Attn noahdfear can't install service packs

noahdfear · 2008/08/26

Please try to execute those instructions in safe mode.

musicteacher · 2008/08/26

Safe Mode worked

Everything worked in safe mode, and the computer seems to work much quicker now. Here's the Combo fix log:

ComboFix 08-08-23.03 - Owner 2008-08-26 19:11:26.5 - NTFSx86 NETWORK
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Project1.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt
C:\Project1.exe
C:\WINDOWS\system32\core3.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CORE3
-------\Service_core3

((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-23 11:36 . 2008-08-24 21:34 250 --a------ C:\WINDOWS\gmer.ini
2008-08-20 14:20 . 2008-08-20 14:20 66,156 --a------ C:\SeasonSchedulePA1881638831912.pdf
2008-08-20 00:50 . 2008-08-20 00:50 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-08-17 22:48 . 2008-08-17 22:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-17 16:06 . 2008-08-17 16:06 <DIR> d-------- C:\Program Files\PCPitstop
2008-08-17 14:08 . 2008-08-24 22:35 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-08-16 09:30 . 2008-08-24 22:35 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-15 21:29 . 2008-08-15 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-15 21:17 . 2001-08-17 22:36 112,640 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-08-15 21:17 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-08-15 21:17 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-08-15 21:17 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-08-15 21:17 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-08-15 21:17 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-08-15 21:17 . 2001-08-17 13:58 8,064 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-08-15 21:17 . 2001-08-17 22:36 7,680 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-15 21:17 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-08-15 21:15 . 2001-08-18 08:00 843,832 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-08-15 21:14 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-08-15 21:13 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-08-15 21:12 . 2001-08-18 08:00 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
2008-08-15 21:11 . 2001-08-18 08:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-15 21:10 . 2001-08-18 08:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-08-15 21:09 . 2001-08-18 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-15 21:08 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-08-15 21:07 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-08-15 21:06 . 2001-08-18 08:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-08-15 21:05 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-08-15 21:04 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-08-14 23:31 . 2008-08-14 23:31 50,688 --a------ C:\Program Files\ATF-Cleaner.exe
2008-08-14 12:49 . 2008-08-14 12:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-14 12:10 . 2001-08-18 08:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-08-14 12:10 . 2001-08-18 08:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-08-14 09:09 . 2008-08-14 09:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-14 09:07 . 2008-08-14 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-14 09:07 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-14 09:07 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-14 09:05 . 2008-08-14 09:07 <DIR> d-------- C:\Program Files\Malwarebytes
2008-08-08 22:41 . 2008-08-08 22:42 382,352 --a------ C:\Program Files\jre-6u7-windows-i586-p-iftw.exe
2008-08-08 07:23 . 2008-08-08 07:23 42,496 --a------ C:\Fixing computer instructions.doc
2008-08-08 07:12 . 2008-08-08 07:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-08-06 20:52 . 2008-08-06 20:52 15,083,520 --a------ C:\Program Files\spybotsd160.exe
2008-08-06 17:43 . 2008-08-18 20:21 1,527,193 --a------ C:\WINDOWS\setupapi.log.6.old
2008-08-06 07:48 . 2008-08-14 21:37 7 --a------ C:\WINDOWS\system32\ngxt.bin
2008-08-05 22:10 . 2008-08-18 20:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Spyware Terminator
2008-08-04 21:23 . 2008-08-04 21:23 <DIR> d-------- C:\Program Files\New Folder
2008-07-31 11:03 . 2008-07-31 11:03 <DIR> d-------- C:\Program Files\Disney
2008-07-29 23:01 . 2008-07-29 23:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-07-27 17:36 . 2004-08-03 14:04 185,624 --a------ C:\WINDOWS\system32\iuengine.dll
2008-07-27 17:36 . 2004-08-03 14:04 185,624 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2008-07-27 17:26 . 2008-07-27 17:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 04:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-16 13:11 --------- d-----w C:\Program Files\AIM95
2008-08-16 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-08-08 02:36 --------- d---a-w C:\Program Files\WildTangent
2008-08-07 23:26 --------- d-----w C:\Program Files\Spyware Terminator
2008-08-07 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-08-06 00:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-05 02:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 21:40 --------- d-----w C:\Program Files\PicturesToExe
2008-07-31 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-29 23:51 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-07-29 23:48 --------- d-----w C:\Program Files\ACD Systems
2008-07-28 11:45 102,400 ----a-w C:\WINDOWS\system32\drivers\cavasm.sys
2008-07-27 21:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-26 03:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2008-07-23 00:55 --------- d-----w C:\Program Files\FinePixViewer
2008-07-23 00:55 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV.000\Application Data\FUJIFILM
2008-07-22 01:15 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV.000\Application Data\VERITAS
2008-07-22 00:47 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV.000\Application Data\ACD Systems
2008-07-21 20:40 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV.000\Application Data\Spyware Terminator
2008-07-21 12:27 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV.000\Application Data\Microsoft Web Folders
2008-07-21 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOC426
2008-07-21 03:38 --------- d-----w C:\Program Files\SymNetDrv
2008-07-20 02:07 --------- d-----w C:\Program Files\Crawler
2008-07-20 02:01 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV\Application Data\Spyware Terminator
2008-07-19 22:34 --------- d-----w C:\Program Files\FileSubmit
2008-07-19 21:55 --------- d-----w C:\Program Files\Viewpoint
2008-07-19 21:55 --------- d-----w C:\Program Files\Lycos
2008-07-19 21:49 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-07-19 21:46 8,160,016 ----a-w C:\Program Files\SpywareTerminatorSetup.exe
2008-07-14 15:56 --------- d-----w C:\Program Files\WildGames
2008-07-12 20:38 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV\Application Data\Viewpoint
2008-07-11 01:25 --------- d-----w C:\Program Files\Coupons
2008-07-11 01:23 1,277,680 ----a-w C:\Program Files\CouponPrinter.exe
2008-07-10 01:57 --------- d-----w C:\Program Files\AIM6
2008-07-10 01:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-10 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-07-10 01:47 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV\Application Data\acccore
2008-07-08 11:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-07-08 11:21 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-08 11:13 --------- d-----w C:\Program Files\NOS
2008-07-06 21:06 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV\Application Data\Corel
2008-07-01 02:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\ACD Systems
2008-07-01 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-06-30 14:05 --------- d-----w C:\Program Files\Comodo
2008-06-30 11:30 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV\Application Data\Snapfish
2008-06-30 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-06-30 00:30 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV\Application Data\Microsoft Web Folders
2008-06-30 00:27 --------- d-----w C:\Program Files\OpenOffice
2008-06-30 00:16 --------- d-----w C:\Program Files\Comodo Free
2008-06-29 22:05 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV\Application Data\VERITAS
2008-06-29 03:33 --------- d-----w C:\Documents and Settings\Betsy.YOUR-US67PI6LUV\Application Data\MSN6
2008-06-28 12:41 --------- d-----w C:\Program Files\CCleaner
2008-06-28 11:14 --------- d-----w C:\Program Files\Java
2008-06-26 21:26 --------- d-----w C:\Documents and Settings\Craig\Application Data\WeatherBug
2008-06-26 03:05 --------- d-----w C:\Documents and Settings\Betsy\Application Data\WeatherBug
2008-05-26 10:58 1,470,464 ----a-w C:\Program Files\clipart.exe
2008-04-26 11:06 2,751,368 ----a-w C:\Program Files\ccsetup206.exe
2008-01-21 23:55 119,992 ----a-w C:\Documents and Settings\Betsy\Application Data\GDIPFONTCACHEV1.DAT
2006-09-28 03:04 16,291,424 ----a-w C:\Program Files\Java.exe
2005-01-15 11:13 9,893,152 ----a-w C:\Program Files\PatternViewerInst.exe
2004-07-22 10:39 2,150,574 ----a-w C:\Program Files\Ad-aware.exe
2004-05-23 19:26 2,403,357 ----a-w C:\Program Files\Reg Mechanic Install.exe
2004-05-02 20:17 10,241,609 ----a-w C:\Program Files\Vendio-SMPro.exe
2003-08-13 10:30 1,291,040 ----a-w C:\Program Files\WindowsXP-KB823980-x86-ENU.exe
2003-05-07 01:53 0 ----a-w C:\Program Files\Gevalia.jsp
2003-02-09 22:36 78,516 ----a-w C:\Program Files\AuctionManagerPro.exe
2002-11-30 21:16 1,803,464 ----a-w C:\Program Files\winzip81.exe
.

((((((((((((((((((((((((((((( snapshot_2008-08-24_15.05.55.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-23 15:58:46 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-26 21:45:01 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-23 15:58:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-26 21:45:01 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 17:14 1077277]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"CamMonitor "= "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 02:11 69632]
"KBD "= "C:\HP\KBD\KBD.EXE" [2001-07-07 00:56 61440]
"StorageGuard "= "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 11:01 155648]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2002-07-16 11:03 106549]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 02:39 212992]
"IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 06:29 155648]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 06:20 114688]
"PS2 "= "C:\WINDOWS\system32\ps2.exe" [2002-06-14 19:39 81920]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HPDJ Taskbar Utility "= "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 07:42 176128]
"DeviceDiscovery "= "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37 229437]
"cnfgCav "= "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2008-07-28 07:45 110592]
"nwiz "= "nwiz.exe" [2002-05-03 20:06 364544 C:\WINDOWS\system32\nwiz.exe]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2002-05-30 05:58:02 40960]

C:\Documents and Settings\Administrator.YOUR-US67PI6LUV\Start Menu\Programs\Startup\
AutoTBar.exe [2002-05-30 05:58:02 40960]

C:\Documents and Settings\Betsy\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [2007-06-04 21:33:41 325632]
PowerReg Scheduler V3.exe [2008-02-23 19:23:15 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-11-29 22:45:23 113664]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-11-29 22:45:23 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
America Online 7.0 Tray Icon.lnk - C:\Program Files\America Online 7.0\aoltray.exe [2002-11-29 17:24:20 32839]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-06-22 21:51:56 282624]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-01-30 13:03:47 156160]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-22 04:00:00 65588]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-11-30 15:02:16 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
2008-07-28 07:45 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV "= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\core3.sys]
@= "Driver "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [2008-07-19 17:49]
.
Contents of the 'Scheduled Tasks' folder

2002-07-27 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE []
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 19:19:32
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Comodo\Common\CAVASpy\cavasm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Comodo\Comodo AntiVirus\CavAUD.exe
.
**************************************************************************
.
Completion time: 2008-08-26 19:47:44 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-08-26 23:47:31
ComboFix2.txt 2008-08-25 02:00:17
ComboFix3.txt 2008-08-24 19:06:29
ComboFix4.txt 2008-08-15 12:43:07

Pre-Run: 39,086,764,032 bytes free
Post-Run: 38,523,604,992 bytes free

232

noahdfear · 2008/08/26

Great! Now, please update MBAM and do a full system scan. If it reports anything infected, remove it and reboot, then post the log here. If the scan is clean, try to install SP1a again.

musicteacher · 2008/08/27

Malwarebytes log

Malwarebytes' Anti-Malware 1.25
Database version: 1088
Windows 5.1.2600

5:16:09 PM 8/27/2008
mbam-log-08-27-2008 (17-16-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 219613
Time elapsed: 10 hour(s), 42 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP1\A0000002.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0001012.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0001025.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP6\A0003023.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP8\A0004023.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP9\A0004064.exe (Rogue.Installer) -> Quarantined and deleted successfully.

noahdfear · 2008/08/27

Great! Lets do a bit of tidying up, then see if the service packs will install. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. You can delete any logs that were created/saved too.

If you have ATF Cleaner, run it to clean up temp files and empty the recycle bin, otherwise the instructions for that follow.

Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot

Once you've restarted, verify that a new restore point has been created.

Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

Now see if you can install SP1a. If successful, after restarting, try SP3.

musicteacher · 2008/08/28

Right after I got home from school yesterday, I attempted to install SP 1a and to my amazement, it worked!!! My computer now shows that it has SP 1 on it.

I had to leave (our county fair opened last night) and when I got home late, I tried SP 3. Well, that seemed to cause problems. It got to a certain point and the following message popped up when it was backing up files:

Setup canot copy the file
d3d9.dll

Ensure that the location specified below is correct, or change it and insert "Windows XP Service Files" in the drive you specify.

I tried to fiddle with it, but couldn't get it to work. So it acted like it got hung up trying to back up this file d3d9.dll

I got online and saw your latest message, but then for the rest of the night, the computer worked verrry slow, I couldn't even get Outlook express to open, and eventually, could not get Explorer to open, so I couldn't even post about the problem.

Obviously I got it to open after school today, but it's still very slow.

I did delete Combofix, following your instructions. It appears to be gone. Shall I proceed with the rest of your directions? Why is it so slow? And why, when I hold down control, alt, delete and that window comes up, why are there SO many processes running at the same time? Like 25 or so, and it appears that there are multiples of the same thing running.

Thanks for all your help. At least I have Service Pack 1a installed, after a month of trying.

noahdfear · 2008/08/28

SP1a ... yeah!
SP3

Hang in there, we'll get it.

Download RSIT by random/random and save it to your desktop.

Double click RSIT.exe to start the tool and click Continue at the disclaimer.

When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.

Please post the contents of both logs here in your next reply.

The log(s) might be quite large, and may require splitting into multiple posts.

musicteacher · 2008/08/29

Half of first log

Logfile of random's system information tool (written by random/random)
Run by Owner at 2008-08-29 05:57:04
Microsoft Windows XP Home Edition Service Pack 1
System drive C: has 38 GB (54%) free of 71 GB
Total RAM: 510 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:02 AM, on 8/29/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\Comodo\Comodo AntiVirus\CAVSubmit.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavemsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1219026776889
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.34.14/ttinst.cab
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6069 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#Deskjet#3320.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"nwiz "=C:\WINDOWS\system32\nwiz.exe [2002-05-03 364544]
"CamMonitor "=c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe [2002-06-18 69632]
"KBD "=C:\HP\KBD\KBD.EXE [2001-07-07 61440]
"StorageGuard "=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-05-09 155648]
"dla "=C:\WINDOWS\system32\dla\tfswctrl.exe [2002-07-16 106549]
"Recguard "=C:\WINDOWS\SMINST\RECGUARD.EXE [2001-12-19 212992]
"IgfxTray "=C:\WINDOWS\System32\igfxtray.exe [2002-05-15 155648]
"HotKeysCmds "=C:\WINDOWS\System32\hkcmd.exe [2002-05-15 114688]
"PS2 "=C:\WINDOWS\system32\ps2.exe [2002-06-14 81920]
"HP Software Update "=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager "=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]
"HPDJ Taskbar Utility "=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"DeviceDiscovery "=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]
"cnfgCav "=C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe [2008-07-28 110592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2002-08-29 1511453]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
America Online 7.0 Tray Icon.lnk - C:\Program Files\America Online 7.0\aoltray.exe
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-05-15 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\monln]
C:\WINDOWS\system32\monln.dll [2008-07-28 216576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "=msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\core3.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\core3.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*
.txt - open - C:\WINDOWS\NOTEPAD.EXE %1

List of files/folders created in the last three months

2008-08-29 05:57:04 ----D---- C:\rsit
2008-08-29 05:52:53 ----SHD---- C:\RECYCLER
2008-08-28 06:04:30 ----D---- C:\ComboFix
2008-08-27 22:20:18 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-27 21:46:55 ----D---- C:\de90abfdf826684a18d7b9338cb7df
2008-08-27 18:24:41 ----A---- C:\WINDOWS\OEWABLog.txt
2008-08-27 18:22:54 ----D---- C:\WINDOWS\Prefetch
2008-08-27 17:54:26 ----A---- C:\WINDOWS\System32\dpcdll.dll
2008-08-27 17:53:37 ----A---- C:\WINDOWS\System32\ati2dvaa.dll
2008-08-27 17:52:22 ----A---- C:\WINDOWS\hh.exe
2008-08-27 17:52:22 ----A---- C:\WINDOWS\explorer.exe
2008-08-27 17:52:21 ----A---- C:\WINDOWS\winhlp32.exe
2008-08-27 17:52:15 ----A---- C:\WINDOWS\System32\adsldp.dll
2008-08-27 17:52:15 ----A---- C:\WINDOWS\System32\6to4svc.dll
2008-08-27 17:52:14 ----A---- C:\WINDOWS\System32\ahui.exe
2008-08-27 17:52:14 ----A---- C:\WINDOWS\System32\advpack.dll
2008-08-27 17:52:14 ----A---- C:\WINDOWS\System32\adsnt.dll
2008-08-27 17:52:14 ----A---- C:\WINDOWS\System32\adsmsext.dll
2008-08-27 17:52:14 ----A---- C:\WINDOWS\System32\adsldpc.dll
2008-08-27 17:52:13 ----A---- C:\WINDOWS\System32\apphelp.dll
2008-08-27 17:52:13 ----A---- C:\WINDOWS\System32\alg.exe
2008-08-27 17:52:12 ----A---- C:\WINDOWS\System32\at.exe
2008-08-27 17:52:12 ----A---- C:\WINDOWS\System32\asfsipc.dll
2008-08-27 17:52:12 ----A---- C:\WINDOWS\System32\asferror.dll
2008-08-27 17:52:11 ----A---- C:\WINDOWS\System32\batt.dll
2008-08-27 17:52:11 ----A---- C:\WINDOWS\System32\avifil32.dll
2008-08-27 17:52:11 ----A---- C:\WINDOWS\System32\autolfn.exe
2008-08-27 17:52:11 ----A---- C:\WINDOWS\System32\audiosrv.dll
2008-08-27 17:52:11 ----A---- C:\WINDOWS\System32\atl.dll
2008-08-27 17:52:10 ----A---- C:\WINDOWS\System32\browser.dll
2008-08-27 17:52:10 ----A---- C:\WINDOWS\System32\browselc.dll
2008-08-27 17:52:09 ----A---- C:\WINDOWS\System32\catsrvut.dll
2008-08-27 17:52:09 ----A---- C:\WINDOWS\System32\browsewm.dll
2008-08-27 17:52:09 ----A---- C:\WINDOWS\System32\browseui.dll
2008-08-27 17:52:08 ----A---- C:\WINDOWS\System32\cewmdm.dll
2008-08-27 17:52:08 ----A---- C:\WINDOWS\System32\certcli.dll
2008-08-27 17:52:07 ----A---- C:\WINDOWS\System32\clusapi.dll
2008-08-27 17:52:07 ----A---- C:\WINDOWS\System32\clipbrd.exe
2008-08-27 17:52:07 ----A---- C:\WINDOWS\System32\ciodm.dll
2008-08-27 17:52:07 ----A---- C:\WINDOWS\System32\cfgbkend.dll
2008-08-27 17:52:06 ----A---- C:\WINDOWS\System32\compatui.dll
2008-08-27 17:52:06 ----A---- C:\WINDOWS\System32\cmdl32.exe
2008-08-27 17:52:06 ----A---- C:\WINDOWS\System32\cmdial32.dll
2008-08-27 17:52:05 ----A---- C:\WINDOWS\System32\comsvcs.dll
2008-08-27 17:52:04 ----A---- C:\WINDOWS\System32\cryptdlg.dll
2008-08-27 17:52:04 ----A---- C:\WINDOWS\System32\crypt32.dll
2008-08-27 17:52:04 ----A---- C:\WINDOWS\System32\credui.dll
2008-08-27 17:52:04 ----A---- C:\WINDOWS\System32\conime.exe
2008-08-27 17:52:03 ----A---- C:\WINDOWS\System32\cryptui.dll
2008-08-27 17:52:03 ----A---- C:\WINDOWS\System32\cryptsvc.dll
2008-08-27 17:52:02 ----A---- C:\WINDOWS\System32\ctfmon.exe
2008-08-27 17:52:02 ----A---- C:\WINDOWS\System32\cscui.dll
2008-08-27 17:52:01 ----A---- C:\WINDOWS\System32\d3d8.dll
2008-08-27 17:52:00 ----A---- C:\WINDOWS\System32\danim.dll
2008-08-27 17:51:59 ----A---- C:\WINDOWS\System32\dbnetlib.dll
2008-08-27 17:51:59 ----A---- C:\WINDOWS\System32\dbmsvinn.dll
2008-08-27 17:51:59 ----A---- C:\WINDOWS\System32\dbmsrpcn.dll
2008-08-27 17:51:59 ----A---- C:\WINDOWS\System32\dbmsadsn.dll
2008-08-27 17:51:58 ----A---- C:\WINDOWS\System32\devmgr.dll
2008-08-27 17:51:58 ----A---- C:\WINDOWS\System32\defrag.exe
2008-08-27 17:51:58 ----A---- C:\WINDOWS\System32\ddraw.dll
2008-08-27 17:51:58 ----A---- C:\WINDOWS\System32\dbnmpntw.dll
2008-08-27 17:51:57 ----A---- C:\WINDOWS\System32\dfrgui.dll
2008-08-27 17:51:57 ----A---- C:\WINDOWS\System32\dfrgsnap.dll
2008-08-27 17:51:57 ----A---- C:\WINDOWS\System32\dfrgntfs.exe
2008-08-27 17:51:57 ----A---- C:\WINDOWS\System32\dfrgfat.exe
2008-08-27 17:51:56 ----A---- C:\WINDOWS\System32\dinput8.dll
2008-08-27 17:51:56 ----A---- C:\WINDOWS\System32\dinput.dll
2008-08-27 17:51:56 ----A---- C:\WINDOWS\System32\digest.dll
2008-08-27 17:51:56 ----A---- C:\WINDOWS\System32\dgnet.dll
2008-08-27 17:51:56 ----A---- C:\WINDOWS\System32\dfsshlex.dll
2008-08-27 17:51:55 ----A---- C:\WINDOWS\System32\dmscript.dll
2008-08-27 17:51:55 ----A---- C:\WINDOWS\System32\dmloader.dll
2008-08-27 17:51:55 ----A---- C:\WINDOWS\System32\dmime.dll
2008-08-27 17:51:55 ----A---- C:\WINDOWS\System32\dmcompos.dll
2008-08-27 17:51:55 ----A---- C:\WINDOWS\System32\dmband.dll
2008-08-27 17:51:54 ----A---- C:\WINDOWS\System32\docprop2.dll
2008-08-27 17:51:54 ----A---- C:\WINDOWS\System32\dnsapi.dll
2008-08-27 17:51:54 ----A---- C:\WINDOWS\System32\dmusic.dll
2008-08-27 17:51:54 ----A---- C:\WINDOWS\System32\dmstyle.dll
2008-08-27 17:51:53 ----A---- C:\WINDOWS\System32\dpvoice.dll
2008-08-27 17:51:53 ----A---- C:\WINDOWS\System32\dpnhupnp.dll
2008-08-27 17:51:53 ----A---- C:\WINDOWS\System32\dpnhpast.dll
2008-08-27 17:51:53 ----A---- C:\WINDOWS\System32\dpnet.dll
2008-08-27 17:51:52 ----A---- C:\WINDOWS\System32\dsquery.dll
2008-08-27 17:51:52 ----A---- C:\WINDOWS\System32\dsprop.dll
2008-08-27 17:51:52 ----A---- C:\WINDOWS\System32\ds32gt.dll
2008-08-27 17:51:52 ----A---- C:\WINDOWS\System32\dpwsockx.dll
2008-08-27 17:51:52 ----A---- C:\WINDOWS\System32\dpvsetup.exe
2008-08-27 17:51:51 ----A---- C:\WINDOWS\System32\dwwin.exe
2008-08-27 17:51:51 ----A---- C:\WINDOWS\System32\duser.dll
2008-08-27 17:51:51 ----A---- C:\WINDOWS\System32\dumprep.exe
2008-08-27 17:51:51 ----A---- C:\WINDOWS\System32\dssenh.dll
2008-08-27 17:51:50 ----A---- C:\WINDOWS\System32\dxdiag.exe
2008-08-27 17:51:49 ----A---- C:\WINDOWS\System32\dxmasf.dll
2008-08-27 17:51:48 ----A---- C:\WINDOWS\System32\els.dll
2008-08-27 17:51:48 ----A---- C:\WINDOWS\System32\dxtrans.dll
2008-08-27 17:51:48 ----A---- C:\WINDOWS\System32\dxtmsft.dll
2008-08-27 17:51:48 ----A---- C:\WINDOWS\System32\dxmrtp.dll
2008-08-27 17:51:47 ----A---- C:\WINDOWS\System32\ersvc.dll
2008-08-27 17:51:46 ----A---- C:\WINDOWS\System32\eventlog.dll
2008-08-27 17:51:46 ----A---- C:\WINDOWS\System32\eudcedit.exe
2008-08-27 17:51:46 ----A---- C:\WINDOWS\System32\es.dll
2008-08-27 17:51:45 ----A---- C:\WINDOWS\System32\framebuf.dll
2008-08-27 17:51:45 ----A---- C:\WINDOWS\System32\fontview.exe
2008-08-27 17:51:45 ----A---- C:\WINDOWS\System32\fldrclnr.dll
2008-08-27 17:51:45 ----A---- C:\WINDOWS\System32\faultrep.dll
2008-08-27 17:51:45 ----A---- C:\WINDOWS\System32\expsrv.dll
2008-08-27 17:51:44 ----A---- C:\WINDOWS\System32\fxscomex.dll
2008-08-27 17:51:44 ----A---- C:\WINDOWS\System32\fxsclnt.exe
2008-08-27 17:51:44 ----A---- C:\WINDOWS\System32\fxsapi.dll
2008-08-27 17:51:43 ----A---- C:\WINDOWS\System32\fxsres.dll
2008-08-27 17:51:43 ----A---- C:\WINDOWS\System32\fxsperf.dll
2008-08-27 17:51:43 ----A---- C:\WINDOWS\System32\fxsext32.dll
2008-08-27 17:51:43 ----A---- C:\WINDOWS\System32\fxsdrv.dll
2008-08-27 17:51:43 ----A---- C:\WINDOWS\System32\fxscover.exe
2008-08-27 17:51:42 ----A---- C:\WINDOWS\System32\fxsst.dll
2008-08-27 17:51:41 ----A---- C:\WINDOWS\System32\fxstiff.dll
2008-08-27 17:51:41 ----A---- C:\WINDOWS\System32\fxst30.dll
2008-08-27 17:51:41 ----A---- C:\WINDOWS\System32\fxssvc.exe
2008-08-27 17:51:40 ----A---- C:\WINDOWS\System32\fxswzrd.dll
2008-08-27 17:51:40 ----A---- C:\WINDOWS\System32\fxsui.dll
2008-08-27 17:51:39 ----A---- C:\WINDOWS\System32\hhsetup.dll
2008-08-27 17:51:39 ----A---- C:\WINDOWS\System32\fxsxp32.dll
2008-08-27 17:51:38 ----A---- C:\WINDOWS\System32\icaapi.dll
2008-08-27 17:51:38 ----A---- C:\WINDOWS\System32\hnetcfg.dll
2008-08-27 17:51:37 ----A---- C:\WINDOWS\System32\ieakeng.dll
2008-08-27 17:51:37 ----A---- C:\WINDOWS\System32\ie4uinit.exe
2008-08-27 17:51:37 ----A---- C:\WINDOWS\System32\idq.dll
2008-08-27 17:51:37 ----A---- C:\WINDOWS\System32\icm32.dll
2008-08-27 17:51:36 ----A---- C:\WINDOWS\System32\iesetup.dll
2008-08-27 17:51:36 ----A---- C:\WINDOWS\System32\iepeers.dll
2008-08-27 17:51:36 ----A---- C:\WINDOWS\System32\iedkcs32.dll
2008-08-27 17:51:36 ----A---- C:\WINDOWS\System32\ieaksie.dll
2008-08-27 17:51:35 ----A---- C:\WINDOWS\System32\imgutil.dll
2008-08-27 17:51:35 ----A---- C:\WINDOWS\System32\imeshare.dll
2008-08-27 17:51:35 ----A---- C:\WINDOWS\System32\imapi.exe
2008-08-27 17:51:35 ----A---- C:\WINDOWS\System32\ils.dll
2008-08-27 17:51:34 ----A---- C:\WINDOWS\System32\inetcomm.dll
2008-08-27 17:51:34 ----A---- C:\WINDOWS\System32\imm32.dll
2008-08-27 17:51:33 ----A---- C:\WINDOWS\System32\inseng.dll
2008-08-27 17:51:33 ----A---- C:\WINDOWS\System32\input.dll
2008-08-27 17:51:32 ----A---- C:\WINDOWS\System32\iphlpapi.dll
2008-08-27 17:51:32 ----A---- C:\WINDOWS\System32\ipconfig.exe
2008-08-27 17:51:31 ----A---- C:\WINDOWS\System32\ipsecsvc.dll
2008-08-27 17:51:31 ----A---- C:\WINDOWS\System32\ippromon.dll
2008-08-27 17:51:31 ----A---- C:\WINDOWS\System32\ipnathlp.dll
2008-08-27 17:51:30 ----A---- C:\WINDOWS\System32\itss.dll
2008-08-27 17:51:30 ----A---- C:\WINDOWS\System32\itircl.dll
2008-08-27 17:51:30 ----A---- C:\WINDOWS\System32\ipv6mon.dll
2008-08-27 17:51:30 ----A---- C:\WINDOWS\System32\ipv6.exe
2008-08-27 17:51:29 ----A---- C:\WINDOWS\System32\kd1394.dll
2008-08-27 17:51:29 ----A---- C:\WINDOWS\System32\ixsso.dll
2008-08-27 17:51:29 ----A---- C:\WINDOWS\System32\iuctl.dll
2008-08-27 17:51:28 ----A---- C:\WINDOWS\System32\kerberos.dll
2008-08-27 17:51:27 ----A---- C:\WINDOWS\System32\lmrt.dll
2008-08-27 17:51:27 ----A---- C:\WINDOWS\System32\licwmi.dll
2008-08-27 17:51:27 ----A---- C:\WINDOWS\System32\licmgr10.dll
2008-08-27 17:51:26 ----A---- C:\WINDOWS\System32\logonui.exe
2008-08-27 17:51:26 ----A---- C:\WINDOWS\System32\localui.dll
2008-08-27 17:51:25 ----A---- C:\WINDOWS\System32\mindex.dll
2008-08-27 17:51:24 ----A---- C:\WINDOWS\System32\mobsync.dll
2008-08-27 17:51:24 ----A---- C:\WINDOWS\System32\mnmdd.dll
2008-08-27 17:51:24 ----A---- C:\WINDOWS\System32\mmcndmgr.dll
2008-08-27 17:51:23 ----A---- C:\WINDOWS\System32\moricons.dll
2008-08-27 17:51:22 ----A---- C:\WINDOWS\System32\mplay32.exe
2008-08-27 17:51:21 ----A---- C:\WINDOWS\System32\msctf.dll
2008-08-27 17:51:21 ----A---- C:\WINDOWS\System32\mscpx32r.dll
2008-08-27 17:51:21 ----A---- C:\WINDOWS\System32\msconf.dll
2008-08-27 17:51:21 ----A---- C:\WINDOWS\System32\mscms.dll
2008-08-27 17:51:20 ----A---- C:\WINDOWS\System32\msdtcprx.dll
2008-08-27 17:51:20 ----A---- C:\WINDOWS\System32\msdart.dll
2008-08-27 17:51:20 ----A---- C:\WINDOWS\System32\msctfp.dll
2008-08-27 17:51:19 ----A---- C:\WINDOWS\System32\msdxmlc.dll
2008-08-27 17:51:18 ----A---- C:\WINDOWS\System32\msexch40.dll
2008-08-27 17:51:17 ----A---- C:\WINDOWS\System32\msexcl40.dll
2008-08-27 17:51:15 ----A---- C:\WINDOWS\System32\mshtml.dll
2008-08-27 17:51:14 ----A---- C:\WINDOWS\System32\msieftp.dll
2008-08-27 17:51:14 ----A---- C:\WINDOWS\System32\mshtmler.dll
2008-08-27 17:51:14 ----A---- C:\WINDOWS\System32\mshtmled.dll
2008-08-27 17:51:13 ----A---- C:\WINDOWS\System32\msimtf.dll
2008-08-27 17:51:13 ----A---- C:\WINDOWS\System32\msimg32.dll
2008-08-27 17:51:12 ----A---- C:\WINDOWS\System32\msisam11.dll
2008-08-27 17:51:11 ----A---- C:\WINDOWS\System32\mslbui.dll
2008-08-27 17:51:11 ----A---- C:\WINDOWS\System32\msjtes40.dll
2008-08-27 17:51:11 ----A---- C:\WINDOWS\System32\msjetoledb40.dll
2008-08-27 17:51:11 ----A---- C:\WINDOWS\System32\msjet40.dll
2008-08-27 17:51:10 ----A---- C:\WINDOWS\System32\msorcl32.dll
2008-08-27 17:51:10 ----A---- C:\WINDOWS\System32\msoert2.dll
2008-08-27 17:51:10 ----A---- C:\WINDOWS\System32\msoeacct.dll
2008-08-27 17:51:10 ----A---- C:\WINDOWS\System32\msnsspc.dll
2008-08-27 17:51:10 ----A---- C:\WINDOWS\System32\msltus40.dll
2008-08-27 17:51:09 ----A---- C:\WINDOWS\System32\mspmsp.dll
2008-08-27 17:51:09 ----A---- C:\WINDOWS\System32\mspbde40.dll
2008-08-27 17:51:09 ----A---- C:\WINDOWS\System32\mspaint.exe
2008-08-27 17:51:08 ----A---- C:\WINDOWS\System32\msrd2x40.dll
2008-08-27 17:51:08 ----A---- C:\WINDOWS\System32\msrating.dll
2008-08-27 17:51:07 ----A---- C:\WINDOWS\System32\msscp.dll
2008-08-27 17:51:07 ----A---- C:\WINDOWS\System32\msrle32.dll
2008-08-27 17:51:07 ----A---- C:\WINDOWS\System32\msrepl40.dll
2008-08-27 17:51:06 ----A---- C:\WINDOWS\System32\mstime.dll
2008-08-27 17:51:06 ----A---- C:\WINDOWS\System32\mstext40.dll
2008-08-27 17:51:06 ----A---- C:\WINDOWS\System32\mstask.dll
2008-08-27 17:51:05 ----A---- C:\WINDOWS\System32\mstscax.dll
2008-08-27 17:51:05 ----A---- C:\WINDOWS\System32\mstsc.exe
2008-08-27 17:51:05 ----A---- C:\WINDOWS\System32\mstinit.exe
2008-08-27 17:51:04 ----A---- C:\WINDOWS\System32\msvcp60.dll
2008-08-27 17:51:04 ----A---- C:\WINDOWS\System32\msutb.dll
2008-08-27 17:51:04 ----A---- C:\WINDOWS\System32\msuni11.dll
2008-08-27 17:51:03 ----A---- C:\WINDOWS\System32\msvidctl.dll
2008-08-27 17:51:03 ----A---- C:\WINDOWS\System32\msvfw32.dll
2008-08-27 17:51:03 ----A---- C:\WINDOWS\System32\msvcrt.dll
2008-08-27 17:51:02 ----A---- C:\WINDOWS\System32\msxbde40.dll
2008-08-27 17:51:02 ----A---- C:\WINDOWS\System32\mswebdvd.dll
2008-08-27 17:51:01 ----A---- C:\WINDOWS\System32\msxml3.dll
2008-08-27 17:51:01 ----A---- C:\WINDOWS\System32\msxml2.dll

musicteacher · 2008/08/29

Second half

2008-08-27 17:51:00 ----A---- C:\WINDOWS\System32\net1.exe
2008-08-27 17:51:00 ----A---- C:\WINDOWS\System32\net.exe
2008-08-27 17:51:00 ----A---- C:\WINDOWS\System32\nddenb32.dll
2008-08-27 17:51:00 ----A---- C:\WINDOWS\System32\ncobjapi.dll
2008-08-27 17:50:59 ----A---- C:\WINDOWS\System32\netdde.exe
2008-08-27 17:50:59 ----A---- C:\WINDOWS\System32\netcfgx.dll
2008-08-27 17:50:59 ----A---- C:\WINDOWS\System32\netapi32.dll
2008-08-27 17:50:58 ----A---- C:\WINDOWS\System32\netman.dll
2008-08-27 17:50:58 ----A---- C:\WINDOWS\System32\netlogon.dll
2008-08-27 17:50:57 ----A---- C:\WINDOWS\System32\netplwiz.dll
2008-08-27 17:50:56 ----A---- C:\WINDOWS\System32\netshell.dll
2008-08-27 17:50:55 ----A---- C:\WINDOWS\System32\ntlanman.dll
2008-08-27 17:50:55 ----A---- C:\WINDOWS\System32\nmmkcert.dll
2008-08-27 17:50:55 ----A---- C:\WINDOWS\System32\nlhtml.dll
2008-08-27 17:50:55 ----A---- C:\WINDOWS\System32\newdev.dll
2008-08-27 17:50:54 ----A---- C:\WINDOWS\System32\ntmssvc.dll
2008-08-27 17:50:54 ----A---- C:\WINDOWS\System32\ntmsdba.dll
2008-08-27 17:50:54 ----A---- C:\WINDOWS\System32\ntmsapi.dll
2008-08-27 17:50:54 ----A---- C:\WINDOWS\System32\ntmarta.dll
2008-08-27 17:50:53 ----A---- C:\WINDOWS\System32\odbc32.dll
2008-08-27 17:50:53 ----A---- C:\WINDOWS\System32\oakley.dll
2008-08-27 17:50:53 ----A---- C:\WINDOWS\System32\ntshrui.dll
2008-08-27 17:50:52 ----A---- C:\WINDOWS\System32\odbccp32.dll
2008-08-27 17:50:52 ----A---- C:\WINDOWS\System32\odbcconf.exe
2008-08-27 17:50:52 ----A---- C:\WINDOWS\System32\odbcconf.dll
2008-08-27 17:50:52 ----A---- C:\WINDOWS\System32\odbcbcp.dll
2008-08-27 17:50:52 ----A---- C:\WINDOWS\System32\odbcad32.exe
2008-08-27 17:50:52 ----A---- C:\WINDOWS\System32\odbc32gt.dll
2008-08-27 17:50:51 ----A---- C:\WINDOWS\System32\offfilt.dll
2008-08-27 17:50:51 ----A---- C:\WINDOWS\System32\odbctrac.dll
2008-08-27 17:50:51 ----A---- C:\WINDOWS\System32\odbcp32r.dll
2008-08-27 17:50:51 ----A---- C:\WINDOWS\System32\odbccu32.dll
2008-08-27 17:50:51 ----A---- C:\WINDOWS\System32\odbccr32.dll
2008-08-27 17:50:50 ----A---- C:\WINDOWS\System32\oleprn.dll
2008-08-27 17:50:50 ----A---- C:\WINDOWS\System32\ole32.dll
2008-08-27 17:50:49 ----A---- C:\WINDOWS\System32\packager.exe
2008-08-27 17:50:49 ----A---- C:\WINDOWS\System32\osk.exe
2008-08-27 17:50:49 ----A---- C:\WINDOWS\System32\opengl32.dll
2008-08-27 17:50:48 ----A---- C:\WINDOWS\System32\pngfilt.dll
2008-08-27 17:50:48 ----A---- C:\WINDOWS\System32\ping.exe
2008-08-27 17:50:48 ----A---- C:\WINDOWS\System32\pdh.dll
2008-08-27 17:50:48 ----A---- C:\WINDOWS\System32\pautoenr.dll
2008-08-27 17:50:47 ----A---- C:\WINDOWS\System32\qcap.dll
2008-08-27 17:50:47 ----A---- C:\WINDOWS\System32\psbase.dll
2008-08-27 17:50:47 ----A---- C:\WINDOWS\System32\psapi.dll
2008-08-27 17:50:46 ----A---- C:\WINDOWS\System32\qdvd.dll
2008-08-27 17:50:45 ----A---- C:\WINDOWS\System32\quartz.dll
2008-08-27 17:50:45 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2008-08-27 17:50:45 ----A---- C:\WINDOWS\System32\qmgr.dll
2008-08-27 17:50:45 ----A---- C:\WINDOWS\System32\qedit.dll
2008-08-27 17:50:44 ----A---- C:\WINDOWS\System32\query.dll
2008-08-27 17:50:43 ----A---- C:\WINDOWS\System32\rassapi.dll
2008-08-27 17:50:43 ----A---- C:\WINDOWS\System32\rasppp.dll
2008-08-27 17:50:43 ----A---- C:\WINDOWS\System32\rasmans.dll
2008-08-27 17:50:43 ----A---- C:\WINDOWS\System32\raschap.dll
2008-08-27 17:50:42 ----A---- C:\WINDOWS\System32\rdpclip.exe
2008-08-27 17:50:42 ----A---- C:\WINDOWS\System32\rdchost.dll
2008-08-27 17:50:42 ----A---- C:\WINDOWS\System32\rcimlby.exe
2008-08-27 17:50:42 ----A---- C:\WINDOWS\System32\rastls.dll
2008-08-27 17:50:41 ----A---- C:\WINDOWS\System32\reg.exe
2008-08-27 17:50:41 ----A---- C:\WINDOWS\System32\redir.exe
2008-08-27 17:50:41 ----A---- C:\WINDOWS\System32\rdsaddin.exe
2008-08-27 17:50:41 ----A---- C:\WINDOWS\System32\rdpwsx.dll
2008-08-27 17:50:41 ----A---- C:\WINDOWS\System32\rdpsnd.dll
2008-08-27 17:50:41 ----A---- C:\WINDOWS\System32\rdpdd.dll
2008-08-27 17:50:40 ----A---- C:\WINDOWS\System32\riched20.dll
2008-08-27 17:50:40 ----A---- C:\WINDOWS\System32\remotepg.dll
2008-08-27 17:50:40 ----A---- C:\WINDOWS\System32\regapi.dll
2008-08-27 17:50:39 ----A---- C:\WINDOWS\System32\rpcss.dll
2008-08-27 17:50:39 ----A---- C:\WINDOWS\System32\rpcrt4.dll
2008-08-27 17:50:38 ----A---- C:\WINDOWS\System32\runonce.exe
2008-08-27 17:50:38 ----A---- C:\WINDOWS\System32\rtcshare.exe
2008-08-27 17:50:38 ----A---- C:\WINDOWS\System32\rtcdll.dll
2008-08-27 17:50:38 ----A---- C:\WINDOWS\System32\rsaenh.dll
2008-08-27 17:50:37 ----A---- C:\WINDOWS\System32\scecli.dll
2008-08-27 17:50:37 ----A---- C:\WINDOWS\System32\sccsccp.dll
2008-08-27 17:50:37 ----A---- C:\WINDOWS\System32\sccbase.dll
2008-08-27 17:50:36 ----A---- C:\WINDOWS\System32\sdbinst.exe
2008-08-27 17:50:36 ----A---- C:\WINDOWS\System32\schedsvc.dll
2008-08-27 17:50:36 ----A---- C:\WINDOWS\System32\scesrv.dll
2008-08-27 17:50:35 ----A---- C:\WINDOWS\System32\sfc_os.dll
2008-08-27 17:50:35 ----A---- C:\WINDOWS\System32\setup.exe
2008-08-27 17:50:35 ----A---- C:\WINDOWS\System32\sensapi.dll
2008-08-27 17:50:35 ----A---- C:\WINDOWS\System32\sens.dll
2008-08-27 17:50:35 ----A---- C:\WINDOWS\System32\secur32.dll
2008-08-27 17:50:34 ----A---- C:\WINDOWS\System32\sfcfiles.dll
2008-08-27 17:50:33 ----A---- C:\WINDOWS\System32\shdocvw.dll
2008-08-27 17:50:29 ----A---- C:\WINDOWS\System32\shimeng.dll
2008-08-27 17:50:29 ----A---- C:\WINDOWS\System32\shgina.dll
2008-08-27 17:50:29 ----A---- C:\WINDOWS\System32\shfolder.dll
2008-08-27 17:50:29 ----A---- C:\WINDOWS\System32\shell32.dll
2008-08-27 17:50:28 ----A---- C:\WINDOWS\System32\shsvcs.dll
2008-08-27 17:50:28 ----A---- C:\WINDOWS\System32\shmgrate.exe
2008-08-27 17:50:28 ----A---- C:\WINDOWS\System32\shlwapi.dll
2008-08-27 17:50:28 ----A---- C:\WINDOWS\System32\shimgvw.dll
2008-08-27 17:50:27 ----A---- C:\WINDOWS\System32\slayerxp.dll
2008-08-27 17:50:27 ----A---- C:\WINDOWS\System32\skeys.exe
2008-08-27 17:50:27 ----A---- C:\WINDOWS\System32\sigverif.exe
2008-08-27 17:50:27 ----A---- C:\WINDOWS\System32\sigtab.dll
2008-08-27 17:50:26 ----A---- C:\WINDOWS\System32\snmpapi.dll
2008-08-27 17:50:26 ----A---- C:\WINDOWS\System32\smlogsvc.exe
2008-08-27 17:50:26 ----A---- C:\WINDOWS\System32\smlogcfg.dll
2008-08-27 17:50:25 ----A---- C:\WINDOWS\System32\spoolss.dll
2008-08-27 17:50:25 ----A---- C:\WINDOWS\System32\spider.exe
2008-08-27 17:50:24 ----A---- C:\WINDOWS\System32\srrstr.dll
2008-08-27 17:50:24 ----A---- C:\WINDOWS\System32\srclient.dll
2008-08-27 17:50:24 ----A---- C:\WINDOWS\System32\sqlsrv32.dll
2008-08-27 17:50:23 ----A---- C:\WINDOWS\System32\srsvc.dll
2008-08-27 17:50:22 ----A---- C:\WINDOWS\System32\ssdpapi.dll
2008-08-27 17:50:21 ----A---- C:\WINDOWS\System32\ssdpsrv.dll
2008-08-27 17:50:19 ----A---- C:\WINDOWS\System32\stobject.dll
2008-08-27 17:50:19 ----A---- C:\WINDOWS\System32\sti_ci.dll
2008-08-27 17:50:19 ----A---- C:\WINDOWS\System32\sti.dll
2008-08-27 17:50:18 ----A---- C:\WINDOWS\System32\sxs.dll
2008-08-27 17:50:18 ----A---- C:\WINDOWS\System32\strmdll.dll
2008-08-27 17:50:17 ----A---- C:\WINDOWS\System32\tapisrv.dll
2008-08-27 17:50:17 ----A---- C:\WINDOWS\System32\tapi32.dll
2008-08-27 17:50:16 ----A---- C:\WINDOWS\System32\termsrv.dll
2008-08-27 17:50:16 ----A---- C:\WINDOWS\System32\taskmgr.exe
2008-08-27 17:50:15 ----A---- C:\WINDOWS\System32\udhisapi.dll
2008-08-27 17:50:15 ----A---- C:\WINDOWS\System32\tscupgrd.exe
2008-08-27 17:50:15 ----A---- C:\WINDOWS\System32\tscfgwmi.dll
2008-08-27 17:50:15 ----A---- C:\WINDOWS\System32\trkwks.dll
2008-08-27 17:50:15 ----A---- C:\WINDOWS\System32\tracert.exe
2008-08-27 17:50:15 ----A---- C:\WINDOWS\System32\themeui.dll
2008-08-27 17:50:14 ----A---- C:\WINDOWS\System32\upnp.dll
2008-08-27 17:50:14 ----A---- C:\WINDOWS\System32\umpnpmgr.dll
2008-08-27 17:50:14 ----A---- C:\WINDOWS\System32\umandlg.dll
2008-08-27 17:50:13 ----A---- C:\WINDOWS\System32\url.dll
2008-08-27 17:50:13 ----A---- C:\WINDOWS\System32\ups.exe
2008-08-27 17:50:13 ----A---- C:\WINDOWS\System32\upnpui.dll
2008-08-27 17:50:13 ----A---- C:\WINDOWS\System32\upnphost.dll
2008-08-27 17:50:12 ----A---- C:\WINDOWS\System32\utilman.exe
2008-08-27 17:50:12 ----A---- C:\WINDOWS\System32\usp10.dll
2008-08-27 17:50:12 ----A---- C:\WINDOWS\System32\urlmon.dll
2008-08-27 17:50:11 ----A---- C:\WINDOWS\System32\uxtheme.dll
2008-08-27 17:50:10 ----A---- C:\WINDOWS\System32\vssapi.dll
2008-08-27 17:50:10 ----A---- C:\WINDOWS\System32\vdmredir.dll
2008-08-27 17:50:10 ----A---- C:\WINDOWS\System32\vbscript.dll
2008-08-27 17:50:09 ----A---- C:\WINDOWS\System32\webcheck.dll
2008-08-27 17:50:09 ----A---- C:\WINDOWS\System32\w32time.dll
2008-08-27 17:50:08 ----A---- C:\WINDOWS\System32\webclnt.dll
2008-08-27 17:50:07 ----A---- C:\WINDOWS\System32\wiadss.dll
2008-08-27 17:50:07 ----A---- C:\WINDOWS\System32\wextract.exe
2008-08-27 17:50:07 ----A---- C:\WINDOWS\System32\webvw.dll
2008-08-27 17:50:06 ----A---- C:\WINDOWS\System32\wiaservc.dll
2008-08-27 17:50:05 ----A---- C:\WINDOWS\System32\winsta.dll
2008-08-27 17:50:05 ----A---- C:\WINDOWS\System32\winmm.dll
2008-08-27 17:50:05 ----A---- C:\WINDOWS\System32\wininet.dll
2008-08-27 17:50:04 ----A---- C:\WINDOWS\System32\wmerrenu.dll
2008-08-27 17:50:04 ----A---- C:\WINDOWS\System32\wlnotify.dll
2008-08-27 17:50:04 ----A---- C:\WINDOWS\System32\wldap32.dll
2008-08-27 17:50:03 ----A---- C:\WINDOWS\System32\wmpcd.dll
2008-08-27 17:50:02 ----A---- C:\WINDOWS\System32\wmpcore.dll
2008-08-27 17:50:01 ----A---- C:\WINDOWS\System32\wmpshell.dll
2008-08-27 17:50:01 ----A---- C:\WINDOWS\System32\wmploc.dll
2008-08-27 17:50:00 ----A---- C:\WINDOWS\System32\wmpstub.exe
2008-08-27 17:49:59 ----A---- C:\WINDOWS\System32\wmstream.dll
2008-08-27 17:49:59 ----A---- C:\WINDOWS\System32\wmsdmoe.dll
2008-08-27 17:49:59 ----A---- C:\WINDOWS\System32\wmpui.dll
2008-08-27 17:49:58 ----A---- C:\WINDOWS\System32\wmv8dmod.dll
2008-08-27 17:49:57 ----A---- C:\WINDOWS\System32\wsnmp32.dll
2008-08-27 17:49:57 ----A---- C:\WINDOWS\System32\wship6.dll
2008-08-27 17:49:57 ----A---- C:\WINDOWS\System32\wow32.dll
2008-08-27 17:49:57 ----A---- C:\WINDOWS\System32\wmvdmoe.dll
2008-08-27 17:49:56 ----A---- C:\WINDOWS\System32\wzcdlg.dll
2008-08-27 17:49:56 ----A---- C:\WINDOWS\System32\wuauserv.dll
2008-08-27 17:49:56 ----A---- C:\WINDOWS\System32\wtsapi32.dll
2008-08-27 17:49:51 ----A---- C:\WINDOWS\System32\xenroll.dll
2008-08-27 17:49:51 ----A---- C:\WINDOWS\System32\xactsrv.dll
2008-08-27 17:49:50 ----A---- C:\WINDOWS\System32\zipfldr.dll
2008-08-27 17:49:50 ----A---- C:\WINDOWS\System32\HAL.DLL
2008-08-26 19:47:53 ----D---- C:\WINDOWS\temp
2008-08-26 19:47:45 ----A---- C:\ComboFix.txt
2008-08-23 11:36:32 ----A---- C:\WINDOWS\gmer.ini
2008-08-23 11:35:14 ----RA---- C:\WINDOWS\gmer.exe
2008-08-23 11:35:14 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-08-23 11:35:14 ----A---- C:\WINDOWS\gmer.dll
2008-08-20 00:50:35 ----D---- C:\Program Files\Windows Resource Kits
2008-08-17 22:48:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-17 16:06:35 ----D---- C:\Program Files\PCPitstop
2008-08-17 14:08:01 ----D---- C:\WINDOWS\System32\CatRoot2
2008-08-16 09:30:57 ----D---- C:\Program Files\EsetOnlineScanner
2008-08-16 09:11:09 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-15 21:29:48 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-15 07:23:07 ----D---- C:\WINDOWS\erdnt
2008-08-14 23:31:14 ----A---- C:\Program Files\ATF-Cleaner.exe
2008-08-14 12:49:58 ----D---- C:\Program Files\Trend Micro
2008-08-14 09:09:29 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-14 09:07:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-14 09:05:24 ----D---- C:\Program Files\Malwarebytes
2008-08-08 22:41:59 ----A---- C:\Program Files\jre-6u7-windows-i586-p-iftw.exe
2008-08-08 07:12:44 ----D---- C:\Documents and Settings\Owner\Application Data\Motive
2008-08-06 20:52:41 ----A---- C:\Program Files\spybotsd160.exe
2008-08-05 22:10:35 ----D---- C:\Documents and Settings\Owner\Application Data\Spyware Terminator
2008-08-04 21:23:29 ----D---- C:\Program Files\New Folder
2008-07-31 11:03:04 ----D---- C:\Program Files\Disney
2008-07-29 23:01:25 ----D---- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-07-29 19:51:20 ----A---- C:\WINDOWS\System32\wmvdmod.dll
2008-07-29 19:51:20 ----A---- C:\WINDOWS\System32\wmsdmod.dll
2008-07-29 19:51:20 ----A---- C:\WINDOWS\System32\wmadmod.dll
2008-07-29 19:51:20 ----A---- C:\WINDOWS\System32\mpg4dmod.dll
2008-07-29 19:51:19 ----A---- C:\WINDOWS\System32\wmadmoe.dll
2008-07-29 19:51:19 ----A---- C:\WINDOWS\System32\qasf.dll
2008-07-29 19:51:19 ----A---- C:\WINDOWS\System32\logagent.exe
2008-07-29 19:51:19 ----A---- C:\WINDOWS\System32\laprxy.dll
2008-07-29 19:51:18 ----A---- C:\WINDOWS\System32\wmvcore.dll
2008-07-29 19:51:18 ----A---- C:\WINDOWS\System32\wmnetmgr.dll
2008-07-29 19:51:16 ----A---- C:\WINDOWS\System32\wmasf.dll
2008-07-29 19:51:12 ----A---- C:\WINDOWS\System32\msnetobj.dll
2008-07-29 19:51:11 ----A---- C:\WINDOWS\System32\drmv2clt.dll
2008-07-29 19:51:11 ----A---- C:\WINDOWS\System32\blackbox.dll
2008-07-29 19:51:10 ----A---- C:\WINDOWS\System32\drmstor.dll
2008-07-29 19:51:10 ----A---- C:\WINDOWS\System32\drmclien.dll
2008-07-27 17:36:15 ----A---- C:\WINDOWS\System32\iuengine.dll
2008-07-27 17:26:08 ----D---- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
2008-07-25 23:31:51 ----D---- C:\Documents and Settings\Owner\Application Data\Aim
2008-07-25 21:56:04 ----A---- C:\WINDOWS\System32\ksuser.dll
2008-07-20 23:33:16 ----D---- C:\TBR5LanguageAct
2008-07-20 23:33:15 ----D---- C:\Languages
2008-07-19 21:36:52 ----D---- C:\Program Files\Crawler
2008-07-19 17:49:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-07-19 17:49:05 ----D---- C:\Program Files\Spyware Terminator
2008-07-19 17:46:11 ----A---- C:\Program Files\SpywareTerminatorSetup.exe
2008-07-19 13:33:19 ----HDC---- C:\WINDOWS\$xpsp1hfm$
2008-07-18 17:50:00 ----D---- C:\Documents and Settings\Owner\Application Data\Help
2008-07-17 23:34:19 ----A---- C:\WINDOWS\System32\RtlCPAPI.dll
2008-07-17 23:34:19 ----A---- C:\WINDOWS\System32\ChCfg.exe
2008-07-17 23:34:19 ----A---- C:\WINDOWS\soundman.exe
2008-07-17 23:34:19 ----A---- C:\WINDOWS\Alcxmntr.exe
2008-07-17 23:34:17 ----A---- C:\WINDOWS\System32\RTLCPL.exe
2008-07-17 23:34:17 ----A---- C:\WINDOWS\alcupd.exe
2008-07-17 23:34:17 ----A---- C:\WINDOWS\alcrmv.exe
2008-07-14 11:56:09 ----D---- C:\Program Files\WildGames
2008-07-10 21:25:18 ----D---- C:\Program Files\Coupons
2008-07-10 21:23:17 ----A---- C:\Program Files\CouponPrinter.exe
2008-07-08 07:21:09 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-07-08 07:13:48 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-08 07:13:42 ----D---- C:\Program Files\NOS
2008-06-30 22:44:13 ----D---- C:\Documents and Settings\Owner\Application Data\ACD Systems
2008-06-30 10:05:28 ----A---- C:\WINDOWS\UNBOC.EXE
2008-06-30 10:05:27 ----A---- C:\WINDOWS\CMDLIC.DLL
2008-06-30 10:05:21 ----D---- C:\Documents and Settings\All Users\Application Data\BOC426
2008-06-30 10:05:17 ----A---- C:\WINDOWS\BOC426.INI
2008-06-29 21:43:28 ----A---- C:\WINDOWS\System32\CavEmLSP.dll
2008-06-29 21:43:14 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2008-06-29 21:43:03 ----A---- C:\WINDOWS\System32\MSVCRTD.DLL
2008-06-29 21:43:03 ----A---- C:\WINDOWS\System32\monln.dll
2008-06-29 21:27:21 ----D---- C:\WINDOWS\System32\CatRoot_bak
2008-06-29 21:19:23 ----D---- C:\Program Files\Comodo
2008-06-29 20:34:32 ----D---- C:\Program Files\Microsoft Visual Studio
2008-06-29 20:25:20 ----D---- C:\Program Files\OpenOffice
2008-06-29 20:12:35 ----D---- C:\Program Files\Comodo Free
2008-06-27 09:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-13 13:35:37 ----D---- C:\GradeQuickWeb
2008-06-12 08:03:05 ----A---- C:\WINDOWS\Chutes.ini
2008-06-12 08:02:57 ----D---- C:\Program Files\Hasbro Interactive
2008-06-12 06:57:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-12 06:57:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-12 06:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-12 06:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$

List of drivers

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-05-22 90336]
R1 AFS2K;AFS2k; C:\WINDOWS\System32\drivers\AFS2K.sys [2002-07-24 82380]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2002-06-19 5589]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2002-06-19 22995]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2002-06-06 40368]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2002-07-16 23701]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2002-07-16 34805]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2002-07-16 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2002-07-16 2201]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2002-07-16 54900]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2002-07-16 14421]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2002-07-16 6325]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2002-07-16 91156]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2002-07-16 95125]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-05-22 69504]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-03-23 95936]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-05-22 78045]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2002-08-28 607360]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\System32\drivers\MxlW2k.sys [2002-07-24 28164]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-03-09 13780]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-17 23070]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-05-07 493896]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-04-02 19072]
R3 usbhub;USB Root Hub (usbport); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
R3 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\System32\drivers\ws2ifsl.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FileObjInfo;STFileDriver; \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys []
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-08 158140]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-08 12479]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-08 12031]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-08 11679]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-08 11999]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-08 19359]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-08 29215]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-08 19199]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-08 33503]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-08 23519]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-05-03 931882]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-13 155008]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-04-09 188032]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2002-08-29 15744]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

List of services

R2 Comodo Anti-Virus and Anti-Spyware Service;Comodo Anti-Virus and Anti-Spyware Service; C:\Program Files\Comodo\common\CAVASpy\cavasm.exe [2008-07-28 523264]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-07-19 606720]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2002-08-29 250368]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-05-03 61440]

-----------------EOF-----------------

musicteacher · 2008/08/29

the other one

info.txt logfile of random's system information tool 2008-08-29 06:02:10

Uninstall list

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 10 Photo Manager-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Ad-aware 6 Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
ArcSoft ShowBiz-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Arcsoft\Showbiz\Uninst.isu "
ArcSoft Software Suite-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\ArcSoft\Software Suite\Uninst.isu "
Atomic Pop--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {96777B4D-1A97-492E-B5DA-C624AA675280}
Betty Bad--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {A27EAF80-CBFC-4F56-94E1-929A401D7515}
Blackhawk Striker--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {5415BC25-6D6C-46C4-B34C-EA8470FE56D5}
Blasterball 2--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {357ECB62-CD36-4B63-B57E-769D0CA174F4}
Blasterball Wild--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {28BA89E7-2F60-4BE7-BAA2-7949EB3FE527}
Comodo AntiVirus Beta 2.0-->C:\Program Files\Comodo\Comodo AntiVirus\UninstallCAVS.exe
Dark Orbit--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {7841B68B-B7DD-408E-8B45-D5CA39608185}
Detto IntelliMover Demo-->MsiExec.exe /X{E62C706B-1352-4DCA-B4D4-81C24750B70F}
Disney's Lilo and Stitch Pinball--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {63272979-21F0-48EF-9B97-A83DBC05BE39}
Disney's Toontown Online-->C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
easy Internet sign-up-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\Setup.exe" -l0x9
ESET Online Scanner-->C:\WINDOWS\System32\OnlineScannerUninstaller.exe
GemMaster 2--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {4EDAE550-ACA5-4EF6-88BD-9F2B8BC2982D}
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp center-->C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903
hp deskjet 3500 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 3500 series
hp deskjet 3500-->msiexec /x{C7EC0699-D82C-4451-B701-C98C330D43AF}
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Memories Disc-->MsiExec.exe /X{FF384BDE-429B-45AD-A0C6-E593393D9D1C}
HP Photo and Imaging 1.1 - Photosmart Cameras-->MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp toolkit-->c:\Windows\HPTK\unhptkit.exe
Inactive HP Printer Drivers (Remove only)-->RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Intel(R) 845G Chipset Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterVideo WinDVD--> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Kublox--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {F7A4D9BE-D989-45B9-BB49-2C0EA34B9991}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes\Malwarebytes' Anti-Malware\unins000.exe "
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
MUSICMATCH Jukebox-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
PC-Doctor for Windows-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
PigPen--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {B279B0DA-6F60-4FBD-9847-0C9AB79A3674}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken Financial Center-->C:\PROGRA~1\QUICKE~1\rem\UNWISE.EXE /s C:\PROGRA~1\QUICKE~1\rem\INSTALL.LOG
RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
SabreWing 2--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {922B6E62-57DC-4153-97E3-12443BB5F9AE}
Snowboard Extreme--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {753FE96B-D926-4B6C-BCFB-CC59153D004A}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Space Rocks--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {9FA01E11-9015-4140-B10A-5C6AA949B2FC}
Speedway--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {D6CAB2F4-26A4-48F4-A35D-CA83063E3928}
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
Virtual Warfare--> "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {4F0AE1FB-4082-4A27-8363-05D292D92FB0}
WildTangent Channel Manager-->C:\Program Files\WildTangent\DDC\DDCManager\Uninstall.exe
Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\uninst32.exe
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\Uninst32.exe

Environment variables

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program files\PC-Doctor for Windows XP\WINDSAPI
"windir "=%SystemRoot%
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION "=0207
"NUMBER_OF_PROCESSORS "=1
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP

-----------------EOF-----------------

noahdfear · 2008/08/29

Navigate to and double click on C:\WINDOWS\gmer_uninstall.cmd

Delete the following file, folder and Task

C:\ComboFix.txt
C:\ComboFix
C:\WINDOWS\tasks\Symantec NetDetect.job

Click each of the links below and save them to your desktop, then extract each one.

http://www.supertechtips.info/resource/xp_regfile_fix.zip
http://www.dougknox.com/xp/fileassoc/xp_txt_fix.zip
http://www.dougknox.com/xp/fileassoc/xp_scr_fix.zip

Start with the xp_regfile_fix by opening the folder, right click the file and select Merge. Click Yes at the prompt.
Now repeat with the xp_txt and xp_scr fixes.
If you are unable to complete the above, stop and post back to let me know, otherwise proceed with the following.

Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)
Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
 "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\core3.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\core3.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
Double click fix.reg (or right click and merge) and allow it to merge with the registry.

Now restart the computer.
Disconnect from the internet and disable your antivirus, firewall and SpywareTerminator apps.
Attempt to install SP3 now.

musicteacher · 2008/08/29

Right off the bat I ran into a problem.

When I follow your very first instructions to delete gmer, I get the following message in a little black window:

C:\WINDOWS>sc delete gmer
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\WINDOWS>del systen32\drivers\gmer.sys
Could Not Find C:\WINDOWS\system32\drivers\gmer.sys

C:\WINDOWS>del gmer.dll
Could Not Find C:\WINDOWS\gmer.dll

C:\WINDOWS>del gmer.exe
C:\WINDOWS\gmer.exe
Access is denied.

C:\WINDOWS>pause
Press any key to continue . . .

Will be staying up late in hopes of getting further instructions from you!!!

noahdfear · 2008/08/29

No worries there, just continue on.

musicteacher · 2008/08/29

The first link seems to take me to Haminhams PC Repair in the Phillipines, but it looks like their main page. Is this correct? What do I do once I'm there?

noahdfear · 2008/08/29

No, no, no. All three of those links are direct download links to zip files. They should be causing a file download dialog to open when clicked. Try right clicking the link(s) and selecting Save Target As

Are all of the links redirecting you to a site? If so, close the page(s) immediately.

musicteacher · 2008/08/29

I had already gotten the second and third and by doing the right-click thing, I was able to get the first. But seriously, if I just clicked on the link, it really did take me to that Phillipines website.

OK. Now when I follow your directions for regfile, I can open the folder, but when I right-click on the file, MERGE is not an option. I can click on open, and then it asks me something like -do you really want to do this?

So there isn't a merge. What should I do?

noahdfear · 2008/08/29

Does it ask if you want to enter the information into the registry? If so, that's correct, and yes you do.

That behavior on the link suggests there might still be something hiding from us. Stop when you get to the installing SP3 part. I'd like to run another scan, and I'd like for you to try running gmer again.

noahdfear · 2008/08/30

Just had another member PM me that the link also takes her to the index page instead of downloading the file (thank you for the confirmation!), so I have to assume it's something to do with browser or security settings rather than rogue behavior. Go ahead and try installing SP3.

musicteacher · 2008/08/30

Well, here's my update:

I was on the computer from about 11 pm to 1:30 am or so, following the series of instructions you had given me. The computer was working very slowly, and I was sleeping in my computer chair while it worked. I got to the part where I had to restart the computer, and I decided I needed sleep, so I just shut it off for the night.

I got up this morning, fired it up, and decided to try and install SP3. It got to the same place of backing up files and it informed me once again that it could not copy the file called d3d9.dll, but it gave me the option of skipping over it, so I chose that.

It kept going and SP 3 has installed!!! Finally!!!

However, my Comodo popped up and informed me that something called
Backdoor.Win32.Poison.cpb
has appeared and was quarantined.

Whew . . . . next?

noahdfear · 2008/08/30

First, see if you can identify that file that was quarantined and let me know what it was.

Do another online scan with Kaspersky.

Log in or Sign up

Attn noahdfear can't install service packs

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Attn noahdfear can't install service packs

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

noahdfear Inactive

musicteacher Well-Known Member Thread Starter

noahdfear Inactive

Share This Page

Useful Searches