Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Vundo.gen!p, Nuwar.gen!lds And Probably More


  • This topic is locked This topic is locked
2 replies to this topic

#1 mowe

mowe

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 27 July 2008 - 10:10 PM

A few weeks ago my girlfriend somehow got some viruses on my pc. At the time I was using CA Internet security suite, I did a scan & it detected the Silly Di,,,,,,,or something like that. I tried to go to CA's web site for removaltools & info, but couldn't, I kept getting redirected. Then I tried other antivirus & virus removal web sites, to no avail...kept getting redirected. The virus wouldn't even let me go to bleepingcomputer.com, as I tried to almost immediately because about a year and a half ago I had to come to you for help. Also, I was unable to start in safe mode. Out of desperation/frustration, I tried to manually remove from the registry files that I NEW were bad....etc. Somewhere along the way I was able to get back on to Microsofts security web site and down load a free trial of Windows One Care.........I can now start in Safe mode "with Networking", but not regular Safe mode. Windows One Care is running a scan as I'm typing this to you, but my past experience, what very little I have, tells me that I'm going to need more than what they can offer. Below I've attached the main txt & extra txt from Deckards system scanner with HiJack this. I appreciate anything you could do to help me ou. Thanks for your time.

Kyle Brown

Deckard's System Scanner v20071014.68
Run by Kyle on 2008-07-27 19:30:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-07-28 00:32:35 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-07-27 21:59:18 UTC - RP5 - Microsoft OneCare Protection Checkpoint
4: 2008-07-27 15:50:34 UTC - RP4 - System Checkpoint
3: 2008-07-23 04:10:13 UTC - RP3 - Installed AVG Free 8.0
2: 2008-07-22 10:41:56 UTC - RP2 - Restore Operation


-- First Restore Point --
1: 2008-07-22 09:58:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-27 19:38:36
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Documents and Settings\Kyle\Local Settings\Temporary Internet Files\Content.IE5\8HM5G7O1\dss[1].exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
O2 - BHO: (no name) - {3A3F08C1-6B94-48F6-AED8-29D344ED03C7} - C:\WINDOWS\system32\qoMEtTli.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1188025913873
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188028194551
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab67031.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///G:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/armhelper.ocx
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe


--
End of file - 7759 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S1 partmgrr - c:\windows\system32\drivers\partmgrr.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 motmodem (Motorola USB CDC ACM Driver) - c:\windows\system32\drivers\motmodem.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 TnIDriver - c:\docume~1\kyle\locals~1\temp\tni6.tmp (file missing)
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Winbond W89C940-Based Ethernet Adapter (Generic)
Device ID: PCI\VEN_1050&DEV_0940&SUBSYS_00000000&REV_00\3&61AAA01&0&78
Manufacturer: Winbond Electronics Corporation
Name: Winbond W89C940-Based Ethernet Adapter (Generic)
PNP Device ID: PCI\VEN_1050&DEV_0940&SUBSYS_00000000&REV_00\3&61AAA01&0&78
Service: w89c940


-- Scheduled Tasks -------------------------------------------------------------

2008-07-27 19:40:01 420 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{09E26A2D-660D-4305-86E7-87F83E2773EB}.job
2008-07-06 08:44:00 512 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Kyle at 7 44 AM.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 19:10:03 0 d-------- C:\HijackThis
2008-07-27 11:10:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-27 03:24:16 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-07-27 00:29:45 0 d-------- C:\Program Files\Google
2008-07-26 23:08:52 0 d-------- C:\Documents and Settings\Administrator.KYLE-PC\Application Data\Macromedia
2008-07-26 22:57:06 0 d-------- C:\Documents and Settings\Administrator.KYLE-PC\Application Data\Adobe
2008-07-26 22:51:35 0 d--h----- C:\Documents and Settings\Administrator.KYLE-PC\Recent
2008-07-26 22:51:35 0 d--h----- C:\Documents and Settings\Administrator.KYLE-PC\PrintHood
2008-07-26 22:51:35 0 d--h----- C:\Documents and Settings\Administrator.KYLE-PC\NetHood
2008-07-26 22:51:35 0 d-------- C:\Documents and Settings\Administrator.KYLE-PC\My Documents
2008-07-26 22:51:35 0 d--h----- C:\Documents and Settings\Administrator.KYLE-PC\Local Settings
2008-07-26 22:51:35 0 d-------- C:\Documents and Settings\Administrator.KYLE-PC\Favorites
2008-07-26 22:51:35 0 d-------- C:\Documents and Settings\Administrator.KYLE-PC\Desktop
2008-07-26 22:51:35 0 d--hs---- C:\Documents and Settings\Administrator.KYLE-PC\Cookies
2008-07-26 22:51:35 0 dr-h----- C:\Documents and Settings\Administrator.KYLE-PC\Application Data
2008-07-26 22:51:35 0 d---s---- C:\Documents and Settings\Administrator.KYLE-PC\Application Data\Microsoft
2008-07-26 22:51:34 0 d--h----- C:\Documents and Settings\Administrator.KYLE-PC\Templates
2008-07-26 22:51:34 0 dr------- C:\Documents and Settings\Administrator.KYLE-PC\Start Menu
2008-07-26 22:51:34 0 dr-h----- C:\Documents and Settings\Administrator.KYLE-PC\SendTo
2008-07-26 22:51:34 696320 --a------ C:\Documents and Settings\Administrator.KYLE-PC\NTUSER.DAT
2008-07-26 07:27:01 83968 --a------ C:\WINDOWS\system32\jdcabgbh.dll
2008-07-26 07:23:04 101888 --a------ C:\WINDOWS\system32\ndefqhfb.dll
2008-07-26 07:18:50 93184 --a------ C:\WINDOWS\system32\hocfayja.dll
2008-07-23 00:33:32 102400 --a------ C:\WINDOWS\system32\pncnfw.dll
2008-07-23 00:33:22 102400 --a------ C:\WINDOWS\system32\eopompog.dll
2008-07-23 00:30:59 93184 --a------ C:\WINDOWS\system32\wmaidiob.dll
2008-07-22 04:58:25 4882432 --a------ C:\Documents and Settings\Kyle\ntuser.dat
2008-07-22 01:31:28 0 dr-h----- C:\Documents and Settings\Kyle\Recent
2008-07-22 00:39:33 81920 --a------ C:\WINDOWS\system32\fabnmjqn.dll
2008-07-22 00:29:30 102400 --a------ C:\WINDOWS\system32\fstjfw.dll
2008-07-22 00:29:21 102400 --a------ C:\WINDOWS\system32\ttqokccc.dll
2008-07-22 00:27:33 1541 --ahs---- C:\WINDOWS\system32\ilTtEMoq.ini2
2008-07-22 00:27:14 282624 --a------ C:\WINDOWS\system32\qoMEtTli.dll
2008-07-21 23:30:51 102400 --a------ C:\WINDOWS\system32\xlulty.dll
2008-07-21 23:30:43 102400 --a------ C:\WINDOWS\system32\kmmpevfd.dll
2008-07-21 22:55:24 0 d-------- C:\WINDOWS\system32\4322
2008-07-14 10:00:07 0 d-------- C:\Documents and Settings\Kyle\Application Data\HouseCall 6.6
2008-07-12 08:49:01 81408 --a------ C:\WINDOWS\system32\bghtxaim.dll
2008-07-12 08:46:21 101888 --a------ C:\WINDOWS\system32\lmybwo.dll
2008-07-12 08:46:13 101888 --a------ C:\WINDOWS\system32\jlhabead.dll
2008-07-11 08:39:29 80896 --a------ C:\WINDOWS\system32\menqnoad.dll
2008-07-11 08:36:36 101888 --a------ C:\WINDOWS\system32\bwfdar.dll
2008-07-11 08:36:29 101888 --a------ C:\WINDOWS\system32\hxsruyvl.dll
2008-07-11 08:33:44 92672 --a------ C:\WINDOWS\system32\vwippppi.dll
2008-07-10 14:24:04 717041 --ahs---- C:\WINDOWS\system32\iSuxHRqr.ini2
2008-07-10 14:19:20 152184 --a------ C:\WINDOWS\system32\g7.exe
2008-07-10 14:18:21 0 d-------- C:\WINDOWS\system32\1030
2008-07-10 14:18:19 0 d-------- C:\WINDOWS\system32\net
2008-07-10 14:17:51 0 d-------- C:\WINDOWS\system32\olixds05
2008-07-10 14:17:46 0 d-------- C:\Temp
2008-07-10 14:17:45 31232 --a------ C:\WINDOWS\system32\wvUlmNHB.dll
2008-07-05 16:03:51 0 d-------- C:\LXKZ33new
2008-07-03 16:21:59 0 d-------- C:\Program Files\Activision Value
2008-07-03 08:10:46 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-03 08:08:37 0 d-------- C:\Program Files\Windows Live
2008-07-03 08:04:48 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-30 04:30:00 0 d-------- C:\WINDOWS\system32\NtmsData


-- Find3M Report ---------------------------------------------------------------

2008-07-27 19:31:08 0 d-------- C:\Documents and Settings\Kyle\Application Data\SlimBrowser
2008-07-27 03:23:49 0 d-------- C:\Documents and Settings\Kyle\Application Data\GetRightToGo
2008-07-22 08:08:29 0 d-------- C:\Program Files\PokerStars
2008-07-22 04:18:22 0 d-------- C:\Program Files\Yahoo!
2008-07-21 22:52:51 0 d-------- C:\Program Files\RegVac Registry Cleaner
2008-07-10 14:17:24 0 d-------- C:\Program Files\limewire
2008-07-08 18:11:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-03 09:31:18 0 d-------- C:\Program Files\SlimBrowser
2008-07-03 08:10:46 0 d-------- C:\Program Files\Common Files
2008-06-27 22:56:03 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-22 20:01:08 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-22 16:47:42 0 d-------- C:\Program Files\Movie Maker
2008-06-22 16:46:15 0 d-------- C:\Program Files\Windows NT
2008-06-22 03:28:38 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-14 23:22:12 0 d-------- C:\Program Files\MSN Games
2008-06-14 22:53:30 0 d-------- C:\Program Files\Motorola Phone Tools
2008-06-14 22:04:08 0 d-------- C:\Program Files\Avanquest update
2008-06-03 01:29:59 0 d-------- C:\Program Files\CamelCasino
2008-06-02 22:07:53 0 d-------- C:\Program Files\GameShadow
2008-06-02 19:43:17 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-05-30 11:14:07 0 d-------- C:\Program Files\PCFriendly
2008-05-30 11:13:58 0 d-------- C:\Documents and Settings\Kyle\Application Data\BitTorrent


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A3F08C1-6B94-48F6-AED8-29D344ED03C7}]
07/22/2008 12:27 AM 282624 --a------ C:\WINDOWS\system32\qoMEtTli.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [06/25/2008 06:48 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMEtTli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc71a2816]
Rundll32.exe "C:\WINDOWS\system32\qwnhirsu.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c4291b8a]
rundll32.exe "C:\WINDOWS\system32\bghtxaim.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cafw]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfasem]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfupgrade]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
"C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
C:\Program Files\Glary Utilities\memdefrag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\system32\LXSUPMON.EXE RUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"G:\Program Files\WordPerfect Office 3\Programs\QFSCHD130.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{62d1a131-6c2d-44b1-42a7-4e403d9c685b}]
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\kfoargtcaocvtya.dll" DllStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{91-1B-B2-25-DW}]
C:\windows\system32\rrwnw64s.exe DWram02XX

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"ProtexisLicensing"=2 (0x2)
"WZCSVC"=2 (0x2)
"wscsvc"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"VETMSGNT"=2 (0x2)
"TrkWks"=2 (0x2)
"TapiSrv"=3 (0x3)
"seclogon"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteAccess"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"PPCtlPriv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"LexBceS"=2 (0x2)
"ITMRTSVC"=2 (0x2)
"helpsvc"=2 (0x2)
"EventSystem"=3 (0x3)
"CAISafe"=2 (0x2)
"CaCCProvSP"=3 (0x3)
"Alerter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-07-27 19:45:08 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Duron™ processor
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 255.48 MiB / 81.59 MiB
Pagefile Memory (total/avail): 1001.49 MiB / 707.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.57 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 13.98 GiB total, 4.47 GiB free.
D: is Fixed (NTFS) - 0.01 GiB total, 0 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 19 GiB total, 10.24 GiB free.

\\.\PHYSICALDRIVE0 - QUANTUM FIREBALLlct15 15 - 13.99 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 13.98 GiB - C:
\PARTITION1 - Installable File System - 7.84 MiB - D:

\\.\PHYSICALDRIVE1 - QUANTUM FIREBALLlct15 20 - 19.01 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 19 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

UpdatesDisableNotify is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\limewire\\LimeWire.exe"="C:\\Program Files\\limewire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"F:\\Installation\\Setupx.exe"="F:\\Installation\\Setupx.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime Essentials"
"C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe:*:Enabled:Nero MediaHome Essentials (1)"
"C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe:*:Enabled:Nero MediaHome Essentials (2)"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Documents and Settings\\Kyle\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Kyle\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\Program Files\\Activision Value\\WSOP 2008\\WSOPBFTB.exe"="G:\\Program Files\\Activision Value\\WSOP 2008\\WSOPBFTB.exe:*:Enabled:WSOPBFTB"
"C:\\Program Files\\CA\\CA Internet Security Suite\\casecuritycenter.exe"="C:\\Program Files\\CA\\CA Internet Security Suite\\casecuritycenter.exe:*:Enabled:CA Security Center"
"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spyware\\caantispyware.exe"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spyware\\caantispyware.exe:*:Enabled:CA Anti-Spyware"
"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\caav.exe"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\caav.exe:*:Enabled:CA Anti-Virus"
"C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe:*:Enabled:Ad-Aware 2007"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kyle\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KYLE-PC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kyle
LOGONSERVER=\\KYLE-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0701
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kyle\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kyle\LOCALS~1\Temp
USERDOMAIN=KYLE-PC
USERNAME=Kyle
USERPROFILE=C:\Documents and Settings\Kyle
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Kyle (admin)
Administrator.KYLE-PC (new local, admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
CA Anti-Spyware --> "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\setup\ccinstaller.exe" /u /silent /module="pp"
CA Internet Security Suite --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
CA Pest Patrol Realtime Protection --> MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
CamelCasino --> C:\Program Files\CamelCasino\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
COWON Media Center - jetAudio Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
DriverGuide DriverScan --> C:\Program Files\DriverGuide DriverScan\uninstall.exe
Eleven Home Edition 2.1.2.2 --> C:\WINDOWS\uninstall\Eleven Home Edition\setup.exe
GameShadow --> MsiExec.exe /I{21BB0483-3D43-46A7-A63F-72C702701438}
Glary Utilities 2.2.2.66 --> "C:\Program Files\Glary Utilities\unins000.exe"
GTOneCare --> MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
InCD EasyWrite Reader (Ahead Software) --> C:\WINDOWS\UNMrw.exe /UNINSTALL
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
jZip --> C:\Program Files\jZip\Uninstall.exe C:\PROGRA~1\jZip\UNWISE.EXE C:\PROGRA~1\jZip\INSTALL.LOG
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lexmark Supplies Monitor --> C:\WINDOWS\system32\LXSMUNIN.EXE
Lexmark Z23-Z33 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\lxaiUN5C.EXE -dLexmark Z23-Z33
LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Application Error Reporting -->
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Live OneCare Resources v2.5.2900.03 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{AB65455A-059F-41C3-AAD6-2EFAFB38B19B}
Microsoft Windows OneCare Live v2.5.2900.03 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v2.5.2900.03 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Motorola Driver Installation 3.4.0 --> MsiExec.exe /I{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}
Motorola Phone Tools --> C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
MP3 Folders --> MsiExec.exe /I{5CE09320-7745-11D8-B964-00B0D02C43C4}
Nero 7 Essentials --> MsiExec.exe /X{8E72B982-D54F-486F-B35A-C24B6F171033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Opera 9.24 --> MsiExec.exe /X{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RegVac Registry Cleaner 5.01 (Trial Version) --> "C:\Program Files\RegVac Registry Cleaner\unins000.exe"
SlimBrowser (remove only) --> "C:\Program Files\SlimBrowser\uninst.exe"
Socrates Media Product Browser --> MsiExec.exe /X{DBD63176-CA6A-4E3B-8D09-8D0592F869EF}
Super Collapse! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A301896D-9F55-4492-B518-30EAC4C723E1}\setup.exe" -l0x9
Super Glinx! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3AA7FDD6-E358-453D-BC77-22E3CF81DA83}\setup.exe" -l0x9
Super Nisqually! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40B739E1-40CC-4F0D-9BA1-B75492FFA732}\setup.exe" -l0x9
Tri-Peaks Solitaire To Go --> "C:\Program Files\MSN Games\Tri-Peaks Solitaire To Go\Uninstall.exe" "C:\Program Files\MSN Games\Tri-Peaks Solitaire To Go\install.log"
Tri-Towers 2.1.4.4 --> C:\WINDOWS\uninstall\Tri-Towers\setup.exe
WebFldrs XP -->
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World Series of Poker 2008: Battle for the Bracelets --> G:\Program Files\Activision Value\WSOP 2008\Uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type572 / Error
Event Submitted/Written: 07/27/2008 04:27:36 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type564 / Error
Event Submitted/Written: 07/27/2008 04:23:10 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type563 / Error
Event Submitted/Written: 07/27/2008 04:23:10 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type560 / Error
Event Submitted/Written: 07/27/2008 11:21:05 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type550 / Error
Event Submitted/Written: 07/27/2008 11:14:36 AM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7569 / Warning
Event Submitted/Written: 07/27/2008 07:42:28 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KYLE-PC29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KYLE-PC29 can't undo changes that you allow.

For more information please see the following:
%KYLE-PC295

Scan ID: {0C009F3D-3255-4A7F-B68B-0E487E28F7D2}

Agent: %KYLE-PC43

User: KYLE-PC\Kyle

Name: %KYLE-PC291

ID: %KYLE-PC292

Severity: 1.5.1955.05

Category: 1.5.1955.06

Path Found: %KYLE-PC296

Alert Type: %KYLE-PC298

Process Name: C:\Documents and Settings\Kyle\Local Settings\Temporary Internet Files\Content.IE5\8HM5G7O1\dss[1].exe

Detection Type: 1.5.1955.02

Status: 1.5.1955.00

Event Record #/Type7568 / Warning
Event Submitted/Written: 07/27/2008 07:42:21 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KYLE-PC29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KYLE-PC29 can't undo changes that you allow.

For more information please see the following:
%KYLE-PC295

Scan ID: {236829A6-77CB-499C-9BE4-FB8CB9D9C835}

Agent: %KYLE-PC43

User: KYLE-PC\Kyle

Name: %KYLE-PC291

ID: %KYLE-PC292

Severity: 1.5.1955.05

Category: 1.5.1955.06

Path Found: %KYLE-PC296

Alert Type: %KYLE-PC298

Process Name: C:\Documents and Settings\Kyle\Local Settings\Temporary Internet Files\Content.IE5\8HM5G7O1\dss[1].exe

Detection Type: 1.5.1955.02

Status: 1.5.1955.00

Event Record #/Type7567 / Warning
Event Submitted/Written: 07/27/2008 07:42:18 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KYLE-PC29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KYLE-PC29 can't undo changes that you allow.

For more information please see the following:
%KYLE-PC295

Scan ID: {66FC3005-55BB-493D-91AF-D5525ADEDA1D}

Agent: %KYLE-PC43

User: KYLE-PC\Kyle

Name: %KYLE-PC291

ID: %KYLE-PC292

Severity: 1.5.1955.05

Category: 1.5.1955.06

Path Found: %KYLE-PC296

Alert Type: %KYLE-PC298

Process Name: C:\Documents and Settings\Kyle\Local Settings\Temporary Internet Files\Content.IE5\8HM5G7O1\dss[1].exe

Detection Type: 1.5.1955.02

Status: 1.5.1955.00

Event Record #/Type7566 / Warning
Event Submitted/Written: 07/27/2008 07:42:16 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KYLE-PC29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KYLE-PC29 can't undo changes that you allow.

For more information please see the following:
%KYLE-PC295

Scan ID: {E2FD2A3F-A156-461D-AF58-A271A0EA92EF}

Agent: %KYLE-PC43

User: KYLE-PC\Kyle

Name: %KYLE-PC291

ID: %KYLE-PC292

Severity: 1.5.1955.05

Category: 1.5.1955.06

Path Found: %KYLE-PC296

Alert Type: %KYLE-PC298

Process Name: C:\Documents and Settings\Kyle\Local Settings\Temporary Internet Files\Content.IE5\8HM5G7O1\dss[1].exe

Detection Type: 1.5.1955.02

Status: 1.5.1955.00

Event Record #/Type7565 / Warning
Event Submitted/Written: 07/27/2008 07:42:16 PM
Event ID/Source: 3004 / OneCareMP
Event Description:
%KYLE-PC29 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KYLE-PC29 can't undo changes that you allow.

For more information please see the following:
%KYLE-PC295

Scan ID: {BE72CCBF-542D-4A85-957D-D6E149C7740C}

Agent: %KYLE-PC43

User: KYLE-PC\Kyle

Name: %KYLE-PC291

ID: %KYLE-PC292

Severity: 1.5.1955.05

Category: 1.5.1955.06

Path Found: %KYLE-PC296

Alert Type: %KYLE-PC298

Process Name: C:\Documents and Settings\Kyle\Local Settings\Temporary Internet Files\Content.IE5\8HM5G7O1\dss[1].exe

Detection Type: 1.5.1955.02

Status: 1.5.1955.00



-- End of Deckard's System Scanner: finished at 2008-07-27 19:45:08 ------------

BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 08 August 2008 - 01:13 PM

Hello mowe,

I apologise for the delay, the forum is too busy.

If you still need help post a HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 14 August 2008 - 12:55 AM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users