Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

The PC is infected but It know with what

  • 05-06-2008 8:12pm
    #1
    RangeR
    Registered Users, Registered Users 2 Posts: 7,265 ✭✭✭


    Right, I've been called in to fix a PC. It's acting wierd. Sometimes the internet won't work, sometimes it will. Sometimes, when browsing to a website, a different site comes up [AdultFinder].

    Windows Automatic Update service is permanently disabled. Trying to put it back to manual or automatic does nothing. Something is immediately putting it back to disabled.

    Tried Spybot, AVG and a handful of other utilities but can't seem to find the root of the problem.

    Spybot complains about C:\Windows\System32\Vitumonde.dll but won't remove it.

    The last thing they did before this happened was to install. . . . . . .
    Limerwire.

    Would appriciate any assistance. DSS logs below.





    DSS Main.txt
    ==========
    Deckard's System Scanner v20071014.68
    Run by David on 2008-06-05 20:56:24
    Computer is in Normal Mode.
    -- System Restore
    Successfully created a Deckard's System Scanner Restore Point.

    -- Last 5 Restore Point(s) --
    74: 2008-06-05 19:56:31 UTC - RP256 - Deckard's System Scanner Restore Point
    73: 2008-06-05 17:54:29 UTC - RP255 - System Checkpoint
    72: 2008-06-03 10:51:04 UTC - RP254 - System Checkpoint
    71: 2008-06-01 20:03:30 UTC - RP253 - Configured AVG 7.5
    70: 2008-06-01 18:02:17 UTC - RP252 - Removed ABBYY FineReader 6.0 Sprint

    -- First Restore Point --
    1: 2008-05-30 13:51:58 UTC - RP183 - System Checkpoint

    Backed up registry hives.
    Performed disk cleanup.
    Total Physical Memory: 495 MiB (512 MiB recommended).

    -- HijackThis Clone

    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-06-05 20:59:30
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16640)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\WINDOWS\system32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\soundman.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files\Lexmark 2400 Series\ezprint.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\lxcrcoms.exe
    C:\WINDOWS\VPro500.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\David\Desktop\dss.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.ie/spbasic.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolbar.msn.co.uk/installsuccess.aspx&&FORM=TOOLBR&DI=3013&CM=MsgrInstall
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {00A10A16-44A6-40BD-8B53-8E0A05E31B47} - C:\WINDOWS\system32\cbXNFvTM.dll (file missing)
    O2 - BHO: (no name) - {01519759-EC9D-47BF-983C-5D7BB3E20686} - C:\WINDOWS\system32\iiffDVml.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: (no name) - {16C1C4A5-985C-483D-AA6B-9CB6EDC8ED2A} - C:\WINDOWS\system32\tuvvwuRk.dll (file missing)
    O2 - BHO: (no name) - {1F819D9E-B196-4860-B14A-6B544917875F} - (no file)
    O2 - BHO: (no name) - {20BFF5C8-10C7-4489-87F7-B9AF062F7097} - C:\WINDOWS\system32\byXOeEXr.dll (file missing)
    O2 - BHO: (no name) - {26CAFA43-5C63-40FC-B079-11F385B618BF} - C:\WINDOWS\system32\ljJCuTmn.dll (file missing)
    O2 - BHO: (no name) - {3D6A9576-4CD0-40D0-A1BC-381E51168D41} - C:\WINDOWS\system32\xxyyWNhE.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9AEE7FA8-0DA7-4C8A-8B3E-FBB6B979C657} - C:\WINDOWS\system32\mlJCrPFX.dll
    O2 - BHO: (no name) - {B000F1D9-A2A1-4C2B-A60B-B3D82D808163} - C:\WINDOWS\system32\geBqPIcD.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {F3DF8174-83D2-423E-A8FF-86F9494E7275} - C:\WINDOWS\system32\ljJYQIAP.dll (file missing)
    O2 - BHO: (no name) - {F62DB33B-4AE1-4456-A973-E700C97949C8} - C:\WINDOWS\system32\khfGXPfF.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [BM0f27cda4] Rundll32.exe "C:\WINDOWS\system32\dtqwppet.dll",s
    O4 - HKLM\..\Run: [0c14fe38] rundll32.exe "C:\WINDOWS\system32\xbntlelt.dll",b
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: VPro500.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?f98ee326189a4e93b932df1fcdbf494
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?f98ee326189a4e93b932df1fcdbf494
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
    O16 - DPF: {22055A00-27C0-438B-BF53-44E973A4C48A} (VPlayer Control) - http://thesecret.tv/movie/player/vivid_ocx.jpeg
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212322360359
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O20 - Winlogon Notify: mlJCrPFX - C:\WINDOWS\system32\mlJCrPFX.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcr_device - Unknown owner - C:\WINDOWS\system32\lxcrcoms.exe
    O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\system32\PAStiSvc.exe

    --
    End of file - 11814 bytes
    -- File Associations
    All associations okay.

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    All drivers whitelisted.

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    S2 MioNet (MioNet Service) - "c:\program files\mionet\mionetmanager.exe" -s "c:\program files\mionet\wrapper.conf"

    -- Device Manager: Disabled
    No disabled devices found.

    -- Scheduled Tasks
    2008-06-05 20:21:01 254 --a
    C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    2008-05-17 23:53:03 284 --a
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

    -- Files created between 2008-05-05 and 2008-06-05
    2008-06-05 20:40:19 0 d
    C:\Documents and Settings\David\Application Data\Help
    2008-06-05 17:43:28 100352 --a
    C:\WINDOWS\system32\xbntlelt.dll
    2008-06-05 17:35:23 102400 --a
    C:\WINDOWS\system32\dtqwppet.dll
    2008-06-05 17:34:27 371306 --ahs---- C:\WINDOWS\system32\lmVDffii.ini2
    2008-06-05 17:34:20 281600 --a
    C:\WINDOWS\system32\iiffDVml.dll
    2008-06-04 10:50:26 97280
    n--- C:\WINDOWS\system32\epyvbebj.dll
    2008-06-04 10:42:10 106496 --a
    C:\WINDOWS\system32\yfcusxcn.dll
    2008-06-04 10:41:25 369842 --ahs---- C:\WINDOWS\system32\DcIPqBeg.ini2
    2008-06-03 10:09:08 89088 --a
    C:\WINDOWS\system32\cuylcpox.dll
    2008-06-03 10:01:11 103424 --a
    C:\WINDOWS\system32\lpujdjpg.dll
    2008-06-03 10:00:07 374259 --ahs---- C:\WINDOWS\system32\FfPXGfhk.ini2
    2008-06-01 20:47:52 104448 --a
    C:\WINDOWS\system32\tqrnwlkn.dll
    2008-06-01 20:47:09 249748 --ahs---- C:\WINDOWS\system32\EhNWyyxx.ini2
    2008-06-01 20:13:02 104448 --a
    C:\WINDOWS\system32\haxqcmnv.dll
    2008-06-01 19:33:53 247028 --ahs---- C:\WINDOWS\system32\nmTuCJjl.ini2
    2008-06-01 19:02:42 0 d
    C:\WINDOWS\system32\appmgmt
    2008-06-01 18:34:59 104448 --a
    C:\WINDOWS\system32\stcnpuev.dll
    2008-06-01 18:34:17 248574 --ahs---- C:\WINDOWS\system32\MTvFNXbc.ini2
    2008-06-01 18:06:15 104448 --a
    C:\WINDOWS\system32\lbdfgmbr.dll
    2008-06-01 17:27:03 246243 --ahs---- C:\WINDOWS\system32\kRuwvvut.ini2
    2008-06-01 16:34:23 0 d
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-01 12:27:33 104448 --a
    C:\WINDOWS\system32\sfwcjrbb.dll
    2008-06-01 12:26:31 952 --ahs---- C:\WINDOWS\system32\rXEeOXyb.ini2
    2008-06-01 10:29:23 0 d
    C:\WINDOWS\system32\bits
    2008-06-01 09:53:54 104448 --a
    C:\WINDOWS\system32\bevvamke.dll
    2008-06-01 09:09:55 0 d
    C:\Program Files\Windows Live Safety Center
    2008-05-31 09:52:55 104448 --a
    C:\WINDOWS\system32\yaygaohq.dll
    2008-05-31 09:28:40 104448 --a
    C:\WINDOWS\system32\saebklly.dll
    2008-05-30 15:00:27 63488 --a
    C:\WINDOWS\system32\mlJCUMCt.dll
    2008-05-30 14:51:46 249319 --ahs---- C:\WINDOWS\system32\PAIQYJjl.ini2
    2008-05-30 14:46:17 0 d
    C:\WINDOWS\system32\vntiho05
    2008-05-30 14:46:17 0 d
    C:\Temp
    2008-05-30 14:46:11 63488 --a
    C:\WINDOWS\system32\mlJCrPFX.dll
    2008-05-30 12:52:34 0 d
    C:\Documents and Settings\David\Application Data\LimeWire
    2008-05-05 12:40:36 0 d
    C:\Documents and Settings\NetworkService\Application Data\FaxCtr

    -- Find3M Report
    2008-06-05 17:34:16 0 d
    C:\Documents and Settings\David\Application Data\AVG7
    2008-06-05 17:30:59 0 d
    C:\Program Files\lx_cats
    2008-06-04 11:36:50 0 d
    C:\Program Files\MioNet
    2008-06-01 21:40:34 2486 --a
    C:\Documents and Settings\David\Application Data\wklnhst.dat
    2008-06-01 19:01:04 0 d
    C:\Program Files\eGames
    2008-05-28 19:56:18 0 d
    C:\Documents and Settings\David\Application Data\Adobe
    2008-04-21 19:31:58 12252879
    n--- C:\avg7qt.dat
    2008-04-19 13:40:39 0 d
    C:\Program Files\Java
    2008-04-15 20:25:29 0 d
    C:\Documents and Settings\David\Application Data\Sun
    2008-04-13 21:46:02 0 d
    C:\Program Files\Common Files
    2008-04-13 21:46:02 0 d
    C:\Program Files\Common Files\Java
    2008-04-13 19:41:39 0 d
    C:\Program Files\SMP3 Tools

    -- Registry Dump
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00A10A16-44A6-40BD-8B53-8E0A05E31B47}]
    C:\WINDOWS\system32\cbXNFvTM.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01519759-EC9D-47BF-983C-5D7BB3E20686}]
    05/06/2008 17:34 281600 --a
    C:\WINDOWS\system32\iiffDVml.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16C1C4A5-985C-483D-AA6B-9CB6EDC8ED2A}]
    C:\WINDOWS\system32\tuvvwuRk.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F819D9E-B196-4860-B14A-6B544917875F}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20BFF5C8-10C7-4489-87F7-B9AF062F7097}]
    C:\WINDOWS\system32\byXOeEXr.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26CAFA43-5C63-40FC-B079-11F385B618BF}]
    C:\WINDOWS\system32\ljJCuTmn.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D6A9576-4CD0-40D0-A1BC-381E51168D41}]
    C:\WINDOWS\system32\xxyyWNhE.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AEE7FA8-0DA7-4C8A-8B3E-FBB6B979C657}]
    30/05/2008 14:46 63488 --a
    C:\WINDOWS\system32\mlJCrPFX.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B000F1D9-A2A1-4C2B-A60B-B3D82D808163}]
    C:\WINDOWS\system32\geBqPIcD.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3DF8174-83D2-423E-A8FF-86F9494E7275}]
    C:\WINDOWS\system32\ljJYQIAP.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F62DB33B-4AE1-4456-A973-E700C97949C8}]
    C:\WINDOWS\system32\khfGXPfF.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [06/08/2005 05:56]
    "SMSERIAL"="sm56hlpr.exe" [06/06/2005 17:40 C:\WINDOWS\sm56hlpr.exe]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [13/09/2002 21:42]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [03/11/2004 04:24]
    "SoundMan"="SOUNDMAN.EXE" [01/03/2006 23:22 C:\WINDOWS\soundman.exe]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 17:35]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 17:32]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 17:36]
    "lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [22/01/2006 18:45]
    "EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [07/02/2006 06:10]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 09:11]
    "LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [01/12/2005 19:38]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/06/2008 21:10]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/02/2008 00:13]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/02/2008 15:18]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
    "BM0f27cda4"="C:\WINDOWS\system32\dtqwppet.dll" [05/06/2008 17:35]
    "0c14fe38"="C:\WINDOWS\system32\xbntlelt.dll" [05/06/2008 17:43]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 20:00]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    VPro500.lnk - C:\WINDOWS\VPro500.exe [18/05/2007 12:42:29]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{9AEE7FA8-0DA7-4C8A-8B3E-FBB6B979C657}"= C:\WINDOWS\system32\mlJCrPFX.dll [30/05/2008 14:46 63488]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJCrPFX]
    mlJCrPFX.dll 30/05/2008 14:46 63488 C:\WINDOWS\system32\mlJCrPFX.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\iiffDVml

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3f24a2b-0530-11dc-85c6-806d6172696f}]
    AutoRun\command- D:\tbsystem\TB89run.exe "\RSA2006\english.tbk"
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af5ef7a3-21c6-11dc-865e-001558479612}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


    -- End of Deckard's System Scanner: finished at 2008-06-05 21:01:02



    DSS - Extra.txt
    ===========
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    -- System Information
    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English
    CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
    CPU 1: Intel(R) Pentium(R) 4 CPU 2.80GHz
    Percentage of Memory in Use: 69%
    Physical Memory (total/avail): 494.48 MiB / 152.04 MiB
    Pagefile Memory (total/avail): 1154.16 MiB / 734.24 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1906.65 MiB
    C: is Fixed (NTFS) - 147.95 GiB total, 130.48 GiB free.
    D: is CDROM (CDFS)
    E: is Removable (No Media)
    F: is Removable (No Media)
    G: is Removable (No Media)
    H: is Removable (No Media)
    [URL="file://\\.\PHYSICALDRIVE0"]\\.\PHYSICALDRIVE0[/URL] - Hitachi HDS721616PLAT80 - 153.38 GiB - 2 partitions
    \PARTITION0 - Unknown - 5.44 GiB
    \PARTITION1 (bootable) - Installable File System - 147.95 GiB - C:
    [URL="file://\\.\PHYSICALDRIVE1"]\\.\PHYSICALDRIVE1[/URL] - Myson CS8819A2-105 00 USB Device
    [URL="file://\\.\PHYSICALDRIVE2"]\\.\PHYSICALDRIVE2[/URL] - Myson CS8819A2-105 10 USB Device
    [URL="file://\\.\PHYSICALDRIVE3"]\\.\PHYSICALDRIVE3[/URL] - Myson CS8819A2-105 20 USB Device
    [URL="file://\\.\PHYSICALDRIVE4"]\\.\PHYSICALDRIVE4[/URL] - Myson CS8819A2-105 30 USB Device

    -- Security Center
    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.
    FirstRunDisabled is set.
    AV: AVG 7.5.524 v7.5.524 (Grisoft)
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Media Center Diagnostic Kit\\MCDiag.exe"="C:\\Program Files\\Media Center Diagnostic Kit\\MCDiag.exe:*:Enabled:Media Center Diagnostic Tool"
    "C:\\Program Files\\Media Center Diagnostic Kit\\MCEHostRemote.exe"="C:\\Program Files\\Media Center Diagnostic Kit\\MCEHostRemote.exe:*:Enabled:Media Center Scripting Host"
    "C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\mswt kart\\MSWorldTour.exe"="C:\\Program Files\\mswt kart\\MSWorldTour.exe:*:Enabled:MSWorldTour"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

    -- Environment Variables
    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\David\Application Data
    CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=SCORERSCOMPUTER
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\David
    LOGONSERVER=\\SCORERSCOMPUTER
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0403
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\David\LOCALS~1\Temp
    TMP=C:\DOCUME~1\David\LOCALS~1\Temp
    USERDOMAIN=SCORERSCOMPUTER
    USERNAME=David
    USERPROFILE=C:\Documents and Settings\David
    windir=C:\WINDOWS

    -- User Profiles
    David (admin)
    Susan (admin)
    VIKKI (admin)
    Administrator (admin)

    -- Add/Remove Programs
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Alchemist Special Edition --> C:\PROGRA~1\eGames\ALCHEM~1\UNWISE.EXE C:\PROGRA~1\eGames\ALCHEM~1\INSTALL.LOG
    Animals of Africa --> C:\PROGRA~1\eGames\ANIMAL~1\UNWISE.EXE C:\PROGRA~1\eGames\ANIMAL~1\INSTALL.LOG
    Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    Balloon Kaboom --> C:\PROGRA~1\eGames\BALLOO~2\UNWISE.EXE C:\PROGRA~1\eGames\BALLOO~2\INSTALL.LOG
    Balloon Pop Special Edition --> C:\PROGRA~1\eGames\BALLOO~1\UNWISE.EXE C:\PROGRA~1\eGames\BALLOO~1\INSTALL.LOG
    Bingo Master Special Edition --> C:\PROGRA~1\eGames\BINGOM~1\UNWISE.EXE C:\PROGRA~1\eGames\BINGOM~1\INSTALL.LOG
    Blast Thru Special Edition --> C:\PROGRA~1\eGames\BLASTT~1\UNWISE.EXE C:\PROGRA~1\eGames\BLASTT~1\INSTALL.LOG
    Blobs --> C:\PROGRA~1\eGames\Blobs\UNWISE.EXE C:\PROGRA~1\eGames\Blobs\INSTALL.LOG
    Collector's Edition 251 --> C:\PROGRA~1\eGames\COLLEC~1\UNWISE.EXE C:\PROGRA~1\eGames\COLLEC~1\INSTALL.LOG
    Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
    iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
    J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Lexmark 2400 Series --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
    Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
    Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
    Map Button (Windows Live Toolbar) --> MsiExec.exe /X{59932D51-F260-4EF6-A784-4F69659F1A62}
    Media Center Diagnostic Kit --> MsiExec.exe /I{63DC3499-A635-43c3-826C-E41851A6DDB0}
    Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
    Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
    MioNet --> "C:\Program Files\MioNet\uninstall.exe"
    Motorola SM56 Speakerphone Modem --> C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
    MS Worldtour Kart --> "C:\Program Files\mswt kart\uninstall.exe"
    MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
    Paddy Power Poker --> "C:\Documents and Settings\David\My Documents\Paddy Power Poker\_SetupCasino[1].exe" /uninstall
    Philips SPC500NC Webcam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{895C10ED-9276-49E7-87C4-8C03A1B08EDB}\Setup.exe"
    Philips VLounge --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9486FE2-407B-4B45-B353-0EBE1E4F4FDE}\Setup.exe" -l0x9
    Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66034137-F1CE-4CEF-8180-46553C54DB18}
    Power2Go 4.0 --> RunDll32 c:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
    PowerDVD --> RunDll32 c:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
    PowerStarter --> RunDll32 c:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
    QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
    Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
    REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
    Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{1306C737-0AF4-46C7-B282-64E099304712}
    SMP3 Tools v1.5a --> MsiExec.exe /X{728929F6-2AFE-470E-9122-9C2FA2B4E004}
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Su Doku Classic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1503245-7BD9-443A-B18D-4400DB736E91}\setup.exe" -l0x9
    Superball Challenge Special Edition --> C:\PROGRA~1\eGames\SUPERB~1\UNWISE.EXE C:\PROGRA~1\eGames\SUPERB~1\INSTALL.LOG
    Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{FDB226E3-D55D-4922-894F-20CE4646077D}
    Tesco internet access dialler --> rundll32 c:\PROGRA~1\tesconet\RyDial.dll,Uninstall
    Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
    Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{71CB529E-21A4-42AD-BF38-564F08988633}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
    Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
    Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{D3F28364-8B10-45F1-8C2D-0037F4538BBB}
    Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{328420FA-7638-4AB1-81DF-E0FECEFF24E3}
    Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
    Windows XP Media Center Edition 2005 KB914548 --> "C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe"

    -- Application Event Log
    Event Record #/Type4710 / Error
    Event Submitted/Written: 06/05/2008 06:16:55 PM
    Event ID/Source: 1001 / Application Hang
    Event Description:
    Fault bucket 638272710.
    Event Record #/Type4709 / Error
    Event Submitted/Written: 06/05/2008 06:16:34 PM
    Event ID/Source: 1001 / Application Hang
    Event Description:
    Fault bucket 638272710.
    Event Record #/Type4708 / Error
    Event Submitted/Written: 06/05/2008 06:15:49 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Event Record #/Type4707 / Error
    Event Submitted/Written: 06/05/2008 06:15:47 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Event Record #/Type4689 / Success
    Event Submitted/Written: 06/04/2008 10:37:26 AM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    -- Security Event Log
    No Errors/Warnings found.

    -- System Event Log
    Event Record #/Type28021 / Error
    Event Submitted/Written: 06/05/2008 08:44:13 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    Event Record #/Type28020 / Error
    Event Submitted/Written: 06/05/2008 08:44:09 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    Event Record #/Type28013 / Error
    Event Submitted/Written: 06/05/2008 08:36:40 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    Event Record #/Type28012 / Error
    Event Submitted/Written: 06/05/2008 08:21:01 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    Event Record #/Type28011 / Error
    Event Submitted/Written: 06/05/2008 07:21:01 PM
    Event ID/Source: 10005 / DCOM
    Event Description:
    DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
    in order to run the server:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}

    -- End of Deckard's System Scanner: finished at 2008-06-05 21:01:02


Comments

  • #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Please download ATF Cleaner by Atribune.
      Double-click
    ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    If you use Firefox browser
      Click
    Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
      Click
    Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.



    Please visit this web page for instructions for downloading and running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    This includes installing the Windows XP Recovery Console in case you have not installed it yet.

    For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

    Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.





    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner and click Accept

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
      • Scan Options:
        Scan Archives
        Scan Mail Bases

        [*]Click OK
        [*]Now under select a target to scan:
          Select
        My Computer

        [*]This will program will start and scan your system.
        [*]The scan will take a while so be patient and let it run.
        [*]Once the scan is complete it will display if your system has been infected.
        • Now click on the Save as Text button:
        [*]Save the file to your desktop.
        [*]Copy and paste that information in your next post.


      Advertisement