h-26
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by h-26
-
-
i have windows internet explorer 7 and 8 listed as installed programs (in add or remove programs), but when i click on either of these there isn't an option to remove or change. tried the add/remove windows components option on left hand side, but this hasn't had any effect.
-
SP3 install seems to have worked ok. Still have same problem with internet access.
-
actually it hasn't cured IE! the only way i can internet access is to right click IE icon and select start without add-ons still.
-
Hi there
That seems to have fixed internet explorer, but BT broadband is still shutting. Not a huge problem really.
Also, there were some automatic updates waiting to be installed, but they 'could not be installed'. I've listed these below:
Update for Windows XP (KB979306)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB956844)
Did we reinstall the SP3 or do i not need to do this?
-
ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4f301b9eabc72d49b6d292925a57bc8e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-03-25 12:18:49
# local_time=2010-03-25 12:18:49 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777175 100 0 291116 291116 0 0
# compatibility_mode=5121 16776613 100 96 2991932 22419450 0 0
# compatibility_mode=8192 67108863 100 0 3931 3931 0 0
# scanned=192608
# found=0
# cleaned=0
# scan_time=5225
still having problems with accessing internet via BT Yahoo - it keeps closing down still. not tried anything else atm as it's time for bed !! thanks for your help with this - it's much appreciated. goodnight! x
-
got mbam to work!
log as follows:
Malwarebytes' Anti-Malware 1.44
Database version: 3910
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
24/03/2010 22:40:33
mbam-log-2010-03-24 (22-40-33).txt
Scan type: Quick Scan
Objects scanned: 136507
Time elapsed: 8 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
just had an error on the malwarebytes update:
Error code: 732 (0, 0)
-
found a way to crank up IE so here's the combofix log
ComboFix 10-03-23.01 - heather 23/03/2010 18:21:09.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1330 [GMT 0:00]
Running from: c:\documents and settings\heather\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\heather\Local Settings\Application Data\{F476E718-F83B-4BEE-A8B7-2016291C0745}
c:\documents and settings\heather\Local Settings\Application Data\{F476E718-F83B-4BEE-A8B7-2016291C0745}\chrome.manifest
c:\documents and settings\heather\Local Settings\Application Data\{F476E718-F83B-4BEE-A8B7-2016291C0745}\chrome\content\_cfg.js
c:\documents and settings\heather\Local Settings\Application Data\{F476E718-F83B-4BEE-A8B7-2016291C0745}\chrome\content\overlay.xul
c:\documents and settings\heather\Local Settings\Application Data\{F476E718-F83B-4BEE-A8B7-2016291C0745}\install.rdf
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc100.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc101.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc102.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc103.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc104.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc105.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc106.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc107.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc108.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc109.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc10A.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc10B.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc10C.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc10D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc10E.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc10F.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc110.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc111.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc112.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc113.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc114.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc115.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc116.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc117.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc118.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc119.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc11A.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc11B.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc11C.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc11D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc11E.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc11F.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc120.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc121.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc122.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc123.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc124.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc125.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc126.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc127.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc128.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc12A.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc12D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc13.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc132.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc134.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc135.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc136.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc13D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc141.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc142.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc15.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc150.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc170.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc171.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc18.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc19.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc199.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc19B.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc1B.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc1BB.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc1C.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc1D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc1E.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc1F.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc20.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc202.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc21.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc22.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc23.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc24.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc249.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc25.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc26.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc27.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc28.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc29.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc2A.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc2B.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc2C.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc2D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc2E.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc2F.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc30.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc31.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc32.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc33.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc34.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc35.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc36.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc37.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc38.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc39.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc3A.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc3B.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc3C.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc3D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc3E.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc3F.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc40.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc40E.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc41.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc411.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc42.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc43.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc44.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc45.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc46.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc47.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc48.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc49.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc4A.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc4B.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc4C.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc4D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc4E.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc4F.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc50.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc51.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc52.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc53.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc54.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc55.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc56.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc57.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc58.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc59.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc5A.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc5B.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc5C.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc5D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc5E.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc5F.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc60.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc61.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc62.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc63.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc64.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc65.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc66.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc67.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc68.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc69.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc6A.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc6B.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc6C.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc6D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc6E.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc6F.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc70.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc71.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc72.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc73.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc74.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc75.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc76.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc77.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc78.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc79.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc7A.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc7B.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc7C.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc7D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc7E.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc7F.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc80.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc81.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc82.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc83.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc84.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc85.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc86.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc87.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc88.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc89.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc8A.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc8B.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc8C.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc8D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc8E.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc8F.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc90.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc91.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc92.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc93.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc94.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc95.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc96.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc97.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc98.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc99.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc9A.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc9B.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc9C.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc9D.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc9E.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc9F.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA0.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA1.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA2.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA3.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA4.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA5.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA6.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA7.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA8.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA9.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccAA.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccAB.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccAC.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccAD.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccAE.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccAF.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB0.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB1.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB2.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB3.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB4.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB5.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB6.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB7.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB8.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB9.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccBA.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccBB.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccBC.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccBD.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccBE.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccBF.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC0.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC1.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC2.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC3.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC4.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC5.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC6.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC7.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC8.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC9.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccCA.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccCB.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccCC.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccCD.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccCE.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccCF.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD0.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD1.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD2.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD3.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD4.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD5.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD6.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD7.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD8.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD9.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccDA.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccDB.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccDC.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccDD.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccDE.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccDF.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE0.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE1.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE2.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE3.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE4.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE5.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE6.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE7.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE8.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE9.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccEA.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccEB.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccEC.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccED.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccEE.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccEF.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF0.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF1.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF2.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF3.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF4.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF5.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF6.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF7.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF8.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF9.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccFA.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccFB.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccFC.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccFD.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccFE.tmp
c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccFF.tmp
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\345022866.dat
c:\windows\system32\bb1.dat
c:\windows\system32\Data
c:\windows\system32\hjgruihpmowpap.dat
c:\windows\system32\hjgruivhfetchh.dat
c:\windows\system32\ps1.dat
c:\windows\system32\rc.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_hjgruiijglkayb
-------\Service_hjgruiijglkayb
((((((((((((((((((((((((( Files Created from 2010-02-24 to 2010-03-24 )))))))))))))))))))))))))))))))
.
2010-03-22 17:35 . 2010-03-22 17:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-21 15:34 . 2010-03-21 15:34 293376 ----a-w- c:\program files\ozi0x6xe.exe
2010-03-21 15:18 . 2010-03-21 15:18 525824 ----a-w- c:\program files\dds.scr
2010-03-21 15:00 . 2010-03-21 15:00 -------- d-----w- C:\$AVG
2010-03-21 15:00 . 2010-03-22 17:35 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-21 15:00 . 2010-03-22 17:35 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-21 15:00 . 2010-03-22 17:34 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-21 15:00 . 2010-03-24 08:20 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-21 15:00 . 2010-03-21 15:00 -------- d-----w- c:\program files\AVG
2010-03-21 15:00 . 2010-03-21 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-21 14:31 . 2010-03-21 14:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-21 11:24 . 2010-03-21 11:24 55184 ----a-w- c:\windows\system32\PxSecure(2).dll
2010-03-21 11:24 . 2010-03-21 14:31 -------- d-----w- c:\program files\Prevx
2010-03-21 11:24 . 2010-03-21 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-03-13 09:05 . 2010-03-13 09:05 -------- d-----w- c:\documents and settings\heather\Local Settings\Application Data\IRIS Software Ltd
2010-03-13 09:04 . 2010-03-13 09:04 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2010-03-13 09:04 . 2010-03-13 09:04 -------- d-----w- c:\program files\Common Files\Crystal Decisions
2010-03-13 09:04 . 2010-03-18 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\IRIS Software Ltd
2010-03-13 09:04 . 2010-03-13 09:04 -------- d-----w- c:\program files\IRIS Software Ltd
2010-03-02 18:55 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 18:27 . 2008-04-13 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-03-24 18:24 . 2006-11-17 18:44 -------- d-----w- c:\program files\Dl_cats
2010-03-24 18:03 . 2004-08-10 12:03 78503 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-21 14:30 . 2009-02-07 15:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-19 17:29 . 2010-02-17 08:49 120 ----a-w- c:\windows\Hwupiholuracanar.dat
2010-03-19 08:45 . 2010-02-17 08:49 0 ----a-w- c:\windows\Ucenukururul.bin
2010-03-10 19:11 . 2009-08-06 17:51 -------- d-----w- c:\program files\LittlewoodsPoker
2010-03-10 19:11 . 2009-08-06 17:51 -------- d-----w- c:\documents and settings\heather\Application Data\LittlewoodsPoker
2010-03-08 18:36 . 2006-03-30 16:16 -------- d-----w- c:\program files\Java
2010-03-04 18:23 . 2009-01-27 18:52 -------- d-----w- c:\program files\InterPoker
2010-02-18 16:19 . 2009-01-18 19:01 -------- d-----w- c:\program files\McAfee
2007-06-25 19:18 . 2007-06-25 19:18 60526 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-06-25 19:18 . 2007-06-25 19:18 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-25 19:18 . 2007-06-25 19:18 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-10-06 14:50 . 2007-10-06 14:50 56 -csh--r- c:\windows\system32\1B9E4B68C9.sys
2009-05-25 09:03 . 2007-02-11 11:19 56 -csh--r- c:\windows\system32\391C1D2BD4.sys
2009-05-25 09:03 . 2007-02-11 11:19 6372 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-02-24 73728]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-14 430080]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-08-31 448040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-28 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-6-15 1208320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-22 17:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/03/2010 15:00 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/03/2010 15:00 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22/03/2010 17:35 308064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [18/01/2009 20:30 203280]
R3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
S2 gupdate1ca4020fd98a150;Google Update Service (gupdate1ca4020fd98a150);c:\program files\Google\Update\GoogleUpdate.exe [28/09/2009 09:49 133104]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - UPLOADMGR
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]
2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 09:49]
2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 09:49]
2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-18 11:22]
2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-18 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bt.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\heather\Application Data\Mozilla\Firefox\Profiles\juferj17.default\
FF - prefs.js: browser.search.selectedEngine - Google
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Stosuhuw - c:\windows\ufetokesiko.dll
Notify-dimsntfy - (no file)
SafeBoot-mferkdk
AddRemove-sunpoker - c:\program files\SunPoker\_SetupPoker[1].exe
AddRemove-William Hill Poker - c:\poker\William Hill Poker\_SetupPoker[1].exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 18:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(4332)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\heather\LOCALS~1\Temp\clclean.0001
c:\windows\system32\rundll32.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\dlcicoms.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\Yahoo!\YOP\secstat.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-03-24 18:36:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-24 18:36
Pre-Run: 137,947,705,344 bytes free
Post-Run: 138,531,946,496 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - 64085F15912C70D4163206D5CA4D3AF8
-
Did you check if Mcafee didn't quartined it?
checked mcafee and the ufetokesiko.dll file is in quarantine. there is also 5 combofix artemis! files
-
ok - it looks like i won't be able to post the combofix log at the moment as when i try and get on the internet it's saying it's encountered a problem and needs to close. i also have a yellow shield in the corner telling me it's downloading updates. was it supposed to do this?
-
the good news is that my pc started up without any error messages and i now have icons and task bar back (hurrah!).
combofix started up (of it's own accord) and i now have a log from this which i have posted below. i also had two error message boxes:
RUNDLL
Error loading C:\Windows\ufetokesiko.dll
The specified module could not be found.
RUNDLL
Error loading CTMBHA.DLL
A dynamic link library (DLL) initialization routine failed.
-
i'm still getting the msls51.dll messages and still no icons or task bar.
scan results as follows:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, March 24, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, March 23, 2010 18:34:12
Records in database: 3854749
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - File:
Scan statistics:
Objects scanned: 196544
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:22:29
No threats found. Scanned area is clean.
Selected area has been scanned.
-
that was everything on the combofix text file. when combofix finished it didn't put the log on screen, just said it needed to reboot.
i don't seem to have a C:\Qoobox\quarantine\combofix quarantined files.txt file
-
combofix.txt log:
ComboFix 10-03-23.01 - heather 23/03/2010 18:21:09.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1330 [GMT 0:00]
Running from: C:\Documents and Settings\heather\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
-
i can't get the combofix to download to desktop. every time i try it gets to 99% and then gives me an error message...
Cannot copy ComboFix{1}: Access is denied.
Make sure the disk is not full or write-protected and that the file is not currently in use.
sorry! any ideas how to sort this?
-
here's the log
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:31 on 22/03/2010 by heather (Administrator - Elevation successful)
========== filefind ==========
Searching for "msls51.dll"
No files found.
-=End Of File=-
PrevX didn't pick anything up.
AVG has given me a message as follows (i can't find out how to copy it!)
_
Resident Shield alert
Accessed file is infected
Threat detected!
File name: C:\WINDOWS\system32\uxtheme.dll
Threat name: Virus identified Win32/Patched.CK
Detected on open.
More information about this threat....
_
-
here's the DDS logs:
DDS (Ver_10-03-17.01) - NTFSx86
Run by heather at 15:26:57.40 on 21/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1298 [GMT 0:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Program Files\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://bt.yahoo.com
uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://bt.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mWinlogon: Shell=Explorer.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [setDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [sigmatelSysTrayApp] stsystra.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [updReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [DLCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16
mRun: [dlcimon.exe] "c:\program files\dell aio printer 946\dlcimon.exe"
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [stosuhuw] rundll32.exe "c:\windows\ufetokesiko.dll",Startup
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRunOnce: [*Restore] c:\windows\system32\restore\rstrui.exe -c
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: avgrsstarter - avgrsstx.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\heather\applic~1\mozilla\firefox\profiles\juferj17.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: XULRunner: {F476E718-F83B-4BEE-A8B7-2016291C0745} - c:\documents and settings\heather\local settings\application data\{F476E718-F83B-4BEE-A8B7-2016291C0745}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-21 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-21 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-21 360584]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-20 214664]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-21 285392]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-18 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-18 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-1-18 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-18 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-18 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-18 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-18 40552]
S2 gupdate1ca4020fd98a150;Google Update Service (gupdate1ca4020fd98a150);c:\program files\google\update\GoogleUpdate.exe [2009-9-28 133104]
S3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-18 34248]
=============== Created Last 30 ================
2010-03-21 15:18:01 525824 ----a-w- c:\program files\dds.scr
2010-03-21 15:00:49 0 d--h--w- C:\$AVG
2010-03-21 15:00:39 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-21 15:00:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-21 15:00:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-21 15:00:25 0 d-----w- c:\windows\system32\drivers\Avg
2010-03-21 15:00:10 0 d-----w- c:\program files\AVG
2010-03-21 15:00:08 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-03-21 14:31:02 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-21 11:24:59 55184 ----a-w- c:\windows\system32\PxSecure(2).dll
2010-03-21 11:24:57 0 d-----w- c:\program files\Prevx
2010-03-21 11:24:26 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-03-13 09:04:08 0 d-----w- c:\program files\common files\Crystal Decisions
2010-03-13 09:04:00 0 d-----w- c:\program files\IRIS Software Ltd
2010-03-13 09:04:00 0 d-----w- c:\docume~1\alluse~1\applic~1\IRIS Software Ltd
2010-03-02 18:55:44 293376 ------w- c:\windows\system32\browserchoice.exe
==================== Find3M ====================
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2007-10-06 14:50:15 56 -csh--r- c:\windows\system32\1B9E4B68C9.sys
2009-07-10 08:33:25 144 -csha-w- c:\windows\system32\345022866.dat
2009-05-25 09:03:35 56 -csh--r- c:\windows\system32\391C1D2BD4.sys
2009-05-25 09:03:44 6372 -csha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-30 12:27:30 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat
============= FINISH: 15:29:18.73 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 22/07/2006 10:07:42
System Uptime: 21/03/2010 14:31:32 (1 hours ago)
Motherboard: Dell Inc. | | 0FJ030
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 146 GiB total, 128.733 GiB free.
D: is CDROM ()
E: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP24: 14/03/2010 09:08:38 - System Checkpoint
RP25: 15/03/2010 17:58:01 - System Checkpoint
RP26: 17/03/2010 20:35:39 - System Checkpoint
RP27: 18/03/2010 20:50:37 - System Checkpoint
RP28: 19/03/2010 21:01:08 - System Checkpoint
RP29: 21/03/2010 09:37:48 - Restore Operation
RP30: 21/03/2010 09:41:27 - Restore Operation
RP31: 21/03/2010 09:45:20 - Restore Operation
RP32: 21/03/2010 14:30:18 - Restore Operation
RP33: 21/03/2010 15:00:08 - Installed AVG Free 9.0
==== Installed Programs ======================
ABBYY FineReader 6.0 Sprint
ActionPoker.com
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Andrea VoiceCenter
Apple Mobile Device Support
Apple Software Update
ARTEuro
ATI Control Panel
ATI Display Driver
AVG Free 9.0
BBC iPlayer Download Manager
Betfair Poker
BlueSoleil
BT Broadband Desktop Help
BT Wireless Connection Manager
BT Yahoo! Applications
CinepPlayer 30 Update
Corel Paint Shop Pro X
Corel Photo Album 6
Creative MediaSource
Dell AIO Printer 946
Dell CinePlayer
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Dell System Restore
Digimax Converter
Digimax Master
Google Chrome
Google Toolbar for Firefox
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
InterPoker
IRIS Bookkeeping
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java 6 Update 17
Java 6 Update 2
Java 6 Update 3
Java 6 Update 5
Java 6 Update 7
Java SE Runtime Environment 6 Update 1
Littlewoods Poker
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft AutoRoute 2005
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Photo Premium 10
Microsoft Picture It! Library 10
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (1.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org Installer 1.0
PokerStars
Print to Fax
QuickTime
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Samsung USB Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Shockwave
Sonic Activation Module
Sonic Advanced Decoder
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
SunPoker
SunPoker.com
Tiscali Internet
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Wanadoo Europe Installer
WebFldrs XP
William Hill Poker
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
Works Upgrade
==== Event Viewer Messages From Past Week ========
18/03/2010 17:48:35, error: Service Control Manager [7022] - The KService service hung on starting.
16/03/2010 23:05:07, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
16/03/2010 22:50:07, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
==== End Of File ===========================
the pc crashed overnight so i don't have anything off the GMER scan. it looked like there was a conflict with my security software(?). is there anything i can do before trying again?
-
hello kahdah
i'm having problems with the GMER scan as it's taken over three hours so far. My CPU usage is at 100%. should I stop it running or continue. I've tried to post the results of the DDS but that froze, so i'm sending this from my laptop.
thanks for your help with this!
-
I am having a problem as follows. When I turn on my pc this error message appears
'this application has failed to start because msls51.dll was not found. Re-installing the application may fix this problem'
the windows screen loads up without any icons. I can get to the task manager via ctrl-alt-del and run programs through this, but am repeatedly getting the same error message.
I have tried system restore to a point where I know everything was working fine, but this hasn't worked.
can anyone help please?
msls51.dll error message
in Resolved Malware Removal Logs
Posted
uninstalled IE 8 so back to IE 7 and it's all working fine. do i have to reinstall IE again or will the automatic updates take care of that?
anything else i need to do to prevent this sort of thing happening again? i was thinking of dumping mcafee for something else - would you have any recommendations? and should i keep all the software on that you've asked me to download or will i start getting conflicts between them?
thanks again for all your advice - you've been soooo helpful !