Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE picked up servere infection


  • This topic is locked This topic is locked
34 replies to this topic

#1 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 15 February 2011 - 10:16 PM

MSE Report on detected item

Detected Item Alert Level Date Action taken
Exploit:Java/CVE-2010-8040.AA Severe 15/02/2011 : 7:38PM Quarantined
Category: Exploit

Description: This program is dangerous and exploits the computer on which it is run.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer.
You can still access the files that these programs use without removing them (not recommended).
To access these files, select the Allow action and click Apply actions.
If this option is not available, log on as administrator or ask the security administrator for help.

Items:
file:C:\Documents and Settings\Nola Laverty\Local Settings\temp\jar_cache2921194829093899292.tmp->bpac/purok.class
file:C:\Documents and Settings\Nola Laverty\Local Settings\temp\jar_cache3648930415209970445.tmp->bpac/purok.class
file:C:\DOCUME~1\NOLALA~1\LOCALS~1\temp\jar_cache2921194829093899292.tmp->bpac/purok.class
file:C:\DOCUME~1\NOLALA~1\LOCALS~1\temp\jar_cache35971886958309623.tmp->bpac/purok.class
file:C:\DOCUME~1\NOLALA~1\LOCALS~1\temp\jar_cache3648930415209970445.tmp->bpac/purok.class
file:C:\DOCUME~1\NOLALA~1\LOCALS~1\temp\jar_cache5770534653822742613.tmp->bpac/purok.class


DDS (Ver_10-12-12.02) - NTFSx86
Run by Nola Laverty at 13:57:05.23 on Wed 16/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1023.514 [GMT 11:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\Nola Laverty\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
Trusted Zone: yahoo.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1267093573171
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269494276750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [2009-9-3 40496]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R1 MpKsl223e7b8f;MpKsl223e7b8f;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6322b03e-6745-48e6-9a02-1f07dd822487}\MpKsl223e7b8f.sys [2011-2-16 28752]
R1 MpKsl49b8ecaf;MpKsl49b8ecaf;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6322b03e-6745-48e6-9a02-1f07dd822487}\MpKsl49b8ecaf.sys [2011-2-15 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-4-26 95024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-10 54752]
S1 MpKsl00ddf4a4;MpKsl00ddf4a4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{156d96a6-00e6-4d4a-aee7-0984b9d5c412}\mpksl00ddf4a4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{156d96a6-00e6-4d4a-aee7-0984b9d5c412}\MpKsl00ddf4a4.sys [?]
S1 MpKsl079f9e64;MpKsl079f9e64;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f6d9f18-f4ad-4794-9958-64a301349d43}\mpksl079f9e64.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f6d9f18-f4ad-4794-9958-64a301349d43}\MpKsl079f9e64.sys [?]
S1 MpKsl20ba3122;MpKsl20ba3122;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88451f98-ff43-49e6-b4d7-09b81716a951}\mpksl20ba3122.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88451f98-ff43-49e6-b4d7-09b81716a951}\MpKsl20ba3122.sys [?]
S1 MpKsl4740b042;MpKsl4740b042;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66b10bb7-3d5f-4a25-86c5-0bd2716c737e}\mpksl4740b042.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66b10bb7-3d5f-4a25-86c5-0bd2716c737e}\MpKsl4740b042.sys [?]
S1 MpKsld5cb8003;MpKsld5cb8003;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88451f98-ff43-49e6-b4d7-09b81716a951}\mpksld5cb8003.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88451f98-ff43-49e6-b4d7-09b81716a951}\MpKsld5cb8003.sys [?]
S1 MpKsle3e50204;MpKsle3e50204;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{156d96a6-00e6-4d4a-aee7-0984b9d5c412}\mpksle3e50204.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{156d96a6-00e6-4d4a-aee7-0984b9d5c412}\MpKsle3e50204.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 cSdqt4;cSdqt4;c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s --> c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s [?]
S4 gupdate1c9e2afe5eee484;Google Update Service (gupdate1c9e2afe5eee484);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
S4 PIUwH3;PIUwH3;c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s --> c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s [?]
S4 W3xYdp;W3xYdp;c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s --> c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s [?]
S4 WinPhlash;WinPhlash; [x]

=============== Created Last 30 ================

2011-02-15 21:05:47 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6322b03e-6745-48e6-9a02-1f07dd822487}\MpKsl223e7b8f.sys
2011-02-15 08:23:14 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6322b03e-6745-48e6-9a02-1f07dd822487}\MpKsl49b8ecaf.sys
2011-02-15 06:44:05 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6322b03e-6745-48e6-9a02-1f07dd822487}\mpengine.dll
2011-02-12 10:06:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-12 10:06:41 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-10 00:09:39 -------- d-----w- c:\program files\ieSpell
2011-02-09 23:02:51 -------- d-----w- c:\program files\BurnAware Free
2011-01-30 03:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-29 05:19:44 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-01-29 05:19:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-01-25 20:33:03 -------- d-----w- c:\program files\VS Revo Group
2011-01-25 20:21:54 -------- d-----w- c:\windows\TempB13D0DBB-7EF0-A51A-D313-5CC4AD391B99-Signatures
2011-01-25 20:21:34 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-19 07:59:21 -------- d-----w- c:\docume~1\nolala~1\applic~1\SupportSoft
2011-01-19 07:59:10 -------- d-----w- c:\program files\common files\supportsoft
2011-01-18 01:26:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-18 01:26:46 -------- d-----w- c:\program files\SUPERAntiSpyware

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 06:03:54 730324224 ----a-w- C:\NickelsAndMore.bin
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-27 10:11:28 83968 ----a-w- c:\windows\system32\mscories.dll
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

============= FINISH: 13:57:30.26 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 25/10/2007 8:56:43 PM
System Uptime: 16/02/2011 8:04:25 AM (5 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5S800-VM
Processor: Intel® Celeron® CPU 2.80GHz | CPU 1 | 2786/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 54.293 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1171: 12/02/2011 12:30:35 PM - System Checkpoint
RP1172: 12/02/2011 12:31:16 PM - Fresh New
RP1173: 12/02/2011 4:33:30 PM - Software Distribution Service 3.0
RP1174: 12/02/2011 9:06:09 PM - Restore Operation
RP1175: 12/02/2011 9:11:19 PM - Software Distribution Service 3.0
RP1176: 13/02/2011 4:44:29 PM - Software Distribution Service 3.0
RP1177: 14/02/2011 4:47:46 PM - Software Distribution Service 3.0
RP1178: 15/02/2011 5:43:59 PM - Software Distribution Service 3.0
RP1179: 16/02/2011 1:22:32 PM - After Cue Club

==== Installed Programs ======================

500 From Special K
500 From Special K Software
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Apple Software Update
ASUS Probe V2.23.02
Bejeweled 2 Deluxe 1.0
BurnAware Free 3.1.3
Canon MP Navigator EX 2.0
Canon MP480 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CDBurnerXP
ClearType Tuning Control Panel Applet
CueClub
Defraggler
DivX Converter
EVGA Display Driver
getPlus® for Adobe
Google Earth
Google Update Helper
Google Updater
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 2007
Hoyle Board Games 5
Hoyle Demo
Hoyle Puzzle Games 2007
ieSpell
ImgBurn
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 23
Junk Mail filter update
Lotus SmartSuite Release 9
Malwarebytes' Anti-Malware
Masque Casino Game Pak II
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework SDK (English) 1.1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft IntelliPoint 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows SDK for Windows 7 (7.1)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Multimedia Mouse Driver
Nero Media Player
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
Orca Browser
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Reel Deal Slots - Nickels and More
Revo Uninstaller 1.91
Rummy From Special K
Rummy From Special K (C:\Program Files\Rummy From Special K\)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SiSRaidPackage
Speccy
SpeedFan (remove only)
Super DX-Ball v1.1
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinZip Self-Extractor
WOT for Internet Explorer
Yahoo!7 Messenger

==== Event Viewer Messages From Past Week ========

12/02/2011 9:08:51 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
12/02/2011 10:55:14 AM, error: Service Control Manager [7034] - The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).
12/02/2011 10:55:14 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/02/2011 10:55:14 AM, error: Service Control Manager [7034] - The NMSAccessU service terminated unexpectedly. It has done this 1 time(s).
12/02/2011 10:55:14 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/02/2011 10:55:13 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
10/02/2011 9:16:24 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-16 13:52:52
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST380011A rev.8.01
Running: gmer.exe; Driver: C:\DOCUME~1\NOLALA~1\LOCALS~1\Temp\kfgyqkow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xF48B16D0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6A2E360, 0x37388D, 0xE8000020]
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF687E900]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
? C:\DOCUME~1\NOLALA~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1416] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
- - - - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - - -
GMER failed the first time , so I hope that this is OK -

Thank You -
EDIT -
MBAM and SAS were both updated within 5 mins and showed no infections

Edited by noknojon, 16 February 2011 - 05:39 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:29 PM

Posted 16 February 2011 - 04:09 PM

Good evening. :)

1) Go to Start >> Control Panel >> Add/Remove Programs and uninstall Java™ 6 Update 23 and reboot your machine.

2) Go here and click on the Windows XP/Vista/2000/2003/2008 Offline link in the Windows section near the top and save it to your Desktop.

3) Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


***Please close any instances of Internet Explorer before continuing!***

  • Double-click JavaRa.exe to begin.
  • Pick your preferred language from the drop-down menu and click Select.
  • Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.
3) Run the installer that you downloaded earlier.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button, read the info in the new window, check the appropriate box and click Start.
  • Accept the ActiveX download, and allow it to install.
  • Once this has been completed, you will see the Computer Scan settings page - ensure that you UNCHECK the "Remove found threats" box and then click Start.
  • The virus signature database will now need to be downloaded, so don't forget to instruct your firewall to permit it if it asks.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

So long, and thanks for all the fish.

 

 


#3 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 16 February 2011 - 04:39 PM

Hi Noviciate -
I have removed and updated my Java (now 24) - I will now visit the ESET scanner -

Thank You -

Edited by noknojon, 16 February 2011 - 07:38 PM.


#4 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 16 February 2011 - 05:37 PM

Hi again -
The ESET scan found one item that should have been removed ages ago - I do not have this listed as a current file in Documents(read could not find) -
I do not usually download these items as they are usually scam programs -

C:\Documents and Settings\Nola Laverty\My Documents\speedupmypc.exe multiple threats

Next step ?? Run scanner again and ask to remove this item ??

Thank You -

Edited by noknojon, 16 February 2011 - 05:41 PM.


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:29 PM

Posted 16 February 2011 - 05:50 PM

If you cannot locate the file to delete it manually, then run ESET again and let it do the job. Let me know when that's done and we'll take it from there.

So long, and thanks for all the fish.

 

 


#6 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 16 February 2011 - 05:56 PM

Thank You -
I scoured d/loads etc in My Docs but can not find the item - If I could I would use Revo -
Sorry off track -
I will re-run ESET again and check Remove Detected Items -

Thank You -

EDIT -
Back in 45 mins -

Edited by noknojon, 16 February 2011 - 05:56 PM.


#7 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 16 February 2011 - 06:00 PM

Sorry -
My error - I just found the item - Should I first try to remove then use ESET also ??

Thank You -

#8 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 16 February 2011 - 07:29 PM

Hi again Noviciate -
The ESET removal scan picked up 3 variants of the Win:32/SlowPCfighter application -

C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{2EFCA8FB-B863-4DDE-B7D0-4EB3152999EC}\Registry Reviver.msi a variant of Win32/SlowPCfighter application deleted - quarantined
C:\RECYCLER\S-1-5-21-1292428093-261903793-682003330-1004\Dc1.exe multiple threats deleted - quarantined
C:\System Volume Information\_restore{2F7069EF-5A06-4E4A-834D-3E08C2281DD7}\RP1184\A0222508.msi a variant of Win32/SlowPCfighter application deleted - quarantined

Should I continue with other items now -
(Also) - From what I can find TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File - is an old AVG ToolBar - I have not used AVG for ages -
Is this easily removed ??

Thank You -

Edited by noknojon, 16 February 2011 - 07:58 PM.


#9 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 17 February 2011 - 06:03 AM

Hi -
It is late Down Under , I will be back and follow any directions , in about 9 hours -

Thank You so far -

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:29 PM

Posted 17 February 2011 - 02:46 PM

Good evening. :)

If you can find the file C:\Documents and Settings\Nola Laverty\My Documents\speedupmypc.exe then manually delete it, assuming that ESET didn't delete it already.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Is this easily removed ??


Download a copy of HiJackThis.msi from here and save it to your Desktop

  • Double click HiJackThis.msi to begin installation.
  • You will need to accept the EULA to install the tool, so check the box and click Next.
  • Accept the installation location, which by default is C:\Program Files\Trend Micro\HijackThis or click the Change... button if you want to choose somewhere else and then click Next
  • Once HJT has installed click Finish to finish - nice and clear this bit!
  • A shortcut will be handily created on your Desktop, so click it to begin.
  • When HJT opens, click on the Do a system scan and save a log file button.
  • When HJT has finished scanning, a window entitled "hijackthis.log" will open - when you close this window the log will be saved into the Hijackthis folder for reference.
  • Copy and paste this into your next reply.

So long, and thanks for all the fish.

 

 


#11 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 17 February 2011 - 03:42 PM

Hi Noviciate -
I loaded a new version of HJT last night (and deleted my old one) -
There are 3 TB items with "No file" listed but the other 2 are Google and Yahoo, so I am not concerned about those ones -

Thank You -

Here is the Scan as saved -

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:40:10 AM, on 18/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1267093573171
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269494276750
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5238 bytes

EDITED for spelling - Just woke up :mellow:
Extra - I found the My Documents\speedupmypc.exe in Documents and removed it -

Edited by noknojon, 17 February 2011 - 03:50 PM.


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:29 PM

Posted 17 February 2011 - 03:56 PM

Not much help there... never mind.

Download RegQuery from here and save it to your Desktop.

  • Double click the file to run it.
  • Copy the following keyname to your clipboard - either CTRL + C or right click will do.

    • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
  • Click Paste from Clipboard and then Query.
  • A Notepad window should open with some text it - either that or you'll get a pop-up telling you to check the keyname.
  • Let me have the contents of the file in your next reply.
Repeat for the following keynames:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars

So long, and thanks for all the fish.

 

 


#13 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 17 February 2011 - 04:09 PM

Not sure if this is the correct reply, but this is what came out -

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"Locked"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\QuickComplete]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,\
aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,\
aa,00,5b,43,83,22,00,1c,00,08,00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,\
00,00,46,81,00,00,00,11,00,00,00,6c,e8,06,21,ee,16,c8,01,c2,a9,15,ce,54,16,\
cb,01,24,38,c4,38,33,84,ca,01,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,8b,01,14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,\
08,00,2b,30,30,9d,19,00,2f,43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,51,3c,5c,29,10,00,44,4f,43,55,4d,\
45,7e,31,00,00,44,00,03,00,04,00,ef,be,59,37,f1,9c,db,3c,31,b9,14,00,00,00,\
44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,\
00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00,18,00,48,00,\
31,00,00,00,00,00,db,3c,9b,4a,10,00,4e,4f,4c,41,4c,41,7e,31,00,00,30,00,03,\
00,04,00,ef,be,59,37,47,50,db,3c,32,b9,14,00,00,00,4e,00,6f,00,6c,00,61,00,\
20,00,4c,00,61,00,76,00,65,00,72,00,74,00,79,00,00,00,18,00,56,00,31,00,00,\
00,00,00,d4,3c,d8,5c,11,00,46,41,56,4f,52,49,7e,31,00,00,3e,00,03,00,04,00,\
ef,be,59,37,47,50,db,3c,46,be,14,00,28,00,46,00,61,00,76,00,6f,00,72,00,69,\
00,74,00,65,00,73,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,31,32,\
36,39,33,00,18,00,62,00,31,00,00,00,00,00,98,3b,6e,06,11,00,4c,69,6e,6b,73,\
00,4e,00,03,00,04,00,ef,be,59,37,4a,50,db,3c,46,be,14,00,20,00,4c,00,69,00,\
6e,00,6b,00,73,00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\
6d,33,32,5c,69,65,66,72,61,6d,65,2e,64,6c,6c,2e,6d,75,69,2c,2d,31,32,33,38,\
35,00,14,00,00,00,60,00,00,00,03,00,00,a0,58,00,00,00,00,00,00,00,68,6f,6d,\
65,2d,37,32,65,30,39,30,39,38,65,35,00,26,7d,f3,33,a6,5e,77,46,87,fa,fe,09,\
18,ec,2c,e4,78,70,41,35,e5,82,dc,11,bd,c4,00,13,d4,43,3e,83,26,7d,f3,33,a6,\
5e,77,46,87,fa,fe,09,18,ec,2c,e4,78,70,41,35,e5,82,dc,11,bd,c4,00,13,d4,43,\
3e,83,00,00,00,00
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:32,bd,99,ef,fb,c1,d2,11,89,2f,00,\
90,27,1d,4f,88
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"=hex:9f,27,5d,ee,1b,08,04,44,99,4d,c6,\
b6,0a,ae,ba,6d
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"=hex:85,54,cf,f2,02,4e,68,4f,81,9c,b9,\
2d,e9,27,70,49,22,00,1c,00,08,00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,\
00,00,46,81,00,00,00,11,00,00,00,6c,e8,06,21,ee,16,c8,01,86,4d,54,15,24,73,\
ca,01,38,ec,1d,54,05,70,ca,01,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,8b,01,14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,\
08,00,2b,30,30,9d,19,00,2f,43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,5c,00,31,00,00,00,00,00,74,3b,f1,46,10,00,44,4f,43,55,4d,\
45,7e,31,00,00,44,00,03,00,04,00,ef,be,59,37,f1,9c,82,3b,65,3a,14,00,00,00,\
44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,\
00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00,18,00,48,00,\
31,00,00,00,00,00,82,3b,90,34,10,00,4e,4f,4c,41,4c,41,7e,31,00,00,30,00,03,\
00,04,00,ef,be,59,37,47,50,82,3b,ab,3c,14,00,00,00,4e,00,6f,00,6c,00,61,00,\
20,00,4c,00,61,00,76,00,65,00,72,00,74,00,79,00,00,00,18,00,56,00,31,00,00,\
00,00,00,7d,3b,6d,2a,11,00,46,41,56,4f,52,49,7e,31,00,00,3e,00,03,00,04,00,\
ef,be,59,37,47,50,82,3b,65,3a,14,00,28,00,46,00,61,00,76,00,6f,00,72,00,69,\
00,74,00,65,00,73,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,31,32,\
36,39,33,00,18,00,62,00,31,00,00,00,00,00,7c,3b,11,44,11,00,4c,69,6e,6b,73,\
00,4e,00,03,00,04,00,ef,be,59,37,4a,50,82,3b,b9,0d,14,00,20,00,4c,00,69,00,\
6e,00,6b,00,73,00,00,00,40,43,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,\
6d,33,32,5c,69,65,66,72,61,6d,65,2e,64,6c,6c,2e,6d,75,69,2c,2d,31,32,33,38,\
35,00,14,00,00,00,60,00,00,00,03,00,00,a0,58,00,00,00,00,00,00,00,68,6f,6d,\
65,2d,37,32,65,30,39,30,39,38,65,35,00,26,7d,f3,33,a6,5e,77,46,87,fa,fe,09,\
18,ec,2c,e4,78,70,41,35,e5,82,dc,11,bd,c4,00,13,d4,43,3e,83,26,7d,f3,33,a6,\
5e,77,46,87,fa,fe,09,18,ec,2c,e4,78,70,41,35,e5,82,dc,11,bd,c4,00,13,d4,43,\
3e,83,00,00,00,00
"{A057A204-BACC-4D26-9990-79A187E2698E}"=hex:04,a2,57,a0,cc,ba,26,4d,99,90,79,\
a1,87,e2,69,8e
"ITBar7Layout"=hex:13,00,00,00,00,00,00,00,00,00,00,00,30,00,00,00,10,00,01,00,\
33,00,00,00,01,00,00,00,00,07,00,00,00,00,00,00,06,00,00,00,01,01,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,32,bd,99,ef,fb,c1,d2,11,89,2f,00,90,27,1d,4f,88,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ITBarLayout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,24,00,00,00,1e,00,07,00,\
2e,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,02,00,00,00,29,07,00,00,a0,\
0f,00,00,05,00,00,00,62,05,00,00,26,00,00,00,04,00,00,00,21,01,00,00,a0,0f,\
00,00,03,00,00,00,20,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,32,bd,99,ef,fb,c1,d2,11,89,2f,00,90,27,1d,4f,88,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ITBar7Height"=dword:00000019
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:ef,44,fa,21,6d,37,53,4d,9b,0f,8a,\
89,d3,22,90,68
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}"=hex:46,65,57,71,4d,35,c9,41,aa,e8,31,\
f2,ec,22,bf,0d

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
@="Media Band"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}]
"BarSize"=hex:15,01,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}]
"BarSize"=hex:4d,01,00,00,00,00,00,00

EDIT -
Posted Today, 05:46 AM
Good evening
. :)

Very early AM here :oneeye:
:offtopic: Filling up time as I have my coffee -

Edited by noknojon, 17 February 2011 - 04:32 PM.


#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:29 PM

Posted 17 February 2011 - 05:13 PM

Looks good to me.

1) Create a Restore Point - this is standard procedure before making any registry changes.
A tutorial for System Restore is available here.

2) Copy the contents of the following box into Notepad. (Start > All Programs > Accessories > Notepad)
Make sure that you have no blank lines at the beginning, and one blank line at the end:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"=-
"{A057A204-BACC-4D26-9990-79A187E2698E}"=-

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]

Save it to your Desktop with the following name, including the quotation marks:
File Name: "Regfix.reg"

3) Locate Regfix.reg on your Desktop and double click it.
Click on Yes in the confirmation window.

Should you have any unexpected problems after this fix run System Restore, selecting the Restore Point you have just created, and things should be back to normal.

I'd like a fresh DDS log and description of how your machine is behaving.

So long, and thanks for all the fish.

 

 


#15 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 17 February 2011 - 05:33 PM

I ran the .reg item and was notified that a registry change was made , and accepted that - No problem -
There are no alterations to any performance to the computer that I can see (yet :wink: )
New full DDS log below -

DDS (Ver_10-12-12.02) - NTFSx86
Run by Nola Laverty at 9:24:18.39 on Fri 18/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1023.484 [GMT 11:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nola Laverty\Local Settings\Temporary Internet Files\Content.IE5\8HY29S08\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
Trusted Zone: yahoo.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1267093573171
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269494276750
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [2009-9-3 40496]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R1 MpKslecac8c7a;MpKslecac8c7a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{402a42f7-745b-42ca-b8e4-ae83b4d50af2}\MpKslecac8c7a.sys [2011-2-18 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-4-26 95024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-10 54752]
S1 MpKsl00ddf4a4;MpKsl00ddf4a4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{156d96a6-00e6-4d4a-aee7-0984b9d5c412}\mpksl00ddf4a4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{156d96a6-00e6-4d4a-aee7-0984b9d5c412}\MpKsl00ddf4a4.sys [?]
S1 MpKsl079f9e64;MpKsl079f9e64;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f6d9f18-f4ad-4794-9958-64a301349d43}\mpksl079f9e64.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f6d9f18-f4ad-4794-9958-64a301349d43}\MpKsl079f9e64.sys [?]
S1 MpKsl20ba3122;MpKsl20ba3122;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88451f98-ff43-49e6-b4d7-09b81716a951}\mpksl20ba3122.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88451f98-ff43-49e6-b4d7-09b81716a951}\MpKsl20ba3122.sys [?]
S1 MpKsl4740b042;MpKsl4740b042;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66b10bb7-3d5f-4a25-86c5-0bd2716c737e}\mpksl4740b042.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{66b10bb7-3d5f-4a25-86c5-0bd2716c737e}\MpKsl4740b042.sys [?]
S1 MpKsld5cb8003;MpKsld5cb8003;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88451f98-ff43-49e6-b4d7-09b81716a951}\mpksld5cb8003.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88451f98-ff43-49e6-b4d7-09b81716a951}\MpKsld5cb8003.sys [?]
S1 MpKsle3e50204;MpKsle3e50204;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{156d96a6-00e6-4d4a-aee7-0984b9d5c412}\mpksle3e50204.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{156d96a6-00e6-4d4a-aee7-0984b9d5c412}\MpKsle3e50204.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 cSdqt4;cSdqt4;c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s --> c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s [?]
S4 gupdate1c9e2afe5eee484;Google Update Service (gupdate1c9e2afe5eee484);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
S4 PIUwH3;PIUwH3;c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s --> c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s [?]
S4 W3xYdp;W3xYdp;c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s --> c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s [?]
S4 WinPhlash;WinPhlash; [x]

=============== Created Last 30 ================

2011-02-17 20:27:14 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{402a42f7-745b-42ca-b8e4-ae83b4d50af2}\MpKslecac8c7a.sys
2011-02-17 06:31:27 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{402a42f7-745b-42ca-b8e4-ae83b4d50af2}\mpengine.dll
2011-02-17 04:45:01 388096 ----a-r- c:\docume~1\nolala~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-17 04:44:59 -------- d-----w- c:\program files\Trend Micro
2011-02-16 21:46:03 -------- d-----w- c:\program files\ESET
2011-02-16 21:36:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-16 09:20:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-16 09:20:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-10 00:09:39 -------- d-----w- c:\program files\ieSpell
2011-02-09 23:02:51 -------- d-----w- c:\program files\BurnAware Free
2011-01-30 03:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-29 05:19:44 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-01-29 05:19:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-01-25 20:33:03 -------- d-----w- c:\program files\VS Revo Group
2011-01-25 20:21:54 -------- d-----w- c:\windows\TempB13D0DBB-7EF0-A51A-D313-5CC4AD391B99-Signatures
2011-01-25 20:21:34 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-19 07:59:21 -------- d-----w- c:\docume~1\nolala~1\applic~1\SupportSoft
2011-01-19 07:59:10 -------- d-----w- c:\program files\common files\supportsoft

==================== Find3M ====================

2011-02-16 21:36:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 06:03:54 730324224 ----a-w- C:\NickelsAndMore.bin
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-27 10:11:28 83968 ----a-w- c:\windows\system32\mscories.dll
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ------w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 9:25:42.95 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 25/10/2007 8:56:43 PM
System Uptime: 18/02/2011 7:26:22 AM (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5S800-VM
Processor: Intel® Celeron® CPU 2.80GHz | CPU 1 | 2786/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 53.908 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1171: 12/02/2011 12:30:35 PM - System Checkpoint
RP1172: 12/02/2011 12:31:16 PM - Fresh New
RP1173: 12/02/2011 4:33:30 PM - Software Distribution Service 3.0
RP1174: 12/02/2011 9:06:09 PM - Restore Operation
RP1175: 12/02/2011 9:11:19 PM - Software Distribution Service 3.0
RP1176: 13/02/2011 4:44:29 PM - Software Distribution Service 3.0
RP1177: 14/02/2011 4:47:46 PM - Software Distribution Service 3.0
RP1178: 15/02/2011 5:43:59 PM - Software Distribution Service 3.0
RP1179: 16/02/2011 1:22:32 PM - After Cue Club
RP1180: 16/02/2011 4:56:19 PM - Software Distribution Service 3.0
RP1181: 16/02/2011 8:20:14 PM - Restore Operation
RP1182: 16/02/2011 8:24:45 PM - Software Distribution Service 3.0
RP1183: 17/02/2011 8:21:51 AM - Removed Java™ 6 Update 23
RP1184: 17/02/2011 8:36:16 AM - Installed Java™ 6 Update 24
RP1185: 17/02/2011 3:34:06 PM - Removed HiJackThis
RP1186: 17/02/2011 3:44:59 PM - Installed HiJackThis
RP1187: 17/02/2011 5:31:22 PM - Software Distribution Service 3.0
RP1188: 18/02/2011 9:17:24 AM - Remove infection

==== Installed Programs ======================

500 From Special K
500 From Special K Software
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Apple Software Update
ASUS Probe V2.23.02
Bejeweled 2 Deluxe 1.0
BurnAware Free 3.1.3
Canon MP Navigator EX 2.0
Canon MP480 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CDBurnerXP
ClearType Tuning Control Panel Applet
CueClub
Defraggler
DivX Converter
ESET Online Scanner v3
EVGA Display Driver
getPlus® for Adobe
Google Earth
Google Update Helper
Google Updater
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 2007
Hoyle Board Games 5
Hoyle Demo
Hoyle Puzzle Games 2007
ieSpell
ImgBurn
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 24
Junk Mail filter update
Lotus SmartSuite Release 9
Malwarebytes' Anti-Malware
Masque Casino Game Pak II
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework SDK (English) 1.1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft IntelliPoint 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows SDK for Windows 7 (7.1)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Multimedia Mouse Driver
Nero Media Player
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
Orca Browser
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Reel Deal Slots - Nickels and More
Revo Uninstaller 1.91
Rummy From Special K
Rummy From Special K (C:\Program Files\Rummy From Special K\)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SiSRaidPackage
Speccy
SpeedFan (remove only)
Super DX-Ball v1.1
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinZip Self-Extractor
WOT for Internet Explorer
Yahoo!7 Messenger

==== Event Viewer Messages From Past Week ========

12/02/2011 9:08:51 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
12/02/2011 10:55:14 AM, error: Service Control Manager [7034] - The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).
12/02/2011 10:55:14 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/02/2011 10:55:14 AM, error: Service Control Manager [7034] - The NMSAccessU service terminated unexpectedly. It has done this 1 time(s).
12/02/2011 10:55:14 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/02/2011 10:55:13 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

==== End Of File ===========================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users