Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please Vtstt.dll Probably More


  • This topic is locked This topic is locked
2 replies to this topic

#1 Tompson

Tompson

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 09 April 2008 - 05:26 AM

Hi guys and girls,

I keep getting pop ups and turn the add on of vtstt.dll off and they go away but then the task bar dissapears and sometimes the IE window I am in will just unselect also I swear some of the adds on sites are not the ones that are supposed to be there.

I have followed Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer and as such below are the logs from Kaspersky Online Scanner (but could not work out how to post the log here but needless to say it found loads of stuff and Deckard's System Scanner

DSS Maint.txt window
Deckard's System Scanner v20071014.68
Run by andy.tompson on 2008-04-09 11:15:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
14: 2008-04-09 10:15:14 UTC - RP878 - Deckard's System Scanner Restore Point
13: 2008-04-09 08:28:31 UTC - RP877 - Windows Defender Checkpoint
12: 2008-04-08 08:17:23 UTC - RP876 - Windows Defender Checkpoint
11: 2008-04-07 08:28:10 UTC - RP875 - Software Distribution Service 3.0
10: 2008-04-07 08:16:14 UTC - RP874 - Windows Defender Checkpoint


-- First Restore Point --
1: 2008-03-25 09:28:56 UTC - RP865 - Installed GiPo@FileUtilities 3


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 79% (more than 75%).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-09 11:18:03
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\SwyxIt!\SwyxIt!.exe
C:\Program Files\SwyxIt!\CLMgr.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Common Files\Swyx\ClCache.exe
C:\Program Files\SwyxIt!\ODialer.exe
C:\Program Files\NetMeeting\conf.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\ACT\act.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\andy.tompson\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\svtgypks.dll (file missing)
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\puvgjhng.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AE9A1160-BAFC-4820-8050-26903A3D6348} - C:\WINDOWS\system32\vtstt.dll
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\yayyvur.dll (file missing)
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\SpyGuardPro\bm.exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [68b3880f] rundll32.exe "C:\WINDOWS\system32\xbtphuat.dll",b
O4 - HKLM\..\Run: [BM6b80bb93] Rundll32.exe "C:\WINDOWS\system32\cwwrbyna.dll",s
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: SwyxIt!.lnk = C:\Program Files\SwyxIt!\SwyxIt!.exe
O8 - Extra context menu item: Dial selected number / URI - C:\Program Files\SwyxIt!\IEDial.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: SwyxIt! Phone Dialer - {F8E553C6-4C00-11D3-80BC-00105A653379} - C:\Program Files\SwyxIt!\IEDial.htm
O9 - Extra 'Tools' menuitem: SwyxIt! Phone Dialer - {F8E553C6-4C00-11D3-80BC-00105A653379} - C:\Program Files\SwyxIt!\IEDial.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/0/5...heckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124799315329
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O17 - HKLM\Software\..\Telephony: DomainName = ecugroup.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = ecugroup.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = ecugroup.com
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: yayyvur - C:\WINDOWS\system32\yayyvur.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


--
End of file - 13594 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&1117367&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&1117367&0
Service: i8042prt

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6300
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6300
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6300
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-04-09 10:04:05 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 10:46:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-09 10:46:51 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-09 10:46:50 0 d-------- C:\WINDOWS\LastGood
2008-04-09 10:37:14 0 d-------- C:\HJT
2008-04-09 09:24:08 83520 --a------ C:\WINDOWS\system32\xbtphuat.dll
2008-04-09 09:21:13 3648 --a------ C:\WINDOWS\system32\graohmej.dll
2008-04-09 09:18:48 87616 --a------ C:\WINDOWS\system32\cwwrbyna.dll
2008-04-08 09:12:29 88640 --a------ C:\WINDOWS\system32\itwkusqr.dll
2008-04-08 09:09:29 53312 --a------ C:\WINDOWS\system32\xmvlijbb.dll
2008-04-07 09:10:13 88128 --a------ C:\WINDOWS\system32\lsycbwbt.dll
2008-04-07 09:08:33 53312 --a------ C:\WINDOWS\system32\lpdumaeb.dll
2008-04-04 09:06:33 88640 --a------ C:\WINDOWS\system32\fdwikawh.dll
2008-04-03 09:03:04 88128 --a------ C:\WINDOWS\system32\hcancxfh.dll
2008-03-28 10:01:41 93760 --a------ C:\WINDOWS\system32\skodbwiu.dll
2008-03-28 09:58:41 93248 --a------ C:\WINDOWS\system32\wasuhrly.dll
2008-03-27 09:56:27 93248 --a------ C:\WINDOWS\system32\twpcugfb.dll
2008-03-26 09:57:30 89152 -----n--- C:\WINDOWS\system32\qpqsqfss.dll
2008-03-26 09:54:52 90688 --a------ C:\WINDOWS\system32\icsergtx.dll
2008-03-25 11:59:26 0 d-------- C:\Program Files\Common Files\Gibinsoft Shared
2008-03-25 10:28:58 0 d-------- C:\Program Files\GiPo@Utilities
2008-03-25 09:54:23 91200 --a------ C:\WINDOWS\system32\tvfbgqve.dll
2008-03-20 10:14:12 87104 -----n--- C:\WINDOWS\system32\clhqewmg.dll
2008-03-20 10:08:41 89664 --a------ C:\WINDOWS\system32\tvlvnuoy.dll
2008-03-19 10:11:13 87616 --a------ C:\WINDOWS\system32\nnsufvvo.dll
2008-03-19 10:06:02 91200 --a------ C:\WINDOWS\system32\pyeblhot.dll
2008-03-18 10:01:42 91200 --a------ C:\WINDOWS\system32\omjecxem.dll
2008-03-17 10:00:30 95296 --a------ C:\WINDOWS\system32\qpahhsty.dll
2008-03-14 14:15:26 260519 --ahs---- C:\WINDOWS\system32\ttstv.ini2
2008-03-14 14:15:22 298496 --a------ C:\WINDOWS\system32\vtstt.dll
2008-03-14 14:14:14 0 d-------- C:\Program Files\SpyGuardPro
2008-03-14 14:14:14 0 d-------- C:\Program Files\Common Files\SpyGuardPro
2008-03-10 09:47:04 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-10 09:46:54 0 d-------- C:\Program Files\Windows Live
2008-03-10 09:46:37 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller


-- Find3M Report ---------------------------------------------------------------

2008-04-08 09:06:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-25 11:59:26 0 d-------- C:\Program Files\Common Files
2008-03-10 09:48:49 0 d-------- C:\Program Files\MSN Messenger
2008-03-07 10:38:21 0 d-------- C:\Program Files\ACT
2008-02-29 14:08:18 0 d-------- C:\Program Files\Microsoft Works
2008-02-25 13:22:43 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-25 10:15:01 0 d-------- C:\Program Files\MSECache


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]
C:\WINDOWS\system32\svtgypks.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
C:\WINDOWS\system32\puvgjhng.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE9A1160-BAFC-4820-8050-26903A3D6348}]
14/03/2008 14:15 298496 --a------ C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840}]
C:\WINDOWS\system32\yayyvur.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [20/11/2003 21:01]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [04/08/2004 08:56]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [22/09/2004 20:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [06/08/2004 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [07/10/2003 09:48]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 10:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 10:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [20/06/2006 17:06]
"nwiz"="nwiz.exe" [04/11/2005 19:38 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/11/2005 19:38]
"msnsyslog"="C:\WINDOWS\msnlogm.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 13:20]
"bm"="C:\Program Files\Common Files\SpyGuardPro\bm.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"68b3880f"="C:\WINDOWS\system32\xbtphuat.dll" [09/04/2008 09:24]
"BM6b80bb93"="C:\WINDOWS\system32\cwwrbyna.dll" [09/04/2008 09:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"!CleanupNetMeetingDispDriver"="C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SwyxIt!.lnk - C:\Program Files\SwyxIt!\SwyxIt!.exe [15/08/2007 14:12:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoPublishingWizard"=1 (0x1)
"NoWebServices"=1 (0x1)
"NoOnlinePrintsWizard"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoAutoTrayNotify"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9383002-FC55-4330-B9C9-67E03BC5C840}"= C:\WINDOWS\system32\yayyvur.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyvur]
yayyvur.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12




-- End of Deckard's System Scanner: finished at 2008-04-09 11:19:05 ------------

DSS extra.txt window

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 1023.43 MiB / 237.59 MiB
Pagefile Memory (total/avail): 1682.09 MiB / 761.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1880.31 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 61.4 GiB free.
D: is CDROM (No Media)
O: is Network (NTFS)
S: is Network (NTFS)
T: is Network (NTFS)
V: is Network (Unformatted)
W: is Network (NTFS)

\\.\PHYSICALDRIVE0 - SAMSUNG SP0812C - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Program Files\\Avaya\\IP Office\\Phone Manager\\PhoneManager.exe"="C:\\Program Files\\Avaya\\IP Office\\Phone Manager\\PhoneManager.exe:*:Enabled:Phone Manager Pro Application"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\ACT\\ActUpdt.exe"="C:\\Program Files\\ACT\\ActUpdt.exe:*:Enabled:ACT! Update"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\SwyxIt!\\CLMgr.exe"="C:\\Program Files\\SwyxIt!\\CLMgr.exe:LocalSubNet:Enabled:SwyxIt! Line Manager"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:LocalSubNet:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\andy.tompson\Application Data
CLASSPATH=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ECU040
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\andy.tompson
LOGONSERVER=\\FILESERVER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANDY~1.TOM\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANDY~1.TOM\LOCALS~1\Temp
USERDNSDOMAIN=ECUGROUP.COM
USERDOMAIN=ECU
USERNAME=andy.tompson
USERPROFILE=C:\Documents and Settings\andy.tompson
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)
maria.chapman (admin)
naomi.stewart (new local, admin, net ready)
lizzie.bray (new local, update central, admin)
graham.whitworth (admin)
andy.tompson (admin)
Administrator.ECU (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
ACT! --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ACT\Uninst6.isu" -c"C:\Program Files\ACT\UNINSTAL.DLL"
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Belarc Advisor 7.1 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Broadcom Management Programs --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
GiPo@FileUtilities 3 --> MsiExec.exe /I{2BAA27B6-F39E-490B-8D41-84A32D234D70}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\andy.tompson\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\SETUP.EXE" -l0x9
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Works 6-9 Converter --> MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng_web[1].exe /LANG="2057"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
SwyxIt! --> MsiExec.exe /I{40AF0096-CBA0-4043-AE6B-A51F3E41C63B}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type15772 / Warning
Event Submitted/Written: 04/09/2008 11:18:37 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from ECU040 IP 10.0.0.126 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type15771 / Warning
Event Submitted/Written: 04/09/2008 11:18:37 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from ECU040 IP 10.0.0.126 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type15770 / Warning
Event Submitted/Written: 04/09/2008 11:18:34 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from ECU040 IP 10.0.0.126 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type15769 / Warning
Event Submitted/Written: 04/09/2008 11:12:43 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from ECU040 IP 10.0.0.126 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type15762 / Success
Event Submitted/Written: 04/09/2008 10:26:34 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26514 / Warning
Event Submitted/Written: 04/09/2008 11:18:21 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%ECU27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ECU27 can't undo changes that you allow.

For more information please see the following:
%ECU275

Scan ID: {24A74EB3-C5C6-4198-9ED8-3ADA4BA0C8C3}

User: ECU\andy.tompson

Name: %ECU271

ID: %ECU272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ECU276

Alert Type: %ECU278

Detection Type: 1.1.1593.02

Event Record #/Type26513 / Warning
Event Submitted/Written: 04/09/2008 11:18:21 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%ECU27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ECU27 can't undo changes that you allow.

For more information please see the following:
%ECU275

Scan ID: {9F62D247-5225-4666-B4B4-9BA62222D61B}

User: ECU\andy.tompson

Name: %ECU271

ID: %ECU272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ECU276

Alert Type: %ECU278

Detection Type: 1.1.1593.02

Event Record #/Type26512 / Warning
Event Submitted/Written: 04/09/2008 11:18:21 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%ECU27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ECU27 can't undo changes that you allow.

For more information please see the following:
%ECU275

Scan ID: {612B1248-8DBE-4F86-958A-D40B969F6F41}

User: ECU\andy.tompson

Name: %ECU271

ID: %ECU272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ECU276

Alert Type: %ECU278

Detection Type: 1.1.1593.02

Event Record #/Type26511 / Warning
Event Submitted/Written: 04/09/2008 11:18:18 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%ECU27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ECU27 can't undo changes that you allow.

For more information please see the following:
%ECU275

Scan ID: {8DEFFAE6-BE98-4735-BD16-77E323152E50}

User: ECU\andy.tompson

Name: %ECU271

ID: %ECU272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ECU276

Alert Type: %ECU278

Detection Type: 1.1.1593.02

Event Record #/Type26510 / Warning
Event Submitted/Written: 04/09/2008 11:18:18 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%ECU27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %ECU27 can't undo changes that you allow.

For more information please see the following:
%ECU275

Scan ID: {D8513E3C-EFA6-4643-866A-8F800AC72726}

User: ECU\andy.tompson

Name: %ECU271

ID: %ECU272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %ECU276

Alert Type: %ECU278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-04-09 11:19:05 ------------

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:55 AM

Posted 11 April 2008 - 03:47 AM

Hello and welcome to BleepingComputer. :thumbsup:

Please follow the instructions for running ComboFix here and post back with it's log once done.
Hi there, stranger!

#3 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:55 AM

Posted 29 April 2008 - 02:18 PM

Due to lack of feedback, this thread has been closed. Should another issue arise, please post a new topic.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users