View Full Version : Imgburn says 'No Devices Detected'...
Mr Shankly
2009-04-20, 19:59
...that was my first clue that something was wrong. Also:
The PC does nothing when I double click Spybot. When I right click spybot and run as administrator, it crashes!
Since I use google as homepage, any link I click on from there redirects me to a site trying to sell me something or a site called search Pro.
My PC did blue screen of death after attempting to start spybot as mentioned above. PC re-started fine.
All help appreciated. Here is my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:31, on 20/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Windows\System32\DeltaIITray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\Windows\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c98df62087ea15) (gupdate1c98df62087ea15) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 10385 bytes
pskelley
2009-04-21, 17:03
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Not seeing malware and a good of 'No Devices Detected' returns:
http://www.google.com/search?hl=en&q=%27No+Devices+Detected%27&btnG=Search
are you sure that is the complete error message? The symptoms sound like malware so we will check, but I do not own Vista, and may need to send you to a free Vista forum if the issues are not being caused by malware.
1) Read the "Before you Post" directions very carefully, since TeaTimer is NOT disabled, I have to assume you missed those directions.
2) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)
3) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/
http://www.besttechie.net/mbam/mbam-setup.exe <<< download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html
4) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
Thanks...Phil
Mr Shankly
2009-04-23, 12:54
I got as far as downloading and installing Malwarebytes software. It seems to be affected by the virus in the same way that Spybot is. i.e.
Double left click the application - nothing happens
Right click / run as administrator - the application crashes
Apologies for my stupidity/laziness/ignorance re: teatimer etc.
OMG will I have to re-format? :mad: :banghead:
Mr Shankly
2009-04-23, 13:25
I have ended Teatimer process in task manager....and then ran HijackThis again.
Also, after I have typed into the google search box and I get a list of results; internet explorer goes to STUPID websites (e.g. museum of art??? etc.) instead of the link I click on.
Oh, I have internet explorer, mozilla firefox AND google chrome installed. Is this the wrong thing to do?
Here is the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:32, on 23/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Windows\System32\DeltaIITray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\Windows\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c98df62087ea15) (gupdate1c98df62087ea15) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 10310 bytes
pskelley
2009-04-23, 14:44
My PC did blue screen of death after attempting to start spybot as mentioned above
Do not attempt to start Spybot until we find out what is causing the problem.
I have ended Teatimer process in task manager
Please follow the instructions I posted, TT must me disabled from within the Spybot S&D program. Task Manager only shuts it down until a reboot. I want it out of the way completely for now.
error messages <<< if you receive any, post those word for word.
Please hold HJT logs until I ask for a new one.
Let's see if we can get MBAM to run like this:
1) Uninstall MBAM if you have it at all.
2) Run all programs we use as administrator
3) Click this link: http://www.malwarebytes.org/affiliates/besttechie/mbam-setup.exe
4) "Save this file" now then OK
5) Save the file to the Desktop
6) BEFORE YOU SAVE, change the file name to Mr Shankly.exe, then click save.
7) Double click that file on the Desktop and see if it will run now.
Thanks
Mr Shankly
2009-04-23, 20:05
Just followed your instructions from previous post. Saved app. to desktop as 'Mr Shankly.exe'. Double left clicked the app. and it was installing OK. The last click in the install process was when the app. asked me if I wanted to place a shortcut on desktop. Upon doing so, the program installation crashes and in the centre of the screen a box appears saying:
"Malwarebytes has encountered a problem and needs to close. Windows will notify you if..... blah blah blah".
I clicked OK on this little message box in the centre of the screen and navigated to this page to type this message.
Now even though it says it has encountered a problem and needed to close, I have just minimised this Internet Explorer page to check my desktop and there is a Malwarebytes install window there???
Which says:
"Completing the Malwarebytes' Anti-Malware Setup Wizard
Setup has finished installing Malwarebytes' Anti-Malware on your computer. The application may be launched by selecting the installed icons.
Click Finish to exit Setup.
[tick box] Update Malwarebytes' Anti-Malware
[tick box] Launch Malwarebytes' Anti-Malware"
Both boxes already ticked by default I guess. The only thing that can be clicked in that window is a button at the bottom that says:
'Finish'
So I clicked it AND.....ABSOLUTELY NOTHING happens!
So I tried double left clicking the shortcut that Malwarebytes has placed on the desktop AND.....screen goes dim and 'User account control' box comes on screen (as it ALWAYS does with Vista):
"A program needs permission to continue. If you started this program click continue"
Two clickable buttons on that small window. Continue or Cancel. I left click ontinue.....NOTHING HAPPENS.
So I right click the shortcut for Malwarebytes and select run as administrator AND.....exactly the same as above:
screen goes dim and 'User account control' box comes on screen:
"A program needs permission to continue. If you started this program click continue"
Two clickable buttons on that small window. Continue or Cancel. I left click ontinue.....THIS appears:
"Malwarebytes has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available".
One clickable button on this small window which says 'close program'
:banghead:
I appreciate your patience.
pskelley
2009-04-23, 20:22
Let's give combofix a try, please follow the directions carefully.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use
Download ComboFix from here:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Mr Shankly
2009-04-23, 22:52
All Antivirus and Antispyware disabled. I notice now you said double click Combofix. I am sorry I right clicked it to run as administrato. Simply because that is what I was having to do with previous attempts with spybot Antspyware software.
None of the screen pictures came up that you included in your post. However, I will explain what came up during the process of it running.
1. Combofix is attempting to clean your system which could take up to 10 minutes etc.
2. Then a window saying "Combofix has detected the presence of rootkit activity and needs to reboot the machine. Please note down on paper the names of the following files, you may need them later.
C:\windows\system32\drivers\A LONG LIST OF LETTERS ENDING rfs.sys
C:\windows\system32\ A LONG LIST OF LETTERS ENDING jnb.dll
Both files are in the first paragraph of the Combofix log.
I clicked OK to reboot but whilst my wallpaper was still on screen the PC did a blue screen for a short time.
3. During the 'clean' / reboot process, the screen was black with a blue window that had the heading 'administrator'. On the screen it kept bringing up completed stage ** i.e 1,2,3,4, through to 30 something.
4. The PC is rebooted and I have re-enabled my NOD32 for safety's sake. Below are the two logs you requested:
ComboFix 09-04-23.A3 - Steven 23/04/2009 20:23.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.2046.1021 [GMT 1:00]
Running from: c:\users\Steven\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\programdata\vlc-0.9.4-win32.exe
c:\programdata\vlc-0.9.6-win32.exe
c:\recycler\S-1-4-87-100002596-100002404-100007667-4430.com
c:\users\Steven\AppData\Roaming\inst.exe
c:\windows\system32\drivers\gxvxcqjobvixbxprxbdvdrofutommbnuyyrfs.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxccxcpqyseinhsfeuasiecwmwnybforjnb.dll
D:\Autorun.inf
G:\Autorun.inf
H:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GXVXCSERV.SYS
-------\Service_GXVXCSERV.SYS
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.
2009-04-16 00:49 . 2009-04-23 19:22 217272147 ----a-w c:\windows\MEMORY.DMP
2009-04-15 21:13 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-15 21:13 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-15 21:13 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-15 21:13 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-15 21:13 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-15 21:13 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-15 21:13 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-15 21:13 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-15 21:13 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-15 21:13 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-15 21:10 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-15 21:10 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-15 21:10 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-15 21:10 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-15 20:37 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 20:37 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 20:02 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-08 00:25 . 2006-12-08 02:04 76800 ----a-w c:\windows\system32\E_FLBCAE.DLL
2009-04-08 00:25 . 2006-04-19 02:00 62976 ----a-w c:\windows\system32\E_FD4BCAE.DLL
2009-04-08 00:20 . 2006-12-27 23:00 66560 ----a-w c:\windows\system32\eswia7e.dll
2009-04-08 00:20 . 2006-12-27 23:00 208896 ----a-w c:\windows\system32\esint7e.dll
2009-04-08 00:20 . 2006-03-09 23:00 3584 ----a-w c:\windows\system32\eswiaml.dll
2009-04-07 20:02 . 2009-04-07 21:39 -------- d-----w C:\downloads
2009-04-07 20:02 . 2009-04-07 20:02 -------- d-----w c:\users\Steven\AppData\Roaming\FMZilla
2009-04-06 20:50 . 2009-04-13 14:32 -------- d-----w c:\users\All Users\RFA_Backups
2009-04-06 20:50 . 2009-04-13 14:32 -------- d-----w c:\programdata\RFA_Backups
2009-04-06 20:48 . 2009-04-06 20:48 -------- d-----w c:\windows\Registry First Aid Platinum V 7
2009-04-06 16:58 . 2009-04-06 16:58 -------- d-----w c:\users\Steven\AppData\Roaming\Binary Fortress Software
2009-03-31 08:01 . 2009-03-31 08:01 -------- d-----w c:\users\Steven\AppData\Roaming\Softplicity
2009-03-30 10:37 . 2009-03-30 10:37 -------- d-----w c:\users\Steven\AppData\Local\ESET
2009-03-29 01:09 . 2009-04-23 18:37 -------- d-----w c:\users\Steven\Tracing
2009-03-29 01:07 . 2009-03-29 01:07 -------- dc----w c:\windows\system32\DRVSTORE
2009-03-29 01:07 . 2009-02-06 17:08 55280 ----a-w c:\windows\system32\drivers\fssfltr.sys
2009-03-27 15:13 . 2009-03-27 15:13 -------- d-----w c:\users\Steven\AppData\Roaming\NCH Software
2009-03-27 15:13 . 2009-03-27 15:13 -------- d-----w c:\users\All Users\NCH Software
2009-03-27 15:13 . 2009-03-27 15:13 -------- d-----w c:\programdata\NCH Software
2009-03-27 15:13 . 2009-04-11 12:58 -------- d-----w c:\users\All Users\NCH Swift Sound
2009-03-27 15:13 . 2009-04-11 12:58 -------- d-----w c:\programdata\NCH Swift Sound
2009-03-27 15:13 . 2009-03-27 15:13 -------- d-----w c:\users\Steven\AppData\Roaming\NCH Swift Sound
2009-03-27 15:13 . 2009-03-27 15:13 27136 ----a-w c:\windows\system32\drivers\nchssvad.sys
2009-03-27 01:50 . 2009-03-27 01:51 -------- d-----w c:\users\Steven\AppData\Roaming\vlc
2009-03-25 00:09 . 2008-01-07 14:29 352 ---ha-w c:\windows\nod32fixtemdono.reg
2009-03-25 00:08 . 2009-03-25 00:08 -------- d-----w c:\users\All Users\ESET
2009-03-25 00:08 . 2009-03-25 00:08 -------- d-----w c:\programdata\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 19:27 . 2008-10-12 02:06 -------- d-----w c:\programdata\Kontiki
2009-04-23 16:28 . 2009-04-23 16:28 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 16:28 . 2009-04-23 16:28 -------- d-----w c:\programdata\Malwarebytes
2009-04-23 15:44 . 2008-10-03 22:19 -------- d-----w c:\program files\Winamp
2009-04-23 09:37 . 2009-02-13 16:13 -------- d-----w c:\programdata\Google Updater
2009-04-20 23:21 . 2008-10-06 23:19 -------- d-----w c:\users\Steven\AppData\Roaming\dvdcss
2009-04-20 16:47 . 2009-04-20 16:47 -------- d-----w c:\program files\Trend Micro
2009-04-20 16:44 . 2009-04-20 16:44 -------- d-----w c:\program files\ERUNT
2009-04-20 16:04 . 2008-12-13 19:50 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-20 16:03 . 2009-04-16 21:33 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-19 20:23 . 2009-04-19 20:23 -------- d-----w c:\program files\Secunia
2009-04-18 11:55 . 2008-10-18 19:09 -------- d-----w c:\users\Steven\AppData\Roaming\Audacity
2009-04-16 12:48 . 2009-03-11 20:54 -------- d-----w c:\program files\abgx360
2009-04-15 23:58 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-15 23:51 . 2008-10-08 11:30 -------- d-----w c:\programdata\Microsoft Help
2009-04-11 13:02 . 2009-04-11 13:02 -------- d-----w c:\program files\Free Midi Converter
2009-04-08 12:36 . 2008-10-02 15:00 133432 ----a-w c:\users\Steven\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-08 00:25 . 2008-10-09 11:09 -------- d-----w c:\programdata\EPSON
2009-04-08 00:25 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-04-08 00:25 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-08 00:25 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-07 20:15 . 2009-04-07 20:02 -------- d-----w c:\program files\Free Music Zilla
2009-04-06 21:22 . 2009-04-06 21:22 -------- d-----w c:\program files\The Adventure Company
2009-04-06 20:50 . 2009-04-06 20:49 -------- d-----w c:\program files\RFA
2009-04-06 20:48 . 2009-04-06 20:48 -------- d-----w c:\program files\Registry First Aid Platinum V 7
2009-04-06 17:17 . 2008-10-23 14:40 -------- d---a-w c:\programdata\TEMP
2009-04-06 16:55 . 2009-04-06 16:55 -------- d-----w c:\program files\DisplayFusion
2009-04-06 14:32 . 2009-04-23 16:28 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2009-04-23 16:28 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 18:15 . 2009-02-24 21:13 -------- d-----w c:\program files\Media Catalog Studio
2009-04-04 00:25 . 2008-11-09 00:45 -------- d-----w c:\program files\Kontiki
2009-04-04 00:25 . 2009-04-04 00:25 -------- d-----w c:\program files\Channel4
2009-04-02 22:02 . 2008-10-28 17:00 -------- d-----w c:\programdata\DVD Shrink
2009-04-01 23:22 . 2008-10-04 10:49 -------- d-----w c:\program files\Common Files\Adobe
2009-04-01 23:01 . 2009-04-01 23:01 -------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-04-01 21:44 . 2009-02-28 23:36 -------- d-----w c:\programdata\CyberLink
2009-04-01 18:37 . 2009-04-01 18:37 -------- d-----w c:\program files\DynamicPhotoHDR4
2009-03-31 08:01 . 2009-03-31 08:00 -------- d-----w c:\program files\TotalAudioConverter
2009-03-29 22:32 . 2008-10-10 16:21 -------- d-----w c:\users\Steven\AppData\Roaming\Vso
2009-03-29 01:07 . 2009-03-29 01:03 -------- d-----w c:\program files\Microsoft
2009-03-29 01:07 . 2009-03-29 01:07 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-03-29 01:07 . 2008-10-02 17:20 -------- d-----w c:\program files\Windows Live
2009-03-29 01:06 . 2009-03-29 01:06 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-29 01:05 . 2009-03-29 01:05 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-29 01:03 . 2009-03-29 01:03 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-29 00:55 . 2009-03-29 00:55 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-27 15:19 . 2009-03-27 15:19 -------- d-----w c:\program files\MixMeister BPM Analyzer
2009-03-27 15:13 . 2009-03-27 15:12 -------- d-----w c:\program files\NCH Software
2009-03-25 00:19 . 2008-10-25 09:52 -------- d-----w c:\program files\Java
2009-03-25 00:08 . 2008-10-03 16:37 -------- d-----w c:\program files\ESET
2009-03-24 11:03 . 2009-03-24 11:03 7808 ----a-w c:\windows\system32\drivers\psi_mf.sys
2009-03-24 02:13 . 2009-03-24 01:47 -------- d-----w c:\users\Steven\AppData\Roaming\gtk-2.0
2009-03-24 02:04 . 2009-03-24 02:04 -------- d-----w c:\users\Steven\AppData\Roaming\aicon
2009-03-24 02:03 . 2009-03-24 02:03 -------- d-----w c:\program files\aicon
2009-03-24 01:39 . 2009-03-24 01:39 -------- d-----w c:\users\Steven\AppData\Roaming\Inkscape
2009-03-24 01:39 . 2009-03-24 01:36 -------- d-----w c:\program files\Inkscape
2009-03-23 17:22 . 2009-03-23 15:54 -------- d-----w c:\users\Steven\AppData\Roaming\Autodesk
2009-03-23 17:19 . 2009-03-23 15:54 -------- d-----w c:\programdata\Autodesk
2009-03-23 16:01 . 2009-03-23 15:53 -------- d-----w c:\program files\Autodesk
2009-03-23 16:01 . 2009-03-23 16:01 -------- d-----w c:\program files\Common Files\Autodesk
2009-03-23 16:01 . 2009-03-23 16:01 -------- d-----w c:\program files\Microsoft WSE
2009-03-23 16:00 . 2009-03-23 15:53 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-03-23 08:27 . 2009-03-23 08:27 747566 ----a-w c:\windows\System32\abgx360.exe
2009-03-22 14:52 . 2009-03-22 14:52 -------- d-----w c:\program files\TVAnts
2009-03-20 21:49 . 2009-03-20 19:27 -------- d-----w c:\users\Steven\AppData\Roaming\DVD Flick
2009-03-20 19:24 . 2009-03-20 19:24 -------- d-----w c:\program files\DVD Flick
2009-03-20 02:41 . 2009-01-07 18:53 -------- d-----w c:\users\Steven\AppData\Roaming\Hoyle Puzzle and Board Games
2009-03-18 16:26 . 2009-03-18 16:25 -------- d-----w c:\program files\Ultra Video Joiner
2009-03-17 13:42 . 2009-03-17 13:42 -------- d-----w c:\program files\Conduit
2009-03-17 03:38 . 2009-04-15 21:10 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-14 21:07 . 2009-03-14 21:07 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-03-09 14:25 . 2008-10-07 15:00 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-09 14:25 . 2008-10-07 16:31 -------- d-----w c:\program files\M-Audio
2009-03-09 05:19 . 2008-10-25 09:52 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-03 04:40 . 2009-04-15 21:38 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:37 . 2009-04-15 21:38 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 02:28 . 2009-04-15 21:38 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-02 23:05 . 2009-03-02 23:05 -------- d-----w c:\program files\CustomPlay Games
2009-03-01 23:13 . 2009-03-01 23:13 413696 ----a-w c:\windows\System32\wrap_oal.dll
2009-03-01 23:13 . 2009-03-01 23:13 110592 ----a-w c:\windows\System32\OpenAL32.dll
2009-03-01 23:13 . 2009-03-01 23:13 -------- d-----w c:\program files\OpenAL
2009-03-01 23:12 . 2009-03-01 23:12 -------- d-----w c:\program files\Aspyr
2009-03-01 22:41 . 2009-02-13 16:13 -------- d-----w c:\program files\Google
2009-02-28 23:37 . 2009-02-28 23:37 -------- d-----w c:\users\Steven\AppData\Roaming\CyberLink
2009-02-28 23:36 . 2009-02-28 23:35 -------- d-----w c:\program files\CyberLink
2009-02-28 23:36 . 2009-02-28 23:36 -------- d-----w c:\program files\Common Files\CyberLink
2009-02-28 23:34 . 2007-12-12 14:41 505128 ----a-w c:\windows\System32\msvcp71.dll
2009-02-28 23:34 . 2007-12-12 14:41 353576 ----a-w c:\windows\System32\msvcr71.dll
2009-02-28 20:04 . 2008-11-19 21:52 -------- d-----w c:\programdata\TrackMania
2009-02-26 17:03 . 2009-01-20 17:44 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 06:03 . 2009-02-25 06:03 -------- d-----w c:\program files\Jigsaw Puzzle Platinum Edition
2009-02-09 03:10 . 2009-03-11 17:28 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 18:03 . 2009-02-06 18:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2008-10-21 19:41 . 2008-10-21 19:41 22328 ----a-w c:\users\Steven\AppData\Roaming\PnkBstrK.sys
2008-10-10 16:21 . 2008-10-10 16:21 47360 ----a-w c:\users\Steven\AppData\Roaming\pcouffin.sys
2008-10-02 15:22 . 2008-10-02 15:00 680 ----a-w c:\users\Steven\AppData\Local\d3d9caps.dat
2008-01-21 02:41 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2008-04-09 23:35 . 2008-04-09 23:35 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-13 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2009-03-21 576176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"snp2std"="c:\windows\vsnp2std.exe" [2005-10-20 339968]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"M-Audio Taskbar Icon"="c:\windows\System32\DeltaIITray.exe" [2008-03-03 236040]
"DeltaIITaskbarApp"="c:\windows\system32\DeltaIITray.exe" [2008-03-03 236040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"rfagent"="c:\program files\RFA\rfagent.exe" [2008-11-24 916800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2008-01-21 217088]
c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Free Music Zilla.lnk - c:\program files\Free Music Zilla\FMZilla.exe [2009-4-7 732352]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1708032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"Midi1"= ma_cmidn.dll
"midi4"= ma_cmidn.dll
"midi5"= ma_cmidn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C3138B77-36C3-4F92-A4CD-3FDFCFBED732}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{5AFF998C-37B4-4505-83B1-8B2356868838}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{F34A33FD-2084-447A-A800-6A32D3DAA9AD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{476829D0-8443-4F6C-B015-B572979EE053}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D2B1599B-85E6-41AC-A001-34BCF74E0E2A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{242BB07A-A6CC-4686-99C2-ACC5E71C680A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E4627739-203D-4E20-9DD7-71AA8BAF6D94}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{7889CF05-B4E3-4E05-A20B-C1D46F262F0E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7437B250-A886-4A60-A3F5-FE1500AFA6F1}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{C07AC42F-9A2B-4D83-BA32-BE68EFF44219}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization
"{EA2BD3B9-0E6E-4866-8E25-1E744AF3B9D8}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization
"TCP Query User{79C15CE8-5601-46E3-80E4-A34588985B42}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{6AB9B443-5358-4871-9875-18DBADE3960F}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{B09BCCA7-A6EE-4C8C-8E8D-9F7352BC6A98}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{4CF8C2BC-5368-44E7-BC3B-A475AC0B6A59}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{61C8D668-69F8-4320-961B-261C94DC06B3}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{821B7B97-E7EB-4AC4-A1A1-4DD140E8C3FF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{304ADB6C-45F2-4D2F-8089-08C7F8A0779C}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{799E7C19-AB3F-45D8-B406-2DFA3DEECCA0}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{766C0747-7811-4A01-B933-055F81D37631}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{CA7365CD-E0EF-4932-8FFA-D9F6BA7884D7}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{41A2D7DD-6EA7-40F6-8837-C36C6AC1081C}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{152F4382-5FCD-4D25-A4A1-8DBD62F4F3F7}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{A22570EC-A4E2-412F-9985-3D7F6CA6F40F}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{A22EC763-9C0F-4A36-BBF6-03C2F9E10BE5}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{35D74DBB-709D-47F9-B672-D1EBE0D0E469}"= UDP:d:\program files\JB_LiveEngine_s.exe:Quantum of Solace
"{8F393859-1DE7-474C-A475-BF75CD8CF11D}"= TCP:d:\program files\JB_LiveEngine_s.exe:Quantum of Solace
"TCP Query User{94184499-3825-4C51-820B-7363D83638F2}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{EFE9A507-452D-41B2-B57E-F1A443A012AE}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{DA00E6D7-7301-4382-A53C-034018D8B6A6}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{BBDFB869-6D0F-4A83-AE16-232934436C0E}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{67063DB6-B0CD-4C9D-89B8-1A859760E693}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{05AE93B2-B5FD-44C5-8E9B-C9C9036C6C22}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{B181E546-B69F-4A94-80E1-F106A81F285E}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{EADB5C23-79DB-4382-8755-91E65AC12A17}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"{EFF83FD3-7A8B-4E7C-A6B8-186C6FE85F01}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"TCP Query User{CC91B60B-6945-404C-BCF4-64C38D91F15B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D3C86AD0-E7C3-4195-9450-10EE606E186B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{2EA3AD1E-FEB1-414A-A65D-68E1F1971873}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{CC5D9ABC-6649-47D9-A85F-A187846C142A}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{9F7C9E55-13BC-4035-9452-D617C13C3E67}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{1441AD55-1D55-4ED7-BBB9-77D0B43E11CE}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{A7782B77-3739-4376-B63E-32CD46F8FC16}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{F4F60981-91FC-4F88-B7A9-081E1C2E1E30}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{6BD31F34-D275-4255-AF57-CF7F8C9E4AEB}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{9DF454F2-F292-4287-B9DE-06913F558E51}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"{ACA463C0-AA04-4ABE-963D-8BB206BFCA4E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{8CADA193-183F-4869-9DE1-EFB760572BA8}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"UDP Query User{197C116E-555F-445E-AACB-DF9CD1D68097}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"= c:\program files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla
R2 gupdate1c98df62087ea15;Google Update Service (gupdate1c98df62087ea15);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]
R2 vvdsvc;VJVodServices;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 INFUSB;INFUSB;c:\windows\system32\drivers\infusb.sys [2002-09-30 11520]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 12:07 61424]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\deltaII.sys [2008-03-03 302728]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2007-11-14 20168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2009-04-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-13 19:04]
2009-04-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 16:14]
2009-04-23 c:\windows\Tasks\User_Feed_Synchronization-{C0CC0279-C042-4D1D-A657-1E7B96588402}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:23]
.
- - - - ORPHANS REMOVED - - - -
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\7y972q1g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\7y972q1g.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 20:27
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Steven\AppData\Local\Temp\gxvxc000 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gxvxcserv.sys]
"imagepath"="\systemroot\system32\drivers\gxvxcwvavsnuofiqowmpetrseuucogdnwhtcy.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gxvxcserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gxvxcwvavsnuofiqowmpetrseuucogdnwhtcy.sys"
.
Completion time: 2009-04-23 20:28
ComboFix-quarantined-files.txt 2009-04-23 19:28
Pre-Run: 10,590,613,504 bytes free
Post-Run: 10,927,046,656 bytes free
341 --- E O F --- 2009-04-15 23:52
------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:37, on 23/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\Windows\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c98df62087ea15) (gupdate1c98df62087ea15) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 8720 bytes
pskelley
2009-04-24, 00:20
Please read and follow the directions carefully and in the numbered order.
1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.
3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
(the copy of MBAM you have should run now, if so no need to download again, but make sure you UPDATE and run as directed)
5) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html
6) Post the uninstall list in instructions #4 from earlier.
How is the computer running now?
Thanks
Mr Shankly
2009-04-24, 03:21
Instructions all followed.
"How is the computer running now?"
My PC seems to be running better with only one frustration. When I open a new window on my desktop (internet or windows explorer) the mouse pointer cannot click on ANYTHING. It doesn't change to a hand over click-able links, for example. I have to minimize the window, then restore it and the mouse pointer can click on things. Apologies if off topic but you did ask how my computer was running.
Malwarebytes' Anti-Malware 1.36
Database version: 2033
Windows 6.0.6001 Service Pack 1
24/04/2009 00:59:26
mbam-log-2009-04-24 (00-59-26).txt
Scan type: Full Scan (C:\|D:\|G:\|H:\|)
Objects scanned: 253433
Time elapsed: 46 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\QuickyPlaeyrSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickyPlaeyr (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickyPlaeyr (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickyPlaeyr\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:03:11, on 24/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Windows\System32\DeltaIITray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\Windows\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c98df62087ea15) (gupdate1c98df62087ea15) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 9113 bytes
@icon sushi 1.21
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
4oD
abgx360 v1.0.1
Ableton Live v7.0.2
Acrobat.com
Acrobat.com
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.1
Alcatech BPM Studio Professional v4.9.1
AoA Audio Extractor 1.0
Apple Software Update
Audacity 1.3.5 (Unicode)
AudibleManager
AutoCAD Electrical 2008
Autodesk Design Review 2008
Autodesk Vault 2008
Autodesk Vault 2008
AviSynth 2.5
Bejeweled 2 Deluxe
Choice Guard
ConvertXtoDVD 2.99.13.900
coverXP (remove only)
Crysis WARHEAD(R)
Crysis WARHEAD(R)
CyberLink PowerDVD 8
Delta
Digital Video Converter v1.11.0.32
DisplayFusion
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.6
DVD Shrink 3.2
Dynamic-Photo HDR 4.2
Efficient WMA MP3 Converter v0.99.2
ERUNT 1.1j
ESET NOD32 Antivirus
Fallout 3
Far Cry 2
Final Draft 7
Free Midi Converter version 1.0.0.0
Free Music Zilla
Game Graphic Studio
GoldWave v5.25
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GSpot Codec Information Appliance
HijackThis 2.0.2
Hoyle Casino 2009
Inkscape 0.46
Java(TM) 6 Update 13
Jewel Quest Mysteries
Jigsaw Puzzle Platinum Edition
Junk Mail filter update
Malwarebytes' Anti-Malware
Media Catalog Studio 5.9
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
MixMeister BPM Analyzer 1.0
Monopoly Here & Now Edition 1.00 Saralawler
Mozilla Firefox (3.0.9)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NCH Toolbox
Nero 8
neroxml
NETGEAR WG111v3 wireless USB 2.0 adapter
NewsLeecher v3.8 Final
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
NVIDIA Drivers
NVIDIA PhysX v8.09.04
OpenAL
PunkBuster Services
Puzzle Quest Galactrix
QuickPar 0.9
QuickTime
RealPlayer
Reason 4.0
Registry First Aid
Registry First Aid Platinum V 7
Safecracker
Secunia PSI
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Series II MIDI
Sid Meier's Civilization IV Colonization
Software tiskárny EPSON
Sony Ericsson Media Manager 1.2
SopCast 3.0.3
SoundTap Streaming Audio Recorder
Spelling Dictionaries Support For Adobe Reader 9
SPORE™
SPVOD Player1.8
Spybot - Search & Destroy
Switch Sound File Converter
TempoPerfect
TmUnitedForever
Total Video Converter 3.14 080930
TotalAudioConverter
TVAnts 1.0
Ultra Video Joiner 5.0.0925
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
VCRedistSetup
Videora iPod Converter 4.06
VLC media player 0.9.8a
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Xilisoft Video Converter Ultimate
Xvid 1.2.1 final uninstall
XviD MPEG-4 Codec
YouTube Downloader App 1.02
Zortam Mp3 Media Studio 8.70
Zulu DJ Software
With thanks
pskelley
2009-04-24, 12:26
Thanks for the feedback, I can not see where anything combofix or MBAM removed anything that would cause the issues you mention. Let's first remove combofix since we are finished with it.
Remove combofix from the computer like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Restart the computer and check to see if you still have the problem.
If you do, I see you have Google Chrome, please try that browser to see if the problems exists in that browser.
Please also give this a try in case a file is corrupt or missing:
http://vistasupport.mvps.org/system_file_checker.htm
Thanks
Mr Shankly
2009-04-24, 18:31
All instructions followed. Both Firefox and Google Chrome appear to be functioning OK. I am wary of Internet Explorer as it behaved the way I described earlier and I had to use task manager to close it down?? I will only use Chrome or Firefox from now on I think.
Combofix removed OK.
I followed the link to check system files. The check completed to 100% OK and reported:
"Windows Resource Protection did not find any integrity violations."
Thanks
p.s. do you think all is well? What do you recommend I use to stop this sort of thing happening again. My friend who built my PC said use NOD32 and just run Spybot and Adaware now and again?
pskelley
2009-04-24, 18:56
You might try to repair Internet Exployer 7
http://windowsxp.mvps.org/IEFIX.htm
or move to Internet Explorer 8 which is now released.
http://www.microsoft.com/windows/internet-explorer/default.aspx
Here is information that might be helpful to you:
http://www.netsquirrel.com/msconfig/msconfig_vista.html
Get maximum performance from Windows Vista
http://windowshelp.microsoft.com/windows/en-us/Help/596FB57F-CC9D-4AC5-A813-5C0830E9156A1033.mspx
I suggest you update ESET NOD32 and scan the system, to make sure it is scanning clean.
Here is information that should answer all of your questions, keep in mind all of the information may not apply to Vista.
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
How hard are your passwords to crack?
http://www.microsoft.com/protect/yourself/password/checker.mspx
http://users.telenet.be/bluepatchy/miekiemoes/Links.html
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/computer/advanced/browsing.mspx
Mr Shankly
2009-04-24, 19:38
I am humbled by your knowledge pskelley. :cool:
Many thanks for your help with my PC problem. I have saved all of the information from your last post so I can read and digest it over the next day or so.
Thank you again,
Steven
:2thumb: