jane77
2008-07-09, 00:24
Can someone please help me??? I have Windows XP SP2 and have been experiencing some problems….
- Task manager disabled
- No access to My computer, Control panel, My documents etc on Start menu.
- I can access My documents through programmes (such as Word) but the C:/ still does not show.
- ‘VIRUS ALERT!’ is written next to the clock on the start bar
- LOTS of pop-ups pretending to be Windows and warning of viruses, internet attacks etc which all try to get me to download their ‘antivirus software’ from a page that keeps opening in Internet explorer.
- When I use Process Explorer to ‘kill process’ of Internet Explorer the Start bar and all desk top icons disappear.
I have had these problems before which then lead to my desktop background turning red with a bio hazard symbol and a warning about viruses. I searched the net, followed some advice, downloaded ‘Malwarebytes’ Anti-Malware’, ran it, rebooted and everything was fine. That was a couple of months ago but when I run the Anti-Malware programme now it shows varying numbers of threats (I’ve tried it a few times!) ranging from 12 – 203 which when deleted prompts a re-boot…everything is fine for 5 seconds, then it is back again! This implies to me that there is a ‘root cause’ that is not being deleted but hey, I know nothing really, that is why I am here!
As per the instructions of ‘What to do before you post’ I downloaded, installed and ran Spybot. 66 problems were found and apparently fixed. Ran it again, still 16 problems – these don’t seem to go away no matter how many times I ‘fix’ them.
I had to run Spybot in normal mode as when I tried to boot up in Safe mode according to the instructions, the option simply wasn’t in the Boot Menu that appeared after pressing F8.
I already had NOD32 Antivirus running which occasionally tells me a threat has been found, normally repeating
“Application Win32/Adware.Vapsup found in operating memory. The file can be deleted. No action can be taken while the file is in memory. System memory infection originated from file C:\WINDOWS\okmdepqb.dll”
and
“File C:\WINDOWS\okmdepqb.dll is infected with application Win32\Adware.Vapsup. The file can be deleted.”
“C:\WINDOWS\mrvtdpae.exe is infected with adware.vapsup.”
But the ‘delete’ button will not select!
I cannot think of anything else to include now other than the Hijackthis log that has just been produced.
Please help…..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04: VIRUS ALERT!, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Richard\My Documents\PC Support\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Richard\My Documents\PC Support\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Richard\My Documents\PC Support\procexp.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Richard\My Documents\PC Support\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxysetup.solent.ac.uk/halls.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.63.197.246:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - C:\WINDOWS\system32\avg_ss.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Richard\My Documents\PC Support\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: nqgpedlr - {80123684-A222-4009-8220-A867294D6DE8} - C:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Windows Security ] rundll32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mbssm32] C:\WINDOWS\system32\mibssys.exe
O4 - HKLM\..\RunServices: [Windows Security ] rundll32.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC1998] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5252] command /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC164] cmd /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4505] command /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2400] cmd /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1108] command /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1096] cmd /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5497] command /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1023] cmd /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9446] command /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7632] cmd /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5543] command /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8576] cmd /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA288] command /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6776] cmd /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1793] command /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1334] cmd /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA119] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6277] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8649] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2834] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8785] command /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2374] cmd /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5607] command /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9953] cmd /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8965] command /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC353] cmd /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4950] command /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8781] cmd /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA689] command /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2475] cmd /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9854] command /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC393] cmd /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3405] command /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3812] cmd /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA699] command /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4081] cmd /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4954] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7837] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9737] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4318] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Richard\My Documents\PC Support\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB675] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7347] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4482] command /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9144] cmd /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4715] command /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4349] cmd /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3634] command /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1345] cmd /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6560] command /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4389] cmd /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4065] command /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4263] cmd /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1268] command /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD386] cmd /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3360] command /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2081] cmd /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5843] command /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2356] cmd /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB292] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6146] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2866] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5149] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8558] command /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3260] cmd /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5985] command /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD251] cmd /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2619] command /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD838] cmd /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6428] command /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9753] cmd /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6190] command /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7888] cmd /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6199] command /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6683] cmd /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8833] command /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4220] cmd /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9143] command /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9276] cmd /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9156] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9086] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7825] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9016] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Documents and Settings\Richard\My Documents\PC Support\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Documents and Settings\Richard\My Documents\PC Support\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155793170609
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.64
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: okmdepgb - {5C82EFF8-D19C-44BD-93C7-FA61F20678B2} - C:\WINDOWS\okmdepgb.dll (file missing)
O21 - SSODL: axrfgvek - {BD203D3B-92AB-4A32-B016-034A562364A6} - C:\WINDOWS\axrfgvek.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 20685 bytes
- Task manager disabled
- No access to My computer, Control panel, My documents etc on Start menu.
- I can access My documents through programmes (such as Word) but the C:/ still does not show.
- ‘VIRUS ALERT!’ is written next to the clock on the start bar
- LOTS of pop-ups pretending to be Windows and warning of viruses, internet attacks etc which all try to get me to download their ‘antivirus software’ from a page that keeps opening in Internet explorer.
- When I use Process Explorer to ‘kill process’ of Internet Explorer the Start bar and all desk top icons disappear.
I have had these problems before which then lead to my desktop background turning red with a bio hazard symbol and a warning about viruses. I searched the net, followed some advice, downloaded ‘Malwarebytes’ Anti-Malware’, ran it, rebooted and everything was fine. That was a couple of months ago but when I run the Anti-Malware programme now it shows varying numbers of threats (I’ve tried it a few times!) ranging from 12 – 203 which when deleted prompts a re-boot…everything is fine for 5 seconds, then it is back again! This implies to me that there is a ‘root cause’ that is not being deleted but hey, I know nothing really, that is why I am here!
As per the instructions of ‘What to do before you post’ I downloaded, installed and ran Spybot. 66 problems were found and apparently fixed. Ran it again, still 16 problems – these don’t seem to go away no matter how many times I ‘fix’ them.
I had to run Spybot in normal mode as when I tried to boot up in Safe mode according to the instructions, the option simply wasn’t in the Boot Menu that appeared after pressing F8.
I already had NOD32 Antivirus running which occasionally tells me a threat has been found, normally repeating
“Application Win32/Adware.Vapsup found in operating memory. The file can be deleted. No action can be taken while the file is in memory. System memory infection originated from file C:\WINDOWS\okmdepqb.dll”
and
“File C:\WINDOWS\okmdepqb.dll is infected with application Win32\Adware.Vapsup. The file can be deleted.”
“C:\WINDOWS\mrvtdpae.exe is infected with adware.vapsup.”
But the ‘delete’ button will not select!
I cannot think of anything else to include now other than the Hijackthis log that has just been produced.
Please help…..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04: VIRUS ALERT!, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Richard\My Documents\PC Support\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Richard\My Documents\PC Support\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Richard\My Documents\PC Support\procexp.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Richard\My Documents\PC Support\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxysetup.solent.ac.uk/halls.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.63.197.246:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {1C1B8A44-61FE-411E-8F33-813A4E2E2984} - C:\WINDOWS\system32\avg_ss.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Richard\My Documents\PC Support\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: nqgpedlr - {80123684-A222-4009-8220-A867294D6DE8} - C:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Windows Security ] rundll32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mbssm32] C:\WINDOWS\system32\mibssys.exe
O4 - HKLM\..\RunServices: [Windows Security ] rundll32.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC1998] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5252] command /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC164] cmd /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4505] command /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2400] cmd /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1108] command /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1096] cmd /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5497] command /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1023] cmd /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9446] command /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7632] cmd /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5543] command /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8576] cmd /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA288] command /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6776] cmd /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1793] command /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1334] cmd /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA119] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6277] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8649] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2834] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8785] command /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2374] cmd /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5607] command /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9953] cmd /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8965] command /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC353] cmd /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4950] command /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8781] cmd /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA689] command /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2475] cmd /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9854] command /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC393] cmd /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3405] command /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3812] cmd /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA699] command /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4081] cmd /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4954] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7837] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9737] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4318] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Richard\My Documents\PC Support\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB675] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7347] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4482] command /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9144] cmd /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4715] command /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4349] cmd /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3634] command /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1345] cmd /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6560] command /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4389] cmd /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4065] command /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4263] cmd /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1268] command /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD386] cmd /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3360] command /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2081] cmd /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5843] command /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2356] cmd /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB292] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6146] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2866] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5149] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8558] command /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3260] cmd /c del "C:\WINDOWS\system32\vi32.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5985] command /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD251] cmd /c del "C:\WINDOWS\system32\My Sex World.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2619] command /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD838] cmd /c del "C:\WINDOWS\system32\Sexxxpassport.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6428] command /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9753] cmd /c del "C:\Documents and Settings\Richard\Favorites\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6190] command /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7888] cmd /c del "C:\Documents and Settings\Richard\Favorites\Privacy Protector.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6199] command /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6683] cmd /c del "C:\Documents and Settings\Richard\Favorites\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8833] command /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4220] cmd /c del "C:\Documents and Settings\Richard\Desktop\Spyware&Malware Protection.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9143] command /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9276] cmd /c del "C:\Documents and Settings\Richard\Desktop\Error Cleaner.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9156] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9086] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7825] command /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9016] cmd /c del "C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Documents and Settings\Richard\My Documents\PC Support\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Documents and Settings\Richard\My Documents\PC Support\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155793170609
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.149 85.255.112.64
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: okmdepgb - {5C82EFF8-D19C-44BD-93C7-FA61F20678B2} - C:\WINDOWS\okmdepgb.dll (file missing)
O21 - SSODL: axrfgvek - {BD203D3B-92AB-4A32-B016-034A562364A6} - C:\WINDOWS\axrfgvek.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 20685 bytes