dwang0725

Members
  • Content Count

    35
  • Joined

  • Last visited

Community Reputation

0 Neutral

About dwang0725

  • Rank
    Advanced Member
  1. I found the sr.inf file and when I went to install it, it said that sr.sy_ file was missing. I then loaded it from the i386 folder on my XP disc and it installed properly. I did the system restore and everything else as instructed. System seems to be running fine. One other note. It seems as if my XP isn't running properly (missing files, etc). Do you think I should do a reinstall? Will that help? Will the files gets restored? Dave
  2. When I do that, I get: "the selected branch does not exist. Make sure that the correct path is given." Going through the registry editor and following the file path that you gave, once I get to windows NT, there is no sub file SystemRestore.
  3. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR"=dword:00000000 "CreateFirstRunRp"=dword:00000001
  4. Performed as instructed, but still no system restore tab. File is definitely present. Do you think something is messed up with my Windows?
  5. I did it again (the right way) but I still don't have a system restore tab. Now the tab are: general, computer name, hardware, advanced, and automatic updates. That's it. No system restore tab.
  6. OK, I got the my computers icon on to the desktop, but when I go through your instructions, I cannot find a system restore tab. The only tabs available from my computer icon are "General" and "Shortcut". That's it.
  7. Hmm, I do not have a "my computer" on my desktop! The only place where I see "my computer" is when I click on the "start" button. I've been looking all over for a system restore in the control panel and cannot find it. Any ideas?
  8. Blade, OK, done as per instructed. System is running much better, thanks. I DLed and installed Windows SP3 as well. Now, what should I get to make my system more secure? Any recommendations? DDS text: DDS (Ver_09-07-30.01) - NTFSx86 Run by david wang at 11:57:04.65 on Sun 08/23/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16 ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://google.com/ uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.7.0\ViewBarBHO.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.7.0\IEViewBar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" StartupFolder: c:\docume~1\davidw~1\startm~1\programs\startup\rt-upd~1.lnk - c:\ross-tech\vcds\VCDS.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {3234504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/a/0/0/a0043c6c-8cd6-428e-9c9e-01883020f5ce/mpg4dmo.CAB DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxsrvc.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SecurityProviders: schannel.dll, digest.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\davidw~1\applic~1\mozilla\firefox\profiles\1387k14y.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?p=1151392084 FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={E113B85B-DB91-D189-5821-5BE04612C681}&q= FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-08-23 02:46 <DIR> -cd----- c:\windows\system32\SoftwareDistribution 2009-08-23 02:44 187,938 ac------ c:\windows\system32\dllcache\c_20005.nls 2009-08-23 02:44 187,938 ac------ c:\windows\system32\c_20005.nls 2009-08-23 02:44 186,402 ac------ c:\windows\system32\dllcache\c_20001.nls 2009-08-23 02:44 186,402 ac------ c:\windows\system32\c_20001.nls 2009-08-23 02:44 185,378 ac------ c:\windows\system32\dllcache\c_20003.nls 2009-08-23 02:44 185,378 ac------ c:\windows\system32\c_20003.nls 2009-08-23 02:44 180,258 ac------ c:\windows\system32\dllcache\c_20004.nls 2009-08-23 02:44 180,258 ac------ c:\windows\system32\c_20004.nls 2009-08-23 02:44 173,602 ac------ c:\windows\system32\dllcache\c_20002.nls 2009-08-23 02:44 173,602 ac------ c:\windows\system32\dllcache\c_10008.nls 2009-08-23 02:44 173,602 ac------ c:\windows\system32\c_20002.nls 2009-08-23 02:44 173,602 ac------ c:\windows\system32\c_10008.nls 2009-08-23 02:26 1,306,624 -c------ c:\windows\system32\msxml6.dll 2009-08-23 02:26 1,306,624 -c------ c:\windows\system32\dllcache\msxml6.dll 2009-08-23 02:26 102,912 -c------ c:\windows\system32\dllcache\dpcdll.dll 2009-08-23 02:26 79,872 -c------ c:\windows\system32\msxml6r.dll 2009-08-23 02:26 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll 2009-08-23 02:24 13,463,552 ac------ c:\windows\system32\dllcache\hwxjpn.dll 2009-08-23 02:24 19,456 ac------ c:\windows\system32\dllcache\agt0411.dll 2009-08-23 02:24 19,456 ac------ c:\windows\system32\dllcache\agt0404.dll 2009-08-23 02:23 6,144 ac------ c:\windows\system32\kbd106n.dll 2009-08-23 02:23 6,144 ac------ c:\windows\system32\dllcache\kbd106n.dll 2009-08-23 02:23 6,144 ac------ c:\windows\system32\kbd101.dll 2009-08-23 02:23 6,144 ac------ c:\windows\system32\dllcache\kbd101.dll 2009-08-23 02:23 19,456 ac------ c:\windows\system32\dllcache\agt0804.dll 2009-08-23 02:22 7,168 ac------ c:\windows\system32\f3ahvoas.dll 2009-08-23 02:22 7,168 ac------ c:\windows\system32\dllcache\f3ahvoas.dll 2009-08-23 02:22 6,144 ac------ c:\windows\system32\kbdlk41j.dll 2009-08-23 02:22 6,144 ac------ c:\windows\system32\dllcache\kbdlk41j.dll 2009-08-23 02:21 19,456 ac------ c:\windows\system32\dllcache\agt0412.dll 2009-08-23 02:21 7,168 ac------ c:\windows\system32\kbdibm02.dll 2009-08-23 02:21 7,168 ac------ c:\windows\system32\dllcache\kbdibm02.dll 2009-08-23 02:21 6,656 ac------ c:\windows\system32\kbdlk41a.dll 2009-08-23 02:21 6,656 ac------ c:\windows\system32\dllcache\kbdlk41a.dll 2009-08-23 02:20 218,112 ac------ c:\windows\system32\dllcache\c_g18030.dll 2009-08-23 02:20 218,112 ac------ c:\windows\system32\c_g18030.dll 2009-08-23 02:19 6,144 ac------ c:\windows\system32\kbdax2.dll 2009-08-23 02:19 6,144 ac------ c:\windows\system32\dllcache\kbdax2.dll 2009-08-23 02:15 <DIR> -cd----- c:\windows\network diagnostic 2009-08-23 02:15 144,384 -c------ c:\windows\system32\drivers\hdaudbus.sys 2009-08-23 02:15 10,240 -c------ c:\windows\system32\drivers\sffp_mmc.sys 2009-08-23 01:54 <DIR> -cd----- c:\program files\messenger 2009-08-23 01:50 <DIR> -cd----- c:\windows\ServicePackFiles 2009-08-23 01:49 26,488 ac------ c:\windows\system32\spupdsvc.exe 2009-08-22 21:42 411,368 ac------ c:\windows\system32\deploytk.dll 2009-08-22 21:42 73,728 ac------ c:\windows\system32\javacpl.cpl 2009-08-22 17:11 50,176 -c------ c:\windows\system32\proquota.exe 2009-08-22 17:10 174,592 -c------ c:\windows\system32\framedyn.dll 2009-08-19 12:18 <DIR> -cd----- c:\windows\system32\dllcache\cache 2009-08-19 12:00 <DIR> acdshr-- C:\cmdcons 2009-08-19 11:59 216,064 ac------ c:\windows\PEV.exe 2009-08-19 11:59 161,792 ac------ c:\windows\SWREG.exe 2009-08-19 11:59 98,816 ac------ c:\windows\sed.exe 2009-08-19 11:08 359,932 ac------ C:\firefox.exe.scr 2009-08-19 11:01 2,585,872 ac------ C:\WindowsInstaller-KB893803-v2-x86.exe 2009-08-12 12:16 <DIR> -cd-h--- c:\windows\PIF ==================== Find3M ==================== 2008-04-17 14:27 25,600 ac------ c:\documents and settings\david wang\usbsermptxp.sys 2008-04-17 14:27 22,768 ac------ c:\documents and settings\david wang\usbsermpt.sys ============= FINISH: 11:57:35.71 =============== Attach.txt: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) ==== Disk Partitions ========================= ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== AC3Filter (remove only) Adobe Flash Player 10 Plugin Adobe Reader 9.1.3 Adobe Shockwave Player 11.5 AOL Instant Messenger Apple Software Update ATK0100 ACPI UTILITY AutoUpdate DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DVD Shrink 3.2 FLV Player 1.3.3 GSpot Codec Information Appliance Intel® Extreme Graphics 2 Driver Intel® PROSet/Wireless Software Java 6 Update 16 mCore mDriver mDrWiFi meGUI modern media encoder (remove only) mEoU mHelp Microsoft .NET Framework 1.1 Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 mIWA mLogView mMHouse Mozilla Firefox (3.0.13) mPfMgr mPfWiz mProSafe mWlsSafe mXML mZConfig Official Factory Repair Manual Audi 100, A6 1992-1997 QuickTime RealPlayer SoftV92 Data Fax Modem with SmartCP SpeedFan (remove only) SUPERAntiSpyware Free Edition VCDS Release 805.1 Videosoft H.264 Decoder 2.2 BETA Viewpoint Manager (Remove Only) Viewpoint Media Player Viewpoint Toolbar Windows Driver Package - Ross-Tech USB Driver Package (11/16/2007 6.0.2.0) Windows Media Format Runtime Windows Media Player 10 Windows Media Player Firefox Plugin Windows XP Service Pack 3 WinRAR archiver Xvid 1.1.2 final uninstall ==== End Of File ===========================
  9. DDS (Ver_09-07-30.01) - NTFSx86 Run by david wang at 23:28:26.46 on Sat 08/22/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16 ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://google.com/ uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.7.0\ViewBarBHO.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.7.0\IEViewBar.dll uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\davidw~1\startm~1\programs\startup\rt-upd~1.lnk - c:\ross-tech\vcds\VCDS.exe IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {3234504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/a/0/0/a0043c6c-8cd6-428e-9c9e-01883020f5ce/mpg4dmo.CAB DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxsrvc.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SecurityProviders: schannel.dll, digest.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\davidw~1\applic~1\mozilla\firefox\profiles\1387k14y.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?p=1151392084 FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={E113B85B-DB91-D189-5821-5BE04612C681}&q= FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-08-22 21:42 411,368 ac------ c:\windows\system32\deploytk.dll 2009-08-22 21:42 73,728 ac------ c:\windows\system32\javacpl.cpl 2009-08-22 20:43 45,056 ac------ c:\windows\system32\dllcache\proquota.exe 2009-08-22 20:43 174,592 ac------ c:\windows\system32\dllcache\framedyn.dll 2009-08-22 17:11 45,056 -c------ c:\windows\system32\proquota.exe 2009-08-22 17:10 174,592 -c------ c:\windows\system32\framedyn.dll 2009-08-19 12:18 <DIR> -cd----- c:\windows\system32\dllcache\cache 2009-08-19 12:00 <DIR> acdshr-- C:\cmdcons 2009-08-19 11:59 216,064 ac------ c:\windows\PEV.exe 2009-08-19 11:59 161,792 ac------ c:\windows\SWREG.exe 2009-08-19 11:59 98,816 ac------ c:\windows\sed.exe 2009-08-19 11:08 359,932 ac------ C:\firefox.exe.scr 2009-08-19 11:01 2,585,872 ac------ C:\WindowsInstaller-KB893803-v2-x86.exe 2009-08-12 12:16 <DIR> -cd-h--- c:\windows\PIF ==================== Find3M ==================== 2008-04-17 14:27 25,600 ac------ c:\documents and settings\david wang\usbsermptxp.sys 2008-04-17 14:27 22,768 ac------ c:\documents and settings\david wang\usbsermpt.sys ============= FINISH: 23:28:43.06 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) ==== Disk Partitions ========================= ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== AC3Filter (remove only) Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Reader 9.1 Adobe Shockwave Player 11.5 AOL Instant Messenger Apple Software Update ATK0100 ACPI UTILITY AutoUpdate DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DVD Shrink 3.2 FLV Player 1.3.3 GSpot Codec Information Appliance Intel® Extreme Graphics 2 Driver Intel® PROSet/Wireless Software Java 6 Update 16 mCore mDriver mDrWiFi meGUI modern media encoder (remove only) mEoU mHelp Microsoft .NET Framework 1.1 Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 mIWA mLogView mMHouse Mozilla Firefox (3.0.13) mPfMgr mPfWiz mProSafe mWlsSafe mXML mZConfig Official Factory Repair Manual Audi 100, A6 1992-1997 QuickTime RealPlayer SoftV92 Data Fax Modem with SmartCP SpeedFan (remove only) SUPERAntiSpyware Free Edition VCDS Release 805.1 Videosoft H.264 Decoder 2.2 BETA Viewpoint Manager (Remove Only) Viewpoint Media Player Viewpoint Toolbar Windows Driver Package - Ross-Tech USB Driver Package (11/16/2007 6.0.2.0) Windows Media Format Runtime Windows Media Player 10 Windows Media Player Firefox Plugin WinRAR archiver Xvid 1.1.2 final uninstall Yahoo! Browser Services Yahoo! Internet Mail Yahoo! Messenger Yahoo! Toolbar ==== End Of File ===========================
  10. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, August 22, 2009 Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, August 23, 2009 03:22:02 Records in database: 2678955 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ Scan statistics: Objects scanned: 28840 Threats found: 15 Infected objects found: 15 Suspicious objects found: 0 Scan duration: 01:22:33 File name / Threat / Threats count C:\Program Files\Common Files\ikrk\ikrkl.exe Infected: Trojan-Downloader.Win32.TSUpdate.r 1 C:\Program Files\Common Files\ikrk\ikrkp.exe Infected: Trojan-Downloader.Win32.TSUpdate.f 1 C:\Qoobox\Quarantine\C\Program Files\BrowserCtl\BrowserCtl.dll.vir Infected: Net-Worm.Win32.Koobface.bhg 1 C:\Qoobox\Quarantine\C\Program Files\BrowserCtl\BrowserCtl.sys.vir Infected: Rootkit.Win32.Small.afd 1 C:\Qoobox\Quarantine\C\Program Files\sys\sys.dll.vir Infected: Trojan.Win32.Agent.cnfo 1 C:\Qoobox\Quarantine\C\Program Files\sys\sys.sys.vir Infected: Rootkit.Win32.Agent.lvq 1 C:\Qoobox\Quarantine\C\Program Files\Windows Antivirus Pro\Windows Antivirus Pro.exe.vir Infected: not-a-virus:FraudTool.Win32.AntiVirusPro.ng 1 C:\Qoobox\Quarantine\C\WINDOWS\freddy49.exe.vir Infected: Net-Worm.Win32.Koobface.asb 1 C:\Qoobox\Quarantine\C\WINDOWS\freddy57.exe.vir Infected: Net-Worm.Win32.Koobface.bhn 1 C:\Qoobox\Quarantine\C\WINDOWS\ld11.exe.vir Infected: Net-Worm.Win32.Koobface.akx 1 C:\Qoobox\Quarantine\C\WINDOWS\pp10.exe.vir Infected: Trojan-Downloader.Win32.Agent.chps 1 C:\Qoobox\Quarantine\C\WINDOWS\son_1248102413.exe.vir Infected: Trojan-PSW.Win32.LdPinch.dis 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\dddesot.dll.vir Infected: Trojan.Win32.BHO.xxc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\desot.exe.vir Infected: not-a-virus:FraudTool.Win32.XPAntivirus.fjr 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir Infected: Trojan.Win32.Inject.afha 1 Selected area has been scanned.
  11. Combofix log: ComboFix 09-08-18.04 - david wang 08/22/2009 20:43.2.1 - NTFSx86 Running from: c:\documents and settings\david wang\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\david wang\Desktop\CFScript.txt * Created a new restore point FILE :: "c:\windows\system32\kxpqxnuk.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe c:\windows\system32\kxpqxnuk.tmp Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll . --------------- FCopy --------------- c:\windows\system32\framedyn.dll --> c:\windows\system32\dllcache\framedyn.dll c:\windows\system32\proquota.exe --> c:\windows\system32\dllcache\proquota.exe . ((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 ))))))))))))))))))))))))))))))) . 2009-08-23 00:43 . 2001-08-18 02:36 45056 -c--a-w- c:\windows\system32\dllcache\proquota.exe 2009-08-23 00:43 . 2001-08-18 02:36 174592 -c--a-w- c:\windows\system32\dllcache\framedyn.dll 2009-08-22 21:11 . 2001-08-18 02:36 45056 -c----w- c:\windows\system32\proquota.exe 2009-08-22 21:10 . 2001-08-18 02:36 174592 -c----w- c:\windows\system32\framedyn.dll 2009-08-19 15:08 . 2009-08-19 15:07 359932 -c--a-w- C:\firefox.exe.scr 2009-08-19 15:01 . 2009-08-19 15:01 2585872 -c--a-w- C:\WindowsInstaller-KB893803-v2-x86.exe 2009-08-14 20:26 . 2009-08-14 20:26 488960 -c--a-w- c:\documents and settings\david wang\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll 2009-08-14 20:26 . 2009-08-14 20:26 319488 -c--a-w- c:\documents and settings\david wang\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe 2009-08-12 16:16 . 2009-08-12 16:16 -------- dc-h--w- c:\windows\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-23 00:36 . 2006-06-27 18:21 -------- dc----w- c:\program files\eMule 2009-08-22 02:35 . 2006-06-30 14:20 -------- dc----w- c:\documents and settings\david wang\Application Data\AdobeUM 2009-07-01 04:12 . 2009-07-01 04:12 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion . ((((((((((((((((((((((((((((( [email protected]_16.13.13 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 05:19 . 2007-11-07 05:19 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll + 2007-11-07 05:19 . 2007-11-07 05:19 47104 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll + 2007-11-07 05:19 . 2007-11-07 05:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll + 2007-11-07 05:19 . 2007-11-07 05:19 60416 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll + 2007-11-07 05:19 . 2007-11-07 05:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll + 2007-11-07 05:19 . 2007-11-07 05:19 59392 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll + 2007-11-07 05:19 . 2007-11-07 05:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll + 2007-11-07 05:19 . 2007-11-07 05:19 60928 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll + 2007-11-07 05:19 . 2007-11-07 05:19 41984 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll + 2007-11-07 05:19 . 2007-11-07 05:19 41472 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll + 2007-11-07 02:51 . 2007-11-07 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll + 2007-11-07 02:51 . 2007-11-07 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll + 2009-08-22 21:11 . 2001-08-18 02:36 45056 c:\windows\LastGood\system32\proquota.exe + 2007-11-07 05:19 . 2007-11-07 05:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll + 2007-11-07 05:19 . 2007-11-07 05:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll + 2007-11-07 00:23 . 2007-11-07 00:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll + 2007-11-07 05:19 . 2007-11-07 05:19 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll + 2009-08-19 16:30 . 2009-08-19 16:30 228352 c:\windows\Installer\138026.msi + 2007-11-07 05:19 . 2007-11-07 05:19 1162744 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll + 2007-11-07 05:19 . 2007-11-07 05:19 1156600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-09-13 4621816] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-17 185784] c:\documents and settings\david wang\Start Menu\Programs\Startup\ RT-Updater.lnk - c:\ross-tech\VCDS\VCDS.exe [2008-12-23 1057792] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 21:28 352256 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders schannel.dll, digest.dll R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [x] R3 FTD2XX;VAGUSB.SYS VAG-COM USB Driver;c:\windows\system32\Drivers\VAGUSB.sys [2005-12-15 34639] R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.sys [2007-11-16 54400] R3 VAGUSB;VAGUSB.SYS USB Driver;c:\windows\system32\Drivers\VAGUSB.sys [2005-12-15 34639] R3 wg51und5;NETGEAR WG511U Wireless Network Adapter Service;c:\windows\system32\DRIVERS\wg51und5.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] DcomLaunch REG_MULTI_SZ DcomLaunch . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm FF - ProfilePath - c:\documents and settings\david wang\Application Data\Mozilla\Firefox\Profiles\1387k14y.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?p=1151392084 FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={E113B85B-DB91-D189-5821-5BE04612C681}&q= FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-22 20:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(692) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(1512) c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll . Completion time: 2009-08-23 20:59 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-23 00:57 ComboFix2.txt 2009-08-19 16:21 Pre-Run: 11,001,929,728 bytes free Post-Run: 11,003,588,608 bytes free 139
  12. systemlook.txt: SystemLook v1.0 by jpshortstuff (22.05.09) Log created at 17:12 on 22/08/2009 by david wang (Administrator - Elevation successful) ========== filefind ========== Searching for "framedyn.dll" C:\WINDOWS\system32\framedyn.dll --a--c 174592 bytes [21:10 22/08/2009] [02:36 18/08/2001] 5AB61F434FC83CF87EFF68A20E5F93E2 Searching for "proquota.exe" C:\WINDOWS\LastGood\system32\proquota.exe --a--c 45056 bytes [21:11 22/08/2009] [02:36 18/08/2001] B2A23CE7706D4B4A7D192761CD3DB3E1 C:\WINDOWS\system32\proquota.exe --a--c 45056 bytes [21:11 22/08/2009] [02:36 18/08/2001] B2A23CE7706D4B4A7D192761CD3DB3E1 -=End Of File=-
  13. OK, I got the XP disc. Just to let you know, my laptop does not have a built in CD/DVD drive. I use an external USB DVD/CD drive. I hope this will not pose any problems when reloading XP onto the machine.
  14. I think it is. I used it to upgrade my other laptop from Windows 98 ME to XP with it. Should be good right? If so, I'll go and grab it tonight.