Posted 22 June 2009 - 09:18 PM

Mabo19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
alright thanks,

INFO.TXT

info.txt logfile of random's system information tool 1.06 2009-06-22 23:16:44

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
D-Link AirPlus G Wireless LAN Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5749E57-AD4A-4B1B-ABC5-885FDBC286C9}\Setup.exe" -l0x9
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Java 2 Runtime Environment Standard Edition v1.3.1_08-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B11CAD0E-0E0F-11D7-88BE-0050DA21757E}\Setup.exe" -uninst
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Polygamy 8.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{952DEE45-7C0B-4CDF-80B3-D14BE6B02678}\Setup.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB Disk Win98 Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF5EE349-90CD-4422-A43B-661778180173}\Setup.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
winvi (remove only) -->"C:\Program Files\winvi\uninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======System event log======

Computer Name: USER-26BF6E937E
Event Code: 7001
Message: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
The system cannot find the file specified.


Record Number: 17835
Source Name: Service Control Manager
Time Written: 20090609003826.000000-240
Event Type: error
User:

Computer Name: USER-26BF6E937E
Event Code: 7000
Message: The TCP/IP Protocol Driver service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 17834
Source Name: Service Control Manager
Time Written: 20090609003826.000000-240
Event Type: error
User:

Computer Name: USER-26BF6E937E
Event Code: 7001
Message: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
The system cannot find the file specified.


Record Number: 17831
Source Name: Service Control Manager
Time Written: 20090609003809.000000-240
Event Type: error
User:

Computer Name: USER-26BF6E937E
Event Code: 7000
Message: The TCP/IP Protocol Driver service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 17830
Source Name: Service Control Manager
Time Written: 20090609003809.000000-240
Event Type: error
User:

Computer Name: USER-26BF6E937E
Event Code: 7023
Message: The Computer Browser service terminated with the following error:
This operation returned because the timeout period expired.


Record Number: 17829
Source Name: Service Control Manager
Time Written: 20090609003802.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: USER-26BF6E937E
Event Code: 1002
Message: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3269
Source Name: Application Hang
Time Written: 20081223223530.000000-300
Event Type: error
User:

Computer Name: USER-26BF6E937E
Event Code: 12001
Message:
Record Number: 3262
Source Name: usnjsvc
Time Written: 20081223220612.000000-300
Event Type:
User:

Computer Name: USER-26BF6E937E
Event Code: 12001
Message:
Record Number: 3254
Source Name: usnjsvc
Time Written: 20081223022924.000000-300
Event Type:
User:

Computer Name: USER-26BF6E937E
Event Code: 12001
Message:
Record Number: 3249
Source Name: usnjsvc
Time Written: 20081221235407.000000-300
Event Type:
User:

Computer Name: USER-26BF6E937E
Event Code: 12001
Message:
Record Number: 3238
Source Name: usnjsvc
Time Written: 20081221155548.000000-300
Event Type:
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------





LOG.TXT

Logfile of random's system information tool 1.06 (written by random/random)
Run by USER at 2009-06-22 23:15:54
Microsoft Windows XP Professional Service Pack 2
System drive C: has 52 GB (73%) free of 72 GB
Total RAM: 383 MB (7% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:16 PM, on 6/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\D-Link AirPlus G\AIRPLUS.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\USER\Desktop\Virus Programs\RSIT.exe
C:\Program Files\trend micro\USER.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus G\AIRPLUS.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1240697087109
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5275 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-19 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2004-06-25 249856]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-01 67584]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-03-24 1294446]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-19 148888]
"USB Storage Toolbox"=C:\WINDOWS\UMStor\Res.EXE [2005-09-14 65536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ieupdate]
C:\WINDOWS\system32\ieexplorer32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
D-Link AirPlus G Configuration Utility.lnk - C:\Program Files\D-Link AirPlus G\AIRPLUS.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-06-22 23:15:56 ----D---- C:\Program Files\trend micro
2009-06-22 23:15:54 ----D---- C:\rsit
2009-06-22 23:09:42 ----SHD---- C:\Config.Msi
2009-06-22 23:07:20 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-06-22 23:05:19 ----D---- C:\Program Files\NOS
2009-06-22 23:05:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2009-06-22 17:15:31 ----SHD---- C:\RECYCLER
2009-06-22 17:13:11 ----D---- C:\_OTM
2009-06-19 17:55:22 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-19 17:55:22 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-19 17:55:22 ----A---- C:\WINDOWS\system32\java.exe
2009-06-19 17:55:22 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-19 02:06:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-06-19 02:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-19 02:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-19 02:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-19 02:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-19 02:02:10 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-06-19 02:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-18 22:59:49 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-17 21:03:14 ----D---- C:\WINDOWS\temp
2009-06-17 21:02:26 ----A---- C:\ComboFix.txt
2009-06-17 20:55:27 ----A---- C:\Boot.bak
2009-06-17 20:55:21 ----RASHD---- C:\cmdcons
2009-06-17 20:27:28 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-06-17 20:26:36 ----D---- C:\Program Files\IDT
2009-06-17 17:24:28 ----A---- C:\WINDOWS\zip.exe
2009-06-17 17:24:28 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-17 17:24:28 ----A---- C:\WINDOWS\SWSC.exe
2009-06-17 17:24:28 ----A---- C:\WINDOWS\SWREG.exe
2009-06-17 17:24:28 ----A---- C:\WINDOWS\sed.exe
2009-06-17 17:24:28 ----A---- C:\WINDOWS\PEV.exe
2009-06-17 17:24:28 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-17 17:24:28 ----A---- C:\WINDOWS\grep.exe
2009-06-17 17:24:08 ----D---- C:\Qoobox
2009-06-10 22:44:58 ----D---- C:\WINDOWS\ERDNT
2009-06-10 22:44:40 ----D---- C:\Program Files\ERUNT
2009-06-10 09:00:30 ----D---- C:\Program Files\Lavalys
2009-06-09 01:05:24 ----A---- C:\WINDOWS\system32\MRT.INI
2009-06-09 01:03:53 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-09 00:39:41 ----D---- C:\Inetpub
2009-06-09 00:39:03 ----A---- C:\WINDOWS\imsins.BAK
2009-06-09 00:21:31 ----D---- C:\Documents and Settings\USER\Application Data\Mozilla
2009-06-09 00:21:22 ----D---- C:\Program Files\Mozilla Firefox
2009-06-09 00:03:56 ----D---- C:\Documents and Settings\USER\Application Data\Yahoo!
2009-06-09 00:03:56 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-06-09 00:03:54 ----D---- C:\Program Files\Yahoo!
2009-06-09 00:03:51 ----D---- C:\Program Files\CCleaner

======List of files/folders modified in the last 1 months======

2009-06-22 23:15:57 ----D---- C:\WINDOWS\Prefetch
2009-06-22 23:15:56 ----RAD---- C:\Program Files
2009-06-22 23:12:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-22 23:11:45 ----SHD---- C:\WINDOWS\Installer
2009-06-22 23:11:42 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-06-22 23:10:19 ----D---- C:\Program Files\Adobe
2009-06-22 23:08:52 ----D---- C:\WINDOWS\system32
2009-06-22 23:07:26 ----D---- C:\Documents and Settings\USER\Application Data\Adobe
2009-06-22 23:07:20 ----AD---- C:\Program Files\Common Files
2009-06-20 12:47:01 ----D---- C:\WINDOWS
2009-06-20 02:01:05 ----RSD---- C:\WINDOWS\assembly
2009-06-19 17:55:00 ----D---- C:\Program Files\Java
2009-06-19 02:07:33 ----D---- C:\WINDOWS\Registration
2009-06-19 02:06:15 ----HD---- C:\WINDOWS\inf
2009-06-19 02:06:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-19 02:05:48 ----D---- C:\Program Files\Internet Explorer
2009-06-19 02:05:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-19 02:01:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-18 23:58:37 ----D---- C:\WINDOWS\system32\logXv18
2009-06-18 23:00:07 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-18 23:00:05 ----D---- C:\Documents and Settings\USER\Application Data\SUPERAntiSpyware.com
2009-06-17 21:00:24 ----A---- C:\WINDOWS\system.ini
2009-06-17 20:58:48 ----D---- C:\WINDOWS\system32\drivers
2009-06-17 20:58:48 ----D---- C:\WINDOWS\AppPatch
2009-06-17 20:55:27 ----RASH---- C:\boot.ini
2009-06-17 20:26:36 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-17 20:04:56 ----D---- C:\WINDOWS\Help
2009-06-17 20:04:48 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-17 19:33:32 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-17 19:32:49 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-06-17 19:15:38 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-17 19:12:28 ----D---- C:\Documents and Settings\USER\Application Data\FrostWire
2009-06-17 19:09:04 ----A---- C:\WINDOWS\RtlRack.ini
2009-06-17 18:05:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-17 18:03:13 ----RSD---- C:\WINDOWS\Fonts
2009-06-17 17:57:35 ----D---- C:\WINDOWS\system32\config
2009-06-17 17:56:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-17 17:50:08 ----D---- C:\Temp
2009-06-09 00:40:40 ----D---- C:\Program Files\Online Services
2009-06-09 00:39:41 ----D---- C:\WINDOWS\system32\inetsrv
2009-06-09 00:05:35 ----D---- C:\WINDOWS\Debug
2009-06-09 00:05:34 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-03-24 27664]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-06-25 12416]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-06-25 218112]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 W8100PCI;D-Link AirPlus G Wireless Driver; C:\WINDOWS\system32\DRIVERS\mrv8k51.sys [2004-01-09 256896]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-03-24 99568]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-23 400384]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-07-01 626977]
S3 catchme;catchme; \??\C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys []
S3 FXDRV;FXDRV; \??\E:\Fxdrv.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-03-24 876656]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-19 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
  • 0

#13
SpySentinel
Posted 23 June 2009 - 01:25 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Lets see if MBAM will install and run on your computer now.


Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#14
Mabo19
Posted 23 June 2009 - 08:57 PM

Mabo19

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Yesss, it installed, here's the report:

Malwarebytes' Anti-Malware 1.38
Database version: 2327
Windows 5.1.2600 Service Pack 2

6/23/2009 10:52:05 PM
mbam-log-2009-06-23 (22-52-05).txt

Scan type: Quick Scan
Objects scanned: 107941
Time elapsed: 10 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
  • 0

#15
SpySentinel
Posted 24 June 2009 - 05:24 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Mabo19,


How is your computer running?


Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java 2 Runtime Environment Standard Edition v1.3.1_08



Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 14.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u14-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586.exe and select "Run as an Administrator.")

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP