Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware problem Combifix, Hijackthis, Kaspersky been used [CLOSED]


  • This topic is locked This topic is locked

#1
craig20102010

craig20102010

    Member

  • Member
  • PipPip
  • 25 posts
i have Already viewed the topic http://www.geekstogo...SO-t201586.html and i have done all the steps up to Combi Fix so far.

The only problem i ave had with this thread is installin the Recovery Console im aware of how to do it just unsure of wot version to install since im running Win XP Media Centre Edition with SP2 so im not sure which version i need to install?

Bassically what was happening was when i turned the pc on Kaspersky kept finding problems all the time and made the pc Run incredibly slow and i couldnt open up websites but then when i could id be flooded with popups. most of the time the pc would just freeze on the desktop and only thing i could do was bring up task manager. It would also tell me that Automatic updates are turned off and when i did turn it back on again next time it was restarted it would have turned them back off. iv managed to run the comobi fix now and just running the kaspersky online scanner as im typing this (im on a different computer)


CombiFix Log

ComboFix 08-06-20.4 - Craig 2008-06-26 22:41:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1510 [GMT 1:00]
Running from: C:\Documents and Settings\Craig\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM00cb4654.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\kfwtmrrr.ini
C:\WINDOWS\system32\LoWHknmp.ini
C:\WINDOWS\system32\LoWHknmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmnkHWoL.dll
C:\WINDOWS\system32\ppuypwjc.ini
C:\WINDOWS\system32\tBHklnmp.ini
C:\WINDOWS\system32\tBHklnmp.ini2
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\vfedqlju.ini
C:\WINDOWS\system32\whtlinqo.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-26 22:47 . 2008-06-26 22:47 21 --a------ C:\WINDOWS\pskt.ini
2008-06-26 22:47 . 2008-06-26 22:47 0 --a------ C:\WINDOWS\BM00cb4654.xml
2008-06-26 15:18 . 2008-06-26 15:18 106,496 --a------ C:\WINDOWS\system32\bcndoaup.dll
2008-06-26 15:17 . 2008-06-26 15:17 80,896 --a------ C:\WINDOWS\system32\cjwpyupp.dll
2008-06-26 15:06 . 2008-06-26 15:06 91,648 --a------ C:\WINDOWS\system32\okxrddec.dll
2008-06-26 15:01 . 2008-06-26 15:01 <DIR> d-------- C:\Program Files\Vstplugins
2008-06-26 15:01 . 2008-06-26 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-06-25 16:34 . 2008-06-25 16:44 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-25 16:34 . 2008-06-25 16:44 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-25 16:33 . 2008-06-25 16:33 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-25 16:33 . 2008-06-26 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-25 16:33 . 2008-06-26 22:48 3,390,496 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-25 16:33 . 2008-06-26 22:45 48,548 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-25 16:33 . 2008-06-26 22:48 19,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-25 16:33 . 2008-06-26 22:45 2,876 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-25 16:32 . 2008-06-25 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-25 16:23 . 2008-06-25 16:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-25 16:23 . 2008-06-25 16:23 <DIR> d-------- C:\Documents and Settings\Craig\Application Data\AVG7
2008-06-25 14:28 . 2008-06-25 14:28 <DIR> d-------- C:\Program Files\Panda Security
2008-06-24 18:43 . 2008-06-24 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-24 18:43 . 2008-06-24 18:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-24 18:42 . 2008-06-24 18:42 <DIR> d-------- C:\Program Files\OpenAL
2008-06-24 18:38 . 2008-06-24 18:38 <DIR> d-------- C:\Program Files\Codemasters
2008-06-23 17:18 . 2008-06-23 17:18 91,136 --a------ C:\WINDOWS\system32\elwkvirn.dll
2008-06-23 08:23 . 2008-06-26 22:24 <DIR> d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-06-23 08:23 . 2008-06-23 08:23 <DIR> d--hs---- C:\Documents and Settings\NetworkService\History
2008-06-15 23:13 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-15 23:13 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-15 23:13 . 2008-06-15 23:13 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-15 23:13 . 2008-06-15 23:13 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-14 16:40 . 2008-06-14 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-06-14 16:39 . 2008-06-14 16:39 <DIR> d-------- C:\Program Files\Nokia
2008-06-14 16:39 . 2008-06-14 16:39 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-06-14 16:39 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-14 16:39 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-06-14 16:39 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-06-14 16:39 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-14 16:39 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-14 16:39 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-06-14 16:39 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-14 16:38 . 2008-06-14 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-06-11 19:55 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:55 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 14:01 --------- d-----w C:\Program Files\Sony
2008-06-25 15:45 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-25 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-24 17:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 23:22 --------- d-----w C:\Documents and Settings\Craig\Application Data\Azureus
2008-05-24 13:38 --------- d-----w C:\Documents and Settings\Craig\Application Data\FrostWire
2008-05-19 19:06 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-12-27 13:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sha-w C:\WINDOWS\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
C:\WINDOWS\system32\scwkfbpb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca8afc23-9425-4085-904c-bef496de22e0}]
2008-06-26 15:18 106496 --a------ C:\WINDOWS\system32\bcndoaup.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 06:58 458752]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-27 17:10 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-09-27 17:10 86016]
"nwiz"="nwiz.exe" [2006-09-27 17:10 1617920 C:\WINDOWS\system32\nwiz.exe]
"NexusServer"="C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" [2004-04-28 02:41 188416]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"\\TOILET\EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 03:00 99840]
"BM00cb4654"="C:\WINDOWS\system32\okxrddec.dll" [2008-06-26 15:06 91648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 05:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 14:33:22 581693]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-12-27 19:33:20 98304]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 17:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtQkLE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"vidc.CDVC"= cdvccodc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\03f875c8]
--a------ 2008-06-26 15:17 80896 C:\WINDOWS\system32\cjwpyupp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM00cb4654]
--a------ 2008-06-26 15:06 91648 C:\WINDOWS\system32\okxrddec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2006-05-30 16:02 40960 C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-03-16 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2003-10-02 03:20 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 05:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 08:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-28 08:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
--a------ 2001-11-20 11:51 356352 C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-06-19 11:33 163840 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-08-25 18:42 102400 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--------- 2005-10-11 10:23 1187840 C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-06-08 00:47 827392 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2007-03-14 16:52 3770024 C:\Program Files\TomTom HOME\TomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=

R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 04:16]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 15:37]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\yuanmodbda2.sys [2006-10-13 21:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52648e6a-bf86-11db-9d2e-0014a5f50543}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 14:33:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 22:47:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\pskt.ini 21 bytes
C:\WINDOWS\BM00cb4654.xml 0 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
-> C:\WINDOWS\system32\okxrddec.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXKERNL.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-26 22:57:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 21:56:58

Pre-Run: 20,269,957,120 bytes free
Post-Run: 20,259,446,784 bytes free

258 --- E O F --- 2008-06-21 13:27:29

Kaspersky Online Scanner Log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 26, 2008 17:45:34
Records in database: 884878
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 86363
Threat name: 4
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:35:03


File name / Threat name / Threats count
C:\Documents and Settings\Craig\Local Settings\Application Data\Identities\{382F8107-695E-4C5B-AFEC-2E07672ADE22}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Luder.a 1
C:\Documents and Settings\Craig\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Email-Worm.Win32.Luder.a 1
C:\Documents and Settings\Craig\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Program Files\Online Services\BTYahoo\HPPre05.msi Infected: not-a-virus:Dialer.Win32.BT.g 1
C:\QooBox\Quarantine\C\WINDOWS\system32\whtlinqo.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1

The selected area was scanned.

HiJackThis Log File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:49:33, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\scwkfbpb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {0e22ed69-4feb-c409-5804-524932cfa8ac} - {ca8afc23-9425-4085-904c-bef496de22e0} - C:\WINDOWS\system32\bcndoaup.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [\\TOILET\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "\\TOILET\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [BM00cb4654] Rundll32.exe "C:\WINDOWS\system32\okxrddec.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1187966556890
O20 - Winlogon Notify: geBtQkLE - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8737 bytes


If you can help with my problem i would be really pleased thanks

Edited by craig20102010, 27 June 2008 - 11:12 AM.

  • 0

Advertisements


#2
craig20102010

craig20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
back to the top.... Thanks

someone must know please.....

Edited by craig20102010, 29 June 2008 - 05:26 AM.

  • 0

#3
craig20102010

craig20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
some1 must kno?
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please don't bump your thread.. Helpers are looking for zero reply thread to work on.. Please do the following..


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Regards
fenzodahl512
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
--edit---

Double posted...

Edited by fenzodahl512, 29 June 2008 - 05:40 AM.

  • 0

#6
craig20102010

craig20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
sorry for bumping i wasnt aware that they would of been looked over... Cheers.

Here are the results of the scan:

Main.TXT

Deckard's System Scanner v20071014.68
Run by Craig on 2008-06-29 14:52:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2008-06-29 13:52:35 UTC - RP156 - Deckard's System Scanner Restore Point
20: 2008-06-26 21:40:51 UTC - RP155 - ComboFix created restore point
19: 2008-06-26 14:01:20 UTC - RP154 - Installed Sony Vegas Pro 8.0
18: 2008-06-25 15:33:36 UTC - RP153 - Installed Kaspersky Anti-Virus 7.0.
17: 2008-06-24 17:42:12 UTC - RP152 - Installed DirectX


-- First Restore Point --
1: 2008-06-22 18:08:37 UTC - RP136 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Craig.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:59, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXKERNL.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Craig\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Craig.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\scwkfbpb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {0e22ed69-4feb-c409-5804-524932cfa8ac} - {ca8afc23-9425-4085-904c-bef496de22e0} - C:\WINDOWS\system32\bcndoaup.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [\\TOILET\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "\\TOILET\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [BM00cb4654] Rundll32.exe "C:\WINDOWS\system32\okxrddec.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1187966556890
O20 - Winlogon Notify: geBtQkLE - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8907 bytes

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 pnpshark - c:\windows\system32\drivers\pnpshark.sys
R0 st3shark - c:\windows\system32\drivers\st3shark.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.3500>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>

S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&E5D621B&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&E5D621B&0&01
Service: NVENETFD

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: WIDCOMM, Inc.
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS


-- Scheduled Tasks -------------------------------------------------------------

2008-01-16 15:33:42 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-27 00:49:24 0 d-------- C:\Program Files\Trend Micro
2008-06-26 22:40:15 68096 --a------ C:\WINDOWS\zip.exe
2008-06-26 22:40:15 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-26 22:40:15 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-26 22:40:15 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-26 22:40:15 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-26 22:40:15 98816 --a------ C:\WINDOWS\sed.exe
2008-06-26 22:40:15 80412 --a------ C:\WINDOWS\grep.exe
2008-06-26 22:40:15 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-26 15:18:56 106496 --a------ C:\WINDOWS\system32\bcndoaup.dll
2008-06-26 15:17:41 80896 --a------ C:\WINDOWS\system32\cjwpyupp.dll
2008-06-26 15:06:15 91648 --a------ C:\WINDOWS\system32\okxrddec.dll
2008-06-26 15:01:48 0 d-------- C:\Program Files\Vstplugins
2008-06-26 15:01:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-06-25 16:34:23 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-25 16:34:23 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-25 16:33:46 23584 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-25 16:33:46 3485472 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-25 16:33:46 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-25 16:33:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-25 16:32:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-25 16:23:57 0 d-------- C:\Documents and Settings\Craig\Application Data\AVG7
2008-06-25 16:23:52 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-25 14:28:13 0 d-------- C:\Program Files\Panda Security
2008-06-24 18:43:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-24 18:42:46 0 d-------- C:\Program Files\OpenAL
2008-06-24 18:38:02 0 d-------- C:\Program Files\Codemasters
2008-06-23 17:18:17 91136 --a------ C:\WINDOWS\system32\elwkvirn.dll
2008-06-23 08:23:45 0 d--hs---- C:\Documents and Settings\NetworkService\History
2008-06-23 08:23:44 0 d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-06-14 16:40:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-06-14 16:39:22 0 d-------- C:\Program Files\Nokia
2008-06-14 16:39:22 0 d-------- C:\Program Files\Common Files\Nokia
2008-06-14 16:38:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations


-- Find3M Report ---------------------------------------------------------------

2008-06-26 15:01:25 0 d-------- C:\Program Files\Sony
2008-06-24 18:38:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-19 00:22:47 0 d-------- C:\Documents and Settings\Craig\Application Data\Azureus
2008-06-17 19:06:19 43 ---hs---- C:\Documents and Settings\Craig\Application Data\.zreglib
2008-06-14 16:39:22 0 d-------- C:\Program Files\Common Files
2008-05-24 14:38:19 0 d-------- C:\Documents and Settings\Craig\Application Data\FrostWire
2008-05-19 20:06:14 0 d-------- C:\Program Files\Microsoft Silverlight


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
C:\WINDOWS\system32\scwkfbpb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca8afc23-9425-4085-904c-bef496de22e0}]
26/06/2008 15:18 106496 --a------ C:\WINDOWS\system32\bcndoaup.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [04/05/2006 06:58]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [27/09/2006 17:10]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [27/09/2006 17:10]
"nwiz"="nwiz.exe" [27/09/2006 17:10 C:\WINDOWS\system32\nwiz.exe]
"NexusServer"="C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" [28/04/2004 02:41]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [08/05/2007 16:24]
"\\TOILET\EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [04/06/2003 03:00]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [08/02/2008 18:36]
"BM00cb4654"="C:\WINDOWS\system32\okxrddec.dll" [26/06/2008 15:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [09/10/2006 12:28]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [18/08/2005 10:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 05:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/05/2006 14:33:22]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [27/12/2006 19:33:20]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [24/09/2005 17:39:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [09/10/2004 15:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtQkLE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\03f875c8]
rundll32.exe "C:\WINDOWS\system32\cjwpyupp.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM00cb4654]
Rundll32.exe "C:\WINDOWS\system32\okxrddec.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
regsvr32 /s mqrt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"C:\Program Files\HP\QuickPlay\QPService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52648e6a-bf86-11db-9d2e-0014a5f50543}]
AutoRun\command- G:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-06-29 14:56:24 ------------

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-56
CPU 1: AMD Turion™ 64 X2 Mobile Technology TL-56
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2046.54 MiB / 1480.65 MiB
Pagefile Memory (total/avail): 3938.44 MiB / 3465.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.46 MiB

C: is Fixed (NTFS) - 101.42 GiB total, 18.78 GiB free.
D: is Fixed (FAT32) - 9.34 GiB total, 1.07 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1234GSX - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 101.42 GiB - C:
\PARTITION1 - Unknown - 9.35 GiB - D:
\PARTITION2 - Unknown - 1027.6 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: Kaspersky Anti-Virus v7.0.1.325 (Kaspersky Lab) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe"="C:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe:*:Enabled:GRID Demo"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Craig\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CRAIGS_LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Craig
LOGONSERVER=\\CRAIGS_LAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Craig\LOCALS~1\Temp
TMP=C:\DOCUME~1\Craig\LOCALS~1\Temp
USERDOMAIN=CRAIGS_LAPTOP
USERNAME=Craig
USERPROFILE=C:\Documents and Settings\Craig
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Craig (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-0000-705000000001}
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Browser Mouse --> C:\Program Files\Browser Mouse\Browser Mouse\1.1\unins000.EXE
Canopus ProCoder 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A70D9E8-C51B-4196-BD1F-137E6EF6AEBB}\Setup.exe" -l0x9
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
DAEMON Tools --> MsiExec.exe /I{2DF9A978-DEA1-4433-805D-66790FC28C62}
DV NETWORK SOLUTION DISK --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{78E59435-A150-4C50-9B4B-370D9C15D1E5} /l1033
DVD Region+CSS Free 5.9.8.3 --> "C:\Program Files\DVD Region+CSS Free\unins000.exe"
FrostWire 4.13.4 --> C:\Program Files\FrostWire\Uninstall.exe
GRID Demo --> "C:\Program Files\InstallShield Installation Information\{3C850287-4CD5-4FAD-BE39-A4AF7851A7C6}\setup.exe" -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Pavilion Webcam Tray Icon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C23BEBC-0429-4254-A83F-15C591AB768A}\Setup.exe" -l0x9
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0031 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13BCF6CB-2F54-4962-9B11-32F07048ACF3}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Management Studio Express --> MsiExec.exe /I{A4512736-8D63-4298-9271-5329931FA46B}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Need for Speed™ Carbon --> C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Flashing Cable Driver --> MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia Software Updater --> MsiExec.exe /X{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
Opera 9.24 --> MsiExec.exe /X{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Remove DivX Pro Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Pro Codec\UninstalDivXProCodec.log
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Sony Vegas Pro 8.0 --> MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
SUPER © Version 2008.bld.25 (Feb 5, 2008) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type38669 / Warning
Event Submitted/Written: 06/29/2008 02:47:16 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type38625 / Warning
Event Submitted/Written: 06/27/2008 02:35:25 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type38576 / Warning
Event Submitted/Written: 06/26/2008 10:48:15 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type38567 / Error
Event Submitted/Written: 06/26/2008 10:13:50 PM
Event ID/Source: 4689 / COM+
Event Description:
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector failed

Event Record #/Type38539 / Warning
Event Submitted/Written: 06/26/2008 10:12:33 PM / 06/26/2008 10:12:34 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type22732 / Warning
Event Submitted/Written: 06/29/2008 02:47:07 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver EPSON Stylus Photo R300 Series for Windows NT x86 Version-3 was added or updated. Files:- E_DMAI16.DLL, E_DU18KE.DLL, E_DM18FA.VIF, E_QI021E.HLP, E_DDSP13.DLL, E_DJB307.DLL, E_DCON02.DLL, EE254__1.PRM, EPIBSR30.EXE, E_DI08FA.DLL, E_DD18FA.CFG, EPIPGI20.DLL, E_DPUI03.DLL, E_DPPE03.EXE, E_DI13AE.TXT, EPSET32.DLL, E_DHMM12.DLL, E_DUMWF2.DLL, E_DHT41D.DLL, E_DS80HE.DLL, E_H4X2F1.DXT, E_H490F2.DLL, EPUTIX25.DLL, EPUTIX25.EXE, E_H4E0F2.DLL, EBAPI4.DLL, EBPLPT4.DLL, E_DM18FA.DAT, EBPSHRE4.DLL, SAGENT4.EXE, EBPSAGT4.DAT, EPUPDATE.EXE, EPUPDATE.DAT, E_S10RN1.EXE, E_SKN321.DLL, E_S10MT1.EXE, E_S1T0A1.EXE, E_SMSTE3.HLP, E_H26UIA.DLL, E_S490F1.DLL, E_S4I2F1.EXE, E_S4E2F1.DLL, E_SIINS1.EXE, E_A4X2F1.DAT, E_S00RP1.EXE.

Event Record #/Type22730 / Warning
Event Submitted/Written: 06/29/2008 02:46:28 PM / 06/29/2008 02:46:43 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom1 during a paging operation.

Event Record #/Type22725 / Warning
Event Submitted/Written: 06/27/2008 03:01:12 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\TOILET on the network \Device\NetBT_Tcpip_{27D6CA90-2DAC-4009-B7BB-97A0F3628CD5}.
The data is the error code.

Event Record #/Type22707 / Warning
Event Submitted/Written: 06/27/2008 02:34:47 PM / 06/27/2008 02:35:02 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom1 during a paging operation.

Event Record #/Type22693 / Error
Event Submitted/Written: 06/26/2008 10:54:03 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460



-- End of Deckard's System Scanner: finished at 2008-06-29 14:56:24 ------------



Thanks
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\pskt.ini
C:\WINDOWS\BM00cb4654.xml
C:\WINDOWS\system32\bcndoaup.dll
C:\WINDOWS\system32\cjwpyupp.dll
C:\WINDOWS\system32\okxrddec.dll
C:\WINDOWS\system32\elwkvirn.dll
C:\WINDOWS\system32\okxrddec.dll
C:\WINDOWS\system32\scwkfbpb.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca8afc23-9425-4085-904c-bef496de22e0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM00cb4654"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtQkLE] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\03f875c8]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM00cb4654]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#8
craig20102010

craig20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Thanks for that. Here are the Combi Log and the HijackThis log

Combi Log

ComboFix 08-06-20.4 - Craig 2008-06-29 15:27:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1602 [GMT 1:00]
Running from: C:\Documents and Settings\Craig\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Craig\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM00cb4654.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bcndoaup.dll
C:\WINDOWS\system32\cjwpyupp.dll
C:\WINDOWS\system32\elwkvirn.dll
C:\WINDOWS\system32\okxrddec.dll
C:\WINDOWS\system32\scwkfbpb.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Craig\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\BM00cb4654.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bcndoaup.dll
C:\WINDOWS\system32\cjwpyupp.dll
C:\WINDOWS\system32\elwkvirn.dll
C:\WINDOWS\system32\okxrddec.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 14:52 . 2008-06-29 14:52 <DIR> d-------- C:\Deckard
2008-06-27 00:49 . 2008-06-27 00:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-26 15:01 . 2008-06-26 15:01 <DIR> d-------- C:\Program Files\Vstplugins
2008-06-26 15:01 . 2008-06-26 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-06-25 16:34 . 2008-06-25 16:44 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-25 16:34 . 2008-06-25 16:44 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-25 16:33 . 2008-06-25 16:33 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-25 16:33 . 2008-06-29 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-25 16:33 . 2008-06-29 15:33 4,915,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-25 16:33 . 2008-06-29 15:30 72,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-25 16:33 . 2008-06-29 15:31 26,144 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-25 16:33 . 2008-06-29 15:30 4,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-25 16:32 . 2008-06-25 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-25 16:23 . 2008-06-25 16:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-25 16:23 . 2008-06-25 16:23 <DIR> d-------- C:\Documents and Settings\Craig\Application Data\AVG7
2008-06-25 14:28 . 2008-06-25 14:28 <DIR> d-------- C:\Program Files\Panda Security
2008-06-24 18:43 . 2008-06-24 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-24 18:43 . 2008-06-24 18:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-24 18:42 . 2008-06-24 18:42 <DIR> d-------- C:\Program Files\OpenAL
2008-06-24 18:38 . 2008-06-24 18:38 <DIR> d-------- C:\Program Files\Codemasters
2008-06-23 08:23 . 2008-06-26 22:24 <DIR> d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-06-23 08:23 . 2008-06-23 08:23 <DIR> d--hs---- C:\Documents and Settings\NetworkService\History
2008-06-15 23:13 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-15 23:13 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-15 23:13 . 2008-06-15 23:13 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-15 23:13 . 2008-06-15 23:13 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-14 16:40 . 2008-06-14 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-06-14 16:39 . 2008-06-14 16:39 <DIR> d-------- C:\Program Files\Nokia
2008-06-14 16:39 . 2008-06-14 16:39 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-06-14 16:39 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-14 16:39 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-06-14 16:39 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-06-14 16:39 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-14 16:39 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-14 16:39 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-06-14 16:39 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-14 16:38 . 2008-06-14 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-06-11 19:55 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:55 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 19:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 14:01 --------- d-----w C:\Program Files\Sony
2008-06-25 15:45 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-25 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-24 17:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 23:22 --------- d-----w C:\Documents and Settings\Craig\Application Data\Azureus
2008-05-24 13:38 --------- d-----w C:\Documents and Settings\Craig\Application Data\FrostWire
2008-05-19 19:06 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-12-27 13:01 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sha-w C:\WINDOWS\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((( [email protected]_22.56.06.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 21:46:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 14:31:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49 307200]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 06:58 458752]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-27 17:10 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-09-27 17:10 86016]
"nwiz"="nwiz.exe" [2006-09-27 17:10 1617920 C:\WINDOWS\system32\nwiz.exe]
"NexusServer"="C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" [2004-04-28 02:41 188416]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"\\TOILET\EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 03:00 99840]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 05:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 14:33:22 581693]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-12-27 19:33:20 98304]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 17:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"vidc.CDVC"= cdvccodc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2006-05-30 16:02 40960 C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-03-16 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2003-10-02 03:20 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 05:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 08:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-28 08:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
--a------ 2001-11-20 11:51 356352 C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-06-19 11:33 163840 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-08-25 18:42 102400 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--------- 2005-10-11 10:23 1187840 C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-06-08 00:47 827392 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2007-03-14 16:52 3770024 C:\Program Files\TomTom HOME\TomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=

R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 04:16]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 15:37]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\yuanmodbda2.sys [2006-10-13 21:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52648e6a-bf86-11db-9d2e-0014a5f50543}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 14:33:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 15:32:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\Craig\LOCALS~1\Temp\lucene-5a92abc18df3e1ec2442c9e5351a6e53-commit.lock 0 bytes
C:\Documents and Settings\Craig\Local Settings\Application Data\Ahead\Nero Home\idx\_2jl.cfs 6883 bytes
C:\Documents and Settings\Craig\Local Settings\Application Data\Ahead\Nero Home\idx\_2jl.del 9 bytes
C:\Documents and Settings\Craig\Local Settings\Application Data\Ahead\Nero Home\idx\_2jt.f50 9 bytes
C:\Documents and Settings\Craig\Local Settings\Application Data\Ahead\Nero Home\idx\_2jt.f51 9 bytes
C:\Documents and Settings\Craig\Local Settings\Application Data\Ahead\Nero Home\idx\_2jt.f52 9 bytes
C:\Documents and Settings\Craig\Local Settings\Application Data\Ahead\Nero Home\idx\_2jt.f53 9 bytes
C:\Documents and Settings\Craig\Local Settings\Application Data\Ahead\Nero Home\idx\_2jt.f54 9 bytes
C:\Documents and Settings\Craig\Local Settings\Application Data\Ahead\Nero Home\idx\_2jt.f55 9 bytes
C:\Documents and Settings\Craig\Local Settings\Application Data\Ahead\Nero Home\idx\_2jt.f56 9 bytes
C:\Documents and Settings\Craig\Local Settings\Application Data\Ahead\Nero Home\idx\_2jt.f57 9 bytes
C:\Documents and Settings\Craig\Local Settings\Application Data\Ahead\Nero Home\idx\_2jt.f58 9 bytes

scan completed successfully
hidden files: 12

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXKERNL.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-29 15:41:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 14:41:22
ComboFix2.txt 2008-06-26 21:57:14

Pre-Run: 20,118,056,960 bytes free
Post-Run: 20,098,392,064 bytes free

255 --- E O F --- 2008-06-21 13:27:29


HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:41, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXKERNL.Exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [\\TOILET\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "\\TOILET\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1187966556890
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8380 bytes


Thanks
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please include a fresh Deckard System Scanner in your next reply (after Malwarebytes' step)... Please also tell me about your computer conditions..


Regards
fenzodahl512
  • 0

#10
craig20102010

craig20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hijack This log

Deckard's System Scanner v20071014.68
Run by Craig on 2008-06-29 18:32:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Craig.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:39, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Craig\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Craig.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [\\TOILET\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "\\TOILET\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1187966556890
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8667 bytes

-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-29 17:55:30 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 17:52:48 0 d-------- C:\Documents and Settings\Craig\Application Data\Malwarebytes
2008-06-29 17:52:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 00:49:24 0 d-------- C:\Program Files\Trend Micro
2008-06-26 22:40:15 68096 --a------ C:\WINDOWS\zip.exe
2008-06-26 22:40:15 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-26 22:40:15 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-26 22:40:15 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-26 22:40:15 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-26 22:40:15 98816 --a------ C:\WINDOWS\sed.exe
2008-06-26 22:40:15 80412 --a------ C:\WINDOWS\grep.exe
2008-06-26 22:40:15 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-26 15:01:48 0 d-------- C:\Program Files\Vstplugins
2008-06-26 15:01:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-06-25 16:32:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-25 16:23:57 0 d-------- C:\Documents and Settings\Craig\Application Data\AVG7
2008-06-25 16:23:52 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-25 14:28:13 0 d-------- C:\Program Files\Panda Security
2008-06-24 18:43:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-24 18:42:46 0 d-------- C:\Program Files\OpenAL
2008-06-24 18:38:02 0 d-------- C:\Program Files\Codemasters
2008-06-23 08:23:45 0 d--hs---- C:\Documents and Settings\NetworkService\History
2008-06-23 08:23:44 0 d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-06-14 16:40:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-06-14 16:39:22 0 d-------- C:\Program Files\Nokia
2008-06-14 16:39:22 0 d-------- C:\Program Files\Common Files\Nokia
2008-06-14 16:38:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations


-- Find3M Report ---------------------------------------------------------------

2008-06-26 15:01:25 0 d-------- C:\Program Files\Sony
2008-06-24 18:38:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-19 00:22:47 0 d-------- C:\Documents and Settings\Craig\Application Data\Azureus
2008-06-17 19:06:19 43 ---hs---- C:\Documents and Settings\Craig\Application Data\.zreglib
2008-06-14 16:39:22 0 d-------- C:\Program Files\Common Files
2008-05-24 14:38:19 0 d-------- C:\Documents and Settings\Craig\Application Data\FrostWire
2008-05-19 20:06:14 0 d-------- C:\Program Files\Microsoft Silverlight


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [04/05/2006 06:58]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [27/09/2006 17:10]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [27/09/2006 17:10]
"nwiz"="nwiz.exe" [27/09/2006 17:10 C:\WINDOWS\system32\nwiz.exe]
"NexusServer"="C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" [28/04/2004 02:41]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [08/05/2007 16:24]
"\\TOILET\EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [04/06/2003 03:00]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [25/08/2006 18:42]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/06/2006 11:33]
"LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [20/11/2001 11:51]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [30/05/2006 16:02]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/06/2007 00:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [09/10/2006 12:28]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [18/08/2005 10:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 05:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/05/2006 14:33:22]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [27/12/2006 19:33:20]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [24/09/2005 17:39:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [09/10/2004 15:18 49152]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
regsvr32 /s mqrt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52648e6a-bf86-11db-9d2e-0014a5f50543}]
AutoRun\command- G:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-06-29 18:32:58 ------------


MBAM Log

Malwarebytes' Anti-Malware 1.19
Database version: 902
Windows 5.1.2600 Service Pack 2

18:28:06 29/06/2008
mbam-log-6-29-2008 (18-28-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 121752
Time elapsed: 28 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP144\A0065327.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP153\A0066294.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP153\A0066295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP154\A0066366.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP154\A0066367.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP154\A0066431.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP154\A0066443.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Thanks again

Conditions of the computer have speeded up greatly and seem to be running rather well again... still would like to get rida all infected incase its still on there if you can let me know from my logs....

i have now removed Kaspersky scanner since it slowed my laptop down incredibly! Thanks

Edited by craig20102010, 29 June 2008 - 11:38 AM.

  • 0

#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Well, your log looks clean to my eyes...


Since you mentioned that you have remove Kaspersky, tell me, what antivirus do you use now?

Do you still use AVG7? It's outdated and no longer support by Grisoft..

I believe your computer is running fine right now.. but tell me if you still have anymore computer problem..



Regards
fenzodahl512
  • 0

#12
craig20102010

craig20102010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
i was going to install the AVG free edition 8.0 since thats the new one and the one im running on this pc and i dont seem to have any problems on this one with that...

have you got any advise on what anti Virus to run? and is that MBAM good to run on just any pc to get rid of basic problems?
  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

i was going to install the AVG free edition 8.0 since thats the new one and the one im running on this pc and i dont seem to have any problems on this one with that...

have you got any advise on what anti Virus to run? and is that MBAM good to run on just any pc to get rid of basic problems?



AVG8 is a great free antivirus.. it also include antispyware.. MBAM is one of the best antispyware program currently.. I strongly suggest you to keep it..


Please post a fresh DSS log after you install AVG8.. :)


I'm gonna back tomorrow as I'm sleepy right now.. It's already 2.10 am in Malaysia... :)


Cheers..
fenzodahl512
  • 0

#14
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP