Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Don't Know My Specific Problem... Major Computer Malfunction... Shuts Off


  • This topic is locked This topic is locked
8 replies to this topic

#1 littlemoggy

littlemoggy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 09 April 2008 - 12:56 AM

Hi, I have been having major problems for about 6 weeks. It all started with mouse, keyboard and screen freezing. Then the computer shuts off unexpectedly, no error messages, it justs shuts down immediately and to get it back on I have to pull out the power cord and replug it (I may have limited knowledge but I know this is not good!). Then I was unable to send email from Outlook Express, could receive but not send. Get error message 550. After chasing this up with Bigpond I found out my IP address was blacklisted as having sent spam messages to people. This made me think my computer had been hijacked or something by some nasty person. I use Trend Micro PC-cillin and it's always up to date. As well as this I have also ran several scanning tools (Defender, Spybot). Each time I use these it always comes back with new stuff, often 5 - 10 items each time. Mostly things with cookie in the name. I also did a scan from Windows startup and it came back with \PROGRA~1\SIMCAS-1\simcas\error.log bad clusters in file 103512. I don't know if this is relevant to my problem or not. In the last 2.5 weeks the computer started turning off and immediately turning back on then turning off then turning on. It usually does this 8 or 9 times and will become stable for a little while. 2 weeks ago I got rid of Internet Explorer and installed Firefox. This was OK for a day or 2 then it went back to what it was doing before. I have now reinstalled IE. The last 2 days it has been more stable than it has for 2 months after I turned off add ons in Internet Explorer (again, no idea if this is relevant). If anyone has any ideas I will be most grateful. I'm at the point where I'm almost ready to get rid of my connection and go back to using the computer at the public library.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-09 15:16:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
55: 2008-04-09 05:16:24 UTC - RP700 - Deckard's System Scanner Restore Point
54: 2008-04-09 05:03:59 UTC - RP699 - Installed Windows Defender
53: 2008-04-08 19:36:29 UTC - RP698 - Software Distribution Service 3.0
52: 2008-04-08 16:44:35 UTC - RP697 - System Checkpoint
51: 2008-04-07 16:16:28 UTC - RP696 - Installed Windows XP KB929969.


-- First Restore Point --
1: 2008-01-15 15:29:32 UTC - RP646 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:43 PM, on 9/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Owner\Desktop\Deckard System Scanner.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DC1300 Monitor] C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [DC1300monitor] C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/AU/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.pvw.od2.com/common/musicmanage...nagerPlugin.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca06.rightnowtech.com/6010-b337...l/java/RntX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8AF3E04-C3FA-4682-A3AC-74E6DF820252}: NameServer = 203.50.2.71 139.130.4.4
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7521 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R1 sscdbhk5 - c:\windows\system32\drivers\sscdbhk5.sys <Not Verified; VERITAS Software, Inc.; >
R1 ssrtln - c:\windows\system32\drivers\ssrtln.sys <Not Verified; VERITAS Software, Inc.; >
R2 drvnddm - c:\windows\system32\drivers\drvnddm.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnboio - c:\windows\system32\dla\tfsnboio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsncofs - c:\windows\system32\dla\tfsncofs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndrct - c:\windows\system32\dla\tfsndrct.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndres - c:\windows\system32\dla\tfsndres.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnifs - c:\windows\system32\dla\tfsnifs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnopio - c:\windows\system32\dla\tfsnopio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnpool - c:\windows\system32\dla\tfsnpool.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudf - c:\windows\system32\dla\tfsnudf.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudfa - c:\windows\system32\dla\tfsnudfa.sys <Not Verified; VERITAS Software, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 DC1300 (DC 1300 WDM Video Capture) - c:\windows\system32\drivers\bsc504av.sys <Not Verified; Digital Camera; Digital Camera Driver>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 USBCamera (DC 1300 Still Image Capture) - c:\windows\system32\drivers\bscbulk.sys <Not Verified; USB BULK; Platform SDK Sample Code>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ScsiAccess - c:\windows\system32\scsiaccess.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-09 15:07:37 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-08 18:21:01 326 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#Deskjet#5550.job


-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 15:04:05 0 d-------- C:\Program Files\Windows Defender
2008-04-09 05:49:09 0 d-------- C:\Program Files\MSBuild
2008-04-09 05:45:09 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-09 05:43:25 0 d-------- C:\Program Files\Reference Assemblies
2008-04-09 05:40:54 0 d-------- C:\8f8ad1829c3ad43b29cbee7630f6385e
2008-04-09 05:37:40 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-04-06 22:23:41 335 --a------ C:\WINDOWS\mozregistry.dat
2008-03-26 15:06:13 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-03-26 15:05:21 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-26 15:05:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-03-20 23:03:58 0 d-------- C:\Program Files\hp deskjet 5550 series
2008-03-19 15:12:54 0 d-------- C:\Program Files\HP


-- Find3M Report ---------------------------------------------------------------

2008-04-06 22:54:40 0 d-------- C:\Program Files\Common Files
2008-04-06 21:20:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-05 02:23:17 0 d-------- C:\Program Files\Trend Micro
2008-04-05 02:04:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-05 02:02:48 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-20 00:42:15 0 d-------- C:\Program Files\Hewlett-Packard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 04:04 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [15/05/2002 03:29 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [15/05/2002 03:20 AM]
"hp Silent Service"="C:\Windows\system32\HpSrvUI.exe" [18/06/2002 08:24 PM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [17/06/2002 11:11 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [16/07/2002 08:03 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [18/12/2001 11:39 PM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [14/06/2002 04:39 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/07/2003 01:19 PM]
"nwiz"="nwiz.exe" [28/07/2003 01:19 PM C:\WINDOWS\system32\nwiz.exe]
"DC1300 Monitor"="C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe" [26/04/2002 04:26 PM]
"DC1300monitor"="C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe" [26/04/2002 04:26 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [11/07/2002 10:36 PM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [17/04/2002 05:42 PM]
"@"="" []
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 12:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [15/02/2008 11:56 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [13/07/2000 07:00 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:56 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Sandpiper\Eudora\EuShlExt.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

*Newly Created Service* - WINDEFEND



-- End of Deckard's System Scanner: finished at 2008-04-09 15:20:48 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 511.48 MiB / 209.8 MiB
Pagefile Memory (total/avail): 1247.25 MiB / 914.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.1 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 69.39 GiB total, 49.25 GiB free.
D: is Fixed (FAT32) - 5.14 GiB total, 1.05 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SV8004H - 74.56 GiB - 2 partitions
\PARTITION0 - Unknown - 5.15 GiB - D:
\PARTITION1 (bootable) - Installable File System - 69.39 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Trend Micro Personal Firewall v5.2 (Trend Micro Inc.)
AV: Trend Micro Internet Security v16.10.1079 ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-WXRSC38UMF
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-WXRSC38UMF
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-WXRSC38UMF
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
ArcSoft Software Suite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
Britannica Standard Edition --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Britannica\b2002se.isu"
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Conexant SoftK56 Modem(M) --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_200214F1
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
DC 1300 WDM Video Capture --> Rundll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\BSC504A.ini, DefaultUnInstall
DC1300 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B68AABF8-591C-4B1F-906E-DCEF6E18958A}\SETUP.EXE" -l0x9
DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
easy Internet sign-up --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\Setup.exe" -l0x9
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Hemera Products --> C:\PROGRA~1\HEMERA~1\UNWISE.EXE C:\PROGRA~1\HEMERA~1\INSTALL.LOG
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\Owner\Desktop\HijackThis.exe" /uninstall
hp center --> C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903
hp deskjet 5550 series (Remove only) --> C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=5550 -huninstall
HP Digital Imaging Album Printing 1.0 --> MsiExec.exe /X{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}
HP Memories Disc --> MsiExec.exe /X{FF384BDE-429B-45AD-A0C6-E593393D9D1C}
HP Photo and Imaging 1.0 - Scanjet 3500c Series --> MsiExec.exe /I{B8E952E3-A823-443A-8493-39A0CCE0E3EB}
HP Photo and Imaging 1.1 - Photosmart Cameras --> MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
hp print screen utility --> C:\WINDOWS\System32\prnunins.exe
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
hp toolkit --> c:\Windows\HPTK\unhptkit.exe
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Inactive HP ScanJet Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 sjunin.inf
Intel® 845G Chipset Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_18a95a\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Kublox --> "C:\Program Files\wildtangent\apps\gamechannel.exe" \removeitem {F7A4D9BE-D989-45B9-BB49-2C0EA34B9991}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
MediaBar --> C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.exe "C:\WINDOWS\Downloaded Program Files\MusicManagerPlugin.ocx" "{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}"
Microsoft Baseline Security Analyzer 2.0 --> MsiExec.exe /I{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2002 --> MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Money --> MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Money System Pack --> MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
NEATO MediaFACE --> C:\PROGRA~1\MEDIAF~1\UNWISE.EXE C:\PROGRA~1\MEDIAF~1\INSTALL.LOG
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Trend Micro Internet Security --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Turbo Lister --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99CC78D1-2356-497C-84C1-F239884001EC}
upapp --> MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type6614 / Error
Event Submitted/Written: 04/09/2008 05:55:12 AM
Event ID/Source: 1101 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002

Event Record #/Type6602 / Warning
Event Submitted/Written: 04/09/2008 05:44:19 AM
Event ID/Source: 0 / System.ServiceModel.Install 3.0.0.0
Event Description:
HTTP namespace reservations are not installed.

Event Record #/Type6601 / Warning
Event Submitted/Written: 04/09/2008 05:44:09 AM
Event ID/Source: 0 / System.ServiceModel.Install 3.0.0.0
Event Description:
A TransportConfiguration node does not exists in the system.web section for protocol msmq.formatname in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\web.config.

Event Record #/Type6600 / Warning
Event Submitted/Written: 04/09/2008 05:44:09 AM
Event ID/Source: 0 / System.ServiceModel.Install 3.0.0.0
Event Description:
A Protocol node does not exists in the system.web section for protocol msmq.formatname in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\web.config.

Event Record #/Type6599 / Warning
Event Submitted/Written: 04/09/2008 05:44:09 AM
Event ID/Source: 0 / System.ServiceModel.Install 3.0.0.0
Event Description:
A TransportConfiguration node does not exists in the system.web section for protocol net.msmq in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\web.config.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2646 / Warning
Event Submitted/Written: 04/09/2008 03:19:31 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-WXRSC38UMF27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-WXRSC38UMF27 can't undo changes that you allow.

For more information please see the following:
%YOUR-WXRSC38UMF275

Scan ID: {5D610380-20F0-42EB-A32A-814E8B59A1DC}

User: YOUR-WXRSC38UMF\Owner

Name: %YOUR-WXRSC38UMF271

ID: %YOUR-WXRSC38UMF272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOUR-WXRSC38UMF276

Alert Type: %YOUR-WXRSC38UMF278

Detection Type: 1.1.1593.02

Event Record #/Type2645 / Warning
Event Submitted/Written: 04/09/2008 03:19:31 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-WXRSC38UMF27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-WXRSC38UMF27 can't undo changes that you allow.

For more information please see the following:
%YOUR-WXRSC38UMF275

Scan ID: {4D1DE248-EC61-42E5-89FF-252228AD6ABF}

User: YOUR-WXRSC38UMF\Owner

Name: %YOUR-WXRSC38UMF271

ID: %YOUR-WXRSC38UMF272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOUR-WXRSC38UMF276

Alert Type: %YOUR-WXRSC38UMF278

Detection Type: 1.1.1593.02

Event Record #/Type2644 / Warning
Event Submitted/Written: 04/09/2008 03:19:31 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-WXRSC38UMF27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-WXRSC38UMF27 can't undo changes that you allow.

For more information please see the following:
%YOUR-WXRSC38UMF275

Scan ID: {9D82E6DF-B189-45AC-9376-EFFA86A625E6}

User: YOUR-WXRSC38UMF\Owner

Name: %YOUR-WXRSC38UMF271

ID: %YOUR-WXRSC38UMF272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOUR-WXRSC38UMF276

Alert Type: %YOUR-WXRSC38UMF278

Detection Type: 1.1.1593.02

Event Record #/Type2643 / Warning
Event Submitted/Written: 04/09/2008 03:19:29 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-WXRSC38UMF27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-WXRSC38UMF27 can't undo changes that you allow.

For more information please see the following:
%YOUR-WXRSC38UMF275

Scan ID: {C430469A-D4F6-4130-9DC5-877FC4E5E0E5}

User: YOUR-WXRSC38UMF\Owner

Name: %YOUR-WXRSC38UMF271

ID: %YOUR-WXRSC38UMF272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOUR-WXRSC38UMF276

Alert Type: %YOUR-WXRSC38UMF278

Detection Type: 1.1.1593.02

Event Record #/Type2642 / Warning
Event Submitted/Written: 04/09/2008 03:19:29 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-WXRSC38UMF27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-WXRSC38UMF27 can't undo changes that you allow.

For more information please see the following:
%YOUR-WXRSC38UMF275

Scan ID: {11284BFB-C6AF-4DA6-88C3-2F8C1E9AF125}

User: YOUR-WXRSC38UMF\Owner

Name: %YOUR-WXRSC38UMF271

ID: %YOUR-WXRSC38UMF272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %YOUR-WXRSC38UMF276

Alert Type: %YOUR-WXRSC38UMF278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-04-09 15:20:48 ------------

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 19 April 2008 - 03:34 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
As you can probably see our HijackThis Team is incredibly busy at the moment, but I apologise for the delay you have experienced. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 littlemoggy

littlemoggy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 20 April 2008 - 05:48 AM

Hi Charles,
Yes, I'm still having problems. After posting my problem last week I was thinking about when all this started happening. It is possible that my computer was hit by lightning via my phone line. Since posting I have updated by BIOS. I sometimes now get a black screen with "PLEASE CHECK YOUR PC DISPLAY SETTINGS". Anyway, here are my logs:



Note- while trying to run Deckard my Trend Micro program blocked it and came up with the message that it blocked the program because of a virus "PAK_GENERIC.001". Trend Micro has now moved Deckard System Scanner into quarantine.


Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-20 19:59:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:37 PM, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Deckard System Scanner.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DC1300 Monitor] C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [DC1300monitor] C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Simcast] C:\Program Files\Simcast Media\Simcast\SimcastAlerts.exe
O4 - HKLM\..\Run: [SimcastUpdate] C:\Program Files\Simcast Media\Simcast\SimcastUpdate.exe checkForUpdate
O4 - HKLM\..\Run: [EPSON Stylus Photo RX530 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE /P31 "EPSON Stylus Photo RX530 Series" /O6 "USB002" /M "Stylus Photo RX530"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/AU/install.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.pvw.od2.com/common/musicmanage...nagerPlugin.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8AF3E04-C3FA-4682-A3AC-74E6DF820252}: NameServer = 203.50.2.71 139.130.4.4
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7590 bytes

-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-18 11:22:39 0 d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-04-18 11:20:54 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-04-18 11:19:41 483328 --a------ C:\WINDOWS\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-04-18 11:19:41 114688 --a------ C:\WINDOWS\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-04-18 11:19:41 101159 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-04-18 11:19:41 1120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-04-18 11:19:41 1107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-04-18 11:19:41 1136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-04-18 11:19:40 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-04-18 11:19:40 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-04-18 11:19:40 1104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-04-18 11:19:40 1146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-04-18 11:19:40 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-04-18 11:19:40 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-04-18 11:19:40 4943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-04-18 11:19:40 21390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-04-18 11:19:40 11811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-04-18 11:19:40 24903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-04-18 11:19:40 20148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-04-18 11:19:40 26154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-04-18 11:19:39 65536 --a------ C:\WINDOWS\system32\EPPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-04-18 11:18:09 79679 --a------ C:\WINDOWS\system32\E_FLMAGP.DLL <Not Verified; SEIKO EPSON CORPORATION; EPSON Bi-directional Printer>
2008-04-18 11:18:09 34304 --a------ C:\WINDOWS\system32\E_FBCHAGP.DLL <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer Driver>
2008-04-18 11:18:09 64000 --a------ C:\WINDOWS\system32\E_FBCBAGP.DLL <Not Verified; SEIKO EPSON CORPORATION; EPSON CBT Engine>
2008-04-18 11:04:35 0 d-------- C:\Program Files\epson
2008-04-10 15:38:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-10 15:38:14 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-10 15:38:14 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-04-10 15:37:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 01:55:32 0 d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-04-09 22:26:44 0 d-------- C:\Program Files\MSXML 6.0
2008-04-09 15:04:05 0 d-------- C:\Program Files\Windows Defender
2008-04-09 05:49:09 0 d-------- C:\Program Files\MSBuild
2008-04-09 05:45:09 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-09 05:43:25 0 d-------- C:\Program Files\Reference Assemblies
2008-04-09 05:37:40 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-04-06 22:23:41 335 --a------ C:\WINDOWS\mozregistry.dat
2008-03-26 15:06:13 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-03-26 15:05:21 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-26 15:05:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-03-20 23:03:58 0 d-------- C:\Program Files\hp deskjet 5550 series


-- Find3M Report ---------------------------------------------------------------

2008-04-19 10:05:43 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-04-19 00:27:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-18 11:29:05 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-18 11:20:54 0 d-------- C:\Program Files\Arcsoft
2008-04-17 22:30:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-16 13:30:30 0 d-------- C:\Program Files\HP
2008-04-14 00:52:12 0 d-------- C:\Program Files\Online Services
2008-04-14 00:30:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-13 21:23:29 0 d-------- C:\Program Files\Microsoft Works
2008-04-10 15:37:23 0 d-------- C:\Program Files\Common Files
2008-04-05 02:23:17 0 d-------- C:\Program Files\Trend Micro
2008-04-05 02:02:48 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-20 00:42:15 0 d-------- C:\Program Files\Hewlett-Packard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 04:04 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [15/05/2002 03:29 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [15/05/2002 03:20 AM]
"hp Silent Service"="C:\Windows\system32\HpSrvUI.exe" [18/06/2002 08:24 PM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [17/06/2002 11:11 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [16/07/2002 08:03 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [18/12/2001 11:39 PM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [14/06/2002 04:39 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/07/2003 01:19 PM]
"nwiz"="nwiz.exe" [28/07/2003 01:19 PM C:\WINDOWS\system32\nwiz.exe]
"DC1300 Monitor"="C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe" [26/04/2002 04:26 PM]
"DC1300monitor"="C:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe" [26/04/2002 04:26 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [11/07/2002 10:36 PM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [17/04/2002 05:42 PM]
"@"="" []
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 12:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [15/02/2008 11:56 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 07:20 PM]
"Simcast"="C:\Program Files\Simcast Media\Simcast\SimcastAlerts.exe" []
"SimcastUpdate"="C:\Program Files\Simcast Media\Simcast\SimcastUpdate.exe" []
"EPSON Stylus Photo RX530 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGP.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [13/07/2000 07:00 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:56 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Sandpiper\Eudora\EuShlExt.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc




-- End of Deckard's System Scanner: finished at 2008-04-20 20:00:29 ------------





Any ideas you have will be most welcome!

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 22 April 2008 - 02:29 PM

Nothing is showing up in your logs that is malicious; this therefore leads me to believe that the problem you are experiencing is not related to malware. How much RAM does your PC have, 512mbs?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 littlemoggy

littlemoggy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 22 April 2008 - 10:37 PM

Hi Charles,
Yes, I have 512MB. I noticed in the log file it stated I had 80% of memory in use. Would that be because I had a few programs open when I ran the scan?
By the way, you apologised for the delay, I thought I got a reply rather quickly so thanks.
Georgina.

Also, I am able to run Deckard again without getting error messages saying it has a virus.

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 23 April 2008 - 01:45 AM

Also, I am able to run Deckard again without getting error messages saying it has a virus.

The reason it was flagged up originally is because most antiviruses cannot distinguish between "bad" and "good" uses of some file types; this is known as a false positive.

Yes, I have 512MB. I noticed in the log file it stated I had 80% of memory in use. Would that be because I had a few programs open when I ran the scan?

That would be the main factor, yes, but I would definately also recommend upgrading your RAM; in today's world, although your PC can function with 512mb, something like a gigabyte will give your PC a much better performance.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 littlemoggy

littlemoggy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 26 April 2008 - 07:51 AM

OK, thanks for your help Charles.

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 28 April 2008 - 03:24 AM

You're welcome :thumbsup:

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 25 May 2008 - 03:26 PM

Since this issue appears to be resolved, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users