Jump to content

msls51.dll error message


h-26
 Share

Recommended Posts

I am having a problem as follows. When I turn on my pc this error message appears

'this application has failed to start because msls51.dll was not found. Re-installing the application may fix this problem'

the windows screen loads up without any icons. I can get to the task manager via ctrl-alt-del and run programs through this, but am repeatedly getting the same error message.

I have tried system restore to a point where I know everything was working fine, but this hasn't worked.

can anyone help please?

Link to post
Share on other sites

Hello h-26

Welcome to Malwarebytes.

=====================

Using Task manager see if you can get me the following logs:

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt.

================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • Sections

  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.

======================

Link to post
Share on other sites

hello kahdah

i'm having problems with the GMER scan as it's taken over three hours so far. My CPU usage is at 100%. should I stop it running or continue. I've tried to post the results of the DDS but that froze, so i'm sending this from my laptop.

thanks for your help with this!

Link to post
Share on other sites

here's the DDS logs:

DDS (Ver_10-03-17.01) - NTFSx86

Run by heather at 15:26:57.40 on 21/03/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1298 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

svchost.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\taskmgr.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\Yahoo!\browser\ybrwicon.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\PROGRA~1\Yahoo!\browser\ybrowser.exe

C:\Program Files\McAfee\MSC\mcshell.exe

C:\Program Files\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://bt.yahoo.com

uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://bt.yahoo.com

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

mWinlogon: Shell=Explorer.exe

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [kdx] c:\program files\kontiki\KHost.exe -all

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r

mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [DLCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCItime.dll,_RunDLLEntry@16

mRun: [dlcimon.exe] "c:\program files\dell aio printer 946\dlcimon.exe"

mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe

mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [stosuhuw] rundll32.exe "c:\windows\ufetokesiko.dll",Startup

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRunOnce: [*Restore] c:\windows\system32\restore\rstrui.exe -c

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: avgrsstarter - avgrsstx.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\heather\applic~1\mozilla\firefox\profiles\juferj17.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - HiddenExtension: XULRunner: {F476E718-F83B-4BEE-A8B7-2016291C0745} - c:\documents and settings\heather\local settings\application data\{F476E718-F83B-4BEE-A8B7-2016291C0745}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-21 333192]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-21 28424]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-21 360584]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-20 214664]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-21 285392]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-18 203280]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-18 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-1-18 144704]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-18 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-18 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-18 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-18 40552]

S2 gupdate1ca4020fd98a150;Google Update Service (gupdate1ca4020fd98a150);c:\program files\google\update\GoogleUpdate.exe [2009-9-28 133104]

S3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-18 34248]

=============== Created Last 30 ================

2010-03-21 15:18:01 525824 ----a-w- c:\program files\dds.scr

2010-03-21 15:00:49 0 d--h--w- C:\$AVG

2010-03-21 15:00:39 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-21 15:00:39 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-21 15:00:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-21 15:00:25 0 d-----w- c:\windows\system32\drivers\Avg

2010-03-21 15:00:10 0 d-----w- c:\program files\AVG

2010-03-21 15:00:08 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2010-03-21 14:31:02 0 d-----w- c:\windows\system32\wbem\Repository

2010-03-21 11:24:59 55184 ----a-w- c:\windows\system32\PxSecure(2).dll

2010-03-21 11:24:57 0 d-----w- c:\program files\Prevx

2010-03-21 11:24:26 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI

2010-03-13 09:04:08 0 d-----w- c:\program files\common files\Crystal Decisions

2010-03-13 09:04:00 0 d-----w- c:\program files\IRIS Software Ltd

2010-03-13 09:04:00 0 d-----w- c:\docume~1\alluse~1\applic~1\IRIS Software Ltd

2010-03-02 18:55:44 293376 ------w- c:\windows\system32\browserchoice.exe

==================== Find3M ====================

2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

2007-10-06 14:50:15 56 -csh--r- c:\windows\system32\1B9E4B68C9.sys

2009-07-10 08:33:25 144 -csha-w- c:\windows\system32\345022866.dat

2009-05-25 09:03:35 56 -csh--r- c:\windows\system32\391C1D2BD4.sys

2009-05-25 09:03:44 6372 -csha-w- c:\windows\system32\KGyGaAvL.sys

2008-08-30 12:27:30 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat

============= FINISH: 15:29:18.73 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 22/07/2006 10:07:42

System Uptime: 21/03/2010 14:31:32 (1 hours ago)

Motherboard: Dell Inc. | | 0FJ030

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 128.733 GiB free.

D: is CDROM ()

E: is CDROM ()

H: is Removable

I: is Removable

J: is Removable

K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP24: 14/03/2010 09:08:38 - System Checkpoint

RP25: 15/03/2010 17:58:01 - System Checkpoint

RP26: 17/03/2010 20:35:39 - System Checkpoint

RP27: 18/03/2010 20:50:37 - System Checkpoint

RP28: 19/03/2010 21:01:08 - System Checkpoint

RP29: 21/03/2010 09:37:48 - Restore Operation

RP30: 21/03/2010 09:41:27 - Restore Operation

RP31: 21/03/2010 09:45:20 - Restore Operation

RP32: 21/03/2010 14:30:18 - Restore Operation

RP33: 21/03/2010 15:00:08 - Installed AVG Free 9.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint

ActionPoker.com

Adobe Flash Player 10 ActiveX

Adobe Reader 7.0

Andrea VoiceCenter

Apple Mobile Device Support

Apple Software Update

ARTEuro

ATI Control Panel

ATI Display Driver

AVG Free 9.0

BBC iPlayer Download Manager

Betfair Poker

BlueSoleil

BT Broadband Desktop Help

BT Wireless Connection Manager

BT Yahoo! Applications

CinepPlayer 30 Update

Corel Paint Shop Pro X

Corel Photo Album 6

Creative MediaSource

Dell AIO Printer 946

Dell CinePlayer

Dell Driver Reset Tool

Dell Media Experience

Dell Support 5.0.0 (630)

Dell System Restore

Digimax Converter

Digimax Master

Google Chrome

Google Toolbar for Firefox

Google Update Helper

High Definition Audio Driver Package - KB835221

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Intel Matrix Storage Manager

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

InterPoker

IRIS Bookkeeping

iTunes

Jasc Paint Shop Photo Album 5

Jasc Paint Shop Pro Studio, Dell Editon

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 17

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

Littlewoods Poker

Malwarebytes' Anti-Malware

McAfee SecurityCenter

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft AutoRoute 2005

Microsoft Digital Image Library 9 - Blocker

Microsoft Encarta Encyclopedia Standard 2005

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Media Content

Microsoft Office XP Standard for Students and Teachers

Microsoft Photo Premium 10

Microsoft Picture It! Library 10

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual J# .NET Redistributable Package 1.1

Microsoft Word 2002

Microsoft Works

Microsoft Works 2005 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

Mozilla Firefox (1.5)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OpenOffice.org Installer 1.0

PokerStars

Print to Fax

QuickTime

RealPlayer

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Samsung USB Driver

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978706)

Shockwave

Sonic Activation Module

Sonic Advanced Decoder

Sonic Update Manager

Sound Blaster Audigy ADVANCED MB

Sound Blaster Audigy ADVANCED MB Product Registration

SunPoker

SunPoker.com

Tiscali Internet

Update for Windows Internet Explorer 8 (KB968220)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Wanadoo Europe Installer

WebFldrs XP

William Hill Poker

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format Runtime

Windows XP Service Pack 3

Works Upgrade

==== Event Viewer Messages From Past Week ========

18/03/2010 17:48:35, error: Service Control Manager [7022] - The KService service hung on starting.

16/03/2010 23:05:07, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

16/03/2010 22:50:07, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

the pc crashed overnight so i don't have anything off the GMER scan. it looked like there was a conflict with my security software(?). is there anything i can do before trying again?

Link to post
Share on other sites

No don't worry about Gmer for now.

Did AVG or Prevx quarantine that file by chance?

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    msls51.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

here's the log

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 17:31 on 22/03/2010 by heather (Administrator - Elevation successful)

========== filefind ==========

Searching for "msls51.dll"

No files found.

-=End Of File=-

PrevX didn't pick anything up.

AVG has given me a message as follows (i can't find out how to copy it!)

_

Resident Shield alert

Accessed file is infected

Threat detected!

File name: C:\WINDOWS\system32\uxtheme.dll

Threat name: Virus identified Win32/Patched.CK

Detected on open.

More information about this threat....

_

Link to post
Share on other sites

Ok.

You may have to put up with the messages to get through it but try to do the following program.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

i can't get the combofix to download to desktop. every time i try it gets to 99% and then gives me an error message...

Cannot copy ComboFix{1}: Access is denied.

Make sure the disk is not full or write-protected and that the file is not currently in use.

sorry! any ideas how to sort this?

Link to post
Share on other sites

combofix.txt log:

ComboFix 10-03-23.01 - heather 23/03/2010 18:21:09.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1330 [GMT 0:00]

Running from: C:\Documents and Settings\heather\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

Link to post
Share on other sites

Are you still getting the msls51.dll error message?

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Link to post
Share on other sites

i'm still getting the msls51.dll messages and still no icons or task bar.

scan results as follows:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Wednesday, March 24, 2010

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, March 23, 2010 18:34:12

Records in database: 3854749

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - File:

Scan statistics:

Objects scanned: 196544

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 02:22:29

No threats found. Scanned area is clean.

Selected area has been scanned.

Link to post
Share on other sites

Ok let's try this.

Please uninstall Service pack 3.

You can do so by doing the folowing.

Open task Manager at the top where it says File click it then in the run box type in this full path c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe then hit ok.

It may take a while reboot when it is done.

Then your computer should be back to normal and then we can re apply SP3.

Link to post
Share on other sites

the good news is that my pc started up without any error messages and i now have icons and task bar back (hurrah!).

combofix started up (of it's own accord) and i now have a log from this which i have posted below. i also had two error message boxes:

RUNDLL

Error loading C:\Windows\ufetokesiko.dll

The specified module could not be found.

RUNDLL

Error loading CTMBHA.DLL

A dynamic link library (DLL) initialization routine failed.

Link to post
Share on other sites

ok - it looks like i won't be able to post the combofix log at the moment as when i try and get on the internet it's saying it's encountered a problem and needs to close. i also have a yellow shield in the corner telling me it's downloading updates. was it supposed to do this?

Link to post
Share on other sites

found a way to crank up IE so here's the combofix log

ComboFix 10-03-23.01 - heather 23/03/2010 18:21:09.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1330 [GMT 0:00]

Running from: c:\documents and settings\heather\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\heather\Local Settings\Application Data\{F476E718-F83B-4BEE-A8B7-2016291C0745}

c:\documents and settings\heather\Local Settings\Application Data\{F476E718-F83B-4BEE-A8B7-2016291C0745}\chrome.manifest

c:\documents and settings\heather\Local Settings\Application Data\{F476E718-F83B-4BEE-A8B7-2016291C0745}\chrome\content\_cfg.js

c:\documents and settings\heather\Local Settings\Application Data\{F476E718-F83B-4BEE-A8B7-2016291C0745}\chrome\content\overlay.xul

c:\documents and settings\heather\Local Settings\Application Data\{F476E718-F83B-4BEE-A8B7-2016291C0745}\install.rdf

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc100.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc101.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc102.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc103.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc104.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc105.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc106.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc107.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc108.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc109.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc10A.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc10B.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc10C.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc10D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc10E.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc10F.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc110.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc111.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc112.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc113.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc114.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc115.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc116.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc117.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc118.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc119.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc11A.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc11B.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc11C.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc11D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc11E.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc11F.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc120.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc121.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc122.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc123.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc124.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc125.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc126.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc127.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc128.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc12A.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc12D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc13.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc132.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc134.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc135.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc136.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc13D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc141.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc142.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc15.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc150.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc170.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc171.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc18.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc19.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc199.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc19B.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc1B.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc1BB.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc1C.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc1D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc1E.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc1F.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc20.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc202.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc21.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc22.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc23.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc24.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc249.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc25.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc26.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc27.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc28.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc29.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc2A.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc2B.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc2C.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc2D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc2E.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc2F.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc30.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc31.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc32.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc33.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc34.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc35.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc36.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc37.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc38.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc39.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc3A.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc3B.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc3C.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc3D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc3E.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc3F.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc40.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc40E.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc41.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc411.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc42.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc43.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc44.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc45.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc46.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc47.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc48.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc49.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc4A.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc4B.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc4C.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc4D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc4E.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc4F.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc50.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc51.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc52.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc53.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc54.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc55.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc56.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc57.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc58.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc59.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc5A.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc5B.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc5C.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc5D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc5E.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc5F.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc60.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc61.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc62.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc63.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc64.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc65.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc66.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc67.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc68.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc69.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc6A.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc6B.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc6C.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc6D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc6E.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc6F.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc70.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc71.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc72.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc73.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc74.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc75.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc76.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc77.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc78.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc79.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc7A.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc7B.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc7C.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc7D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc7E.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc7F.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc80.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc81.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc82.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc83.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc84.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc85.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc86.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc87.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc88.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc89.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc8A.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc8B.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc8C.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc8D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc8E.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc8F.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc90.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc91.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc92.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc93.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc94.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc95.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc96.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc97.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc98.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc99.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc9A.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc9B.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc9C.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc9D.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc9E.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mcc9F.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA0.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA1.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA2.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA3.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA4.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA5.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA6.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA7.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA8.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccA9.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccAA.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccAB.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccAC.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccAD.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccAE.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccAF.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB0.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB1.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB2.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB3.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB4.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB5.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB6.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB7.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB8.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccB9.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccBA.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccBB.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccBC.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccBD.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccBE.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccBF.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC0.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC1.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC2.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC3.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC4.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC5.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC6.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC7.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC8.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccC9.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccCA.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccCB.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccCC.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccCD.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccCE.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccCF.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD0.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD1.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD2.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD3.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD4.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD5.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD6.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD7.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD8.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccD9.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccDA.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccDB.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccDC.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccDD.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccDE.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccDF.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE0.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE1.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE2.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE3.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE4.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE5.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE6.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE7.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE8.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccE9.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccEA.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccEB.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccEC.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccED.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccEE.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccEF.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF0.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF1.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF2.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF3.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF4.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF5.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF6.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF7.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF8.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccF9.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccFA.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccFB.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccFC.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccFD.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccFE.tmp

c:\documents and settings\heather\Local Settings\Temporary Internet Files\mccFF.tmp

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\345022866.dat

c:\windows\system32\bb1.dat

c:\windows\system32\Data

c:\windows\system32\hjgruihpmowpap.dat

c:\windows\system32\hjgruivhfetchh.dat

c:\windows\system32\ps1.dat

c:\windows\system32\rc.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_hjgruiijglkayb

-------\Service_hjgruiijglkayb

((((((((((((((((((((((((( Files Created from 2010-02-24 to 2010-03-24 )))))))))))))))))))))))))))))))

.

2010-03-22 17:35 . 2010-03-22 17:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-21 15:34 . 2010-03-21 15:34 293376 ----a-w- c:\program files\ozi0x6xe.exe

2010-03-21 15:18 . 2010-03-21 15:18 525824 ----a-w- c:\program files\dds.scr

2010-03-21 15:00 . 2010-03-21 15:00 -------- d-----w- C:\$AVG

2010-03-21 15:00 . 2010-03-22 17:35 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-21 15:00 . 2010-03-22 17:35 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-21 15:00 . 2010-03-22 17:34 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-21 15:00 . 2010-03-24 08:20 -------- d-----w- c:\windows\system32\drivers\Avg

2010-03-21 15:00 . 2010-03-21 15:00 -------- d-----w- c:\program files\AVG

2010-03-21 15:00 . 2010-03-21 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-03-21 14:31 . 2010-03-21 14:31 -------- d-----w- c:\windows\system32\wbem\Repository

2010-03-21 11:24 . 2010-03-21 11:24 55184 ----a-w- c:\windows\system32\PxSecure(2).dll

2010-03-21 11:24 . 2010-03-21 14:31 -------- d-----w- c:\program files\Prevx

2010-03-21 11:24 . 2010-03-21 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI

2010-03-13 09:05 . 2010-03-13 09:05 -------- d-----w- c:\documents and settings\heather\Local Settings\Application Data\IRIS Software Ltd

2010-03-13 09:04 . 2010-03-13 09:04 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003

2010-03-13 09:04 . 2010-03-13 09:04 -------- d-----w- c:\program files\Common Files\Crystal Decisions

2010-03-13 09:04 . 2010-03-18 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\IRIS Software Ltd

2010-03-13 09:04 . 2010-03-13 09:04 -------- d-----w- c:\program files\IRIS Software Ltd

2010-03-02 18:55 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-24 18:27 . 2008-04-13 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki

2010-03-24 18:24 . 2006-11-17 18:44 -------- d-----w- c:\program files\Dl_cats

2010-03-24 18:03 . 2004-08-10 12:03 78503 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-03-21 14:30 . 2009-02-07 15:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-19 17:29 . 2010-02-17 08:49 120 ----a-w- c:\windows\Hwupiholuracanar.dat

2010-03-19 08:45 . 2010-02-17 08:49 0 ----a-w- c:\windows\Ucenukururul.bin

2010-03-10 19:11 . 2009-08-06 17:51 -------- d-----w- c:\program files\LittlewoodsPoker

2010-03-10 19:11 . 2009-08-06 17:51 -------- d-----w- c:\documents and settings\heather\Application Data\LittlewoodsPoker

2010-03-08 18:36 . 2006-03-30 16:16 -------- d-----w- c:\program files\Java

2010-03-04 18:23 . 2009-01-27 18:52 -------- d-----w- c:\program files\InterPoker

2010-02-18 16:19 . 2009-01-18 19:01 -------- d-----w- c:\program files\McAfee

2007-06-25 19:18 . 2007-06-25 19:18 60526 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll

2007-06-25 19:18 . 2007-06-25 19:18 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2007-06-25 19:18 . 2007-06-25 19:18 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll

2007-10-06 14:50 . 2007-10-06 14:50 56 -csh--r- c:\windows\system32\1B9E4B68C9.sys

2009-05-25 09:03 . 2007-02-11 11:19 56 -csh--r- c:\windows\system32\391C1D2BD4.sys

2009-05-25 09:03 . 2007-02-11 11:19 6372 -csha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]

"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]

"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-02-24 73728]

"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-14 430080]

"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]

"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-08-31 448040]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]

"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-28 198160]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-6-15 1208320]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-22 17:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE"=

"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/03/2010 15:00 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/03/2010 15:00 242696]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22/03/2010 17:35 308064]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [18/01/2009 20:30 203280]

R3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]

S2 gupdate1ca4020fd98a150;Google Update Service (gupdate1ca4020fd98a150);c:\program files\Google\Update\GoogleUpdate.exe [28/09/2009 09:49 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UPLOADMGR

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]

2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 09:49]

2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 09:49]

2009-11-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-18 11:22]

2009-10-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-18 11:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://bt.yahoo.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\heather\Application Data\Mozilla\Firefox\Profiles\juferj17.default\

FF - prefs.js: browser.search.selectedEngine - Google

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-Stosuhuw - c:\windows\ufetokesiko.dll

Notify-dimsntfy - (no file)

SafeBoot-mferkdk

AddRemove-sunpoker - c:\program files\SunPoker\_SetupPoker[1].exe

AddRemove-William Hill Poker - c:\poker\William Hill Poker\_SetupPoker[1].exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-24 18:25

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4332)

c:\windows\system32\WININET.dll

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe

c:\windows\system32\CTsvcCDA.exe

c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Kontiki\KService.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\McAfee\VIRUSS~1\mcshield.exe

c:\program files\McAfee\MPF\MPFSrv.exe

c:\program files\McAfee\MSK\MskSrver.exe

c:\windows\system32\wdfmgr.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\windows\stsystra.exe

c:\windows\system32\Rundll32.exe

c:\docume~1\heather\LOCALS~1\Temp\clclean.0001

c:\windows\system32\rundll32.exe

c:\progra~1\Yahoo!\browser\ycommon.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

c:\windows\system32\dlcicoms.exe

c:\program files\Common Files\InstallShield\UpdateService\agent.exe

c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\progra~1\Yahoo!\YOP\secstat.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\taskmgr.exe

.

**************************************************************************

.

Completion time: 2010-03-24 18:36:58 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-24 18:36

Pre-Run: 137,947,705,344 bytes free

Post-Run: 138,531,946,496 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,5

- - End Of File - - 64085F15912C70D4163206D5CA4D3AF8

Link to post
Share on other sites

begbodyguard You are not allowed or authorized to post here.

H-26 please do the following:

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

got mbam to work!

log as follows:

Malwarebytes' Anti-Malware 1.44

Database version: 3910

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

24/03/2010 22:40:33

mbam-log-2010-03-24 (22-40-33).txt

Scan type: Quick Scan

Objects scanned: 136507

Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=4f301b9eabc72d49b6d292925a57bc8e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2010-03-25 12:18:49

# local_time=2010-03-25 12:18:49 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1024 16777175 100 0 291116 291116 0 0

# compatibility_mode=5121 16776613 100 96 2991932 22419450 0 0

# compatibility_mode=8192 67108863 100 0 3931 3931 0 0

# scanned=192608

# found=0

# cleaned=0

# scan_time=5225

still having problems with accessing internet via BT Yahoo - it keeps closing down still. not tried anything else atm as it's time for bed !! thanks for your help with this - it's much appreciated. goodnight! x

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.