Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Adware.vundo Variant/resident (i Think)


  • This topic is locked This topic is locked
2 replies to this topic

#1 UrbanRose

UrbanRose

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 30 May 2008 - 11:47 AM

Hey, my desktop now only either shows my desktop wallpaper without the toolbar & icons or the toolbar & icons flash a few times and the disappear.
I have removed "adware.vundo variant/resident" about 3 times using superantispyware, however it hasn't worked & my computer carries on flashing at me.
I'm at a total loss as to what I should do, this laptop has all of my university work which I can't loose and stupidly I don't have it backed up. Sorry for the terrible description, I hope it is adequate :thumbsup:

Thank you for your time!
Rose x


eckard's System Scanner v20071014.68
Run by Rose.x on 2008-05-30 17:28:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-05-30 16:28:16 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-05-30 14:37:34 UTC - RP4 - Installed Java™ 6 Update 5
3: 2008-05-30 14:36:55 UTC - RP3 - Installed Windows XP KB941569.
2: 2008-05-30 14:35:26 UTC - RP2 - Removed Nokia N73 highlights
1: 2008-05-30 14:33:02 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).
System Drive C: has 1.98 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-30 17:40:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rose.x\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1350EF0E-B825-4ACC-AB33-D04E09E9A465} - C:\WINDOWS\system32\geBqRjhE.dll (file missing)
O2 - BHO: (no name) - {4583AEE7-1191-4666-AB1D-340B1C42B814} - C:\WINDOWS\system32\urqRhGVO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {99972D1B-964E-49EC-92F4-1EB39F4810A5} - C:\WINDOWS\system32\opnnlIXN.dll
O2 - BHO: (no name) - {BC52B72F-AF0E-4A57-A950-2E49A81D6F87} - C:\WINDOWS\system32\jkkLFuUM.dll
O2 - BHO: (no name) - {CEC17A9F-4671-480E-9F17-4BE2101E9D66} - C:\WINDOWS\system32\ljJBuUno.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rose.x\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.playfirst.com/play/game/chocola...eb.1.0.0.13.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} () - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdash...tg.1.0.0.33.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/deliciousdel...zylomplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniqua...ploader_v10.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: opnnlIXN - C:\WINDOWS\system32\opnnlIXN.dll
O21 - SSODL: syshelps - {B50D5A2D-5A2A-428D-B4CB-03619036BDE8} - syshelps.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 9028 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp01 (StarForce Protection Helper Driver v1) - c:\windows\system32\drivers\prohlp01.sys <Not Verified; Protection Technology Co.; StarForce Protection System>
R1 prodrv05 (StarForce Protection Environment Driver v5) - c:\windows\system32\drivers\prodrv05.sys <Not Verified; Protection Technology Co.; StarForce Protection System>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>

S3 actser - c:\windows\system32\drivers\actser.sys <Not Verified; Siemens AG; Actser Filter Driver>
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 gAGP440p - c:\docume~1\rose.x\locals~1\temp\gagp440p.sys (file missing)
S3 hwdatacard (Huawei DataCard USB Modem and USB Serial) - c:\windows\system32\drivers\ewusbmdm.sys (file missing)
S3 siusbmod - c:\windows\system32\drivers\siusbmod.sys (file missing)
S3 vsbus (Virtual Serial Bus Enumerator) - c:\windows\system32\drivers\vsb.sys
S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:\windows\system32\drivers\vserial.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-30 and 2008-05-30 -----------------------------

2008-05-30 16:45:34 38538 --ahs---- C:\WINDOWS\system32\MUuFLkkj.ini2
2008-05-30 16:45:27 374784 --a------ C:\WINDOWS\system32\jkkLFuUM.dll
2008-05-30 16:33:21 2610 --ahs---- C:\WINDOWS\system32\OVGhRqru.ini2
2008-05-30 15:22:32 0 d-------- C:\VundoFix Backups
2008-05-30 14:49:18 6283 --ahs---- C:\WINDOWS\system32\onUuBJjl.ini2
2008-05-30 14:20:27 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-30 14:19:56 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-30 14:19:56 0 d-------- C:\Documents and Settings\Rose.x\Application Data\SUPERAntiSpyware.com
2008-05-30 14:19:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 12:39:47 42231 --ahs---- C:\WINDOWS\system32\EhjRqBeg.ini2
2008-05-30 12:35:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-05-30 12:34:41 0 d-------- C:\WINDOWS\Laura Jones and the Gates of Good and Evil
2008-05-30 12:34:25 57344 --a------ C:\WINDOWS\system32\opnnlIXN.dll
2008-05-29 15:00:43 0 d-------- C:\Documents and Settings\Rose.x\Application Data\Ludia
2008-05-29 15:00:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-05-29 14:59:30 0 d-------- C:\WINDOWS\Hell's Kitchen
2008-05-29 14:26:53 0 d-------- C:\WINDOWS\Westward 2
2008-05-29 00:30:46 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-29 00:16:15 0 d-------- C:\Program Files\Baby Luv
2008-05-29 00:04:55 286720 --a------ C:\WINDOWS\iun506.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2008-05-29 00:04:46 0 d-------- C:\Program Files\Supple
2008-05-28 23:20:43 0 d-------- C:\Program Files\Hometown Hero
2008-05-27 22:54:50 0 d-------- C:\WINDOWS\Wedding Dash 2 - Rings Around the World
2008-05-27 22:53:34 0 d-------- C:\WINDOWS\Dream Chronicles
2008-05-26 23:01:23 0 d-------- C:\WINDOWS\Build-a-lot 2 - Town of the Year [h33t] [oi812heet]
2008-05-26 23:01:23 0 d-------- C:\Program Files\Build-a-lot 2 - Town of the Year [h33t] [oi812heet]
2008-05-26 18:33:48 0 d-------- C:\Program Files\Fatal Hearts
2008-05-26 17:03:08 0 d-------- C:\Program Files\Virtual Villagers 2-The Lost Children
2008-05-26 17:00:38 0 d-------- C:\Program Files\Virtual Villagers
2008-05-26 01:24:12 0 d-------- C:\Program Files\iPod
2008-05-26 01:23:49 0 d-------- C:\Program Files\iTunes
2008-05-26 01:22:27 0 d-------- C:\Program Files\Bonjour
2008-05-26 01:21:09 0 d-------- C:\Program Files\QuickTime
2008-05-26 01:18:54 0 d-------- C:\Program Files\Common Files\Apple
2008-05-26 01:18:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-26 00:49:40 0 d--hs---- C:\found.000
2008-05-25 18:05:23 0 d-------- C:\WINDOWS\Supermarket Mania
2008-05-25 17:47:26 0 d-------- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
2008-05-22 21:32:57 0 d-------- C:\Program Files\Cooking Academy
2008-05-22 20:50:24 0 d-------- C:\games
2008-05-22 20:48:36 0 d-------- C:\Program Files\7-Zip
2008-05-18 01:40:39 0 d-------- C:\Program Files\BFG
2008-05-18 01:19:52 0 d-------- C:\WINDOWS\Airport Mania
2008-05-18 01:19:52 0 d-------- C:\Program Files\Airport Mania
2008-05-17 17:51:18 0 d-------- C:\Program Files\uTorrent
2008-05-17 17:51:13 0 d-------- C:\Documents and Settings\Rose.x\Application Data\uTorrent
2008-05-17 17:33:42 0 d-------- C:\Program Files\DNA
2008-05-17 17:33:42 0 d-------- C:\Documents and Settings\Rose.x\Application Data\DNA
2008-05-17 01:58:35 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-17 01:55:41 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-12 13:10:28 56832 --a------ C:\WINDOWS\system32\IYVU9_32.DLL
2008-05-12 13:10:28 143872 --a------ C:\WINDOWS\system32\IACENC.DLL <Not Verified; Intel Corporation; Indeo® audio software>
2008-05-10 23:20:14 0 d-------- C:\Program Files\Microsoft Silverlight


-- Find3M Report ---------------------------------------------------------------

2008-05-30 15:43:14 0 d-------- C:\Program Files\Java
2008-05-30 15:35:35 0 d-------- C:\Program Files\Nokia
2008-05-30 14:19:24 0 d-------- C:\Program Files\Common Files
2008-05-29 16:21:52 0 d-------- C:\Program Files\InstallShield Installation Information
2008-05-29 14:14:40 0 d-------- C:\Program Files\Common Files\PCSuite
2008-05-29 14:13:27 0 d-------- C:\Program Files\Metaboli Player
2008-05-28 19:23:53 0 d-------- C:\Documents and Settings\Rose.x\Application Data\PlayFirst
2008-05-28 18:46:33 0 d-------- C:\Program Files\Lx_cats
2008-05-26 17:05:33 0 d-------- C:\Program Files\Shockwave.com
2008-05-26 01:19:41 0 d-------- C:\Program Files\Apple Software Update
2008-04-28 16:14:48 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-28 13:50:29 0 d-------- C:\Program Files\IObit
2008-04-14 23:00:35 0 d-------- C:\Program Files\Kontiki
2008-04-14 23:00:31 0 d-------- C:\Program Files\Channel4
2008-04-11 15:19:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-11 15:17:32 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-10 22:16:03 0 d-------- C:\Documents and Settings\Rose.x\Application Data\Atari
2008-04-08 15:50:31 0 d-------- C:\Documents and Settings\Rose.x\Application Data\Virgin Broadband
2008-04-08 15:46:07 0 d-------- C:\Program Files\LimeWire
2008-04-08 15:24:35 68 --a------ C:\WINDOWS\GPlrLanc.dat
2008-04-07 03:32:32 0 d-------- C:\Program Files\DivX
2008-03-29 21:36:26 7618 --a------ C:\Documents and Settings\Rose.x\Application Data\wklnhst.dat
2008-03-15 15:43:45 0 --a------ C:\Program Files\temp01


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1350EF0E-B825-4ACC-AB33-D04E09E9A465}]
C:\WINDOWS\system32\geBqRjhE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4583AEE7-1191-4666-AB1D-340B1C42B814}]
C:\WINDOWS\system32\urqRhGVO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99972D1B-964E-49EC-92F4-1EB39F4810A5}]
30/05/2008 12:34 57344 --a------ C:\WINDOWS\system32\opnnlIXN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC52B72F-AF0E-4A57-A950-2E49A81D6F87}]
30/05/2008 16:45 374784 --a------ C:\WINDOWS\system32\jkkLFuUM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEC17A9F-4671-480E-9F17-4BE2101E9D66}]
C:\WINDOWS\system32\ljJBuUno.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [07/03/2005 20:33 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [04/10/2005 07:12 C:\WINDOWS\soundman.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"SMSERIAL"="sm56hlpr.exe" [05/07/2005 21:47 C:\WINDOWS\sm56hlpr.exe]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [12/07/2005 14:36]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [20/07/2005 18:48]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [21/07/2005 07:07]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [01/08/2005 13:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"NapsterShell"="C:\Program Files\Napster\napster.exe" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [27/01/2003 17:16]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="" []
"ares"="C:\Program Files\Ares\Ares.exe" []
"@"="" []
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [17/05/2008 17:33]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [13/05/2008 12:43]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [24/09/2005 06:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{99972D1B-964E-49EC-92F4-1EB39F4810A5}"= C:\WINDOWS\system32\opnnlIXN.dll [30/05/2008 12:34 57344]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"syshelps"= {B50D5A2D-5A2A-428D-B4CB-03619036BDE8} - syshelps.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdwlc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnlIXN]
opnnlIXN.dll 30/05/2008 12:34 57344 C:\WINDOWS\system32\opnnlIXN.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkLFuUM


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76b60288-f8c6-11dc-bcad-0014a594c7e6}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76b6028c-f8c6-11dc-bcad-0014a594c7e6}]
AutoRun\command- E:\AutoRun.exe




-- End of Deckard's System Scanner: finished at 2008-05-30 17:42:07 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® M processor 1.50GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 446.23 MiB / 229.91 MiB
Pagefile Memory (total/avail): 1057.18 MiB / 751.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.11 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 1.98 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2040BH - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\lxcgcoms.exe"="C:\\WINDOWS\\system32\\lxcgcoms.exe:*:Enabled:2300 Series Server"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcgpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcgpswx.exe:*:Enabled:2300 Series Printer Status"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Ares P2P\\AresP2P.exe"="C:\\Program Files\\Ares P2P\\AresP2P.exe:*:Enabled:AresP2P"
"C:\\WINDOWS\\Temp\\~osE.tmp\\ossproxy.exe"="C:\\WINDOWS\\Temp\\~osE.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Rose.x\\Local Settings\\Temp\\~osF.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Rose.x\\Local Settings\\Temp\\~osF.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Rose.x\\Local Settings\\Temp\\~os20F.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Rose.x\\Local Settings\\Temp\\~os20F.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Documents and Settings\\Rose.x\\Local Settings\\Temp\\~os66F.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Rose.x\\Local Settings\\Temp\\~os66F.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"="C:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe:*:Disabled:3 USB Modem"
"X:\\Program Files\\Microsoft Games\\Age of Empires II\\AGE2_X1\\AGE2_X1.ICD"="X:\\Program Files\\Microsoft Games\\Age of Empires II\\AGE2_X1\\AGE2_X1.ICD:*:Disabled:Age of Empires II Expansion"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"c:\\windows\\system32\\rlvknlg.exe"="c:\\windows\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rose.x\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROSE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rose.x
LOGONSERVER=\\ROSE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Rose.x\LOCALS~1\Temp
TMP=C:\DOCUME~1\Rose.x\LOCALS~1\Temp
USERDOMAIN=ROSE
USERNAME=Rose.x
USERPROFILE=C:\Documents and Settings\Rose.x
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Rose.x (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
7-Zip 4.58 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 802.11 Network Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Build-a-lot 2 - Town of the Year [h33t] [oi812heet] --> "C:\WINDOWS\Build-a-lot 2 - Town of the Year [h33t] [oi812heet]\uninstall.exe" "/U:C:\Program Files\Build-a-lot 2 - Town of the Year [h33t] [oi812heet]\Uninstall\uninstall.xml"
Burger Rush --> C:\PROGRA~1\SHOCKW~1.COM\BURGER~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\BURGER~1\INSTALL.LOG
Disney's Toontown Online --> C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LEGO Chic Boutique --> "C:\Program Files\LEGO Chic Boutique\ReflexiveArcade\unins000.exe"
Lexmark 2300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
MediaShow 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co.dll,SM56UnInstaller
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia MTP driver --> MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia themes for your device --> MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Posh Shop --> C:\PROGRA~1\PLAYFI~1\POSHSH~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\POSHSH~1\INSTALL.LOG
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Real Lives 2007 --> C:\Program Files\Educational Simulations\Real Lives\UnInstall_21355.exe
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Supple --> C:\WINDOWS\iun506.exe C:\Program Files\Supple\irunin.ini
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Wedding Dash --> C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\WEDDIN~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\WEDDIN~1\INSTALL.LOG
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wireless LAN Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D90E672A-CC7E-4CDF-82CB-4CC0465BDC91}\setup.exe" -l0x9 -removeonly


-- Application Event Log -------------------------------------------------------

Event Record #/Type13 / Success
Event Submitted/Written: 05/29/2008 02:24:47 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4024 / Error
Event Submitted/Written: 05/30/2008 03:35:58 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type4021 / Error
Event Submitted/Written: 05/30/2008 03:35:58 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type4018 / Error
Event Submitted/Written: 05/30/2008 03:35:57 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type4015 / Error
Event Submitted/Written: 05/30/2008 03:35:57 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type4012 / Error
Event Submitted/Written: 05/30/2008 03:35:56 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-05-30 17:42:07 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:08 PM

Posted 30 May 2008 - 10:37 PM

Hello UrbanRose,

Before we start, you need to realize that you are missing one important program on that computer: An antivirus.

This is somewhat suicidal in today's digital world!

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

********************

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire report in your next reply along with a fresh DSS log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

Edited by SifuMike, 30 May 2008 - 10:55 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:12:08 PM

Posted 05 June 2008 - 09:14 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users