WLMessenger 14: Problem with Wldcore.dll

This sure sounds typical...

I was using the latest WIndows Live Messenger for a good while. Then one day, it wouldn't open. The icon appears in the taskbar, and then it says

Windows Live Messenger has encountered a problem, etc. etc.

The error sig is:
AppName: msnmsgr.exe
AppVer: 14.0.8064.206
AppStamp: 498cf586
ModName: wldcore.dll
ModVer: 14.0.8064.206
ModStamp: 498cddea
fDebug: 0 Offset: 00002ee5

The Event Viewer is unable to generate a fault bucket for this.

I've tried clearing the cache, and uninstalling, and the usual remedies.

Googling really doesn't come up with anything to do with WLDCORE.DLL and problems.

Hope someone can help soon. Here's the HJT Log.

--------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:07 PM, on 14/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\SSC\NSCTOP.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NewRecog] C:\Program Files\HandWrite\MyNewRecog.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\Phonetic\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://F:\movie stuff\fdm\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://F:\movie stuff\fdm\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Free Download Manager - file://F:\movie stuff\fdm\Free Download Manager\dllink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendo.com/consumer/systems/w...a/usbaptest.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mythicalglade.spaces.live.com//Phot...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168049121375
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183503787265
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} (IAMCE Class) - file://D:\win\setup\iamce.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC169CB-97F0-4D54-8556-80A7AF9D7A5F}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE

--
End of file - 15506 bytes

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K

Thanks. Here's the DDS Log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 14:45:53.03 on 29/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.503.72 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\SSC\NSCTOP.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\HandWrite\MyNewRecog.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\HandWrite\InsTalk\InsTalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Administrator\Application Data\U3\0B01D96082A258FA\LaunchPad.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PowerBar]
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [StandardInstall]
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [NewRecog] c:\program files\handwrite\MyNewRecog.exe
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\exif launcher\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netass~1.lnk - c:\program files\netassistant\bin\matcli.exe
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download all with Free Download Manager - file://f:\movie stuff\fdm\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://f:\movie stuff\fdm\free download manager\dlselected.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: Download with Free Download Manager - file://f:\movie stuff\fdm\free download manager\dllink.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Trusted Zone: microsoft.com\*.update
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendo.com/consumer/systems/wii/en_na/usbaptest.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://mythicalglade.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168049121375
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183503787265
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://www.gamehouse.com/games/mjolauncher.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file://d:\win\setup\iamce.dll
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
TCP: {FCC169CB-97F0-4D54-8556-80A7AF9D7A5F} = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\dlwfuf7q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-3-20 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-3-20 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-3-20 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090318.001\IDSXpx86.sys [2009-3-23 276344]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-25 55136]
R2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-3-20 115560]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-3 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090329.003\NAVENG.SYS [2009-3-29 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090329.003\NAVEX15.SYS [2009-3-29 876144]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2008-3-22 17432]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 014f8896-46ef-42b0-ac80-63c90a38be05;014f8896-46ef-42b0-ac80-63c90a38be05;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-8 33752]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys --> c:\windows\system32\drivers\toywdm.sys [?]

============== File Associations ===============

inifile=c:\windows\NOTEPAD2.EXE %1
txtfile=c:\windows\NOTEPAD2.EXE %1

=============== Created Last 30 ================

2009-03-27 17:27 <DIR> --d----- c:\program files\common files\xing shared
2009-03-20 20:18 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-03-20 20:17 <DIR> --d--r-- c:\program files\Skype
2009-03-20 13:19 <DIR> -cd-h--- c:\windows\ie8
2009-03-14 12:34 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-14 11:45 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-03-14 11:25 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-14 11:22 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-14 11:22 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-14 11:22 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-14 11:22 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-14 11:22 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-14 11:22 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-14 11:22 <DIR> --d----- C:\21546be3c3842a500470
2009-03-14 11:22 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-08 15:53 1,409 a------- c:\windows\QTFont.for
2009-03-08 15:53 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-08 14:22 49,152 -------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 2,560 -------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 4,096 -------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 81,920 -------- c:\windows\system32\iedkcs32.dll.mui
2009-03-07 19:37 1,746 a------- c:\windows\HijackThis.lnk
2009-03-07 19:37 <DIR> --d----- c:\program files\Trend Micro
2009-03-07 11:56 266,360 a------- c:\windows\system32\TweakUI.exe
2009-03-07 11:56 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-03-04 22:59 <DIR> --d----- c:\documents and settings\administrator\.denemo
2009-03-02 21:40 <DIR> --d----- c:\documents and settings\administrator\.lilypond-fonts.cache-2
2009-02-27 22:35 144 a------- c:\windows\Eudcedit.ini

==================== Find3M ====================

2009-03-27 17:25 499,712 a------- c:\windows\system32\msvcp71.dll
2009-03-27 17:25 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-20 09:07 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-20 09:07 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-20 09:07 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-20 09:07 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-14 12:55 86,880 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-12 05:03 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-01 19:32 42,250 a------- c:\docume~1\admini~1\applic~1\wklnhst.dat
2009-02-09 20:56 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 12:23 86,104 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-03 11:32 3,550,592 a------- c:\windows\procexp.exe
2009-01-26 17:56 140,288 a------- c:\windows\system32\sfc_os1.dll
2009-01-07 18:21 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-01-07 18:20 24,576 a------- c:\windows\system32\nlsdl.dll
2009-01-07 18:20 26,112 a------- c:\windows\system32\idndl.dll
2009-01-07 18:20 23,552 a------- c:\windows\system32\normaliz.dll
2009-01-07 18:20 265,720 a------- c:\windows\system32\msdbg2.dll
2008-12-03 21:28 6,926,336 a------- c:\program files\WindowsVistaUpgradeAdvisor.msi
2008-08-05 10:37 19,731 a------- c:\program files\Customize_Folder.zip
2008-07-12 11:17 22,881 a------- c:\program files\impl102.zip
2008-07-10 21:49 3,103,112 a------- c:\program files\vcsetup.exe
2008-06-16 19:08 1,788 a------- c:\program files\INSTALL.LOG
2008-04-16 19:42 2,387,480 a------- c:\program files\SVGView.exe
2007-02-25 12:00 911,307 a------- c:\program files\ftpsurfer107.exe
2007-02-11 17:55 21,822,168 a------- c:\program files\AdbeRdr80_en_US.exe
2006-07-25 18:22 5,763,072 ac------ c:\program files\WindowsDefender.msi
2004-10-01 15:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2004-08-04 01:56 343,040 a------- c:\program files\mspaint.exe
2003-11-11 21:25 536,064 a------- c:\program files\GIFAnimator.exe
2002-06-04 06:06 65,536 ac------ c:\windows\inf\copyinf.exe
2008-09-18 19:23 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 14:48:01.65 ===============

On a sidenote: I'm pretty sure this doesn't have anything to do with malware, and windows live messenger still works on another user account. (this is administrator)

Thanks in advance~!

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Well, lets do some checking for malware first, just to make sure that is not the cause.

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

• Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  
• Clean all the entries in the "Windows Explorer" section.
  
• Clean all entries in the "System" section.
  
• Clean all entries in the "Advanced" section.
  
• Clean any others that you choose.

In the Applications Tab:

• Clean all except cookies in the Firefox/Mozilla section if you use it.
  
• Clean all in the Opera section if you use it.
  
• Clean Sun Java in the Internet Section.
  
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself.
• Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Also update Norton and run a full virus scan. Let me know if it finds anything other than tracking cookies.

I'm unable to provide a MBAM log since I'm not allowed to leave the computer to idle in excess. It slows the computer while I work, and takes a long time to complete (Quick Scan). I kinda gave up after 2 hours.

CCleaner cleaned out my computer though, and Norton reported only tracking cookies.

Thank you!

I am sorry to have left you hanging this weekend. My local area had an internet blackout. Hopefully this is the last problem I will be having for a long while.

Sorry for any inconvenience.

Does the windows live messenger work now? Why can you not leave the computer idle? A quick scan by Malwarebytes' Anti-Malware should take around 5 minutes if the computer is left alone.

No prob, the speed at which you reply is already outstanding.

Nope, Windows Live Messenger continues to "encounter a problem".

That's what I read on the Internet, a quick scan takes a few minutes, but clicking quick scan takes over an hour (and it doesn't even finish)... I'll go check out the settings and see if I figure something out.

Thanks again!

I misunderstood you. try restarting to safe mode with networking, and then run the scan. Hopefully most of the malware will not startup in safe mode and the scan will go much quicker. Then once the scan is done, you can post the log, then reboot and check out the system. See if it running any differently. Then let me know that.

Talk about being the charm. It scanned within 6 minutes and hardly slowed the computer.

I've attached today's log and also a log of one of the (cancelled) scans I ran a few days ago.

Thanks a lot!

The one today found a Trojan, did you check the box and remove it? How is the computer responding now? Any of the problems fixed?

Yea I removed it and restarted. Still no diff.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


You may need to run this one in safe mode as well.

Okey doke, here's the scan (I ran it normally).

Thank you!

Any change?

If not I need you to go to the administration tools in XP. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side and click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

No change.

Mind you, as said before it still works perfectly fine on the other account.

Attached are the event logs.