View Full Version : Bad image message pop up every time I tried to run an application
Please help me. I've followed the steps in your intructions on what to do before posting logs etc.
The same message pops up every time I try to run an application, only it comes three times for every application with slight differentiations. Being:
"The application or DLL C:\WINDOWS\system32\arotq5rc3.dll is not a valid Windows image. Please check this against your installation diskette"
Instead of arotq5rc3.dll, it pops up a second time but now with: fexojb.dll After that a third time with: mtlfc8lmp.dll
Here's my Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14:54, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\iid.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\sygwin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sygwin.exe] C:\WINDOWS\sygwin.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\mmcc.exe
O4 - HKLM\..\Run: [debgdiag] C:\WINDOWS\system32\pubnfex.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5BF56AD2-E297-416E-BC49-000004040507} - https://cve.trust.telia.com/TeliaEleg/iidsetup.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170940117578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://213.212.12.50/Remote/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: icmuwshe.dll pmspwups.dll arotq5rc3.dll sisbduse.dll fexojb.dll onksd.dll statex.dll mtlfc8lmp.dll
O20 - Winlogon Notify: ksdmgr - C:\WINDOWS\SYSTEM32\ksdmgr32.dll
O20 - Winlogon Notify: vbscsysi - C:\WINDOWS\system32\vbscsysi.dll (file missing)
O20 - Winlogon Notify: winnatkc - C:\WINDOWS\system32\winnatkc.dll
O20 - Winlogon Notify: wmstvsut - C:\WINDOWS\system32\wmstvsut.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
--
End of file - 12110 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 13, 2007 3:17:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/11/2007
Kaspersky Anti-Virus database records: 457330
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
G:\
Scan Statistics:
Total number of scanned objects: 122558
Number of viruses found: 18
Number of infected objects: 69
Number of suspicious objects: 0
Duration of the scan process: 02:12:30
Infected Object Name / Virus Name / Last Action
C:\Daweeds\Program Downloads\fulDC-6.78.msi/_5B663934D3150C1A2CE5A602435F38E5/_13B5FCBE8FBD856DA69486A1B60B8AC6 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Daweeds\Program Downloads\fulDC-6.78.msi/_5B663934D3150C1A2CE5A602435F38E5 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Daweeds\Program Downloads\fulDC-6.78.msi Embedded: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01182007-123040.log Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\David Ashman\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\David Ashman\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\David Ashman\Application Data\Microsoft\Templates\NormalEmail.dotm Object is locked skipped
C:\Documents and Settings\David Ashman\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Outlook\~archive.pst.tmp Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Outlook\~Outlook.pst.tmp Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A77ED806-1645-4C35-871F-559AB048E594} Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\History\History.IE5\MSHist012007111320071114\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temp\~DF2D52.tmp Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temporary Internet Files\Content.Word\~WRS{8D09173E-87C1-4346-BE1B-FB5645E786E8}.tmp Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temporary Internet Files\Content.Word\~WRS{BC408A07-2A64-4D96-B43B-15F22567997E}.tmp Object is locked skipped
C:\Documents and Settings\David Ashman\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\David Ashman\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037106.exe Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037107.exe Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037108.exe Infected: Email-Worm.Win32.Warezov.pk skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037109.dll Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037110.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0038118.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0038119.exe Infected: Email-Worm.Win32.Warezov.tb skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP423\A0038127.exe Infected: Email-Worm.Win32.Warezov.td skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP423\A0038128.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP423\A0038129.exe Infected: Email-Worm.Win32.Warezov.pk skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP423\A0038132.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039127.exe Infected: Email-Worm.Win32.Warezov.pk skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039128.exe Infected: Email-Worm.Win32.Warezov.tt skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039130.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039133.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039134.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039167.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039168.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039181.exe Infected: Email-Worm.Win32.Warezov.pk skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039184.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039185.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039247.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039248.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039277.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039279.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039304.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039305.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0039494.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0039495.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0040492.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0040493.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0040540.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0040541.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0040562.exe Infected: Email-Worm.Win32.Warezov.tb skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041541.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041542.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041574.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041576.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0042539.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0042542.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0042543.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0042555.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043538.dll Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043539.dll Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043540.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043541.dll Infected: Email-Worm.Win32.Warezov.tz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043542.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043543.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043548.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0044540.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E3C10D6D-F4AF-4CE1-8571-4EB28D4CD17B}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\skt68.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\stk70.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\WINDOWS\sygmp3.exe Infected: Email-Worm.Win32.Warezov.tx skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dminbtpa.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hypelapr.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\WINDOWS\system32\jobekbdn.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\WINDOWS\system32\ksdmgr32.dll Infected: Email-Worm.Win32.Warezov.ua skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\netuencd.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\WINDOWS\system32\onksd.dll Infected: Email-Worm.Win32.Warezov.ty skipped
C:\WINDOWS\system32\perfex.exe Infected: Email-Worm.Win32.Warezov.tv skipped
C:\WINDOWS\system32\pmspwups.dll Infected: Email-Worm.Win32.Warezov.td skipped
C:\WINDOWS\system32\statex.dll Infected: Email-Worm.Win32.Warezov.qf skipped
C:\WINDOWS\system32\vbscsysi.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\WINDOWS\system32\wanpsysi.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winnatkc.dll Infected: Email-Worm.Win32.Warezov.tp skipped
C:\WINDOWS\system32\winnatkc.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.
first the combofix log
ComboFix 07-11-08.1 - David Ashman 2007-11-13 20:42:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.543 [GMT 11:00]
Running from: C:\Documents and Settings\David Ashman\Local Settings\Temporary Internet Files\Content.IE5\TQ6KJMSZ\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))
.
2007-11-13 20:43 94,189 --a------ C:\WINDOWS\system32\winnatkc.exe
2007-11-13 20:43 92,767 --a------ C:\WINDOWS\system32\wmstvsut.exe
2007-11-13 20:40 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-13 16:20 32,768 --a------ C:\WINDOWS\system32\icmuwshe.dll
2007-11-13 03:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-13 03:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 02:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 02:37 28,672 --a------ C:\WINDOWS\system32\wanpsysi.dll
2007-11-13 02:13 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-13 01:22 93,368 --a------ C:\WINDOWS\system32\vbscsysi.exe
2007-11-13 01:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-12 17:54 122,880 --a------ C:\WINDOWS\system32\g47X1h37.dll
2007-11-12 15:47 61,440 --ah----- C:\WINDOWS\system32\mtlfc8lmp.dll
2007-11-12 15:47 53,248 --ah----- C:\WINDOWS\system32\n4e77rc.dll
2007-11-12 15:47 45,056 --ah----- C:\WINDOWS\system32\p72ewjf.exe
2007-11-12 15:37 122,880 --a------ C:\WINDOWS\system32\A57klMo.dll
2007-11-12 15:37 41,984 --a------ C:\WINDOWS\stk70.exe
2007-11-10 00:38 462,848 --ah----- C:\WINDOWS\system32\ksdmgr32.dll
2007-11-10 00:38 217,088 --ah----- C:\WINDOWS\system32\statex.dll
2007-11-10 00:38 69,632 --ah----- C:\WINDOWS\system32\onksd.dll
2007-11-10 00:38 53,248 --ah----- C:\WINDOWS\system32\prfex32.dll
2007-11-10 00:38 45,056 --ah----- C:\WINDOWS\system32\perfex.exe
2007-11-05 19:53 0 --a------ C:\WINDOWS\dsn2c3.reg
2007-11-05 18:53 61,440 --ah----- C:\WINDOWS\system32\fexojb.dll
2007-11-05 18:53 57,344 --ah----- C:\WINDOWS\system32\tm3qkcg.dll
2007-11-05 18:53 45,056 --ah----- C:\WINDOWS\system32\ho39e3ert.exe
2007-11-05 18:49 122,880 --a------ C:\WINDOWS\system32\CIvOVrjr6.dll
2007-11-05 18:48 156,160 --a------ C:\WINDOWS\sygmp3.exe
2007-11-05 18:48 94,208 --a------ C:\WINDOWS\skt70.exe
2007-11-05 13:47 20,480 --a------ C:\WINDOWS\system32\netuencd.exe
2007-11-05 13:47 16 --a------ C:\WINDOWS\wmvdr.dat
2007-11-05 13:47 4 --a------ C:\WINDOWS\system32\vbscsysi.dat
2007-11-01 16:10 122,880 --a------ C:\WINDOWS\system32\SJ04B4FYv.dll
2007-11-01 16:08 4 --a------ C:\WINDOWS\system32\winnatkc.dat
2007-11-01 15:24 0 --a------ C:\WINDOWS\is4tgrl.dll
2007-11-01 14:07 122,880 --a------ C:\WINDOWS\system32\winnatkc.dll
2007-11-01 14:05 65,536 --ah----- C:\WINDOWS\system32\arotq5rc3.dll
2007-11-01 14:05 57,344 --ah----- C:\WINDOWS\system32\j9wotm3q.dll
2007-11-01 14:05 45,056 --ah----- C:\WINDOWS\system32\k5c6uool.exe
2007-11-01 13:59 122,880 --a------ C:\WINDOWS\system32\5Adtd.dll
2007-11-01 13:59 32,768 --a------ C:\WINDOWS\system32\pmspwups.dll
2007-11-01 13:59 24,576 --a------ C:\WINDOWS\system32\jobekbdn.exe
2007-11-01 13:59 16 --a------ C:\WINDOWS\mwtsl.dat
2007-11-01 13:58 157,696 --a------ C:\WINDOWS\sygwin.exe
2007-11-01 13:57 41,984 --a------ C:\WINDOWS\skt68.exe
2007-11-01 13:55 118,784 --a------ C:\WINDOWS\system32\wmstvsut.dll
2007-11-01 13:55 28,672 --a------ C:\WINDOWS\system32\hypelapr.dll
2007-11-01 13:55 20,480 --a------ C:\WINDOWS\system32\dminbtpa.exe
2007-11-01 13:55 4 --a------ C:\WINDOWS\system32\wmstvsut.dat
2007-10-15 20:00 <DIR> d-------- C:\Program Files\EA Sports
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 15:19 --------- d-----w C:\Program Files\MSN Messenger
2007-11-12 15:19 --------- d-----w C:\Program Files\Microsoft Private Folder 1.0
2007-11-12 15:15 --------- d-----w C:\Program Files\iTunes
2007-11-12 15:12 --------- d-----w C:\Program Files\Google
2007-11-12 15:12 --------- d-----w C:\Program Files\fulDC
2007-11-12 15:11 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-12 14:21 --------- d-----w C:\Program Files\Windows Defender
2007-11-10 17:25 --------- d-----w C:\Documents and Settings\David Ashman\Application Data\Skype
2007-10-29 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-25 05:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\MipKukSoft
2007-10-08 06:55 --------- d-----w C:\Program Files\iPod
2007-10-08 06:50 --------- d-----w C:\Program Files\Apple Software Update
2007-10-07 06:51 --------- d-----w C:\Program Files\AirPort
2007-10-07 06:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-06 03:51 --------- d-----w C:\Program Files\Network Stumbler
2007-10-01 04:01 --------- d-----w C:\Program Files\KONAMI
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 15:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 16:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 16:58]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 16:58]
"nwiz"="nwiz.exe" [2006-07-20 16:58 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-03 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 16:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-20 01:14]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 21:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 20:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 20:23]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 20:50]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 10:47]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-06 08:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-01-18 23:09]
"PSDrvCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-08-28 21:47]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"Net iD"="C:\WINDOWS\system32\iid.exe" [2007-03-15 11:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-04 03:00]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 03:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42]
"sygwin.exe"="C:\WINDOWS\sygwin.exe" [2007-11-12 17:54]
"SoundMnEx32"="C:\WINDOWS\mmcc.exe" []
"debgdiag"="C:\WINDOWS\system32\pubnfex.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 10:36]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 20:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-27 05:07:42]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-03-07 18:47:27]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-12-16 15:41:36]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-25 03:39:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ksdmgr]
ksdmgr32.dll 2007-11-10 00:38 462848 C:\WINDOWS\system32\ksdmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vbscsysi]
C:\WINDOWS\system32\vbscsysi.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winnatkc]
C:\WINDOWS\system32\winnatkc.dll 2007-11-01 14:07 122880 C:\WINDOWS\system32\winnatkc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmstvsut]
C:\WINDOWS\system32\wmstvsut.dll 2007-11-01 13:55 118784 C:\WINDOWS\system32\wmstvsut.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= icmuwshe.dll pmspwups.dll arotq5rc3.dll sisbduse.dll fexojb.dll onksd.dll statex.dll mtlfc8lmp.dll
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5980d068-ab52-11db-b442-001636a48b43}]
\Shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6714813e-a6e0-11db-b432-001636a48b43}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc117c0e-d382-11db-b490-0018de844ea4}]
\Shell\AutoRun\command - F:\setupSNK.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-13 05:49:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-13 09:36:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 20:52:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???????????`?@?????L?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-13 20:56:45
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:40, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\winnatkc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\JackHigher.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sygwin.exe] C:\WINDOWS\sygwin.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\mmcc.exe
O4 - HKLM\..\Run: [debgdiag] C:\WINDOWS\system32\pubnfex.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5BF56AD2-E297-416E-BC49-000004040507} - https://cve.trust.telia.com/TeliaEleg/iidsetup.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170940117578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://213.212.12.50/Remote/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: icmuwshe.dll pmspwups.dll arotq5rc3.dll sisbduse.dll fexojb.dll onksd.dll statex.dll mtlfc8lmp.dll
O20 - Winlogon Notify: ksdmgr - C:\WINDOWS\SYSTEM32\ksdmgr32.dll
O20 - Winlogon Notify: vbscsysi - C:\WINDOWS\system32\vbscsysi.dll (file missing)
O20 - Winlogon Notify: winnatkc - C:\WINDOWS\system32\winnatkc.dll
O20 - Winlogon Notify: wmstvsut - C:\WINDOWS\system32\wmstvsut.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
--
End of file - 11993 bytes
O20 - AppInit_DLLs: icmuwshe.dll pmspwups.dll arotq5rc3.dll sisbduse.dll fexojb.dll onksd.dll statex.dll mtlfc8lmp.dll
I found this now that I read through the HijackThis log you asked me to post.
Maybe that has something to do with it. All three dlls are in that row. That's the dlls that keeps popping up when I start an application. Since the row starts with: 020 - AppInit_DLLs.. is surely has something with iniating DLLs. Don't you think?
I remember when it started also. I clicked on a link in msn messenger from a friend. A file was downloaded and I started to install it, but I aborted it.. got a bad vibe.. Maybe the whole thing didn't get installed and only some of the shit is left on my computer. I don't know, but I do know I need help. Please help me!
Thanks
Anyone? Please, I really need some help. I do my banking on the net, and I can't do it now. I don't dare.
Thanks
Hi dashman
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
Deckard's System Scanner v20071014.68
Run by David Ashman on 2007-11-20 20:56:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
98: 2007-11-20 09:56:17 UTC - RP439 - Deckard's System Scanner Restore Point
97: 2007-11-20 01:08:03 UTC - RP438 - System Checkpoint
96: 2007-11-18 16:42:11 UTC - RP437 - System Checkpoint
95: 2007-11-17 15:01:27 UTC - RP436 - System Checkpoint
94: 2007-11-16 05:51:36 UTC - RP435 - System Checkpoint
-- First Restore Point --
1: 2007-08-23 10:45:43 UTC - RP342 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 7.4 GiB (less than 15%) free.
-- HijackThis (run as David Ashman.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:08, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\System32\winnatkc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David Ashman\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\David Ashman.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sygwin.exe] C:\WINDOWS\sygwin.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\mmcc.exe
O4 - HKLM\..\Run: [debgdiag] C:\WINDOWS\system32\pubnfex.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5BF56AD2-E297-416E-BC49-000004040507} - https://cve.trust.telia.com/TeliaEleg/iidsetup.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170940117578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://213.212.12.50/Remote/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: icmuwshe.dll pmspwups.dll arotq5rc3.dll sisbduse.dll fexojb.dll onksd.dll statex.dll mtlfc8lmp.dll
O20 - Winlogon Notify: ksdmgr - C:\WINDOWS\SYSTEM32\ksdmgr32.dll
O20 - Winlogon Notify: vbscsysi - C:\WINDOWS\system32\vbscsysi.dll (file missing)
O20 - Winlogon Notify: winnatkc - C:\WINDOWS\system32\winnatkc.dll
O20 - Winlogon Notify: wmstvsut - C:\WINDOWS\system32\wmstvsut.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
--
End of file - 12540 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
R3 AsapiW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
S3 catchme - c:\docume~1\davida~1\locals~1\temp\catchme.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 prfldsvc (Private Folder Service) - c:\program files\microsoft private folder 1.0\prfldsvc.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-11-20 16:49:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-20 11:35:18 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
-- Files created between 2007-10-20 and 2007-11-20 -----------------------------
2007-11-20 11:42:12 92767 --a------ C:\WINDOWS\system32\wmstvsut.exe
2007-11-20 11:42:12 94189 --a------ C:\WINDOWS\system32\winnatkc.exe
2007-11-13 16:20:43 32768 --a------ C:\WINDOWS\system32\icmuwshe.dll
2007-11-13 15:31:56 0 d-------- C:\WINDOWS\CSC
2007-11-13 03:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 03:02:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-13 02:38:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 02:37:19 28672 --a------ C:\WINDOWS\system32\wanpsysi.dll
2007-11-13 02:13:32 0 d-------- C:\Program Files\Trend Micro
2007-11-13 01:22:10 93368 --a------ C:\WINDOWS\system32\vbscsysi.exe
2007-11-13 01:04:00 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-12 17:54:59 122880 --a------ C:\WINDOWS\system32\g47X1h37.dll
2007-11-12 15:47:07 45056 --ah----- C:\WINDOWS\system32\p72ewjf.exe
2007-11-12 15:47:07 53248 --ah----- C:\WINDOWS\system32\n4e77rc.dll
2007-11-12 15:47:07 61440 --ah----- C:\WINDOWS\system32\mtlfc8lmp.dll
2007-11-12 15:37:41 122880 --a------ C:\WINDOWS\system32\A57klMo.dll
2007-11-12 15:37:30 41984 --a------ C:\WINDOWS\stk70.exe
2007-11-10 00:38:45 217088 --ah----- C:\WINDOWS\system32\statex.dll
2007-11-10 00:38:45 53248 --ah----- C:\WINDOWS\system32\prfex32.dll
2007-11-10 00:38:45 45056 --ah----- C:\WINDOWS\system32\perfex.exe
2007-11-10 00:38:45 69632 --ah----- C:\WINDOWS\system32\onksd.dll
2007-11-10 00:38:45 462848 --ah----- C:\WINDOWS\system32\ksdmgr32.dll
2007-11-05 19:53:11 0 --a------ C:\WINDOWS\dsn2c3.reg
2007-11-05 18:53:57 57344 --ah----- C:\WINDOWS\system32\tm3qkcg.dll
2007-11-05 18:53:57 45056 --ah----- C:\WINDOWS\system32\ho39e3ert.exe
2007-11-05 18:53:57 61440 --ah----- C:\WINDOWS\system32\fexojb.dll
2007-11-05 18:49:27 122880 --a------ C:\WINDOWS\system32\CIvOVrjr6.dll
2007-11-05 18:48:21 94208 --a------ C:\WINDOWS\skt70.exe
2007-11-05 18:48:12 156160 --a------ C:\WINDOWS\sygmp3.exe
2007-11-05 13:47:37 4 --a------ C:\WINDOWS\system32\vbscsysi.dat
2007-11-05 13:47:20 20480 --a------ C:\WINDOWS\system32\netuencd.exe
2007-11-05 13:47:10 16 --a------ C:\WINDOWS\wmvdr.dat
2007-11-01 16:10:44 122880 --a------ C:\WINDOWS\system32\SJ04B4FYv.dll
2007-11-01 16:08:20 4 --a------ C:\WINDOWS\system32\winnatkc.dat
2007-11-01 15:24:01 0 --a------ C:\WINDOWS\is4tgrl.dll
2007-11-01 14:07:37 122880 --a------ C:\WINDOWS\system32\winnatkc.dll
2007-11-01 14:05:16 45056 --ah----- C:\WINDOWS\system32\k5c6uool.exe
2007-11-01 14:05:16 57344 --ah----- C:\WINDOWS\system32\j9wotm3q.dll
2007-11-01 14:05:16 65536 --ah----- C:\WINDOWS\system32\arotq5rc3.dll
2007-11-01 13:59:45 32768 --a------ C:\WINDOWS\system32\pmspwups.dll
2007-11-01 13:59:45 24576 --a------ C:\WINDOWS\system32\jobekbdn.exe
2007-11-01 13:59:25 16 --a------ C:\WINDOWS\mwtsl.dat
2007-11-01 13:59:12 122880 --a------ C:\WINDOWS\system32\5Adtd.dll
2007-11-01 13:58:16 157696 --a------ C:\WINDOWS\sygwin.exe
2007-11-01 13:57:32 41984 --a------ C:\WINDOWS\skt68.exe
2007-11-01 13:55:54 4 --a------ C:\WINDOWS\system32\wmstvsut.dat
2007-11-01 13:55:49 118784 --a------ C:\WINDOWS\system32\wmstvsut.dll
2007-11-01 13:55:27 28672 --a------ C:\WINDOWS\system32\hypelapr.dll
2007-11-01 13:55:27 20480 --a------ C:\WINDOWS\system32\dminbtpa.exe
-- Find3M Report ---------------------------------------------------------------
2007-11-13 02:19:48 0 d-------- C:\Program Files\MSN Messenger
2007-11-13 02:19:30 0 d-------- C:\Program Files\Microsoft Private Folder 1.0
2007-11-13 02:15:01 0 d-------- C:\Program Files\iTunes
2007-11-13 02:12:47 0 d-------- C:\Program Files\Google
2007-11-13 02:12:37 0 d-------- C:\Program Files\fulDC
2007-11-13 02:11:44 0 d-------- C:\Program Files\Common Files\LightScribe
2007-11-13 01:21:29 0 d-------- C:\Program Files\Windows Defender
2007-11-11 04:25:40 0 d-------- C:\Documents and Settings\David Ashman\Application Data\Skype
2007-10-24 20:06:48 0 d-------- C:\Documents and Settings\David Ashman\Application Data\Adobe
2007-10-15 20:00:16 0 d-------- C:\Program Files\EA Sports
2007-10-08 17:55:03 0 d-------- C:\Program Files\iPod
2007-10-08 17:50:55 0 d-------- C:\Program Files\Apple Software Update
2007-10-07 17:51:14 0 d-------- C:\Program Files\AirPort
2007-10-07 17:09:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-06 14:51:05 0 d-------- C:\Program Files\Network Stumbler
2007-10-01 15:01:49 0 d-------- C:\Program Files\KONAMI
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [06/08/2005 15:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [04/05/2006 16:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 05:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/07/2006 16:58]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [20/07/2006 16:58]
"nwiz"="nwiz.exe" [20/07/2006 16:58 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [03/06/2006 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [17/06/2006 16:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [20/07/2006 01:14]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/06/2006 21:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [19/06/2006 20:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 20:23]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 20:50]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 10:47]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06/10/2006 08:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [18/01/2007 23:09]
"PSDrvCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [28/08/2003 21:47]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"Net iD"="C:\WINDOWS\system32\iid.exe" [15/03/2007 11:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 07:24]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [04/04/2007 03:00]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 03:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 10:03]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04/02/2007 13:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 15:42]
"sygwin.exe"="C:\WINDOWS\sygwin.exe" [12/11/2007 17:54]
"SoundMnEx32"="C:\WINDOWS\mmcc.exe" []
"debgdiag"="C:\WINDOWS\system32\pubnfex.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/08/2007 10:36]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [15/11/2006 20:49]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [27/01/2007 05:07:42]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [07/03/2007 18:47:27]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [16/12/2006 15:41:36]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [25/09/2005 03:39:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ksdmgr]
ksdmgr32.dll 10/11/2007 00:38 462848 C:\WINDOWS\system32\ksdmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vbscsysi]
C:\WINDOWS\system32\vbscsysi.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winnatkc]
C:\WINDOWS\system32\winnatkc.dll 01/11/2007 14:07 122880 C:\WINDOWS\system32\winnatkc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmstvsut]
C:\WINDOWS\system32\wmstvsut.dll 01/11/2007 13:55 118784 C:\WINDOWS\system32\wmstvsut.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= icmuwshe.dll pmspwups.dll arotq5rc3.dll sisbduse.dll fexojb.dll onksd.dll statex.dll mtlfc8lmp.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5980d068-ab52-11db-b442-001636a48b43}]
AutoRun\command- F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6714813e-a6e0-11db-b432-001636a48b43}]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc117c0e-d382-11db-b490-0018de844ea4}]
AutoRun\command- F:\setupSNK.exe
-- End of Deckard's System Scanner: finished at 2007-11-20 20:58:39 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
CPU 1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 1021.98 MiB / 378.63 MiB
Pagefile Memory (total/avail): 2457.86 MiB / 1427.31 MiBa
Virtual Memory (total/avail): 2047.88 MiB / 1920.46 MiB
C: is Fixed (NTFS) - 100.29 GiB total, 7.4 GiB free.
D: is Fixed (FAT32) - 10.47 GiB total, 1.35 GiB free.
E: is CDROM (No Media)
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - FUJITSU MHV2120BH PL - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 100.29 GiB - C:
\PARTITION1 - Unknown - 10.49 GiB - D:
\PARTITION2 - Unknown - 1027.6 MiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: Eset NOD32 antivirus system 2.51 v2.51 (Eset)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\David Ashman\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAVIDS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\David Ashman
LOGONSERVER=\\DAVIDS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DAVIDA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DAVIDA~1\LOCALS~1\Temp
USERDOMAIN=DAVIDS
USERNAME=David Ashman
USERPROFILE=C:\Documents and Settings\David Ashman
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
David Ashman (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF35F637-72B9-43BE-A281-06EB2854393A}\Setup.exe" -l0x9
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x1d
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AirPort --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{48A8ADFF-D6E4-409D-B2BA-5CABB7FE5A84}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASAPI Update --> C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP210 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series /L0x0009
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FIFA 08 Demo --> MsiExec.exe /X{7D1928D2-26FA-45FA-A4DD-A876D7293818}
Football Manager 2007 --> C:\Program Files\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe
freedb database --> C:\PROGRA~1\Pinnacle\MYMP3P~1.0\freedb\UNWISE.EXE C:\PROGRA~1\Pinnacle\MYMP3P~1.0\freedb\INSTALL.LOG
fulDC --> MsiExec.exe /I{548F6D0D-EB73-40C2-97D1-B5CE77E86A77}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
get it on CD --> "C:\Program Files\Steinberg\get it on CD\Uninstall.exe" "C:\Program Files\Steinberg\get it on CD\install.log"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Pavilion Webcam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\Setup.exe" -l0x9 -u
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{27555031-A116-4EC6-9991-7B400142A936}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0035 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE247E71-C143-40BB-ADF2-A465DF062BAB}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 1.53 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LabelEditor --> "C:\Program Files\Steinberg\LabelEditor\Unwise.exe" C:\PROGRA~1\STEINB~1\LABELE~1\Install.log
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Private Folder 1.0 --> MsiExec.exe /I{644EA08F-87D2-48C0-AE94-B327D1C85A97}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
myMP3 PRO 5.0 --> C:\PROGRA~1\Pinnacle\MYMP3P~1.0\UNWISE.EXE C:\PROGRA~1\Pinnacle\MYMP3P~1.0\INSTALL.LOG
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Net iD 4.4 --> C:\WINDOWS\system32\iid.exe -uninstall
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v1.9 --> "C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pro Evolution Soccer 2008 DEMO --> C:\Program Files\InstallShield Installation Information\{DA0B985B-6B62-466B-B141-1F4E52E6370F}\setup.exe -runfromtemp -l0x0409
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
ScanSoft OmniPage SE 4 --> MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TPTEST 5.0.2 --> "C:\Program Files\TPTEST5\unins000.exe"
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb942575) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0FC27B9D-5BCD-45C1-B9ED-9F0273F7A18D}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type831 / Warning
Event Submitted/Written: 11/20/2007 02:48:52 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type824 / Error
Event Submitted/Written: 11/20/2007 01:36:10 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1592.0, P5 mpsigdwn.dll, P6 1.1.1592.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Event Record #/Type816 / Error
Event Submitted/Written: 11/19/2007 01:36:03 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1592.0, P5 mpsigdwn.dll, P6 1.1.1592.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Event Record #/Type812 / Error
Event Submitted/Written: 11/18/2007 01:36:15 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1592.0, P5 mpsigdwn.dll, P6 1.1.1592.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Event Record #/Type810 / Error
Event Submitted/Written: 11/17/2007 01:36:00 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1592.0, P5 mpsigdwn.dll, P6 1.1.1592.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type36508 / Warning
Event Submitted/Written: 11/20/2007 08:58:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DAVIDS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DAVIDS27 can't undo changes that you allow.
For more information please see the following:
%DAVIDS275
Scan ID: {399D18E5-1C2D-4956-A50E-7B5DE3DB193F}
User: DAVIDS\David Ashman
Name: %DAVIDS271
ID: %DAVIDS272
Severity: 1.1.1592.05
Category: 1.1.1592.06
Path Found: %DAVIDS276
Alert Type: %DAVIDS278
Detection Type: 1.1.1592.02
Event Record #/Type36507 / Warning
Event Submitted/Written: 11/20/2007 08:58:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DAVIDS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DAVIDS27 can't undo changes that you allow.
For more information please see the following:
%DAVIDS275
Scan ID: {BEA44339-33F6-46B2-9CF0-35827BE22C3C}
User: DAVIDS\David Ashman
Name: %DAVIDS271
ID: %DAVIDS272
Severity: 1.1.1592.05
Category: 1.1.1592.06
Path Found: %DAVIDS276
Alert Type: %DAVIDS278
Detection Type: 1.1.1592.02
Event Record #/Type36506 / Warning
Event Submitted/Written: 11/20/2007 08:58:21 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DAVIDS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DAVIDS27 can't undo changes that you allow.
For more information please see the following:
%DAVIDS275
Scan ID: {4A3E214D-C2BB-4980-B6F2-E79E0C38D072}
User: DAVIDS\David Ashman
Name: %DAVIDS271
ID: %DAVIDS272
Severity: 1.1.1592.05
Category: 1.1.1592.06
Path Found: %DAVIDS276
Alert Type: %DAVIDS278
Detection Type: 1.1.1592.02
Event Record #/Type36505 / Warning
Event Submitted/Written: 11/20/2007 08:58:19 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DAVIDS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DAVIDS27 can't undo changes that you allow.
For more information please see the following:
%DAVIDS275
Scan ID: {4C487519-39D7-4C8F-A3CB-B5C22B6785F9}
User: DAVIDS\David Ashman
Name: %DAVIDS271
ID: %DAVIDS272
Severity: 1.1.1592.05
Category: 1.1.1592.06
Path Found: %DAVIDS276
Alert Type: %DAVIDS278
Detection Type: 1.1.1592.02
Event Record #/Type36504 / Warning
Event Submitted/Written: 11/20/2007 08:58:19 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DAVIDS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DAVIDS27 can't undo changes that you allow.
For more information please see the following:
%DAVIDS275
Scan ID: {660D5B6F-D8C1-4E1C-9692-C18874353762}
User: DAVIDS\David Ashman
Name: %DAVIDS271
ID: %DAVIDS272
Severity: 1.1.1592.05
Category: 1.1.1592.06
Path Found: %DAVIDS276
Alert Type: %DAVIDS278
Detection Type: 1.1.1592.02
-- End of Deckard's System Scanner: finished at 2007-11-20 20:58:39 ------------
Hi
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\Run: [sygwin.exe] C:\WINDOWS\sygwin.exe -s
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\mmcc.exe
O4 - HKLM\..\Run: [debgdiag] C:\WINDOWS\system32\pubnfex.exe
O20 - AppInit_DLLs: icmuwshe.dll pmspwups.dll arotq5rc3.dll sisbduse.dll fexojb.dll onksd.dll statex.dll mtlfc8lmp.dll
O20 - Winlogon Notify: ksdmgr - C:\WINDOWS\SYSTEM32\ksdmgr32.dll
O20 - Winlogon Notify: vbscsysi - C:\WINDOWS\system32\vbscsysi.dll (file missing)
O20 - Winlogon Notify: winnatkc - C:\WINDOWS\system32\winnatkc.dll
O20 - Winlogon Notify: wmstvsut - C:\WINDOWS\system32\wmstvsut.dll
Close all windows including browser and press fix checked.
Please download the Killbox (http://download.bleepingcomputer.com/spyware/KillBox.exe).
Save it to the desktop.
Please run Killbox.
Select "Delete on Reboot" and "All files"
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\wmstvsut.exe
C:\WINDOWS\system32\winnatkc.exe
C:\WINDOWS\system32\icmuwshe.dll
C:\WINDOWS\system32\wanpsysi.dll
C:\WINDOWS\system32\vbscsysi.exe
C:\WINDOWS\system32\g47X1h37.dll
C:\WINDOWS\system32\p72ewjf.exe
C:\WINDOWS\system32\n4e77rc.dll
C:\WINDOWS\system32\mtlfc8lmp.dll
C:\WINDOWS\system32\A57klMo.dll
C:\WINDOWS\stk70.exe
C:\WINDOWS\system32\statex.dll
C:\WINDOWS\system32\prfex32.dll
C:\WINDOWS\system32\perfex.exe
C:\WINDOWS\system32\onksd.dll
C:\WINDOWS\system32\ksdmgr32.dll
C:\WINDOWS\system32\tm3qkcg.dll
C:\WINDOWS\system32\ho39e3ert.exe
C:\WINDOWS\system32\fexojb.dll
C:\WINDOWS\system32\CIvOVrjr6.dll
C:\WINDOWS\sygmp3.exe
C:\WINDOWS\system32\vbscsysi.dat
C:\WINDOWS\system32\netuencd.exe
C:\WINDOWS\wmvdr.dat
C:\WINDOWS\system32\SJ04B4FYv.dll
C:\WINDOWS\system32\winnatkc.dat
C:\WINDOWS\is4tgrl.dll
C:\WINDOWS\system32\winnatkc.dll
C:\WINDOWS\system32\k5c6uool.exe
C:\WINDOWS\system32\j9wotm3q.dll
C:\WINDOWS\system32\arotq5rc3.dll
C:\WINDOWS\system32\pmspwups.dll
C:\WINDOWS\system32\jobekbdn.exe
C:\WINDOWS\mwtsl.dat
C:\WINDOWS\system32\5Adtd.dll
C:\WINDOWS\sygwin.exe
C:\WINDOWS\skt68.exe
C:\WINDOWS\system32\wmstvsut.dat
C:\WINDOWS\system32\wmstvsut.dll
C:\WINDOWS\system32\hypelapr.dll
C:\WINDOWS\system32\dminbtpa.exe
Go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here (http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) to download and run missingfilesetup.exe. Then try TheKillbox again..
If your computer does not restart automatically, please restart it manually.
Re-run dss.
Post dss report (main.txt only)
Thanks for the help. It means a lot. The pop-ups are gone.. but I don't know if I did the Killbox correctly.. the prompts you told me was going to come didn't come exactly as you said.
Also.. my windows update was turn off since the start off this whole thing and is still not working, doesn't want to be turned on either. My NOD32 is not working either.. it starts automatically, but again, since I got this shit on the computer an error message comes up saying: NOD32KUI...Error occured during communication with NOD32 Kernel service.
Here the main.txt:
Deckard's System Scanner v20071014.68
Run by David Ashman on 2007-11-20 22:23:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 7.36 GiB (less than 15%) free.
-- HijackThis (run as David Ashman.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:08, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David Ashman\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DAVIDA~1.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5BF56AD2-E297-416E-BC49-000004040507} - https://cve.trust.telia.com/TeliaEleg/iidsetup.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170940117578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://213.212.12.50/Remote/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: icmuwshe.dll
O20 - Winlogon Notify: ksdmgr - C:\WINDOWS\SYSTEM32\ksdmgr32.dll
O20 - Winlogon Notify: winnatkc - C:\WINDOWS\system32\winnatkc.dll
O20 - Winlogon Notify: wmstvsut - C:\WINDOWS\system32\wmstvsut.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
--
End of file - 11546 bytes
-- Files created between 2007-10-20 and 2007-11-20 -----------------------------
2007-11-20 22:10:37 0 d-------- C:\!KillBox
2007-11-13 15:31:56 0 d-------- C:\WINDOWS\CSC
2007-11-13 03:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 03:02:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-13 02:38:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 02:37:19 28672 --a------ C:\WINDOWS\system32\wanpsysi.dll
2007-11-13 02:13:32 0 d-------- C:\Program Files\Trend Micro
2007-11-13 01:22:10 93368 --a------ C:\WINDOWS\system32\vbscsysi.exe
2007-11-13 01:04:00 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-12 17:54:59 122880 --a------ C:\WINDOWS\system32\g47X1h37.dll
2007-11-12 15:47:07 45056 --ah----- C:\WINDOWS\system32\p72ewjf.exe
2007-11-12 15:47:07 53248 --ah----- C:\WINDOWS\system32\n4e77rc.dll
2007-11-12 15:47:07 61440 --ah----- C:\WINDOWS\system32\mtlfc8lmp.dll
2007-11-12 15:37:41 122880 --a------ C:\WINDOWS\system32\A57klMo.dll
2007-11-12 15:37:30 41984 --a------ C:\WINDOWS\stk70.exe
2007-11-10 00:38:45 217088 --ah----- C:\WINDOWS\system32\statex.dll
2007-11-10 00:38:45 53248 --ah----- C:\WINDOWS\system32\prfex32.dll
2007-11-10 00:38:45 45056 --ah----- C:\WINDOWS\system32\perfex.exe
2007-11-10 00:38:45 69632 --ah----- C:\WINDOWS\system32\onksd.dll
2007-11-10 00:38:45 462848 --ah----- C:\WINDOWS\system32\ksdmgr32.dll
2007-11-05 19:53:11 0 --a------ C:\WINDOWS\dsn2c3.reg
2007-11-05 18:53:57 57344 --ah----- C:\WINDOWS\system32\tm3qkcg.dll
2007-11-05 18:53:57 45056 --ah----- C:\WINDOWS\system32\ho39e3ert.exe
2007-11-05 18:53:57 61440 --ah----- C:\WINDOWS\system32\fexojb.dll
2007-11-05 18:49:27 122880 --a------ C:\WINDOWS\system32\CIvOVrjr6.dll
2007-11-05 18:48:21 94208 --a------ C:\WINDOWS\skt70.exe
2007-11-05 18:48:12 156160 --a------ C:\WINDOWS\sygmp3.exe
2007-11-05 13:47:37 4 --a------ C:\WINDOWS\system32\vbscsysi.dat
2007-11-05 13:47:20 20480 --a------ C:\WINDOWS\system32\netuencd.exe
2007-11-05 13:47:10 16 --a------ C:\WINDOWS\wmvdr.dat
2007-11-01 16:10:44 122880 --a------ C:\WINDOWS\system32\SJ04B4FYv.dll
2007-11-01 16:08:20 4 --a------ C:\WINDOWS\system32\winnatkc.dat
2007-11-01 15:24:01 0 --a------ C:\WINDOWS\is4tgrl.dll
2007-11-01 14:07:37 122880 --a------ C:\WINDOWS\system32\winnatkc.dll
2007-11-01 14:05:16 45056 --ah----- C:\WINDOWS\system32\k5c6uool.exe
2007-11-01 14:05:16 57344 --ah----- C:\WINDOWS\system32\j9wotm3q.dll
2007-11-01 14:05:16 65536 --ah----- C:\WINDOWS\system32\arotq5rc3.dll
2007-11-01 13:59:45 32768 --a------ C:\WINDOWS\system32\pmspwups.dll
2007-11-01 13:59:45 24576 --a------ C:\WINDOWS\system32\jobekbdn.exe
2007-11-01 13:59:25 16 --a------ C:\WINDOWS\mwtsl.dat
2007-11-01 13:59:12 122880 --a------ C:\WINDOWS\system32\5Adtd.dll
2007-11-01 13:58:16 157696 --a------ C:\WINDOWS\sygwin.exe
2007-11-01 13:57:32 41984 --a------ C:\WINDOWS\skt68.exe
2007-11-01 13:55:54 4 --a------ C:\WINDOWS\system32\wmstvsut.dat
2007-11-01 13:55:49 118784 --a------ C:\WINDOWS\system32\wmstvsut.dll
2007-11-01 13:55:27 28672 --a------ C:\WINDOWS\system32\hypelapr.dll
2007-11-01 13:55:27 20480 --a------ C:\WINDOWS\system32\dminbtpa.exe
-- Find3M Report ---------------------------------------------------------------
2007-11-13 02:19:48 0 d-------- C:\Program Files\MSN Messenger
2007-11-13 02:19:30 0 d-------- C:\Program Files\Microsoft Private Folder 1.0
2007-11-13 02:15:01 0 d-------- C:\Program Files\iTunes
2007-11-13 02:12:47 0 d-------- C:\Program Files\Google
2007-11-13 02:12:37 0 d-------- C:\Program Files\fulDC
2007-11-13 02:11:44 0 d-------- C:\Program Files\Common Files\LightScribe
2007-11-13 01:21:29 0 d-------- C:\Program Files\Windows Defender
2007-11-11 04:25:40 0 d-------- C:\Documents and Settings\David Ashman\Application Data\Skype
2007-10-24 20:06:48 0 d-------- C:\Documents and Settings\David Ashman\Application Data\Adobe
2007-10-15 20:00:16 0 d-------- C:\Program Files\EA Sports
2007-10-08 17:55:03 0 d-------- C:\Program Files\iPod
2007-10-08 17:50:55 0 d-------- C:\Program Files\Apple Software Update
2007-10-07 17:51:14 0 d-------- C:\Program Files\AirPort
2007-10-07 17:09:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-06 14:51:05 0 d-------- C:\Program Files\Network Stumbler
2007-10-01 15:01:49 0 d-------- C:\Program Files\KONAMI
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [06/08/2005 15:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [04/05/2006 16:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 05:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/07/2006 16:58]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [20/07/2006 16:58]
"nwiz"="nwiz.exe" [20/07/2006 16:58 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [03/06/2006 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [17/06/2006 16:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [20/07/2006 01:14]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/06/2006 21:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [19/06/2006 20:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 20:23]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 20:50]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 10:47]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06/10/2006 08:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [18/01/2007 23:09]
"PSDrvCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [28/08/2003 21:47]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"Net iD"="C:\WINDOWS\system32\iid.exe" [15/03/2007 11:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 07:24]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [04/04/2007 03:00]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 03:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 10:03]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04/02/2007 13:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 15:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/08/2007 10:36]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [15/11/2006 20:49]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [27/01/2007 05:07:42]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [07/03/2007 18:47:27]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [16/12/2006 15:41:36]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [25/09/2005 03:39:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ksdmgr]
ksdmgr32.dll 10/11/2007 00:38 462848 C:\WINDOWS\system32\ksdmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winnatkc]
C:\WINDOWS\system32\winnatkc.dll 01/11/2007 14:07 122880 C:\WINDOWS\system32\winnatkc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmstvsut]
C:\WINDOWS\system32\wmstvsut.dll 01/11/2007 13:55 118784 C:\WINDOWS\system32\wmstvsut.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= icmuwshe.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5980d068-ab52-11db-b442-001636a48b43}]
AutoRun\command- F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6714813e-a6e0-11db-b432-001636a48b43}]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc117c0e-d382-11db-b490-0018de844ea4}]
AutoRun\command- F:\setupSNK.exe
-- End of Deckard's System Scanner: finished at 2007-11-20 22:23:32 ------------
Hi
"My NOD32 is not working either.. it starts automatically, but again, since I got this shit on the computer an error message comes up saying: NOD32KUI...Error occured during communication with NOD32 Kernel service."
You may consider uninstall/re-install.
Yes, KillBox didn't work. We try some another tool.
Download OTMoveIt (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) by OldTimer to your Desktop.
Double click OTMoveIt.exe to launch it.
Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
C:\WINDOWS\system32\wmstvsut.exe
C:\WINDOWS\system32\winnatkc.exe
C:\WINDOWS\system32\icmuwshe.dll
C:\WINDOWS\system32\wanpsysi.dll
C:\WINDOWS\system32\vbscsysi.exe
C:\WINDOWS\system32\g47X1h37.dll
C:\WINDOWS\system32\p72ewjf.exe
C:\WINDOWS\system32\n4e77rc.dll
C:\WINDOWS\system32\mtlfc8lmp.dll
C:\WINDOWS\system32\A57klMo.dll
C:\WINDOWS\stk70.exe
C:\WINDOWS\system32\statex.dll
C:\WINDOWS\system32\prfex32.dll
C:\WINDOWS\system32\perfex.exe
C:\WINDOWS\system32\onksd.dll
C:\WINDOWS\system32\ksdmgr32.dll
C:\WINDOWS\system32\tm3qkcg.dll
C:\WINDOWS\system32\ho39e3ert.exe
C:\WINDOWS\system32\fexojb.dll
C:\WINDOWS\system32\CIvOVrjr6.dll
C:\WINDOWS\sygmp3.exe
C:\WINDOWS\system32\vbscsysi.dat
C:\WINDOWS\system32\netuencd.exe
C:\WINDOWS\wmvdr.dat
C:\WINDOWS\system32\SJ04B4FYv.dll
C:\WINDOWS\system32\winnatkc.dat
C:\WINDOWS\is4tgrl.dll
C:\WINDOWS\system32\winnatkc.dll
C:\WINDOWS\system32\k5c6uool.exe
C:\WINDOWS\system32\j9wotm3q.dll
C:\WINDOWS\system32\arotq5rc3.dll
C:\WINDOWS\system32\pmspwups.dll
C:\WINDOWS\system32\jobekbdn.exe
C:\WINDOWS\mwtsl.dat
C:\WINDOWS\system32\5Adtd.dll
C:\WINDOWS\sygwin.exe
C:\WINDOWS\skt68.exe
C:\WINDOWS\system32\wmstvsut.dat
C:\WINDOWS\system32\wmstvsut.dll
C:\WINDOWS\system32\hypelapr.dll
C:\WINDOWS\system32\dminbtpa.exe
Click the Move It button.
The list will be processed and the results will appear in the right hand pane.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
When finished click Exit to exit the programme.
A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).
Re-run dss
Post:
- otmoveit log
- dss report (main.txt)
Ok. I tried the OTmoveit but it didn't post a log so I tried to the Killbox again because I realised what I did wrong last time.. I didn't check "delete on reboot".. Hope it worked better this time.
Here's the main.txt:
Deckard's System Scanner v20071014.68
Run by David Ashman on 2007-11-20 23:20:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 7.36 GiB (less than 15%) free.
-- HijackThis (run as David Ashman.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:15, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David Ashman\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DAVIDA~1.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [debgdiag] C:\WINDOWS\system32\pubnfex.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5BF56AD2-E297-416E-BC49-000004040507} - https://cve.trust.telia.com/TeliaEleg/iidsetup.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170940117578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://213.212.12.50/Remote/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: icmuwshe.dll pmspwups.dll onksd.dll statex.dll
O20 - Winlogon Notify: ksdmgr - ksdmgr32.dll (file missing)
O20 - Winlogon Notify: winnatkc - C:\WINDOWS\system32\winnatkc.dll (file missing)
O20 - Winlogon Notify: wmstvsut - C:\WINDOWS\system32\wmstvsut.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
--
End of file - 11760 bytes
-- Files created between 2007-10-20 and 2007-11-20 -----------------------------
2007-11-20 22:24:52 61440 --ah----- C:\WINDOWS\system32\pubnfex.exe
2007-11-20 22:10:37 0 d-------- C:\!KillBox
2007-11-13 15:31:56 0 d-------- C:\WINDOWS\CSC
2007-11-13 03:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 03:02:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-13 02:38:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 02:13:32 0 d-------- C:\Program Files\Trend Micro
2007-11-13 01:04:00 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-05 19:53:11 0 --a------ C:\WINDOWS\dsn2c3.reg
2007-11-05 18:48:21 94208 --a------ C:\WINDOWS\skt70.exe
-- Find3M Report ---------------------------------------------------------------
2007-11-13 02:19:48 0 d-------- C:\Program Files\MSN Messenger
2007-11-13 02:19:30 0 d-------- C:\Program Files\Microsoft Private Folder 1.0
2007-11-13 02:15:01 0 d-------- C:\Program Files\iTunes
2007-11-13 02:12:47 0 d-------- C:\Program Files\Google
2007-11-13 02:12:37 0 d-------- C:\Program Files\fulDC
2007-11-13 02:11:44 0 d-------- C:\Program Files\Common Files\LightScribe
2007-11-13 01:21:29 0 d-------- C:\Program Files\Windows Defender
2007-11-11 04:25:40 0 d-------- C:\Documents and Settings\David Ashman\Application Data\Skype
2007-10-24 20:06:48 0 d-------- C:\Documents and Settings\David Ashman\Application Data\Adobe
2007-10-15 20:00:16 0 d-------- C:\Program Files\EA Sports
2007-10-08 17:55:03 0 d-------- C:\Program Files\iPod
2007-10-08 17:50:55 0 d-------- C:\Program Files\Apple Software Update
2007-10-07 17:51:14 0 d-------- C:\Program Files\AirPort
2007-10-07 17:09:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-06 14:51:05 0 d-------- C:\Program Files\Network Stumbler
2007-10-01 15:01:49 0 d-------- C:\Program Files\KONAMI
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [06/08/2005 15:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [04/05/2006 16:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 05:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/07/2006 16:58]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [20/07/2006 16:58]
"nwiz"="nwiz.exe" [20/07/2006 16:58 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [03/06/2006 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [17/06/2006 16:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [20/07/2006 01:14]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/06/2006 21:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [19/06/2006 20:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 20:23]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 20:50]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 10:47]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06/10/2006 08:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [18/01/2007 23:09]
"PSDrvCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [28/08/2003 21:47]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"Net iD"="C:\WINDOWS\system32\iid.exe" [15/03/2007 11:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 07:24]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [04/04/2007 03:00]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 03:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 10:03]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04/02/2007 13:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 15:42]
"debgdiag"="C:\WINDOWS\system32\pubnfex.exe" [20/11/2007 22:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/08/2007 10:36]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [15/11/2006 20:49]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [27/01/2007 05:07:42]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [07/03/2007 18:47:27]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [16/12/2006 15:41:36]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [25/09/2005 03:39:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ksdmgr]
ksdmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winnatkc]
C:\WINDOWS\system32\winnatkc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmstvsut]
C:\WINDOWS\system32\wmstvsut.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= icmuwshe.dll pmspwups.dll onksd.dll statex.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5980d068-ab52-11db-b442-001636a48b43}]
AutoRun\command- F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6714813e-a6e0-11db-b432-001636a48b43}]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc117c0e-d382-11db-b490-0018de844ea4}]
AutoRun\command- F:\setupSNK.exe
-- End of Deckard's System Scanner: finished at 2007-11-20 23:20:33 ------------
Hi
Yes, it did :)
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\Run: [debgdiag] C:\WINDOWS\system32\pubnfex.exe
O20 - AppInit_DLLs: icmuwshe.dll pmspwups.dll onksd.dll statex.dll
O20 - Winlogon Notify: ksdmgr - ksdmgr32.dll (file missing)
O20 - Winlogon Notify: winnatkc - C:\WINDOWS\system32\winnatkc.dll (file missing)
O20 - Winlogon Notify: wmstvsut - C:\WINDOWS\system32\wmstvsut.dll (file missing)
Close all windows including browser and press fix checked.
Use killbox with delete on reboot to these:
C:\WINDOWS\system32\pubnfex.exe
C:\WINDOWS\skt70.exe
Re-run dss
Post:
- dss report (main.txt)
Deckard's System Scanner v20071014.68
Run by David Ashman on 2007-11-20 23:43:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 7.36 GiB (less than 15%) free.
-- HijackThis (run as David Ashman.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:29, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David Ashman\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DAVIDA~1.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5BF56AD2-E297-416E-BC49-000004040507} - https://cve.trust.telia.com/TeliaEleg/iidsetup.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170940117578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://213.212.12.50/Remote/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
--
End of file - 11402 bytes
-- Files created between 2007-10-20 and 2007-11-20 -----------------------------
2007-11-20 22:10:37 0 d-------- C:\!KillBox
2007-11-13 15:31:56 0 d-------- C:\WINDOWS\CSC
2007-11-13 03:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 03:02:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-13 02:38:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 02:13:32 0 d-------- C:\Program Files\Trend Micro
2007-11-13 01:04:00 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-05 19:53:11 0 --a------ C:\WINDOWS\dsn2c3.reg
-- Find3M Report ---------------------------------------------------------------
2007-11-13 02:19:48 0 d-------- C:\Program Files\MSN Messenger
2007-11-13 02:19:30 0 d-------- C:\Program Files\Microsoft Private Folder 1.0
2007-11-13 02:15:01 0 d-------- C:\Program Files\iTunes
2007-11-13 02:12:47 0 d-------- C:\Program Files\Google
2007-11-13 02:12:37 0 d-------- C:\Program Files\fulDC
2007-11-13 02:11:44 0 d-------- C:\Program Files\Common Files\LightScribe
2007-11-13 01:21:29 0 d-------- C:\Program Files\Windows Defender
2007-11-11 04:25:40 0 d-------- C:\Documents and Settings\David Ashman\Application Data\Skype
2007-10-24 20:06:48 0 d-------- C:\Documents and Settings\David Ashman\Application Data\Adobe
2007-10-15 20:00:16 0 d-------- C:\Program Files\EA Sports
2007-10-08 17:55:03 0 d-------- C:\Program Files\iPod
2007-10-08 17:50:55 0 d-------- C:\Program Files\Apple Software Update
2007-10-07 17:51:14 0 d-------- C:\Program Files\AirPort
2007-10-07 17:09:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-06 14:51:05 0 d-------- C:\Program Files\Network Stumbler
2007-10-01 15:01:49 0 d-------- C:\Program Files\KONAMI
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [06/08/2005 15:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [04/05/2006 16:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 05:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/07/2006 16:58]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [20/07/2006 16:58]
"nwiz"="nwiz.exe" [20/07/2006 16:58 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [03/06/2006 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [17/06/2006 16:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [20/07/2006 01:14]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/06/2006 21:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [19/06/2006 20:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 20:23]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 20:50]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 10:47]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06/10/2006 08:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [18/01/2007 23:09]
"PSDrvCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [28/08/2003 21:47]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"Net iD"="C:\WINDOWS\system32\iid.exe" [15/03/2007 11:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 07:24]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [04/04/2007 03:00]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 03:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 10:03]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04/02/2007 13:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 15:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/08/2007 10:36]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [15/11/2006 20:49]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [27/01/2007 05:07:42]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [07/03/2007 18:47:27]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [16/12/2006 15:41:36]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [25/09/2005 03:39:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5980d068-ab52-11db-b442-001636a48b43}]
AutoRun\command- F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6714813e-a6e0-11db-b432-001636a48b43}]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc117c0e-d382-11db-b490-0018de844ea4}]
AutoRun\command- F:\setupSNK.exe
-- End of Deckard's System Scanner: finished at 2007-11-20 23:43:46 ------------
Hi
Re-scan with kaspersky
Post:
- a fresh HijackThis log
- kaspersky report
OK. I'm posting but then I'm going to bed.. Im in australia and it's late here. Talk more tomorrow. Thanks for all help.
Kaspersky:
-- Files created between 2007-10-20 and 2007-11-20 -----------------------------
2007-11-20 22:10:37 0 d-------- C:\!KillBox
2007-11-13 15:31:56 0 d-------- C:\WINDOWS\CSC
2007-11-13 03:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 03:02:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-13 02:38:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 02:13:32 0 d-------- C:\Program Files\Trend Micro
2007-11-13 01:04:00 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-05 19:53:11 0 --a------ C:\WINDOWS\dsn2c3.reg
-- Find3M Report ---------------------------------------------------------------
2007-11-13 02:19:48 0 d-------- C:\Program Files\MSN Messenger
2007-11-13 02:19:30 0 d-------- C:\Program Files\Microsoft Private Folder 1.0
2007-11-13 02:15:01 0 d-------- C:\Program Files\iTunes
2007-11-13 02:12:47 0 d-------- C:\Program Files\Google
2007-11-13 02:12:37 0 d-------- C:\Program Files\fulDC
2007-11-13 02:11:44 0 d-------- C:\Program Files\Common Files\LightScribe
2007-11-13 01:21:29 0 d-------- C:\Program Files\Windows Defender
2007-11-11 04:25:40 0 d-------- C:\Documents and Settings\David Ashman\Application Data\Skype
2007-10-24 20:06:48 0 d-------- C:\Documents and Settings\David Ashman\Application Data\Adobe
2007-10-15 20:00:16 0 d-------- C:\Program Files\EA Sports
2007-10-08 17:55:03 0 d-------- C:\Program Files\iPod
2007-10-08 17:50:55 0 d-------- C:\Program Files\Apple Software Update
2007-10-07 17:51:14 0 d-------- C:\Program Files\AirPort
2007-10-07 17:09:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-06 14:51:05 0 d-------- C:\Program Files\Network Stumbler
2007-10-01 15:01:49 0 d-------- C:\Program Files\KONAMI
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [06/08/2005 15:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [04/05/2006 16:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 05:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/07/2006 16:58]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [20/07/2006 16:58]
"nwiz"="nwiz.exe" [20/07/2006 16:58 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [03/06/2006 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [17/06/2006 16:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [20/07/2006 01:14]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/06/2006 21:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [19/06/2006 20:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 20:23]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 20:50]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 10:47]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06/10/2006 08:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [18/01/2007 23:09]
"PSDrvCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [28/08/2003 21:47]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"Net iD"="C:\WINDOWS\system32\iid.exe" [15/03/2007 11:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 07:24]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [04/04/2007 03:00]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 03:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 10:03]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04/02/2007 13:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 15:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/08/2007 10:36]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [15/11/2006 20:49]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [27/01/2007 05:07:42]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [07/03/2007 18:47:27]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [16/12/2006 15:41:36]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [25/09/2005 03:39:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5980d068-ab52-11db-b442-001636a48b43}]
AutoRun\command- F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6714813e-a6e0-11db-b432-001636a48b43}]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc117c0e-d382-11db-b490-0018de844ea4}]
AutoRun\command- F:\setupSNK.exe
-- End of Deckard's System Scanner: finished at 2007-11-20 23:43:46 ------------
Hi
That is not kaspersky, but part of dss report :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:31:40, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\JackHigher.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5BF56AD2-E297-416E-BC49-000004040507} - https://cve.trust.telia.com/TeliaEleg/iidsetup.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170940117578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://213.212.12.50/Remote/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
--
End of file - 11357 bytes
Hi
Now you posted HijackThis log.
I still need that kaspersky report, please :)
Sorry :) I seem to have been a bit tired last night.
Here's the kaspersky:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 21, 2007 2:17:59 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/11/2007
Kaspersky Anti-Virus database records: 462229
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
G:\
Scan Statistics:
Total number of scanned objects: 116580
Number of viruses found: 21
Number of infected objects: 99
Number of suspicious objects: 0
Duration of the scan process: 02:09:11
Infected Object Name / Virus Name / Last Action
C:\!KillBox\5Adtd.dll Infected: Email-Worm.Win32.Warezov.ui skipped
C:\!KillBox\dminbtpa.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\!KillBox\hypelapr.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\!KillBox\icmuwshe.dll Infected: Email-Worm.Win32.Warezov.tc skipped
C:\!KillBox\icmuwshe.dll( 1) Infected: Email-Worm.Win32.Warezov.tc skipped
C:\!KillBox\jobekbdn.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\!KillBox\pmspwups.dll Infected: Email-Worm.Win32.Warezov.td skipped
C:\!KillBox\pubnfex.exe Infected: Email-Worm.Win32.Warezov.uh skipped
C:\!KillBox\skt68.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\!KillBox\sygwin.exe Infected: Email-Worm.Win32.Warezov.ug skipped
C:\!KillBox\winnatkc.dll Infected: Email-Worm.Win32.Warezov.tp skipped
C:\Daweeds\Program Downloads\fulDC-6.78.msi/_5B663934D3150C1A2CE5A602435F38E5/_13B5FCBE8FBD856DA69486A1B60B8AC6 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Daweeds\Program Downloads\fulDC-6.78.msi/_5B663934D3150C1A2CE5A602435F38E5 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Daweeds\Program Downloads\fulDC-6.78.msi Embedded: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01182007-123040.log Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\David Ashman\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5E5A86F6-DC94-40C9-9AA8-C587561B87FA} Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\History\History.IE5\MSHist012007112120071122\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temp\~DFAFC6.tmp Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temp\~DFB16B.tmp Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temp\~DFD915.tmp Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\David Ashman\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037106.exe Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037107.exe Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037108.exe Infected: Email-Worm.Win32.Warezov.pk skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037109.dll Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037110.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0038118.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0038119.exe Infected: Email-Worm.Win32.Warezov.tb skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP423\A0038127.exe Infected: Email-Worm.Win32.Warezov.td skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP423\A0038128.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP423\A0038129.exe Infected: Email-Worm.Win32.Warezov.pk skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP423\A0038132.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039127.exe Infected: Email-Worm.Win32.Warezov.pk skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039128.exe Infected: Email-Worm.Win32.Warezov.tt skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039130.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039133.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039134.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039167.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039168.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039181.exe Infected: Email-Worm.Win32.Warezov.pk skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039184.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039185.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039247.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039248.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039277.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039279.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039304.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039305.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0039490.exe Infected: Email-Worm.Win32.Warezov.uh skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0039491.exe Infected: Email-Worm.Win32.Warezov.uh skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0039494.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0039495.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0040492.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0040493.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0040540.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0040541.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0040562.exe Infected: Email-Worm.Win32.Warezov.tb skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041541.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041542.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041574.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041575.exe Infected: Email-Worm.Win32.Warezov.ug skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041576.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0042539.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0042542.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0042543.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0042555.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043538.dll Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043539.dll Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043540.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043541.dll Infected: Email-Worm.Win32.Warezov.tz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043542.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043543.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043548.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0044540.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0044560.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0045570.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0045592.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP433\A0045659.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP434\A0046659.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP434\A0047659.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP434\A0047782.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP437\A0047897.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047937.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047950.dll Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047953.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047971.dll Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047975.dll Infected: Email-Worm.Win32.Warezov.td skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047976.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047977.dll Infected: Email-Worm.Win32.Warezov.ui skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047978.exe Infected: Email-Worm.Win32.Warezov.ug skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047979.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047981.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047982.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047996.exe Infected: Email-Worm.Win32.Warezov.uh skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9D3CF3FD-8E37-4387-88CC-D4DCEFEA145C}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\stk70.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\sygmp3.exe Infected: Email-Worm.Win32.Warezov.tx skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ksdmgr32.dll Infected: Email-Worm.Win32.Warezov.ua skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\netuencd.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\onksd.dll Infected: Email-Worm.Win32.Warezov.ty skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\perfex.exe Infected: Email-Worm.Win32.Warezov.tv skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\prfex32.dll Infected: Email-Worm.Win32.Warezov.uh skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\SJ04B4FYv.dll Infected: Email-Worm.Win32.Warezov.ui skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\statex.dll Infected: Email-Worm.Win32.Warezov.qf skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vbscsysi.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\wanpsysi.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\winnatkc.exe Infected: Email-Worm.Win32.Warezov.tp skipped
Scan process completed.
Hi
Empty these folders:
C:\_OTMoveIt\MovedFiles\
C:\!KillBox\
Empty Recycle Bin
All other viruses are in system restore and inactive.
I give you later instructions how to empty it.
Other than that, any problems left?
Thanks so much for all the help!
Problems since malware:
-My windows update doesn't want to be turned on.
-Windows defender can't update.
-NOD32 is not working as I mentioned before.
I have a folder in c: called qoobox that I don't know what it is.
That's it I think.
Thanks again
Hi
"-My windows update doesn't want to be turned on."
Download this (http://www.kellys-korner-xp.com/regs_edits/updaterestore.reg) (right-click, choose save as or save target as).
Doubleclick updaterestore.reg, click yes and ok.
"-Windows defender can't update."
Uninstall & re-install it; that should do the trick.
"-NOD32 is not working as I mentioned before."
Try same as above.
"I have a folder in c: called qoobox that I don't know what it is."
There are ComboFix backups, feel free to delete that.
Post back if those helped :)
My windows update is still not working.. question. Is it suppose to start working immediately after I did that registry thing? If so, it's not.
I don't know how to re-install Windows defender. I don't have it on CD. I think it just came with the computer or with XP.
Hi
"My windows update is still not working.. question. Is it suppose to start working immediately after I did that registry thing? If so, it's not."
Well it depends on what makes windows update not to work. Try this (http://support.microsoft.com/kb/822798)
next.
"
I don't know how to re-install Windows defender. I don't have it on CD. I think it just came with the computer or with XP."
It can be found here (http://www.microsoft.com/athome/security/spyware/software/default.mspx)
Ok. So now I know. There's not a problem with Defender, it's just since my Windows update is not working, defender can't update.
I click on the red icon, that looks like a shield on the bar in the bottom of my XP. There it says that my windows update is turned off. There's a button that I can click to to turned it on. When I click on it says that windows security center couldn't turn it on, but I can try to manual turn it on by going to control panel. I go there but that doesn't work. When I then go to windows update homepage a ask it install the latest updates an error message occur and it says that they couldn't continue to install the updates. I've looked but I haven't found the solution. The problem is that my windows update doesn't want to be turned on. Everything else works. Active X works.. so the site you recommended wasn't really for my problem. What do you think I should do?
Thanks again!
They asked me to read the log file for windows update. Here's an abstract of it:
2007-11-23 19:30:49:135 3808 88c Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:30:49:135 3808 88c Misc = Process: C:\WINDOWS\system32\rundll32.exe
2007-11-23 19:30:49:135 3808 88c Misc = Module: C:\WINDOWS\system32\wuapi.dll
2007-11-23 19:30:49:135 3808 88c ARP Connected to update session.
2007-11-23 19:30:49:135 3808 88c ARP User is allowed to install published content.
2007-11-23 19:30:49:166 3808 88c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:30:49:166 3808 88c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:34:25:336 296 5c8 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:34:25:336 296 5c8 Misc = Process: C:\Program Files\Windows Defender\MSASCui.exe
2007-11-23 19:34:25:336 296 5c8 Misc = Module: C:\WINDOWS\system32\wuapi.dll
2007-11-23 19:34:25:336 296 5c8 COMAPI -------------
2007-11-23 19:34:25:336 296 5c8 COMAPI -- START -- COMAPI: Search [ClientId = Windows Defender]
2007-11-23 19:34:25:336 296 5c8 COMAPI ---------
2007-11-23 19:34:25:367 296 5c8 COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:34:25:367 296 5c8 COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:34:25:382 296 5c8 COMAPI - WARNING: Exit code = 0x80070424
2007-11-23 19:34:25:382 296 5c8 COMAPI ---------
2007-11-23 19:34:25:382 296 5c8 COMAPI -- END -- COMAPI: Search [ClientId = <NULL>]
2007-11-23 19:34:25:382 296 5c8 COMAPI -------------
2007-11-23 19:34:25:382 296 5c8 COMAPI FATAL: Unable to initiate asynchronous search, hr=80070424
2007-11-23 19:34:25:382 296 5c8 COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:34:25:382 296 5c8 COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:34:58:449 296 434 COMAPI -------------
2007-11-23 19:34:58:449 296 434 COMAPI -- START -- COMAPI: Search [ClientId = Windows Defender]
2007-11-23 19:34:58:449 296 434 COMAPI ---------
2007-11-23 19:34:58:449 296 434 COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:34:58:449 296 434 COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:34:58:449 296 434 COMAPI - WARNING: Exit code = 0x80070424
2007-11-23 19:34:58:449 296 434 COMAPI ---------
2007-11-23 19:34:58:449 296 434 COMAPI -- END -- COMAPI: Search [ClientId = <NULL>]
2007-11-23 19:34:58:449 296 434 COMAPI -------------
2007-11-23 19:34:58:449 296 434 COMAPI FATAL: Unable to initiate asynchronous search, hr=80070424
2007-11-23 19:34:58:465 296 434 COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:34:58:465 296 434 COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:37:01:981 2012 55c Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:37:01:981 2012 55c Misc = Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2007-11-23 19:37:01:981 2012 55c Misc = Module: C:\WINDOWS\system32\wuapi.dll
2007-11-23 19:37:01:981 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:37:01:981 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:37:06:248 2012 55c Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:37:06:248 2012 55c Misc = Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2007-11-23 19:37:06:248 2012 55c Misc = Module: C:\WINDOWS\system32\wuweb.dll
2007-11-23 19:37:06:248 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:37:06:248 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:37:06:373 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:37:06:388 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:37:06:451 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:37:06:482 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:37:06:670 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:37:06:685 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:37:06:951 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab:
2007-11-23 19:37:06:951 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:37:06:998 2012 55c Setup *********** Setup: Checking whether self-update is required ***********
2007-11-23 19:37:06:998 2012 55c Setup * Inf file: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf
2007-11-23 19:37:07:045 2012 55c Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:045 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:060 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:076 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:091 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:091 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:091 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:123 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:185 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:201 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:201 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:248 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:248 2012 55c Setup * IsUpdateRequired = No
2007-11-23 19:37:12:561 2012 55c COMAPI -------------
2007-11-23 19:37:12:561 2012 55c COMAPI -- START -- COMAPI: Search [ClientId = WindowsUpdate]
2007-11-23 19:37:12:561 2012 55c COMAPI ---------
2007-11-23 19:37:12:576 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:37:12:576 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:37:12:576 2012 55c COMAPI - WARNING: Exit code = 0x80070424
2007-11-23 19:37:12:576 2012 55c COMAPI ---------
2007-11-23 19:37:12:576 2012 55c COMAPI -- END -- COMAPI: Search [ClientId = <NULL>]
2007-11-23 19:37:12:576 2012 55c COMAPI -------------
2007-11-23 19:37:12:576 2012 55c COMAPI FATAL: Unable to initiate asynchronous search, hr=80070424
2007-11-23 19:38:58:776 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:38:58:776 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:39:04:824 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:39:04:824 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:39:07:574 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:39:07:574 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:07:699 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:39:07:699 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:07:715 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:39:07:715 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:07:965 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:39:07:980 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:08:230 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab:
2007-11-23 19:39:08:230 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:08:262 2012 55c Setup *********** Setup: Checking whether self-update is required ***********
2007-11-23 19:39:08:262 2012 55c Setup * Inf file: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:277 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:277 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:277 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:277 2012 55c Setup * IsUpdateRequired = No
2007-11-23 19:39:21:326 4060 ae0 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:39:21:326 4060 ae0 Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2007-11-23 19:39:21:326 4060 ae0 Misc = Module: C:\WINDOWS\system32\wucltui.dll
2007-11-23 19:39:21:326 4060 ae0 CltUI FATAL: Failed to get agent interface pointers, hr=80070424
2007-11-23 19:39:25:811 3372 530 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:39:25:811 3372 530 Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2007-11-23 19:39:25:811 3372 530 Misc = Module: C:\WINDOWS\system32\wucltui.dll
2007-11-23 19:39:25:811 3372 530 CltUI FATAL: Failed to get agent interface pointers, hr=80070424
2007-11-23 19:39:28:186 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:39:28:186 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:39:30:624 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:39:30:624 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:39:53:079 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:39:53:079 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:39:57:314 2012 55c Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:39:57:314 2012 55c Misc = Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2007-11-23 19:39:57:314 2012 55c Misc = Module: C:\WINDOWS\system32\muweb.dll
2007-11-23 19:39:57:314 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:39:57:330 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:57:502 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:39:57:517 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:57:533 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:39:57:533 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:57:799 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:39:57:799 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:57:877 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab:
2007-11-23 19:39:57:892 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:57:908 2012 55c Setup *********** Setup: Checking whether self-update is required ***********
2007-11-23 19:39:57:908 2012 55c Setup * Inf file: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf
2007-11-23 19:39:57:908 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:57:908 2012 55c Setup * IsUpdateRequired = No
2007-11-23 19:39:57:924 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:39:57:939 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:58:002 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:39:58:017 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:58:033 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:39:58:049 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:58:299 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:39:58:314 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:58:314 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab:
2007-11-23 19:39:58:330 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:58:392 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab:
2007-11-23 19:39:58:408 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:58:424 2012 55c Setup *********** Setup: Checking whether self-update is required ***********
2007-11-23 19:39:58:424 2012 55c Setup * Inf file: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf
2007-11-23 19:39:58:424 2012 55c Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:424 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup * IsUpdateRequired = No
2007-11-23 19:39:59:549 2012 55c COMAPI ----------- COMAPI: IUpdateServiceManager::AddService -----------
2007-11-23 19:39:59:549 2012 55c COMAPI - ServiceId = {7971f918-a847-4430-9279-4a52d1efe18d}
2007-11-23 19:39:59:549 2012 55c COMAPI - AuthorizationCabPath = C:\WINDOWS\SoftwareDistribution\AuthCabs\muauth.cab
2007-11-23 19:39:59:564 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:39:59:564 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:39:59:564 2012 55c COMAPI - Exit code = 0x80070424
2007-11-23 19:39:59:564 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:39:59:564 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:40:39:257 3732 d54 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:40:39:257 3732 d54 Misc = Process: C:\WINDOWS\system32\rundll32.exe
2007-11-23 19:40:39:257 3732 d54 Misc = Module: C:\WINDOWS\system32\wuapi.dll
2007-11-23 19:40:39:257 3732 d54 ARP Connected to update session.
2007-11-23 19:40:39:257 3732 d54 ARP User is allowed to install published content.
2007-11-23 19:40:39:257 3732 d54 COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:40:39:257 3732 d54 COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
Hi
Please click Start > Run and type in: services.msc
Click OK
In the Services window find: Automatic updates
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Automatic
Click Apply, then OK
Did it help?
Hi
"In the Services window find: Automatic updates"
I don't have that in m services window, neither something close to that. Couldn't find antything. sorry...
maybe that's part of the problem?
Hi
See here (http://support.microsoft.com/kb/883614), method 2.
Hi
I think that method 2 could have worked, but I get promted for the CD and it doesn't work to type the path, I still get prompted for the CD which I don't have.. Windows was installed when I bought my computer.
Is there some way to get around that?
I figured it out.. It's fixed now. Thanks!
One more thing.. you said something about showing me how to remove stuff from system restore. What is that?
Hi
Then you're clean!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/doc/1) - Free edition of the AVG anti-virus program for Windows.
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/)
2) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
3) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
4) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 3 (http://java.sun.com/javase/downloads/index.jsp) and save it to your desktop.
Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
Click the "Download" button to the right.
Read the License Agreement and then check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
Next we remove all used tools.
Please download OTMoveIt (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) and save it to desktop.
Double-click OTMoveIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware 2007 to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean!
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.