Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

tracking cookie


  • Please log in to reply

#1
murimuri

murimuri

    Member

  • Member
  • PipPip
  • 39 posts
if you can help, it'll be good.
there's SOMETHING wrong, but i'm not sure what it is...

I have AVG, norton (freeware), and NOD32 antivirus programs..

---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:16 PM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\vsnpstd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\windows\system32\slserv.exe
C:\windows\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: pluspoint - {0FB9FC89-46E5-4961-9515-788A9EDCFDE9} - C:\Program Files\pluspoint2\pluspoint2.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: jBrowse Toolbar - {9E5BD40E-6287-11D6-9772-0002A5DD2483} - C:\PROGRA~1\jBrowse\JBO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: pluspoint - {0F04D8F1-A1B7-4BA9-B091-E87E0EDD4940} - C:\Program Files\pluspoint2\pluspoint2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [pluspoint2] "C:\Program Files\pluspoint2\pluspoint2.exe" /start
O4 - HKLM\..\Run: [snpstd] C:\windows\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Online chin internet bolt] C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\wma about.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Delete Once] C:\DOCUME~1\user\APPLIC~1\BOLTRE~1\Mode memo.exe
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Mobile Partner\Mobile Partner.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ?????? - {62E65991-BAFA-4AFB-9B40-06039E276D28} - C:\Program Files\pluspoint2\pluspoint2.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co....MSpeedCheck.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.c...a/SpeedCtrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {760FF20F-B852-4ED7-AE91-F1DE355C080F} (pluspoint) - http://file.pluscoin...spoint2inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.c...MultiUpload.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\windows\SYSTEM32\slserv.exe

--
End of file - 10192 bytes
  • 0

Advertisements


#2
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
You have a LOP infection.

Download and unzip the following to a new folder:
http://metallica.gee...com/findlop.zip

Inside the folder locate findlop.bat

Double click it and it will create the file C:\findlop.txt
Find that file and copy and paste the contents into your next post.


Also, copy the part in bold below into notepad and save it as direxie.bat
Set File type to "All files"


cd\
cd C:\Documents and Settings\%UserName%\Application Data
dir /x > C:\directory.txt
cd C:\Documents and Settings\All Users\Application Data
dir /x >> C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt



Start the file by double clicking direxie.bat
That will open a file called directory.txt. Post the content of that file.
  • 0

#3
murimuri

murimuri

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
from lop! :
--
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A51918E0918A8E7C.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\user\applic~1\boltre~1\ref owns cdrom.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 07/29/2008 19:00:00
NextRun: 07/29/2008 20:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/17/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 1200 series#1201271611
.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe'
Parameters: '-I "#Hewlett-Packard#hp psc 1200 series#1201271611"'
WorkingDirectory: ''
Comment: ''
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 07/28/2008 22:37:00
NextRun: 07/29/2008 22:37:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 04/26/2008
EndDate: 00/00/0000
StartTime: 22:37
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 1200 series#1201327381
.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe'
Parameters: '-I "#Hewlett-Packard#hp psc 1200 series#1201327381"'
WorkingDirectory: ''
Comment: ''
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

No triggers


[TRACE] Activating job 'Norton Security Scan.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Norton Security Scan\Nss.exe'
Parameters: '/scan-full /scheduled'
WorkingDirectory: 'C:\Program Files\Norton Security Scan'
Comment: 'Norton Security Scan'
Creator: 'user'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 07/25/2008 18:00:03
NextRun: 07/30/2008 18:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: U..W.F.
StartDate: 03/01/2008
EndDate: 00/00/0000
StartTime: 18:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

----
Volume in drive D is New Volume
Volume Serial Number is 4CED-8E93

Directory of D:\

07/29/2008 10:36 AM 7,293,668 ATHANB~1.EXE AthanBasic3.exe
07/27/2008 09:08 AM <DIR> bro
05/03/2008 08:28 PM <DIR> burn
06/03/2008 10:52 AM <DIR> clubbox
07/29/2008 10:47 AM <DIR> D-ADDI~1 D-ADDICTS
07/26/2008 02:49 PM 488,144 HJTsetup.exe
07/27/2008 11:54 AM <DIR> MARIKO~1 MARIKO NO SASHIN SAWANIDE!
08/02/2007 11:39 AM 12,369,816 NENTEN~1.EXE nentenst_2.exe
07/01/2008 08:49 PM <DIR> NEWKOR~1 new korean songs
07/28/2008 02:41 AM <DIR> OTHERS~1 other stuff
07/29/2008 07:16 PM <DIR> PROGRA~1 Program Files
06/19/2008 12:31 AM <DIR> SAKINA~1 sakinah stuff
3 File(s) 20,151,628 bytes
9 Dir(s) 6,716,428,288 bytes free
Volume in drive D is New Volume
Volume Serial Number is 4CED-8E93

Directory of D:\

07/29/2008 10:36 AM 7,293,668 ATHANB~1.EXE AthanBasic3.exe
07/27/2008 09:08 AM <DIR> bro
05/03/2008 08:28 PM <DIR> burn
06/03/2008 10:52 AM <DIR> clubbox
07/29/2008 10:47 AM <DIR> D-ADDI~1 D-ADDICTS
07/26/2008 02:49 PM 488,144 HJTsetup.exe
07/27/2008 11:54 AM <DIR> MARIKO~1 MARIKO NO SASHIN SAWANIDE!
08/02/2007 11:39 AM 12,369,816 NENTEN~1.EXE nentenst_2.exe
07/01/2008 08:49 PM <DIR> NEWKOR~1 new korean songs
07/28/2008 02:41 AM <DIR> OTHERS~1 other stuff
07/29/2008 07:16 PM <DIR> PROGRA~1 Program Files
06/19/2008 12:31 AM <DIR> SAKINA~1 sakinah stuff
3 File(s) 20,151,628 bytes
9 Dir(s) 6,716,428,288 bytes free
Volume in drive D is New Volume
Volume Serial Number is 4CED-8E93

Directory of D:\

07/29/2008 10:36 AM 7,293,668 ATHANB~1.EXE AthanBasic3.exe
07/27/2008 09:08 AM <DIR> bro
05/03/2008 08:28 PM <DIR> burn
06/03/2008 10:52 AM <DIR> clubbox
07/29/2008 10:47 AM <DIR> D-ADDI~1 D-ADDICTS
07/26/2008 02:49 PM 488,144 HJTsetup.exe
07/27/2008 11:54 AM <DIR> MARIKO~1 MARIKO NO SASHIN SAWANIDE!
08/02/2007 11:39 AM 12,369,816 NENTEN~1.EXE nentenst_2.exe
07/01/2008 08:49 PM <DIR> NEWKOR~1 new korean songs
07/28/2008 02:41 AM <DIR> OTHERS~1 other stuff
07/29/2008 07:16 PM <DIR> PROGRA~1 Program Files
06/19/2008 12:31 AM <DIR> SAKINA~1 sakinah stuff
3 File(s) 20,151,628 bytes
9 Dir(s) 6,716,428,288 bytes free
  • 0

#4
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
I don't think you ran the second part correctly. Did you save the file as follows and save it in Notepad with a .bat file extension?

cd\
cd C:\Documents and Settings\%UserName%\Application Data
dir /x > C:\directory.txt
cd C:\Documents and Settings\All Users\Application Data
dir /x >> C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt


  • 0

#5
murimuri

murimuri

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
yeah i did. but just in case, here it is again.

Volume in drive D is New Volume
Volume Serial Number is 4CED-8E93

Directory of D:\

07/29/2008 10:36 AM 7,293,668 ATHANB~1.EXE AthanBasic3.exe
07/27/2008 09:08 AM <DIR> bro
05/03/2008 08:28 PM <DIR> burn
06/03/2008 10:52 AM <DIR> clubbox
07/31/2008 06:14 PM <DIR> D-ADDI~1 D-ADDICTS
07/26/2008 02:49 PM 488,144 HJTsetup.exe
07/27/2008 11:54 AM <DIR> MARIKO~1 MARIKO NO SASHIN SAWANIDE!
08/02/2007 11:39 AM 12,369,816 NENTEN~1.EXE nentenst_2.exe
07/01/2008 08:49 PM <DIR> NEWKOR~1 new korean songs
07/28/2008 02:41 AM <DIR> OTHERS~1 other stuff
08/01/2008 05:11 AM <DIR> PROGRA~1 Program Files
06/19/2008 12:31 AM <DIR> SAKINA~1 sakinah stuff
3 File(s) 20,151,628 bytes
9 Dir(s) 6,697,545,728 bytes free
Volume in drive D is New Volume
Volume Serial Number is 4CED-8E93

Directory of D:\

07/29/2008 10:36 AM 7,293,668 ATHANB~1.EXE AthanBasic3.exe
07/27/2008 09:08 AM <DIR> bro
05/03/2008 08:28 PM <DIR> burn
06/03/2008 10:52 AM <DIR> clubbox
07/31/2008 06:14 PM <DIR> D-ADDI~1 D-ADDICTS
07/26/2008 02:49 PM 488,144 HJTsetup.exe
07/27/2008 11:54 AM <DIR> MARIKO~1 MARIKO NO SASHIN SAWANIDE!
08/02/2007 11:39 AM 12,369,816 NENTEN~1.EXE nentenst_2.exe
07/01/2008 08:49 PM <DIR> NEWKOR~1 new korean songs
07/28/2008 02:41 AM <DIR> OTHERS~1 other stuff
08/01/2008 05:11 AM <DIR> PROGRA~1 Program Files
06/19/2008 12:31 AM <DIR> SAKINA~1 sakinah stuff
3 File(s) 20,151,628 bytes
9 Dir(s) 6,697,545,728 bytes free
Volume in drive D is New Volume
Volume Serial Number is 4CED-8E93

Directory of D:\

07/29/2008 10:36 AM 7,293,668 ATHANB~1.EXE AthanBasic3.exe
07/27/2008 09:08 AM <DIR> bro
05/03/2008 08:28 PM <DIR> burn
06/03/2008 10:52 AM <DIR> clubbox
07/31/2008 06:14 PM <DIR> D-ADDI~1 D-ADDICTS
07/26/2008 02:49 PM 488,144 HJTsetup.exe
07/27/2008 11:54 AM <DIR> MARIKO~1 MARIKO NO SASHIN SAWANIDE!
08/02/2007 11:39 AM 12,369,816 NENTEN~1.EXE nentenst_2.exe
07/01/2008 08:49 PM <DIR> NEWKOR~1 new korean songs
07/28/2008 02:41 AM <DIR> OTHERS~1 other stuff
08/01/2008 05:11 AM <DIR> PROGRA~1 Program Files
06/19/2008 12:31 AM <DIR> SAKINA~1 sakinah stuff
3 File(s) 20,151,628 bytes
9 Dir(s) 6,697,545,728 bytes free
  • 0

#6
murimuri

murimuri

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
oh, and here's the log for drive c:/
in case you wanted that o_o

Volume in drive C has no label.
Volume Serial Number is B0D1-4656

Directory of C:\Documents and Settings\user\Application Data

06/13/2008 09:54 PM <DIR> Adobe
02/16/2008 08:52 PM <DIR> AdobeUM
01/20/2008 10:29 AM <DIR> Ahead
07/06/2008 04:21 PM <DIR> BEARSH~1 BearShare
07/24/2008 04:13 PM <DIR> BOLTRE~1 bolt rect math
11/19/2007 02:15 AM <DIR> DivX
07/02/2008 02:32 PM <DIR> dvdcss
02/09/2008 06:13 PM <DIR> Flock
08/01/2008 05:12 AM <DIR> FREEDO~1 Free Download Manager
11/03/2007 02:01 PM <DIR> Google
11/03/2007 02:35 PM <DIR> GRETECH
11/03/2007 04:39 PM <DIR> Help
01/08/2008 10:52 AM <DIR> HEWLET~1 Hewlett-Packard
10/28/2007 03:10 PM <DIR> IDENTI~1 Identities
02/18/2008 08:10 PM <DIR> LEADER~1 Leadertech
05/02/2008 08:03 PM <DIR> LimeWire
03/01/2008 04:35 PM <DIR> MACROM~1 Macromedia
01/27/2008 03:08 PM <DIR> MEDIAP~1 Media Player Classic
08/01/2008 12:16 AM <DIR> MEGAUP~1 MegauploadToolbar
11/03/2007 01:48 PM <DIR> Mozilla
05/18/2008 01:27 PM <DIR> Opera
02/24/2008 08:32 PM <DIR> Real
11/03/2007 01:28 PM <DIR> STOIK
11/20/2007 10:36 AM <DIR> Sun
06/07/2008 07:59 PM <DIR> Talkback
05/07/2008 10:27 PM <DIR> TVUNET~1 TVU Networks
04/23/2008 10:17 PM <DIR> U3
11/18/2007 09:01 PM <DIR> vlc
06/19/2008 12:41 AM <DIR> Winamp
11/19/2007 01:49 AM <DIR> WinRAR
07/01/2008 05:37 PM <DIR> Xfire
0 File(s) 0 bytes
31 Dir(s) 1,374,130,176 bytes free
Volume in drive C has no label.
Volume Serial Number is B0D1-4656

Directory of C:\Documents and Settings\All Users\Application Data

06/13/2008 09:53 PM <DIR> Adobe
11/03/2007 01:37 PM <DIR> ADOBES~1 Adobe Systems
06/19/2008 04:05 AM <DIR> avg8
07/24/2008 04:12 PM <DIR> BAGSPL~1 Bags Plus Online Chin
11/03/2007 01:16 PM <DIR> Google
01/25/2008 10:30 PM 382 HPZINS~1.LOG hpzinstall.log
07/04/2008 03:44 PM <DIR> IJJIGame
02/26/2008 01:36 PM <DIR> MESSEN~1 Messenger Plus!
10/30/2007 11:12 AM <DIR> Nero
11/25/2007 11:33 AM <DIR> Outspark
01/21/2008 10:43 PM <DIR> Real
11/03/2007 02:04 PM <DIR> Skype
07/13/2008 07:45 AM <DIR> TEMP
05/07/2008 10:27 PM <DIR> TVUNET~1 TVU Networks
04/01/2008 04:10 AM <DIR> WINDOW~1 Windows Genuine Advantage
05/01/2008 07:38 PM <DIR> WLINST~1 WLInstaller
1 File(s) 382 bytes
15 Dir(s) 1,374,130,176 bytes free
Volume in drive C has no label.
Volume Serial Number is B0D1-4656

Directory of C:\Program Files

07/29/2008 10:28 AM <DIR> .
07/29/2008 10:28 AM <DIR> ..
02/18/2008 08:11 PM <DIR> Adobe
06/13/2008 09:53 PM <DIR> ADOBEM~1 Adobe Media Player
01/20/2008 10:32 AM <DIR> Aegisub
03/03/2008 01:43 AM <DIR> AOAAUD~1 AoA Audio Extractor
07/29/2008 10:31 AM <DIR> Athan
03/03/2008 01:38 AM <DIR> Audacity
06/19/2008 04:05 AM <DIR> AVG
07/06/2008 04:15 PM <DIR> BEARSH~1 BearShare Applications
07/24/2008 04:11 PM <DIR> BOLTRE~1 bolt rect math
03/15/2008 12:41 PM <DIR> CABALO~1 CABAL Online (SG MY)
06/01/2008 07:11 PM <DIR> CIRCLE~1 Circle Developement
07/02/2008 03:14 PM <DIR> COMMON~1 Common Files
10/28/2007 03:00 PM <DIR> COMPLU~1 ComPlus Applications
11/03/2007 01:18 PM <DIR> DIRECT~1 DirectVobSub
11/19/2007 02:08 AM <DIR> DivX
11/03/2007 01:14 PM <DIR> DVDDEC~1 DVD Decrypter
07/29/2008 11:38 PM <DIR> ESET
11/20/2007 05:35 PM <DIR> FlashGet
11/03/2007 01:15 PM <DIR> Flock
11/20/2007 05:22 PM <DIR> FREEDO~1 Free Download Manager
11/20/2007 01:12 AM <DIR> GNU
11/20/2007 08:53 AM <DIR> Google
11/03/2007 01:16 PM <DIR> GRETECH
01/08/2008 10:49 AM <DIR> HEWLET~1 Hewlett-Packard
07/26/2008 10:26 PM <DIR> HIJACK~1 Hijackthis
05/10/2008 10:35 PM <DIR> INTELL~1 Intelligent
06/11/2008 05:03 PM <DIR> INTERN~1 Internet Explorer
07/16/2008 03:53 PM <DIR> Java
11/03/2007 01:16 PM <DIR> jBrowse
02/11/2008 09:56 PM <DIR> JWPce
03/15/2008 11:37 AM <DIR> MAIET
06/12/2008 10:21 AM <DIR> MEGAUP~1 MegauploadToolbar
11/19/2007 09:17 AM <DIR> MESSEN~1 Messenger
04/10/2008 05:43 PM <DIR> MESSEN~2 Messenger Plus! Live
10/30/2007 11:08 AM <DIR> MICROS~3 Microsoft ActiveSync
10/28/2007 03:03 PM <DIR> MICROS~1 microsoft frontpage
10/30/2007 11:08 AM <DIR> MICROS~2 Microsoft Office
10/30/2007 11:08 AM <DIR> MICROS~1.NET Microsoft.NET
05/10/2008 10:30 PM <DIR> MOBILE~1 Mobile Partner
10/28/2007 03:00 PM <DIR> MOVIEM~1 Movie Maker
07/31/2008 10:42 PM <DIR> MOZILL~1 Mozilla Firefox
10/28/2007 02:58 PM <DIR> MSN
10/28/2007 02:59 PM <DIR> MSNGAM~1 MSN Gaming Zone
05/02/2008 10:23 AM <DIR> MSNMES~1 MSN Messenger
01/29/2008 05:19 AM <DIR> MSXML4~1.0 MSXML 4.0
10/30/2007 11:12 AM <DIR> Nero
10/28/2007 03:01 PM <DIR> NETMEE~1 NetMeeting
07/01/2008 05:44 PM <DIR> NHNUSA~1 NHN USA
07/30/2008 06:00 PM <DIR> NORTON~1 Norton Security Scan
05/16/2008 03:49 AM <DIR> ONLINE~1 Online Services
11/19/2007 09:16 AM <DIR> OUTLOO~1 Outlook Express
11/25/2007 04:09 PM <DIR> Outspark
03/02/2008 11:55 PM <DIR> PeerCast
07/14/2008 10:41 PM <DIR> Picasa2
06/19/2008 05:13 AM <DIR> PLUSPO~1 pluspoint2
05/18/2008 12:17 PM <DIR> PSCS2U~1 PSCS2Updater
06/05/2008 11:45 AM <DIR> QUICKT~1 QuickTime
01/21/2008 10:43 PM <DIR> REALAL~1 Real Alternative
07/08/2008 03:39 PM <DIR> Sun
01/26/2008 12:30 PM <DIR> SurgeRO
02/18/2008 08:31 PM <DIR> Surreal
07/13/2008 07:24 AM <DIR> SURVIV~1 SurvivalProject
07/26/2008 10:26 PM <DIR> TRENDM~1 Trend Micro
02/18/2008 09:06 AM <DIR> VEOHNE~1 Veoh Networks
12/26/2007 11:07 PM <DIR> VIDEOC~1 VideoCAM Eye
11/03/2007 02:42 PM <DIR> VideoLAN
05/11/2008 11:16 AM <DIR> WackGet
06/19/2008 04:25 AM <DIR> Winamp
11/03/2007 04:49 PM <DIR> WINAVI~1 WinAVI MP4 Converter
12/08/2007 11:58 AM <DIR> WINDOW~4 Windows Live
04/01/2008 04:17 AM <DIR> WI4DF6~1 Windows Media Connect 2
04/01/2008 04:38 AM <DIR> WINDOW~2 Windows Media Player
05/15/2008 03:44 AM <DIR> WINDOW~1 Windows NT
11/19/2007 01:48 AM <DIR> WinRAR
10/30/2007 11:04 AM <DIR> WinZip
10/28/2007 03:03 PM <DIR> xerox
0 File(s) 0 bytes
78 Dir(s) 1,374,117,888 bytes free
  • 0

#7
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Copy everything inside the quote box below (starting with @) and paste it into notepad. Go up to "File > Save As", click the drop-down box to change the "Save As Type" to "All Files". Save it as remlop.bat on your desktop.

@echo off
cd C:\WINDOWS\Tasks
attrib -r -s -h A51918E0918A8E7C.job
del A51918E0918A8E7C.job
exit


Double-click remlop.bat A window will open and close quickly, this is normal.


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy all the text and file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    [Kill Explorer]
    C:\Documents and Settings\user\Application Data\bolt rect math
    C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin
    C:\Program Files\bolt rect math
    EMPTYTEMP
    [Start Explorer]



  • Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be Moved" window under the blue bar and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#8
murimuri

murimuri

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
does the OTMoveIt execution usually take very long? o_o
  • 0

#9
murimuri

murimuri

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
wait nvm. it was not responding apparently.
restarted it.

Unable to kill explorer.exe
C:\Documents and Settings\user\Application Data\bolt rect math moved successfully.
Folder move failed. C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin scheduled to be moved on reboot.
File/Folder C:\Program Files\bolt rect math not found.
< EMPTYTEMP >
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\etilqs_73qMoOBBqtTBQsscGQig scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF1715.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF9704.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFE5D7.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08022008_111339

----
okay, I think it might not have been what you expected so I'll try to help a bit.. ehmm
The OTMoveIt.exe kinda died in the first round... so just to let you know what I did;

I opened the task manager (ctrl+alt+del) and ran the remlog.bat again. Then I ended the not responding OTMoveIT and opened a new one, the log of which I pasted up there. The first OTMoveIt.exe that I ran had a log whereby these:

C:\Documents and Settings\user\Application Data\bolt rect math
C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin
C:\Program Files\bolt rect math

were run successfully if I am not wrong. The execution just hanged when it read

File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\etilqs_73qMoOBBqtTBQsscGQig scheduled to be deleted on reboot.

yeah.
So anyway, in the C:\_OTMoveIt\MovedFiles folder, there are two folders. 08022008_111339 and 08022008_103016
the latter folder contains the missing files that the 08022008_111339 log reported.

Does this help in any way?

Hmm.. I'm wondering if I should just move the files from the first folder to the second folder.

Edited by murimuri, 01 August 2008 - 09:32 PM.

  • 0

#10
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
No, it's fine. You don't need to move anything.

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
  • 0

Advertisements


#11
murimuri

murimuri

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
ComboFix 08-08-01.04 - user 2008-08-03 0:40:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.262 [GMT 8:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\MMMJHL84\iforex.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\MMMJHL84\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\MMMJHL84\interclick.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\MMMJHL84\interclick.com\ud.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\ijjistarter2.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-08-02 11:19 . 2008-08-02 11:19 <DIR> d-------- C:\Documents and Settings\user\Application Data\bolt rect math
2008-08-02 10:30 . 2008-08-02 10:30 <DIR> d-------- C:\_OTMoveIt
2008-08-01 05:13 . 2008-08-01 05:11 254 --a------ C:\log.bat
2008-07-29 23:38 . 2008-07-29 23:37 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-07-29 23:38 . 2008-07-29 23:37 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-07-29 23:38 . 2008-07-29 23:37 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-07-29 10:30 . 2008-07-29 10:28 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-07-29 10:28 . 2008-07-29 10:28 <DIR> d-------- C:\WINDOWS\system32\athan
2008-07-29 10:28 . 2008-07-29 10:31 <DIR> d-------- C:\Program Files\Athan
2008-07-26 22:26 . 2008-07-26 22:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-16 15:58 . 2008-08-01 13:50 23 --a------ C:\Documents and Settings\user\jagex_runescape_preferences.dat
2008-07-12 20:03 . 2008-07-12 20:03 244 --ah----- C:\sqmnoopt05.sqm
2008-07-12 20:03 . 2008-07-12 20:03 232 --ah----- C:\sqmdata05.sqm
2008-07-08 15:39 . 2008-07-08 15:39 <DIR> d-------- C:\Program Files\Sun
2008-07-06 16:16 . 2007-11-22 22:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-07-04 15:44 . 2008-07-04 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-07-02 15:14 . 2008-07-02 15:14 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 16:45 --------- d-----w C:\Documents and Settings\user\Application Data\Free Download Manager
2008-08-02 16:40 --------- d-----w C:\Program Files\ESET
2008-08-02 16:24 --------- d-----w C:\Documents and Settings\user\Application Data\MegauploadToolbar
2008-08-02 03:35 --------- d---a-w C:\Program Files\SurvivalProject
2008-08-02 02:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 10:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-24 08:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin
2008-07-16 07:53 --------- d-----w C:\Program Files\Java
2008-07-12 23:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-04 01:07 10,520 ----a-w C:\windows\system32\avgrsstx.dll
2008-07-04 01:05 96,520 ----a-w C:\windows\system32\drivers\avgldx86.sys
2008-07-02 06:32 --------- d-----w C:\Documents and Settings\user\Application Data\dvdcss
2008-07-01 14:48 --------- d--h--w C:\Documents and Settings\user\Application Data\ijjigame
2008-07-01 09:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 09:44 --------- d-----w C:\Program Files\NHN USA
2008-07-01 09:37 --------- d-----w C:\Documents and Settings\user\Application Data\Xfire
2008-06-26 20:10 42,320 ----a-w C:\windows\system32\xfcodec.dll
2008-06-20 17:41 245,248 ----a-w C:\windows\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\windows\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\windows\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\windows\system32\drivers\tcpip6.sys
2008-06-19 23:15 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-19 12:46 2,560 ----a-w C:\windows\system32\bitcometres.dll
2008-06-18 21:13 --------- d-----w C:\Program Files\pluspoint2
2008-06-18 20:25 --------- d-----w C:\Program Files\Winamp
2008-06-18 20:05 --------- d-----w C:\Program Files\AVG
2008-06-18 20:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-18 16:41 --------- d-----w C:\Documents and Settings\user\Application Data\Winamp
2008-06-18 12:02 --------- d-----w C:\Program Files\Common Files\NSV
2008-06-17 11:28 710,064 ----a-w C:\windows\system32\ijjiSetup.exe
2008-06-13 13:53 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-06-13 13:53 --------- d-----w C:\Program Files\Adobe Media Player
2008-06-13 13:10 272,128 ------w C:\windows\system32\drivers\bthport.sys
2008-06-12 02:21 --------- d-----w C:\Program Files\MegauploadToolbar
2008-06-11 15:01 58,800 ----a-w C:\windows\system32\ijjiPlugin2.dll
2008-06-07 11:59 --------- d-----w C:\Documents and Settings\user\Application Data\Talkback
2008-06-05 03:45 --------- d-----w C:\Program Files\QuickTime
2008-05-14 19:23 3,084 ----a-w C:\windows\system32\fscflist.ini.tmp
2008-05-07 05:18 1,287,680 ----a-w C:\windows\system32\quartz.dll
2008-05-02 02:36 3,000,000 ----a-w C:\windows\system32\wmsetup.exe
2008-01-25 14:51 160 ---ha-w C:\Documents and Settings\user\hpothb07.dat
2008-01-25 14:51 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2008-01-25 14:48 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-19 16:01 171448]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-11-19 00:40 2469935]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-07 12:53 3497984]
"BitComet"="D:\Program Files\BitComet\BitComet.exe" [2008-06-03 11:42 2596152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"snpstd"="C:\windows\vsnpstd.exe" [2004-06-10 13:48 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-05 11:45 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 09:13 1232152]
"Online chin internet bolt"="C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\wma about.exe" [2008-08-02 15:27 1034752]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-07 02:25 1003520]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-29 23:37 949376]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2004-06-16 18:34:12 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 18:22:58 28672]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-10-30 11:04:39 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\grdmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"D:\\bro\\Xfire\\xfire.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7802:TCP"= 7802:TCP:BitComet 7802 TCP
"7802:UDP"= 7802:UDP:BitComet 7802 UDP
"2693:UDP"= 2693:UDP:Windows Media Format SDK (TVUPlayer.exe)
"2692:UDP"= 2692:UDP:Windows Media Format SDK (TVUPlayer.exe)
"2697:UDP"= 2697:UDP:Windows Media Format SDK (TVUPlayer.exe)

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\windows\system32\Drivers\avgldx86.sys [2008-07-04 09:05]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:10]
S3 IOIDDEV;IOIDDEV;C:\Program Files\SurvivalProject\config\ioid.sys []
S3 NOWMEMDF;NOWMEMDF;C:\windows\system32\NOWMEMDF.sys [2005-11-02 19:23]
S3 XDva037;XDva037;C:\windows\system32\XDva037.sys []
S3 XDva104;XDva104;C:\windows\system32\XDva104.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02bb4b15-bd97-11dc-acac-000b6a4a4ae6}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3421e7a4-bf17-11dc-acb0-000b6a4a4ae6}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee4ee206-8530-11dc-8135-000b6a4a4ae6}]
\Shell\Auto\command - OSO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-02 C:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1201271611.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06]

2008-04-26 C:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1201327381.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06]

2008-08-01 C:\windows\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Delete Once - C:\DOCUME~1\user\APPLIC~1\BOLTRE~1\Mode memo.exe
HKCU-Run-Mobile Partner - C:\Program Files\Mobile Partner\Mobile Partner.exe
HKLM-Run-pluspoint2 - C:\Program Files\pluspoint2\pluspoint2.exe
HKLM-Run-ClubBox - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\0lymnng8.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 00:45:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-08-03 0:49:27
ComboFix-quarantined-files.txt 2008-08-02 16:48:20

Pre-Run: 5,050,638,336 bytes free
Post-Run: 6,317,240,320 bytes free

197 --- E O F --- 2008-08-02 03:26:31

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:44 AM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\svchost.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\windows\system32\conime.exe
C:\windows\system32\notepad.exe
C:\windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: jBrowse Toolbar - {9E5BD40E-6287-11D6-9772-0002A5DD2483} - C:\PROGRA~1\jBrowse\JBO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\windows\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Online chin internet bolt] C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\wma about.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ?????? - {62E65991-BAFA-4AFB-9B40-06039E276D28} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co....MSpeedCheck.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.c...a/SpeedCtrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {760FF20F-B852-4ED7-AE91-F1DE355C080F} (pluspoint) - http://file.pluscoin...spoint2inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.c...MultiUpload.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\windows\SYSTEM32\slserv.exe

--
End of file - 9521 bytes







p.s. can i get autorun back? xD i prefer it. thanks!
  • 0

#12
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
If you use an external or flash drive, please insert it before doing all of the following.

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Open Notepad and copy and paste the text in the code box below into it:

File::
C:\OSO.exe
G:\OSO.exe

Folder::
C:\Documents and Settings\user\Application Data\bolt rect math
C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Online chin internet bolt"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee4ee206-8530-11dc-8135-000b6a4a4ae6}]

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

Posted Image


This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
  • 0

#13
murimuri

murimuri

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
ComboFix 08-08-01.04 - user 2008-08-03 15:25:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.237 [GMT 8:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\OSO.exe
G:\OSO.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin
C:\Documents and Settings\user\Application Data\bolt rect math

.
((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-02 10:30 . 2008-08-02 10:30 <DIR> d-------- C:\_OTMoveIt
2008-08-01 05:13 . 2008-08-01 05:11 254 --a------ C:\log.bat
2008-07-29 23:38 . 2008-07-29 23:37 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-07-29 23:38 . 2008-07-29 23:37 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-07-29 23:38 . 2008-07-29 23:37 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-07-29 10:30 . 2008-07-29 10:28 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-07-29 10:28 . 2008-07-29 10:28 <DIR> d-------- C:\WINDOWS\system32\athan
2008-07-29 10:28 . 2008-07-29 10:31 <DIR> d-------- C:\Program Files\Athan
2008-07-26 22:26 . 2008-07-26 22:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-16 15:58 . 2008-08-01 13:50 23 --a------ C:\Documents and Settings\user\jagex_runescape_preferences.dat
2008-07-12 20:03 . 2008-07-12 20:03 244 --ah----- C:\sqmnoopt05.sqm
2008-07-12 20:03 . 2008-07-12 20:03 232 --ah----- C:\sqmdata05.sqm
2008-07-08 15:39 . 2008-07-08 15:39 <DIR> d-------- C:\Program Files\Sun
2008-07-06 16:16 . 2007-11-22 22:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-07-04 15:44 . 2008-07-04 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 07:32 --------- d-----w C:\Documents and Settings\user\Application Data\Free Download Manager
2008-08-03 07:18 --------- d-----w C:\Documents and Settings\user\Application Data\MegauploadToolbar
2008-08-03 06:45 --------- d-----w C:\Program Files\ESET
2008-08-02 03:35 --------- d---a-w C:\Program Files\SurvivalProject
2008-08-02 02:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 10:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-16 07:53 --------- d-----w C:\Program Files\Java
2008-07-12 23:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-04 01:07 10,520 ----a-w C:\windows\system32\avgrsstx.dll
2008-07-04 01:05 96,520 ----a-w C:\windows\system32\drivers\avgldx86.sys
2008-07-02 07:14 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-07-02 06:32 --------- d-----w C:\Documents and Settings\user\Application Data\dvdcss
2008-07-01 14:48 --------- d--h--w C:\Documents and Settings\user\Application Data\ijjigame
2008-07-01 09:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 09:44 --------- d-----w C:\Program Files\NHN USA
2008-07-01 09:37 --------- d-----w C:\Documents and Settings\user\Application Data\Xfire
2008-06-26 20:10 42,320 ----a-w C:\windows\system32\xfcodec.dll
2008-06-20 17:41 245,248 ----a-w C:\windows\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\windows\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\windows\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\windows\system32\drivers\tcpip6.sys
2008-06-19 23:15 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-19 12:46 2,560 ----a-w C:\windows\system32\bitcometres.dll
2008-06-18 21:13 --------- d-----w C:\Program Files\pluspoint2
2008-06-18 20:25 --------- d-----w C:\Program Files\Winamp
2008-06-18 20:05 --------- d-----w C:\Program Files\AVG
2008-06-18 20:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-18 16:41 --------- d-----w C:\Documents and Settings\user\Application Data\Winamp
2008-06-18 12:02 --------- d-----w C:\Program Files\Common Files\NSV
2008-06-17 11:28 710,064 ----a-w C:\windows\system32\ijjiSetup.exe
2008-06-13 13:53 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-06-13 13:53 --------- d-----w C:\Program Files\Adobe Media Player
2008-06-13 13:10 272,128 ------w C:\windows\system32\drivers\bthport.sys
2008-06-12 02:21 --------- d-----w C:\Program Files\MegauploadToolbar
2008-06-11 15:01 58,800 ----a-w C:\windows\system32\ijjiPlugin2.dll
2008-06-07 11:59 --------- d-----w C:\Documents and Settings\user\Application Data\Talkback
2008-06-05 03:45 --------- d-----w C:\Program Files\QuickTime
2008-05-14 19:23 3,084 ----a-w C:\windows\system32\fscflist.ini.tmp
2008-05-07 05:18 1,287,680 ----a-w C:\windows\system32\quartz.dll
2008-01-25 14:51 160 ---ha-w C:\Documents and Settings\user\hpothb07.dat
2008-01-25 14:51 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2008-01-25 14:48 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-03_ 0.47.04.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-22 11:07:56 91,488 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-03-22 11:07:54 80,224 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-04-19 05:53:52 137,568 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 05:41:06 10,352,472 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 06:09:30 167,256 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 05:53:52 127,328 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 05:54:04 183,136 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-06-18 09:16:32 12,259,160 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-10 05:35:04 6,747,480 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2007-05-31 05:43:46 7,613,280 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 05:53:44 106,336 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 05:42:14 200,032 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 05:53:56 149,856 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 05:53:24 69,984 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-05-31 05:35:46 133,976 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-05-31 05:36:08 612,184 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-10 05:34:48 562,528 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-03-22 11:07:10 41,824 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 11:07:54 78,168 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 11:22:02 103,264 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-09 09:19:48 2,585,936 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 05:37:40 12,310,368 ----a-r C:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
- 2008-08-02 03:25:47 593,920 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-08-03 06:59:03 593,920 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-08-02 03:25:47 12,288 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-08-03 06:59:03 12,288 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-08-02 03:25:47 86,016 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-08-03 06:59:04 86,016 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-08-02 03:25:46 135,168 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-03 06:59:03 135,168 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-02 03:25:47 11,264 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-08-03 06:59:04 11,264 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-08-02 03:25:47 27,136 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-08-03 06:59:04 27,136 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-08-02 03:25:47 4,096 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-08-03 06:59:04 4,096 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-08-02 03:25:48 794,624 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-08-03 06:59:04 794,624 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-08-02 03:25:46 249,856 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-08-03 06:59:03 249,856 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-02 03:25:46 61,440 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-08-03 06:59:03 61,440 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-08-02 03:25:48 23,040 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-08-03 06:59:04 23,040 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-08-02 03:25:46 286,720 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-08-03 06:59:03 286,720 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-08-02 03:25:46 409,600 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-08-03 06:59:03 409,600 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-19 16:01 171448]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-11-19 00:40 2469935]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-07 12:53 3497984]
"BitComet"="D:\Program Files\BitComet\BitComet.exe" [2008-06-03 11:42 2596152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 20:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 20:00 455168]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"snpstd"="C:\windows\vsnpstd.exe" [2004-06-10 13:48 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-05 11:45 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 09:13 1232152]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-07 02:25 1003520]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-29 23:37 949376]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2004-06-16 18:34:12 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 18:22:58 28672]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-10-30 11:04:39 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\grdmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"D:\\bro\\Xfire\\xfire.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7802:TCP"= 7802:TCP:BitComet 7802 TCP
"7802:UDP"= 7802:UDP:BitComet 7802 UDP
"2693:UDP"= 2693:UDP:Windows Media Format SDK (TVUPlayer.exe)
"2692:UDP"= 2692:UDP:Windows Media Format SDK (TVUPlayer.exe)
"2697:UDP"= 2697:UDP:Windows Media Format SDK (TVUPlayer.exe)

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\windows\system32\Drivers\avgldx86.sys [2008-07-04 09:05]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:10]
S3 IOIDDEV;IOIDDEV;C:\Program Files\SurvivalProject\config\ioid.sys []
S3 NOWMEMDF;NOWMEMDF;C:\windows\system32\NOWMEMDF.sys [2005-11-02 19:23]
S3 XDva037;XDva037;C:\windows\system32\XDva037.sys []
S3 XDva104;XDva104;C:\windows\system32\XDva104.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02bb4b15-bd97-11dc-acac-000b6a4a4ae6}]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3421e7a4-bf17-11dc-acb0-000b6a4a4ae6}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-08-02 C:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1201271611.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06]

2008-04-26 C:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1201327381.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 18:06]

2008-08-01 C:\windows\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 15:32:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-03 15:37:32
ComboFix-quarantined-files.txt 2008-08-03 07:36:31
ComboFix2.txt 2008-08-02 16:49:29

Pre-Run: 5,655,851,008 bytes free
Post-Run: 6,003,109,888 bytes free

226 --- E O F --- 2008-08-03 06:59:08






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:14 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\conime.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: jBrowse Toolbar - {9E5BD40E-6287-11D6-9772-0002A5DD2483} - C:\PROGRA~1\jBrowse\JBO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\windows\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ?????? - {62E65991-BAFA-4AFB-9B40-06039E276D28} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co....MSpeedCheck.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.c...a/SpeedCtrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {760FF20F-B852-4ED7-AE91-F1DE355C080F} (pluspoint) - http://file.pluscoin...spoint2inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.c...MultiUpload.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\windows\SYSTEM32\slserv.exe

--
End of file - 9314 bytes
  • 0

#14
Cookiegal

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Are you having trouble with your Office installation?


Please go to Start - Run - type in eventvwr.msc to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.
  • 0

#15
murimuri

murimuri

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
SORRY FOR MY LATE REPLY. because its late, I'm giving the list of errors from the 03-08 to present, is that okay? >< (and boy, it's alot. wow)
and uhm, my office installation seems fine?

APPLICATION

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 8/6/2008
Time: 6:33:22 PM
User: N/A
Computer: USER-22F971AA57
Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 37 re.exe 7
0020: 2e 30 2e 36 30 30 30 2e .0.6000.
0028: 31 36 36 37 34 20 69 6e 16674 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 8/6/2008
Time: 3:12:31 PM
User: N/A
Computer: USER-22F971AA57
Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 37 re.exe 7
0020: 2e 30 2e 36 30 30 30 2e .0.6000.
0028: 31 36 36 37 34 20 69 6e 16674 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 8/5/2008
Time: 11:20:19 PM
User: N/A
Computer: USER-22F971AA57
Description:
Faulting application gom.exe, version 2.1.9.3754, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 67 6f 6d ure gom
0018: 2e 65 78 65 20 32 2e 31 .exe 2.1
0020: 2e 39 2e 33 37 35 34 20 .9.3754
0028: 69 6e 20 6e 74 64 6c 6c in ntdll
0030: 2e 64 6c 6c 20 35 2e 31 .dll 5.1
0038: 2e 32 36 30 30 2e 32 31 .2600.21
0040: 38 30 20 61 74 20 6f 66 80 at of
0048: 66 73 65 74 20 30 30 30 fset 000
0050: 31 30 66 32 39 0d 0a 10f29..

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 8/4/2008
Time: 11:08:48 PM
User: N/A
Computer: USER-22F971AA57
Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 37 2e 30 2e 36 30 e 7.0.60
0028: 30 30 2e 31 36 36 37 34 00.16674
0030: 20 69 6e 20 6e 74 64 6c in ntdl
0038: 6c 2e 64 6c 6c 20 35 2e l.dll 5.
0040: 31 2e 32 36 30 30 2e 32 1.2600.2
0048: 31 38 30 20 61 74 20 6f 180 at o
0050: 66 66 73 65 74 20 30 30 ffset 00
0058: 30 31 38 66 65 61 0d 0a 018fea..

Event Type: Error
Event Source: SecurityCenter
Event Category: None
Event ID: 1802
Date: 8/3/2008
Time: 8:05:54 PM
User: N/A
Computer: USER-22F971AA57
Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 14 10 04 80 ...€

Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 27
Date: 8/3/2008
Time: 8:05:53 PM
User: N/A
Computer: USER-22F971AA57
Description:
WinMgmt could not open the repository file. This could be due to insufficient security access to the "<%SystemRoot%>\System32\WBEM\Repository", insufficient disk space or insufficient memory.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

---
SYSTEM

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/6/2008
Time: 2:48:35 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 07 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/6/2008
Time: 2:43:22 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 06 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/6/2008
Time: 2:41:28 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 05 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: BROWSER
Event Category: None
Event ID: 8009
Date: 8/6/2008
Time: 2:36:18 PM
User: N/A
Computer: USER-22F971AA57
Description:
The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is MUHAMMADKHALID.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 34 00 00 00 4...

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/6/2008
Time: 2:36:18 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 04 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/6/2008
Time: 2:31:08 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 03 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/6/2008
Time: 2:26:24 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 02 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/6/2008
Time: 2:21:14 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 01 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/6/2008
Time: 2:21:02 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: MRxSmb
Event Category: None
Event ID: 8003
Date: 8/4/2008
Time: 5:19:40 PM
User: N/A
Computer: USER-22F971AA57
Description:
The master browser has received a server announcement from the computer MUHAMMADKHALID that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6403BCE0-291A. The master browser is stopping or an election is being forced.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00 ......N.
0008: 00 00 00 00 43 1f 00 c0 ....C..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/4/2008
Time: 5:13:14 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 05 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: BROWSER
Event Category: None
Event ID: 8009
Date: 8/4/2008
Time: 5:08:04 PM
User: N/A
Computer: USER-22F971AA57
Description:
The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is MUHAMMADKHALID.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 34 00 00 00 4...

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/4/2008
Time: 5:08:04 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 04 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/4/2008
Time: 5:02:54 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 03 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/4/2008
Time: 4:57:44 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 02 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/4/2008
Time: 4:56:41 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 01 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date: 8/4/2008
Time: 4:56:30 PM
User: N/A
Computer: USER-22F971AA57
Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7016
Date: 8/3/2008
Time: 3:26:28 PM
User: N/A
Computer: USER-22F971AA57
Description:
The SmartLinkService service has reported an invalid current state 0.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7016
Date: 8/3/2008
Time: 12:41:20 AM
User: N/A
Computer: USER-22F971AA57
Description:
The SmartLinkService service has reported an invalid current state 0.

For more information, see Help and Support Center at http://go.microsoft....link/events.asp.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP