Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Virus? Infected


  • This topic is locked This topic is locked
11 replies to this topic

#1 jagsfan2832

jagsfan2832

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 23 June 2008 - 12:33 PM

i have a virus and i think it is the trojan virus, i made a log for the DSS and hijack and this is the one from DSS

Deckard's System Scanner v20071014.68
Run by User on 2008-06-23 11:58:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2008-06-23 15:58:33 UTC - RP167 - Deckard's System Scanner Restore Point
50: 2008-06-21 00:53:49 UTC - RP166 - Removed Apple Mobile Device Support
49: 2008-06-21 00:50:41 UTC - RP165 - Removed Bonjour
48: 2008-06-21 00:47:33 UTC - RP164 - Removed Java™ 6 Update 4
47: 2008-06-21 00:40:16 UTC - RP163 - Removed Safari


-- First Restore Point --
1: 2008-06-20 05:18:16 UTC - RP117 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 495 MiB (512 MiB recommended).


-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:03 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\mrofinu1000106.exe
C:\windows\system32\vlwnw64.exe
C:\WINDOWS\system32\mcntmadm.exe
C:\Documents and Settings\User\svchost.exe
C:\Program Files\AntispyStorm\AntispyStorm.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
C:\WINDOWS\VXNlcg\command.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\WINDOWS\444.470
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
E:\dss.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&l=dir
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {4E06327D-0415-475F-898B-6ACFB316073E} - C:\WINDOWS\system32\xxyvwUNF.dll
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {F4169FAE-1E4D-4999-BB1C-7B25239C476E} - C:\WINDOWS\system32\xxyawxxu.dll
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: {afa7c52b-b93c-5729-2eb4-e1a215d529df} - {fd925d51-2a1e-4be2-9275-c39bb25c7afa} - C:\WINDOWS\system32\qescqagl.dll
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [{B0-00-02-2D-DW}] C:\windows\system32\vlwnw64.exe DWram1
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntmadm.exe DWram1
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\User\svchost.exe
O4 - HKLM\..\Run: [AntispyStorm] C:\Program Files\AntispyStorm\AntispyStorm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [80db0082] rundll32.exe "C:\WINDOWS\system32\vaaopbrw.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntmadm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\vlwnw64.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Essentials Manager\V CAST Music Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492NXUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Yahoo! Poker - http://origin.games.yahoo.net/games/clients/y/pt3_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197835858178
O20 - Winlogon Notify: xxyvwUNF - C:\WINDOWS\SYSTEM32\xxyvwUNF.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VXNlcg\command.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/User/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

--
End of file - 11803 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TVALD (Toshiba ACPI-Based Value Added Logical Device Driver) - c:\windows\system32\drivers\tvald.sys <Not Verified; Toshiba Corporation; Toshiba ACPI-Compliant Value Added Logical Device>
R0 TVALG (Toshiba Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalg.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Value Added Logical and General Purpose Device Driver>
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R1 rdbsss - c:\windows\system32\drivers\rdbsss.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 cmdService (Command Service) - c:\windows\vxnlcg\command.exe
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\444.470 service
R2 Network Monitor - c:\program files\network monitor\netmon.exe service
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-05 16:51:11 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-23 and 2008-06-23 -----------------------------

2008-06-23 11:58:41 131584 --a------ C:\WINDOWS\system32\tjgxicfa.dll
2008-06-23 11:56:45 130560 --a------ C:\WINDOWS\system32\qescqagl.dll
2008-06-23 11:56:25 122368 --a------ C:\WINDOWS\system32\vaaopbrw.dll
2008-06-23 11:56:12 128512 --a------ C:\WINDOWS\system32\cpmabswb.dll
2008-06-21 20:36:29 0 d-------- C:\Program Files\Trend Micro
2008-06-21 19:11:22 130560 --a------ C:\WINDOWS\system32\kkndjmri.dll
2008-06-21 19:08:22 122368 -----n--- C:\WINDOWS\system32\hpekmejm.dll
2008-06-21 19:06:07 128512 --a------ C:\WINDOWS\system32\kssdxwvb.dll
2008-06-20 20:43:29 0 d-------- C:\Documents and Settings\User\Application Data\InstallShield
2008-06-20 14:02:48 132608 --a------ C:\WINDOWS\system32\hmjfmirl.dll
2008-06-20 13:59:49 120320 -----n--- C:\WINDOWS\system32\ebiclbof.dll
2008-06-20 13:59:03 123392 --a------ C:\WINDOWS\system32\kbihiuqa.dll
2008-06-20 01:50:39 0 d-------- C:\Program Files\AntispyStorm
2008-06-20 01:33:56 23552 --a------ C:\WINDOWS\y.exe
2008-06-20 01:33:55 11520 --a------ C:\WINDOWS\xplugin.dll
2008-06-20 01:33:55 29184 --a------ C:\WINDOWS\x.exe
2008-06-20 01:33:55 24320 --a------ C:\WINDOWS\winmgnt.exe
2008-06-20 01:33:54 23808 --a------ C:\WINDOWS\window.exe
2008-06-20 01:33:54 18176 --a------ C:\WINDOWS\winajbm.dll
2008-06-20 01:33:54 19456 --a------ C:\WINDOWS\win64.exe
2008-06-20 01:33:54 17664 --a------ C:\WINDOWS\win32e.exe
2008-06-20 01:33:53 23040 --a------ C:\WINDOWS\waol.exe
2008-06-20 01:33:53 17920 --a------ C:\WINDOWS\users32.exe
2008-06-20 01:33:53 27904 --a------ C:\WINDOWS\time.exe
2008-06-20 01:33:52 9984 --a------ C:\WINDOWS\systemcritical.exe
2008-06-20 01:33:52 19456 --a------ C:\WINDOWS\systeem.exe
2008-06-20 01:33:52 8448 --a------ C:\WINDOWS\svcinit.exe
2008-06-20 01:33:52 27392 --a------ C:\WINDOWS\svchost32.exe
2008-06-20 01:33:52 14336 --a------ C:\WINDOWS\sistem.exe
2008-06-20 01:33:52 16128 --a------ C:\WINDOWS\searchword.dll
2008-06-20 01:33:51 26624 --a------ C:\WINDOWS\rundll16.exe
2008-06-20 01:33:51 26368 --a------ C:\WINDOWS\quicken.exe
2008-06-20 01:33:51 20992 --a------ C:\WINDOWS\qttasks.exe
2008-06-20 01:33:50 15360 --a------ C:\WINDOWS\olehelp.exe
2008-06-20 01:33:50 26880 --a------ C:\WINDOWS\notepad32.exe
2008-06-20 01:33:50 29952 --a------ C:\WINDOWS\mtwirl32.dll
2008-06-20 01:33:49 19456 --a------ C:\WINDOWS\mswsc20.dll
2008-06-20 01:33:49 26880 --a------ C:\WINDOWS\mswsc10.dll
2008-06-20 01:33:49 29696 --a------ C:\WINDOWS\msupdate.exe
2008-06-20 01:33:48 17664 --a------ C:\WINDOWS\mssys.exe
2008-06-20 01:33:48 23552 --a------ C:\WINDOWS\msspi.dll
2008-06-20 01:33:48 29696 --a------ C:\WINDOWS\msconfd.dll
2008-06-20 01:33:47 32256 --a------ C:\WINDOWS\loader.exe
2008-06-20 01:33:47 22016 --a------ C:\WINDOWS\internet.exe
2008-06-20 01:33:46 16640 --a------ C:\WINDOWS\inetinf.exe
2008-06-20 01:33:46 12032 --a------ C:\WINDOWS\iexplorer.exe
2008-06-20 01:33:46 29440 --a------ C:\WINDOWS\iedll.exe
2008-06-20 01:33:45 27904 --a------ C:\WINDOWS\helpcvs.exe
2008-06-20 01:33:45 26368 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-20 01:33:44 18176 --a------ C:\WINDOWS\funny.exe
2008-06-20 01:33:44 16128 --a------ C:\WINDOWS\funniest.exe
2008-06-20 01:33:43 10752 --a------ C:\WINDOWS\explorer32.exe
2008-06-20 01:33:43 9984 --a------ C:\WINDOWS\explore.exe
2008-06-20 01:33:43 30464 --a------ C:\WINDOWS\editpad.exe
2008-06-20 01:33:43 14592 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-20 01:33:42 20736 --a------ C:\WINDOWS\directx32.exe
2008-06-20 01:33:42 8448 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-20 01:33:42 24576 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-20 01:33:41 23552 --a------ C:\WINDOWS\cpan.dll
2008-06-20 01:33:41 29184 --a------ C:\WINDOWS\clrssn.exe
2008-06-20 01:33:40 16896 --a------ C:\WINDOWS\avpcc.dll
2008-06-20 01:33:40 17920 --a------ C:\WINDOWS\accesss.exe
2008-06-20 01:32:08 49168 --a------ C:\WINDOWS\system32\vlwnw64.exe <Not Verified; ; Browser Driver>
2008-06-20 01:18:03 562570 --ahs---- C:\WINDOWS\system32\uxxwayxx.ini2
2008-06-20 01:17:55 295424 --a------ C:\WINDOWS\system32\xxyawxxu.dll
2008-06-20 01:15:56 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-06-20 01:15:27 0 d--hs---- C:\Documents and Settings\User\!
2008-06-20 01:14:54 1879040 ---hs---- C:\Documents and Settings\User\svchost.exe
2008-06-20 01:14:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-20 01:14:29 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-20 01:14:22 849 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-06-20 01:13:53 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-06-20 01:13:53 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-20 01:13:52 200774 --a------ C:\WINDOWS\system32\mcntmadm.exe
2008-06-20 01:13:39 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-06-20 01:13:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-06-20 01:13:28 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-06-20 01:13:28 88537 --a------ C:\WINDOWS\system32\iftuyszv.exe <Not Verified; Microsoft; XML Media>
2008-06-20 01:13:28 88537 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-06-20 01:13:28 0 d-------- C:\Program Files\Network Monitor
2008-06-20 01:13:27 0 d--hs---- C:\WINDOWS\VXNlcg
2008-06-20 01:13:23 49163 --a------ C:\WINDOWS\system32\rwwnw64d.exe <Not Verified; ; Browser Driver>
2008-06-20 01:13:18 41984 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-06-20 01:13:12 86144 --a------ C:\WINDOWS\system32\drivers\rdbsss.sys
2008-06-20 01:13:03 0 d-------- C:\WINDOWS\system32\eb10
2008-06-20 01:13:03 0 d-------- C:\WINDOWS\system32\bgi
2008-06-20 01:13:03 0 d-------- C:\WINDOWS\system32\axc
2008-06-20 01:13:03 0 d-------- C:\WINDOWS\system32\1049a
2008-06-20 01:13:02 41984 --a------ C:\WINDOWS\mrofinu1188.exe
2008-06-20 01:12:49 0 d-------- C:\WINDOWS\system32\netrax05
2008-06-20 01:12:48 0 d-------- C:\Temp
2008-06-20 01:12:38 44544 --a------ C:\WINDOWS\system32\xxyvwUNF.dll
2008-05-28 12:49:46 0 d-------- C:\WINDOWS\.jagex_cache_32


-- Find3M Report ---------------------------------------------------------------

2008-06-21 11:49:09 0 d-------- C:\Documents and Settings\User\Application Data\LimeWire
2008-06-20 20:57:02 0 d-------- C:\Program Files\Common Files
2008-06-20 20:48:29 0 d-------- C:\Program Files\Java
2008-06-20 20:20:03 0 d-------- C:\Program Files\Ascentive
2008-06-20 20:12:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-21 00:52:50 0 d-------- C:\Documents and Settings\User\Application Data\U3
2008-05-10 18:38:45 0 d-------- C:\Program Files\MSXML 4.0
2008-04-28 20:42:56 0 d-------- C:\Documents and Settings\User\Application Data\Sun
2008-04-17 18:41:11 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-04-17 16:22:18 208896 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>


-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The process cannot access the file because it is being used by another process.
ComSpec: C:\WINDOWS\system32\cmd.exe


-- End of Deckard's System Scanner: finished at 2008-06-23 12:02:04 ------------


i got 2 notepads after completing DSS, "main" and "extra", this is "main". do i need to post "extra" too?

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 AM

Posted 24 June 2008 - 12:51 PM

Hello jagsfan2832,

Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 jagsfan2832

jagsfan2832
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 24 June 2008 - 02:53 PM

thank you so much for the help, is this the last step because this will be my third log and my computer isnt fixed, but i will try to be more patient about fixing this problem and thanks again for the help, im going to do it right now and make a new one with the name report.txt log if you want to help me out the rest of thwe way.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 AM

Posted 24 June 2008 - 02:58 PM

You got your computer very infected, so it will not be an easy process to remove the malware.
Your impatience is not helping any. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 jagsfan2832

jagsfan2832
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 24 June 2008 - 04:53 PM

my computer has safe mode written in almost every corner of the screen, my whole screen is black, and it has a bunch of random words written at the top of the screen after i started up the computer in safe mode and it has been sitting there for over an hour and it hasnt changed, can you help me fix this?

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 AM

Posted 24 June 2008 - 05:01 PM

my computer has safe mode written in almost every corner of the screen,

that is normal.

my whole screen is black,

Not normal. :)

and it has a bunch of random words written at the top of the screen after i started up the computer in safe mode and it has been sitting there for over an hour and it hasnt changed, can you help me fix this?


I dont know. :thumbsup:
What are the random words at the top of the screen?

When you bootup to the safe mode menu screen, select from the following option:
Safe Mode with Networking

See if that helps.

Edited by SifuMike, 24 June 2008 - 05:02 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 jagsfan2832

jagsfan2832
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 24 June 2008 - 05:51 PM

i think that might work because when i booted it up i just went to the first one that said "safe mode" instead of the other two so i will try that right now and give you an update soon about the progress.

#8 jagsfan2832

jagsfan2832
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 24 June 2008 - 06:08 PM

i got the same thing again and at the top, the "random words", are Microsoft ® Windows XP ® and then a bunch of random letters numbers and signs in parentheses.

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 AM

Posted 24 June 2008 - 06:45 PM

Hi,

Please tell me what antivirus program you are using?


If you are not running an antivirus then you need to install one as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!




i got 2 notepads after completing DSS, "main" and "extra", this is "main". do i need to post "extra" too?



Yes, post the extra.txt file.

Edited by SifuMike, 24 June 2008 - 07:36 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 jagsfan2832

jagsfan2832
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 25 June 2008 - 12:26 PM

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 494.8 MiB / 111.61 MiB
Pagefile Memory (total/avail): 1157.54 MiB / 700.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.89 MiB

C: is Fixed (NTFS) - 37.26 GiB total, 18.85 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT) - 0.24 GiB total, 0.21 GiB free.

\\.\PHYSICALDRIVE0 - IC25N040ATMR04-0 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

\\.\PHYSICALDRIVE1 - LEXAR JUMPDRIVE SECURE USB Device - 243.17 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 243.14 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Lexmark 6500 Series\\lxdfamon.exe"="C:\\Program Files\\Lexmark 6500 Series\\lxdfamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 6500 Series\\frun.exe"="C:\\Program Files\\Lexmark 6500 Series\\frun.exe:*:Enabled:Lexmark Productivity Studio"
"C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"="C:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\\Program Files\\Lexmark 6500 Series\\LXDFFax.exe"="C:\\Program Files\\Lexmark 6500 Series\\LXDFFax.exe:*:Enabled:Fax software"
"C:\\Program Files\\Lexmark 6500 Series\\lxdfmon.exe"="C:\\Program Files\\Lexmark 6500 Series\\lxdfmon.exe:*:Enabled:Printer Device Monitor"
"C:\\WINDOWS\\system32\\lxdfcfg.exe"="C:\\WINDOWS\\system32\\lxdfcfg.exe:*:Enabled:Printer Communication System"
"C:\\WINDOWS\\system32\\lxdfcoms.exe"="C:\\WINDOWS\\system32\\lxdfcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdftime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdftime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfjswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfjswx.exe:*:Enabled:Job Status Window Interface"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

Unable to get environment variables; The process cannot access the file because it is being used by another process.
ComSpec: C:\WINDOWS\system32\cmd.exe


-- User Profiles ---------------------------------------------------------------

User (admin)


-- Add/Remove Programs ---------------------------------------------------------

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AntispyStorm 1.01.0093 --> "C:\Program Files\AntispyStorm\uninstall.exe" -u
Deewoo Network Manager removal --> C:\WINDOWS\system32\mcntmadm.exe -UPop
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Microsoft Internationalized Domain Names Mitigation APIs --> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Windows Internet Explorer 7 --> "C:\WINDOWS\ie7\spuninst\spuninst.exe"
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
Windows XP Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Security Update for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows Genuine Advantage Validation Tool (KB892130) -->
Security Update for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803) --> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344) --> "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Update for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Update for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Update for Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Update for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865) --> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Update for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Update for Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Update for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Update for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239) --> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Update for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Update for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Update for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127) --> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615) --> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533) --> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Hotfix for Windows Internet Explorer 7 (KB947864) --> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759) --> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Lexmark 6500 Series --> C:\Program Files\Lexmark 6500 Series\Install\x86\Uninst.exe
LG USB Drivers --> C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
Microsoft .NET Framework 1.0 Hotfix (KB928367) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework (English) v1.0.3705 --> C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
My Web Search (Cursor Mania) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
Microsoft National Language Support Downlevel APIs --> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Notebook Maximizer --> C:\WINDOWS\iun506.exe C:\Program Files\Notebook Maximizer\irunin.ini
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Toshiba Hotkey Utility for Display Devices --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Access --> C:\PROGRA~1\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\TOSHIB~1\INSTALL.LOG
TOSHIBA Power Saver --> TPWRDEL.EXE
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> C:\Toshiba\ivp\swupdate\UNWISE.EXE C:\Toshiba\ivp\swupdate\INSTALL.LOG
Toshiba Tbiosdrv Driver --> C:\PROGRA~1\Toshiba\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\Toshiba\TOSHIB~1\INSTALL.LOG
TOSHIBA Utilities --> tutildel.exe
TOSHIBA TouchPad On/Off Utility V2.05.00 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
V CAST Music Essentials Manager --> C:\PROGRA~1\VERIZO~1\VCASTM~2\Setup.exe /remove /q0
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 2 --> C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
V CAST Music --> MsiExec.exe /X{3249FD43-B24B-413F-B786-F8FEA32FA747}
Command --> wscript "C:\WINDOWS\VXNlcg\prh5w0.vbs"
TOSHIBA Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80D95911-28E9-40AC-A6B5-1DA6D9F14B29}\Setup.exe" -l0x9
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
Alps Pointing-device Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Network Monitor --> wscript "C:\WINDOWS\uninstall_nmon.vbs"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Microsoft .NET Framework (English) --> MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Drag'n Drop CD+DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Toshiba Registration --> MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1268 / Error
Event Submitted/Written: 06/21/2008 07:05:03 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0003215b.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type1263 / Warning
Event Submitted/Written: 06/20/2008 09:02:38 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type1262 / Warning
Event Submitted/Written: 06/20/2008 09:02:38 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type1251 / Warning
Event Submitted/Written: 06/20/2008 08:20:46 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type1250 / Warning
Event Submitted/Written: 06/20/2008 08:20:46 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8877 / Error
Event Submitted/Written: 06/23/2008 00:01:54 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0CE14077-1294-42EB-A7AF-724E972C861C}.
The backup browser is stopping.

Event Record #/Type8876 / Warning
Event Submitted/Written: 06/23/2008 11:56:51 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\NETZER on the network \Device\NetBT_Tcpip_{0CE14077-1294-42EB-A7AF-724E972C861C}.
The data is the error code.

Event Record #/Type8872 / Warning
Event Submitted/Written: 06/23/2008 11:55:38 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013CEED16C6. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type8869 / Error
Event Submitted/Written: 06/22/2008 07:49:06 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Event Record #/Type8867 / Error
Event Submitted/Written: 06/22/2008 03:53:02 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-06-23 12:02:04 ------------

here is extra, and i am checking what antivirus program i am running right now, it might be AVG but is there anywhere to go to see what antivirus program(s) i am running?

Edited by jagsfan2832, 25 June 2008 - 12:28 PM.


#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 AM

Posted 25 June 2008 - 02:45 PM

i am checking what antivirus program i am running right now, it might be AVG but is there anywhere to go to see what antivirus program(s) i am running?


If you dont know then you probably have not ever installed one. I dont see one in your logs. :thumbsup:

Look in your add/remove programs. I dont think you have one. Very dangerous! That is the reason you are infected.

If you dont have one installed then do so and run a full scan of the computer.

Post a fresh DSS log after you have run the Antivirus.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 AM

Posted 02 July 2008 - 08:47 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users