W32 Drom asssistance needed

**ageee** · 2008-05-05, 11:49

Hi
every time I shutdown I get a warning box up telling me that orse-1re is closingon invetigation it would appear that this file is connected to W32 Drom. I have scanned my system using spybot s&d and it does not find it
can anybody help me?
Below are my kaspersky KASPERSKY ONLINE SCANNER REPORT &hjt logs

Monday, May 05, 2008 12:56:09 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 739091

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 103030
Number of viruses found 10
Number of infected objects 23
Number of suspicious objects 5
Duration of the scan process 02:44:09

Infected Object Name Virus Name Last Action
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\SchedLog.Txt Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{12286323-BD2F-4AED-9518-9A9FF7040E41}.bin Object is locked skipped

C:\WINDOWS\b152.exe_old Infected: not-a-virus:AdWare.Win32.Insider.c skipped

C:\WINDOWS\17PHolmes1395.exe Infected: Trojan-Downloader.Win32.Homles.be skipped

C:\WINDOWS\b154.exe_old Infected: Trojan-Downloader.Win32.Agent.kha skipped

C:\Program Files\Common Files\fjOs0r.dll Infected: Trojan-Spy.Win32.QQLogger.c skipped

C:\Program Files\Internet Explorer\OnlO0r.bak Infected: Virus.Win32.AutoRun.mu skipped

C:\Program Files\Internet Explorer\OnlO0r.dll Infected: Trojan-Spy.Win32.QQLogger.c skipped

C:\Program Files\omsetup.exe/WISE0024.BIN/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.AdvancedSearchBar skipped

C:\Program Files\omsetup.exe/WISE0024.BIN/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.AdvancedSearchBar skipped

C:\Program Files\omsetup.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.AdvancedSearchBar skipped

C:\Program Files\omsetup.exe WiseSFX: infected - 3 skipped

C:\Program Files\omsetup.exe WiseSFXDropper: infected - 3 skipped

C:\Program Files\Microsoft AntiSpyware\Quarantine\E859E390-A8FD-4563-B22E-1A65CA\C82C2E8D-D3B4-4000-8D10-759ACE/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped

C:\Program Files\Microsoft AntiSpyware\Quarantine\E859E390-A8FD-4563-B22E-1A65CA\C82C2E8D-D3B4-4000-8D10-759ACE/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel skipped

C:\Program Files\Microsoft AntiSpyware\Quarantine\E859E390-A8FD-4563-B22E-1A65CA\C82C2E8D-D3B4-4000-8D10-759ACE/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped

C:\Program Files\Microsoft AntiSpyware\Quarantine\E859E390-A8FD-4563-B22E-1A65CA\C82C2E8D-D3B4-4000-8D10-759ACE CAB: infected - 3 skipped

C:\Program Files\JavaCore\JavaCore.exe Infected: not-a-virus:AdWare.Win32.Insider.c skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped

C:\Documents and Settings\All Users\ntuser.dat Object is locked skipped

C:\Documents and Settings\All Users\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\default\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\default\Local Settings\History\History.IE5\MSHist012008050420080505\index.dat Object is locked skipped

C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\default\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\default\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\default\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\default\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\default\Application Data\Identities\{6CF0B157-27B6-4127-B9BA-F5FA35C2F45B}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped

C:\Documents and Settings\default\Application Data\Identities\{6CF0B157-27B6-4127-B9BA-F5FA35C2F45B}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped

C:\Documents and Settings\default\Application Data\Identities\{6CF0B157-27B6-4127-B9BA-F5FA35C2F45B}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped

C:\Documents and Settings\default\Application Data\Identities\{6CF0B157-27B6-4127-B9BA-F5FA35C2F45B}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped

C:\Documents and Settings\default\Application Data\Identities\{6CF0B157-27B6-4127-B9BA-F5FA35C2F45B}\Microsoft\Outlook Express\Deleted Items.bak/[From "National Westminster Bank" ][Date Sat, 24 Nov 2007 01:01:38 +0100 (added by postmaster@mail-12.uk.tiscali.com)]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\default\Application Data\Identities\{6CF0B157-27B6-4127-B9BA-F5FA35C2F45B}\Microsoft\Outlook Express\Deleted Items.bak/[From "National Westminster Bank" ][Date Sat, 24 Nov 2007 01:01:38 +0100 (added by postmaster@mail-12.uk.tiscali.com)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\default\Application Data\Identities\{6CF0B157-27B6-4127-B9BA-F5FA35C2F45B}\Microsoft\Outlook Express\Deleted Items.bak/[From "NatWest Bank" ][Date Sat, 17 Nov 2007 04:44:07 +0100 (added by postmaster@mail-8.uk.tiscali.com)]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\default\Application Data\Identities\{6CF0B157-27B6-4127-B9BA-F5FA35C2F45B}\Microsoft\Outlook Express\Deleted Items.bak/[From "NatWest Bank" ][Date Sat, 17 Nov 2007 04:44:07 +0100 (added by postmaster@mail-8.uk.tiscali.com)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\default\Application Data\Identities\{6CF0B157-27B6-4127-B9BA-F5FA35C2F45B}\Microsoft\Outlook Express\Deleted Items.bak MailMSOutlook5: suspicious - 4 skipped

C:\Documents and Settings\default\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-30f32520.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\default\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-30f32520.zip ZIP: infected - 1 skipped

C:\Documents and Settings\default\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\default\ntuser.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

I:\Absolute Pitch.exe/wr-1-1395.exe Infected: Trojan-Downloader.Win32.Small.ihc skipped

I:\Absolute Pitch.exe nBinder5.0: infected - 1 skipped

I:\Audio Books\Absolute Pitch.zip/Absolute Pitch.exe/wr-1-1395.exe Infected: Trojan-Downloader.Win32.Small.ihc skipped

I:\Audio Books\Absolute Pitch.zip/Absolute Pitch.exe Infected: Trojan-Downloader.Win32.Small.ihc skipped

I:\Audio Books\Absolute Pitch.zip ZIP: infected - 2 skipped

I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:36, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\ESM2\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\InkSaver\InkSaver.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\KMAESTRO\KMaestro.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\default\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.alltheinternet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.alltheinternet.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://www.alltheinternet.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://www.alltheinternet.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://www.alltheinternet.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

provided by Freeserve
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} -

C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} - C:\Program Files\Common

Files\fjOs0r.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch

USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [KeyMaestro] C:\KMAESTRO\KMaestro.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics

Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Trash it Scheduler] C:\Program Files\Trash it!\Trash it Scheduler.exe
O4 - HKCU\..\Run: [OptimizeMemory] C:\Program Files\Advanced Searchbar\Optimize

Memory\OptimizeMemory.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default

user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common

Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON

CardMonitor1.0.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =

C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay

Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw -

res://C:\PROGRA~1\MICROS~2\OFFICE\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.alltheinternet.com

(file missing)
O9 - Extra 'Tools' menuitem: Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} -

http://www.alltheinternet.com (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -

https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program

Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION -

C:\ESM2\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) -

file:///C:/DOCUME~1/default/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

--
End of file - 9621 bytes

Thread: W32 Drom asssistance needed

Thread Tools

Display

Threaded View

W32 Drom asssistance needed

Posting Permissions