Help on Malware removal - SpybotSD not a valid Win32 application

H

hottroc

New member
Hi,

Hoping you guys can help me, I am really at the end of my tether. 3 days ago I downloaded a program and as always scanned it with my AVG Antivirus which found no threats. However it obviously had a Virus/Worm/Trojan and whatever it was has disabled most of my security measures.

The system became unstable and after a reboot my software firewall (Comodo) did not seem to be working properly and when I tried to start Spybot and most of my other tools (AVG AntiRootkit, AVG Antispyware and AVG AV) and a few other things I get "...exe is not a valid Win32 application". Reinstalling doesn't seem to work either.

I have ran online AV scans which seem to indicate it could have been Bagle (???) but despite apparently disinfecting these the problems remain. Also HijackThis seems to suffer the same message and following a similar thread on here I downloaded Combofix but it just seems to freeze. The virus also stopped me initially getting to Safe Mode but thanks to advice here and the SafeBootKeyRepair tool that does now work again.

Also since this infection there are other inexplicable symptoms .... Windowsupdate - some updates worked but 2 Critical Security updates on there consistently fail at the download stage, also system is sometimes very sluggish opening things like My Computer until I end the Defender process (MSMPEng), Adaware runs but wont update etc...and most worrying of all is that during boot-up, BEFORE the boot menu now takes about 2 or 3 minutes whereas before it used to be 2 or 3 seconds.
I also tried System Restore, but it hung part way through during each attempt so I had to undo it. And also tried SFC which changed a few files but didn't seem to solve the problem.


Please please help.

Specs:

Win XP SP2
All Windows updates except the 2 mentioned applied
AVG 7.5 (Free Ed)
what else do you need to know?
 
Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.
Click to expand...



Download and Run ComboFix
  • Download Combofix from the link below :

    ComboFix.exe 1
  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper
 
Hi Katana, pleased to meet you, I hope you can help me.

Firstly I should tell you that in my impatience/desperation while waiting for a response I tried a couple of things suggested in other threads. I found and deleted srosa.sys and mdelk.exe from the c:\windows\system32\drivers and c:\windows\system32 folders respectively and also deleted the \down folder from there (which was full of randomly numbered exe's). None of this seems to have made a difference but now you are helping I will stick to your advice...

Downloaded combofix and ran it. It started its blue window with just a flashing cursor blinking at me, I left it over 20 minutes but it didn't seem to be doing anything. No prompts and no log. Should I have left it longer?

Hijackthis reports ..."C:\Program Files\Hijackthis\Hijackthis.exe is not a valid Win32 application"

What should I try next?

Thanks.
 
It shouldn't take that long, BUT it depends how infected the machine is.
This is a nasty one, and it can be quite difficult to remove.

Please try again, and give it at least an hour.
 
OK, not quite straightforward but got there in the end.

On the third attempt at running Combofix, it worked. As part of the process it rebooted after which it came back up and hung again. After giving it more time again I eventually restarted it again and on the 3rd attempt again it managed to work and finally got to the end and gave me a log file. See below.

One side effect to note is that since running I now get the following message on logging on:

Application Launcher.exe - Unable to Locate Component
This application has failed to start because Telecalib_logging.dll was not found. Re-installing the application may fix this problem.

I think Application Launcher.exe is part of my Sony Ericsson data suite hence legit.

HijackThis still fails with the same message.
Combofix log in the next post.
 
ComboFix 08-01-30.1 - james 2008-01-30 21:15:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495 [GMT 0:00]
Running from: C:\Documents and Settings\james.TIGGER\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\t\
.
---- Previous Run -------
.
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrseci.fon
C:\WINDOWS\hosts
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadvc.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\t\

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\LEGACY_SROSA
-------\NPF




((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-28 00:09 . 2008-01-28 00:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-01-27 23:47 . 2008-01-27 23:47 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2008-01-27 23:47 . 2008-01-28 19:46 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-01-27 23:47 . 2008-01-28 19:46 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-01-27 21:24 . 2008-01-27 21:24 <DIR> d-------- C:\Deckard
2008-01-27 20:45 . 2008-01-27 21:22 <DIR> d-------- C:\527c1617c9fee8290930a9
2008-01-27 18:02 . 2008-01-30 00:41 250 --a------ C:\WINDOWS\gmer.ini
2008-01-27 16:26 . 2008-01-29 17:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-27 16:26 . 2008-01-27 16:26 <DIR> d-------- C:\Documents and Settings\james.TIGGER\Application Data\SUPERAntiSpyware.com
2008-01-27 16:26 . 2008-01-27 16:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-01-27 16:25 . 2008-01-27 16:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-27 02:18 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-27 02:18 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-01-27 02:18 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-01-27 02:18 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-27 02:18 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-01-27 02:18 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-27 02:18 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-01-27 02:18 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-01-27 02:18 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-01-27 02:17 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-01-27 02:17 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-01-27 02:17 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-01-27 02:17 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-27 02:17 . 2001-08-17 22:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-01-27 02:17 . 2001-08-17 12:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2008-01-27 02:17 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-01-27 02:17 . 2004-08-03 23:08 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-01-27 02:17 . 2004-08-03 22:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2008-01-27 02:17 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-01-27 02:15 . 2001-08-17 13:28 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2008-01-27 02:15 . 2001-08-17 13:28 793,598 --a--c--- C:\WINDOWS\system32\dllcache\usr1806.sys
2008-01-27 02:15 . 2001-08-17 13:28 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2008-01-27 02:15 . 2001-08-17 13:28 687,999 --a--c--- C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2008-01-27 02:15 . 2001-08-17 12:14 249,402 --a--c--- C:\WINDOWS\system32\dllcache\vinwm.sys
2008-01-27 02:15 . 2001-08-17 13:28 224,802 --a--c--- C:\WINDOWS\system32\dllcache\usr1807a.sys
2008-01-27 02:15 . 2001-08-17 13:28 113,762 --a--c--- C:\WINDOWS\system32\dllcache\usrpda.sys
2008-01-27 02:15 . 2001-08-17 13:49 24,576 --a--c--- C:\WINDOWS\system32\dllcache\viairda.sys
2008-01-27 02:15 . 2004-08-04 00:56 11,325 --a--c--- C:\WINDOWS\system32\dllcache\vchnt5.dll
2008-01-27 02:15 . 2001-08-17 13:28 7,556 --a--c--- C:\WINDOWS\system32\dllcache\usroslba.sys
2008-01-27 02:15 . 2004-08-03 22:59 5,376 --a--c--- C:\WINDOWS\system32\dllcache\viaide.sys
2008-01-27 02:13 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-27 02:13 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2008-01-27 02:13 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2008-01-27 02:13 . 2001-08-17 22:36 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2008-01-27 02:13 . 2001-08-17 12:51 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
2008-01-27 02:13 . 2001-08-17 12:51 159,232 --a--c--- C:\WINDOWS\system32\dllcache\tridkbm.sys
2008-01-27 02:13 . 2001-08-17 22:36 47,616 --a--c--- C:\WINDOWS\system32\dllcache\umaxcam.dll
2008-01-27 02:13 . 2001-08-17 13:52 36,736 --a--c--- C:\WINDOWS\system32\dllcache\ultra.sys
2008-01-27 02:13 . 2001-08-17 13:48 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
2008-01-27 02:11 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-01-27 02:11 . 2004-08-03 23:00 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2008-01-27 02:11 . 2001-08-17 12:51 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2008-01-27 02:11 . 2001-08-17 14:56 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2008-01-27 02:11 . 2001-08-17 12:13 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-01-27 02:11 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-01-27 02:11 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-01-27 02:11 . 2001-08-17 12:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-01-27 02:11 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-01-27 02:10 . 2001-08-17 13:50 103,936 --a--c--- C:\WINDOWS\system32\dllcache\sx.sys
2008-01-27 02:10 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2008-01-27 02:10 . 2001-08-17 14:07 32,640 --a--c--- C:\WINDOWS\system32\dllcache\symc8xx.sys
2008-01-27 02:10 . 2001-08-17 14:07 30,688 --a--c--- C:\WINDOWS\system32\dllcache\sym_u3.sys
2008-01-27 02:10 . 2001-08-17 14:07 28,384 --a--c--- C:\WINDOWS\system32\dllcache\sym_hi.sys
2008-01-27 02:10 . 2001-08-17 14:07 16,256 --a--c--- C:\WINDOWS\system32\dllcache\symc810.sys
2008-01-27 02:10 . 2001-08-17 22:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\swpidflt.dll
2008-01-27 02:10 . 2001-08-17 22:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\swpdflt2.dll
2008-01-27 02:10 . 2001-08-17 14:02 3,968 --a--c--- C:\WINDOWS\system32\dllcache\swusbflt.sys
2008-01-27 02:09 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-27 02:09 . 2001-08-17 22:36 155,648 --a--c--- C:\WINDOWS\system32\dllcache\stlnprop.dll
2008-01-27 02:09 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-01-27 02:09 . 2001-08-17 22:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\sw_wheel.dll
2008-01-27 02:09 . 2001-08-17 22:36 53,248 --a--c--- C:\WINDOWS\system32\dllcache\stlncoin.dll
2008-01-27 02:09 . 2001-08-17 12:11 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-01-27 02:09 . 2001-08-17 22:36 41,472 --a--c--- C:\WINDOWS\system32\dllcache\sw_effct.dll
2008-01-27 02:09 . 2001-08-17 22:36 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
2008-01-27 02:09 . 2001-08-17 13:51 16,896 --a--c--- C:\WINDOWS\system32\dllcache\stcusb.sys
2008-01-27 02:08 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-01-27 02:08 . 2001-08-17 22:36 106,584 --a--c--- C:\WINDOWS\system32\dllcache\spdports.dll
2008-01-27 02:08 . 2001-08-17 13:51 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
2008-01-27 02:08 . 2001-08-17 12:51 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
2008-01-27 02:08 . 2001-08-17 12:51 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys
2008-01-27 02:08 . 2001-08-17 14:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys
2008-01-27 02:08 . 2001-08-17 13:53 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys
2008-01-27 02:08 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-01-27 02:08 . 2004-08-03 23:00 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2008-01-27 02:08 . 2001-08-17 13:53 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
2008-01-27 02:06 . 2001-08-17 22:36 238,592 --a--c--- C:\WINDOWS\system32\dllcache\sisgrv.dll
2008-01-27 02:05 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-01-27 02:05 . 2001-08-17 14:56 252,032 --a--c--- C:\WINDOWS\system32\dllcache\sis300iv.dll
2008-01-27 02:05 . 2001-07-21 14:29 161,568 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-01-27 02:05 . 2001-08-17 12:50 101,760 --a--c--- C:\WINDOWS\system32\dllcache\sis300ip.sys
2008-01-27 02:05 . 2001-08-17 12:51 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-01-27 02:05 . 2001-08-17 12:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys
2008-01-27 02:05 . 2001-07-21 14:29 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-01-27 02:05 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-01-27 02:05 . 2004-08-04 00:56 3,901 --a--c--- C:\WINDOWS\system32\dllcache\siint5.dll
2008-01-27 02:04 . 2001-08-17 12:50 75,392 --a--c--- C:\WINDOWS\system32\dllcache\s3savmxm.sys
2008-01-27 02:04 . 2004-08-03 22:59 43,136 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-01-27 02:04 . 2001-08-17 13:51 23,936 --a--c--- C:\WINDOWS\system32\dllcache\sccmusbm.sys
 
continued...

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 21:02 --------- d-----w C:\Program Files\Mailtraq
2008-01-30 10:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-01-30 00:00 --------- d-----w C:\Program Files\DynDNS Updater
2008-01-28 23:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-01-28 19:46 5,632 ----a-w C:\WINDOWS\system32\drivers\avgarkt.sys
2008-01-27 23:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2008-01-26 13:43 --------- d-----w C:\Program Files\Comodo
2008-01-25 23:33 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-25 23:05 --------- d-----w C:\Program Files\UPHClean
2008-01-25 23:05 --------- d-----w C:\Program Files\PDF Printer Pilot SE
2008-01-25 23:04 --------- d-----w C:\Program Files\BT Voyager 105 ADSL Modem
2008-01-25 23:03 --------- d-----w C:\Program Files\DLMage
2008-01-25 18:57 --------- d-----w C:\Program Files\eMule
2008-01-25 15:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 15:41 --------- d-----w C:\Documents and Settings\james.TIGGER\Application Data\ICQ
2008-01-24 16:53 --------- d-----w C:\Documents and Settings\lisa.TIGGER\Application Data\Image Zone Express
2008-01-23 21:57 --------- d-----w C:\Program Files\HP
2008-01-23 21:57 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-23 17:14 --------- d-----w C:\Documents and Settings\james.TIGGER\Application Data\AVG7
2008-01-19 12:10 --------- d-----w C:\Documents and Settings\james.TIGGER\Application Data\Ethereal
2008-01-18 15:49 --------- d-----w C:\Program Files\ICQ
2007-12-29 20:50 12,739,313 ----a-w C:\AVG7QT.DAT
2007-12-28 02:29 --------- d-----w C:\Documents and Settings\james.TIGGER\Application Data\Camfrog
2007-12-22 11:19 --------- d-----w C:\Program Files\Windows Defender
2007-12-22 11:18 --------- d-----w C:\Program Files\SmartFTP
2007-12-22 11:18 --------- d-----w C:\Program Files\Microsoft Virtual PC
2007-12-22 11:18 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-19 17:09 --------- d-----w C:\Documents and Settings\lisa.TIGGER\Application Data\AVG7
2007-12-16 22:03 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-12-05 17:30 4,632,576 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-12-04 17:02 --------- d-----w C:\Program Files\PET
2007-12-03 00:50 --------- d-----w C:\Documents and Settings\james.TIGGER\Application Data\OfficeUpdate12
2007-11-30 18:42 16,858,624 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-11-28 17:40 --------- d-----w C:\Program Files\Java
2007-11-20 18:15 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
2007-11-07 17:31 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-01 08:50 3,264 ----a-w C:\drmHeader.bin
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 01:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 01:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 01:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 01:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-11 09:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 09:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 09:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-09 13:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 13:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 13:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll
2007-10-09 13:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 13:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 13:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 13:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 13:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll
2007-10-09 12:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe
2007-10-08 23:51 315,392 ----a-w C:\WINDOWS\HideWin.exe
2006-11-17 20:16 850 ----a-w C:\Program Files\INSTALL.LOG
2003-06-27 08:05 271 --sha-w C:\Program Files\desktop.ini
2003-06-27 08:05 21,952 ---ha-w C:\Program Files\folder.htt
1998-11-17 12:09 24,576 ----a-w C:\WINDOWS\inf\Vizpnpin.exe
1998-10-12 12:23 40,960 ----a-w C:\WINDOWS\inf\vizPnP\Vipersti.dll
1998-07-30 13:44 19,112 ----a-w C:\WINDOWS\inf\vizPnP\Pmxscan.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 13:03 106544 C:\WINDOWS\system32\tweakui.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RegistryMechanic"="" []
"PP7600usb"="C:\PROGRA~1\VISION~1\PAPERP~1\FBDirect.exe" [ ]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-08-14 14:38 94208]
"PDFPrinterPilotAgent"="C:\Program Files\PDF Printer Pilot SE\PDFPRPRXY.EXE" [2003-11-10 15:21 6144]
"PaperPort PTD"="c:\progra~1\vision~1\paperp~1\pptd40nt.exe" [1999-04-13 03:13 29184]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 07:09 425984]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50 221184]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-08-14 14:39 98304]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 00:19 188416]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-08-14 14:41 114688]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 16:10 1658965]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 13:47 16384]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-02-28 12:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-28 19:48 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06 2027792]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 18:42 16858624 C:\WINDOWS\RTHDCPL.exe]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2006-07-11 20:27 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-08-18 22:00 49152]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-01-27 00:47 6731312]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-11-26 10:38 342272]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-01-28 19:44 1481472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 12:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-28 19:44 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 08:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\james.TIGGER\Start Menu\Programs\Startup\
Disk Detector.lnk - C:\Program Files\Creative\ShareDLL\CTNotify.exe [2006-10-21 13:26:41 189952]
Download Mage.lnk - C:\Program Files\DLMage\DnloadMage.exe [2006-10-21 13:26:29 323584]
Iolo Macro Magic.lnk - C:\Program Files\Iolo\Macro Magic\Macros.exe [2006-10-21 13:22:42 345600]
TeleSA.lnk - C:\Program Files\AVer Teletext\AVerSA.exe [2006-12-05 17:06:16 28672]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-21 13:29:56 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2006-10-21 13:39:30 29696]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2006-10-21 13:29:38 10872]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-08-14 13:28:28 499773]
devldr32.exe [2001-08-31 12:44:30 25600]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-08-18 22:20:30 282624]
QuickTV.lnk - C:\AVERTV2K\QuickTV.exe [2006-12-05 16:45:42 122880]
TeleSA.lnk - C:\Program Files\AVer Teletext\AVerSA.exe [2006-12-05 17:06:16 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2002-02-15 09:51 24638 C:\WINDOWS\system32\pcanotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-10-02 10:39]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2001-12-20 10:02]
R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2001-07-16 10:01]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-07-16 10:01]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [1999-07-21 17:28]
R2 DynDNS_Updater_Service;DynDNS Updater Service;C:\Program Files\DynDNS Updater\DynDNS.exe [2006-09-17 10:32]
R2 io.sys;IO.DLL Driver;C:\WINDOWS\system32\drivers\io.sys [2006-11-13 19:51]
R2 MailtraqServer;MailtraqServer;"C:\Program Files\Mailtraq\mtqsvc.exe" [2003-10-28 08:44]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 07:41]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 12:17]
R3 pmxscan;Visioneer USB Service;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-01-28 19:46]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-01-28 19:46]
S2 PGPmemlock;PGPmemlock;C:\WINDOWS\system32\drivers\PGPmemlock.sys []
S3 DrvFltIp;DrvFltIp;C:\Program Files\BulletProofSoft.com\AdvancedPersonalFirewall\DrvFltIp.sys []
S3 LUPLET;LUPLET;C:\DOCUME~1\JAMES~1.TIG\LOCALS~1\Temp\LUPLET.exe [2008-01-29 00:03]
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 07:27]
S3 PORTMON;PORTMON;C:\Program Files\Port Monitor\PORTMSYS.SYS []
S3 TOKENMON;TOKENMON;C:\WINDOWS\system32\drivers\TOKENM.SYS []
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2005-09-02 17:49]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 15:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 15:50]
S4 UMRUZDR;UMRUZDR;C:\DOCUME~1\JAMES~1.TIG\LOCALS~1\Temp\UMRUZDR.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 21:05:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-27 20:31:10 C:\WINDOWS\Tasks\User_Feed_Synchronization-{E1039185-2C1A-41D5-841F-FD1F7A14777C}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 21:20:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-01-30 21:22:47
ComboFix-quarantined-files.txt 2008-01-30 21:22:45
.
2007-12-19 15:26:09 --- E O F ---
 
Oh also forgot to mention...

your instructions (your first reply) stated to "Re-enable all the programs that were disabled during the running of ComboFix.. " after...

Well all the AVG ones say either "...is not a valid Win32 application." or "Connection to service failed". When i try to start the services I get "Could not start the AVG... service on Local Computer. Error 193: oxc1"

Also tried to restart firewall..."...\cfp.exe is not a valid...".

Cheers.
 
Well, at least we are getting somewhwere now :)



Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post the Kaspersky log in your reply
 
Hi, thanks for your continuing support. But nothing ever goes easy for me....

"Kaspersky Online Scanner license has expired!"

"Initialization failed!"

Doesn't seem to give me any other options.
 
Well, that's a new one :scratch:

Try this instead


TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.
 
That one seemed to run OK, thanks, here is the log file:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-01-31 01:46:12
PROTECTIONS: 1
MALWARE: 15
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.3109.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\BDOSCAN8\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\smirfraudremover\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\download\l2mfix.exe[l2mfix/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\download\l2mfix\l2mfix\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\download\SDFix.exe[SDFix\apps\Process.exe]
00159860 Application/Psshutdown.A HackTools No 0 Yes No C:\download\winxpinout\Author_Extras\Author Extras\shutdown.exe
00159881 Application/Pskill.A HackTools No 0 Yes No C:\download\Pstools.zip[pskill.exe]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\lisa.TIGGER\Cookies\lisa@overture[1].txt
00179430 Application/PsExec.D HackTools No 0 Yes No C:\download\Pstools.zip[psexec.exe]
00261870 Trj/Small.SA Virus/Trojan No 1 Yes No C:\Program Files\Backup of all mailtraq\Mailtraq\database\mail\inbox\mailstore.afv[spring_scr.vir]
00261870 Trj/Small.SA Virus/Trojan No 1 Yes No C:\Program Files\Backup of all mailtraq\Mailtraq\database\mail\inbox\mailstore.afv[spring_scr.vir]
00517584 Application/SuperFast HackTools No 0 Yes No C:\Program Files\smirfraudremover\SmitfraudFix\restart.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP18\A0008716.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP34\A0018565.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP35\A0018820.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP35\A0019926.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP15\A0008340.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP11\A0007781.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP610\A0376426.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP609\A0376350.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP17\A0008672.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP28\A0011863.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP29\A0014324.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP29\A0016293.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP31\A0016561.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP33\A0017367.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{99260036-CEB2-4684-93E4-F2CCFF5FA11E}\RP25\A0010591.EXE
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0364823.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0364860.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0364860.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0365924.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0365924.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0366969.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0366969.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0363838.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0363838.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0362854.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0362854.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0361845.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0361845.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP609\A0376305.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP609\A0376337.com
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0361775.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP610\A0376414.com
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0361775.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP610\A0376429.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP610\A0376437.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP610\A0376437.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP610\A0376457.com
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0361608.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0361608.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\james.TIGGER\Desktop\Combo-Fix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0364823.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\james.TIGGER\Desktop\Combo-Fix.exe[327882R2FWJFW\nircmd.com]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Program Files\smirfraudremover\SmitfraudFix\Reboot.exe
02891356 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\Program Files\Mailtraq\database\mail\inbox\mailstore.afv[photos.zip][photos.scr]
02891356 Trj/Spammer.ADX Virus/Trojan No 1 Yes No james mail\deleted items\[spam:0.32] you have card\photos.zip[photos.scr]
02891356 Trj/Spammer.ADX Virus/Trojan No 1 Yes No james mail\deleted items\[spam:0.32] you have card\photos.zip[photos.scr]
02892755 Trj/Spammer.ADX Virus/Trojan No 1 Yes No james mail\deleted items\[spam:0.11] merry christmas\ecard.zip[eCard.exe]
02892755 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\Program Files\Mailtraq\database\mail\inbox\mailstore.afv[eCard.zip][eCard.exe]
02892755 Trj/Spammer.ADX Virus/Trojan No 1 Yes No james mail\deleted items\[spam:0.11] merry christmas\ecard.zip[eCard.exe]
02893167 W32/Bagle.RC.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0370279.exe
02893167 W32/Bagle.RC.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0370177.exe
02893638 Trj/Spammer.ADX Virus/Trojan No 1 Yes No C:\Program Files\Mailtraq\database\mail\inbox\mailstore.afv[eCard.zip][eCard.scr]
02893638 Trj/Spammer.ADX Virus/Trojan No 1 Yes No james mail\deleted items\[spam:0.22] you have card\ecard.zip[eCard.scr]
02895391 W32/Bagle.RC.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0370180.exe
02895391 W32/Bagle.RC.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0370277.exe
02895391 W32/Bagle.RC.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP607\A0370280.exe
02895391 W32/Bagle.RC.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2B9BC6EC-D68F-4248-A5F3-DD12E9F63783}\RP608\A0374262.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
 
Unfortunately, you may need to reinstall any programs that give you the "not a valid Win32 application" error.
The infection has corrupted those files and it is very difficult to clean them.

You have an E-mail program Mailtraq, there are some infected files in the mail.
You will need to remove these yourself, as they are stored in a database rather than folders.
C:\Program Files\Backup of all mailtraq\Mailtraq\database\mail\inbox\mailstore.afv[spring_scr.vir]
C:\Program Files\Backup of all mailtraq\Mailtraq\database\mail\inbox\mailstore.afv[spring_scr.vir]
C:\Program Files\Mailtraq\database\mail\inbox\mailstore.afv[photos.zip][photos.scr]
james mail\deleted items\[spam:0.32] you have card\photos.zip[photos.scr]
james mail\deleted items\[spam:0.32] you have card\photos.zip[photos.scr]
james mail\deleted items\[spam:0.11] merry christmas\ecard.zip[eCard.exe]
C:\Program Files\Mailtraq\database\mail\inbox\mailstore.afv[eCard.zip][eCard.exe]
james mail\deleted items\[spam:0.11] merry christmas\ecard.zip[eCard.exe]
C:\Program Files\Mailtraq\database\mail\inbox\mailstore.afv[eCard.zip][eCard.scr]
james mail\deleted items\[spam:0.22] you have card\ecard.zip[eCard.scr]

Uninstall HJT, and download a fresh copy


Click here to download HJTinstall.exe
  • Save HJTinstall.exe to your desktop.
  • Double click on the HJTinstall.exe icon on your desktop.
  • By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.
  • Click I accept
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Installed Programs
Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
 
katana said:
Unfortunately, you may need to reinstall any programs that give you the "not a valid Win32 application" error..
Click to expand...

Should i do that now or wait till you give the all-clear? I'm a bit worried about re-infection or hackers while my system is unprotected.

The infected files in the mail server mentioned are mainly in old backups but I will try to delete them anyhow.

I'll get back to you with the results of my HJT attempts shortly.
 
Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:10, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Mailtraq\mtqsvc.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Mailtraq\mailtraq.exe
C:\WINDOWS\system32\mnmsrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mailtraq\MailtraqAVG\MAVAVG.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PDF Printer Pilot SE\PDFPRPRXY.EXE
C:\progra~1\vision~1\paperp~1\pptd40nt.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\devldr32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\AVERTV2K\QuickTV.exe
C:\Program Files\DLMage\DnloadMage.exe
C:\Program Files\Iolo\Macro Magic\Macros.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PP7600usb] C:\PROGRA~1\VISION~1\PAPERP~1\FBDirect.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDFPrinterPilotAgent] "C:\Program Files\PDF Printer Pilot SE\PDFPRPRXY.EXE"
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\vision~1\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Disk Detector.lnk = C:\Program Files\Creative\ShareDLL\CTNotify.exe
O4 - Startup: Download Mage.lnk = C:\Program Files\DLMage\DnloadMage.exe
O4 - Startup: Iolo Macro Magic.lnk = C:\Program Files\Iolo\Macro Magic\Macros.exe
O4 - Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: devldr32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickTV.lnk = C:\AVERTV2K\QuickTV.exe
O4 - Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.tigger
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_prod/wcloader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1201393948625
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1187901181390
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///D:/system/IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2284E881-2005-4C2F-A9AE-559B69C94A5E}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{76191383-D5FD-4413-AB3B-7A9A7B9A5FCB}: NameServer = 80.189.92.2,80.189.94.2
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LUPLET - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JAMES~1.TIG\LOCALS~1\Temp\LUPLET.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MailtraqServer - Unknown owner - C:\Program Files\Mailtraq\mtqsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 15308 bytes
 
And here is the apps list from HJT:

3Com U.S. Robotics Connections
Active@ ISO Burner v 1.1
ADM Files For XP SP2
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop CS
Adobe Reader 7.0.9
Adobe Shockwave Player
AutoCAD 2005 - English
AutoCAD 2005 Express Tools Volumes 1-9
Autodesk Architectural 2004 Object Enabler
Autodesk Architectural Desktop 2005
Autodesk DWF Viewer
AVer Teletext
AVerTV
AVG Anti-Rootkit Free
AVG Anti-Spyware 7.5
AVG Free Edition
BOClean
BT Voyager 105 ADSL Modem
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CD Mate 2.0
Cole2k Media - Codec Pack (Standard) 6.0.9
COMODO Firewall Pro
conexant soft56k Data FAX Modem
CuteFTP 8 Professional
CyberKit
ddoc Print and Preview v1.6a
Disc2Phone
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dorgem 2.1.0
DynDNS Updater 3.1
eMule
ESET Online Scanner
Family Tree Maker 2006
FilterSDK
Google Earth
Google Updater
Guitar Power 1.5.0
GuitarFX 3
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB916089)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
hp deskjet 5550 series
hp deskjet 5550 series (Remove only)
HP Driver Diagnostics
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Essential
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Huge Pine USB to UART Driver
ICQ
ICQ6
Intel(R) Graphics Media Accelerator Driver
IsoBuster 1.9.1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Kazaa Lite 2.6.1
K-Lite Codec Pack 2.81 Full
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech® Camera Driver
Mailtraq
ManyCam 2.1 (remove only)
MetFileRegenerator v3.0.16
MGI PhotoSuite
MGI PhotoSuite II SE (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Tool Web Package:GPOTOOL.EXE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Visual Basic PowerPacks 2.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET 2003 Hotfix (KB841870)
Microsoft Visual Studio .NET Professional 2003 - English
Microsoft Web Publishing Wizard 1.53
Microsoft Windows XP Inside Out eBook
mIRC
MixPad
MSDN Library - Visual Studio 6.0a
MSDN Library for Visual Studio 2005
MSDN Library for Visual Studio 2005
MSRS Recording System Uninstall
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MVision
My DSC
NCH Toolbox Uninstall
Office Keyboard
Panda ActiveScan
Panda TotalScan
Paragon Partition Manager 8.0 Personal
PDF Printer Pilot SE 1.21
PitchPerfect Uninstall
PowerDVD
Process Master 1.1
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Registry Mechanic 6.0
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923810)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Self Test Practice Test Engine
Self Test Software: Exam 70-290
SmartFTP
Sonic Audio module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Ericsson PC Suite 1.20.224
SoundTap
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SRTalkV1.0 (remove only)
SUPERAntiSpyware Free Edition
Symantec pcAnywhere
The Rosetta Stone
TrackerCam
UMVPLStandalone
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
User Profile Hive Cleanup Service
VideoLAN VLC media player 0.8.5
Visioneer 7600 USB Scanner Driver
Visioneer PaperPort 6.1
Voyager 105 ADSL Modem
WavePad Uninstall
WIDCOMM Bluetooth Software
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 3.0
X-Copy Pro


Admittedly there is some unused junk on there and I need to do a cleanup. There are also 1 or 2 I don't recognise, and some that don't work. But most stuff I use from time to time.

Thanks for your ongoing help.
 
That looks fine :)
You can start reinstalling your programs whenever you are ready now

Your Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java and Adobe components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u4 from http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Update Adobe Acrobat Reader
  • Please go to this link Adobe Acrobat Reader Download Link
  • Cllick Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Now close all windows, including your browser.
Double click on the Java installation that you downloaded and follow the prompts.

Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • Adobe Reader 7.0.9
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
Now close the Control Panel.

Reboot your machine.

For the programs that don't work, and the ones that you want to remove I will give you a link to CCleaner shortly.
It can run the uninstall for the programs, and if the files have already been deleted then it can remove the entry from the list
Do you have any other problems ?
 
You can start reinstalling your programs whenever you are ready now
Click to expand...

Should I uninstall first or can I do a "Repair" install for things like AVG and Comodo firewall (hopefully to prevent having to re-learn my firewall)?

And I am getting the message from AVG Anti-spyware about being unable to make a connection to the service.
Presumably I will need to re-install that too? (though I may ditch it and use SuperAntiSpyware instead)

Also still getting the following:
Application Launcher.exe - Unable to Locate Component
This application has failed to start because Telecalib_logging.dll was not found. Re-installing the application may fix this problem.

I think Application Launcher.exe is part of my Sony Ericsson data suite hence legit.

Should I reinstall that too?


I updated my Acrobat Reader as recommended (which removed its older version).
And I installed the new Java as stated then removed all the old ones via Cont. Panel. (but not tested yet!)


Finally and maybe more importantly I am a bit concerned that the startup is still as in my first post ie taking much longer than normal. It is between the POST/BIOS and the Boot Menu, now taking a couple of mins, whereas before it was seconds.
Is there any other checks I should do?
 
Any program that has a repair function then it is fine to use it,
any other programs you will need to reinstall.

Telecalib_logging.dll was not found. missing seems tbe a common problem, try reinstalling it and see if that works.

Let's see if we can get a bit more info about the boot problem
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
 
You must log in or register to reply here.
Back
Top