 |  |  |  |  |  |  |  |
VIRUS ALERT! in taskbar and I cant see the C drive or run
Thread Solved |
•
•
Join Date: Feb 2004
Posts: 10,044
Reputation: 
Solved Threads: 761
Log looks ok, but can you rename hijackthis.exe to analysethis and rescan and post another log please.
========
kmf2008. Welcome to Daniweb, but please start your own thread instead of hijacking this one
.
========
kmf2008. Welcome to Daniweb, but please start your own thread instead of hijacking this one
. Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
just right click hijackthis and click rename and put analysethis? not sure if thats what you meant but I tried that and now it wont open because it says changing the file name made it unstable.
•
•
•
•
Originally Posted by crunchie 
kmf2008. Welcome to Daniweb, but please start your own thread instead of hijacking this one
•
•
Join Date: Feb 2004
Posts: 10,044
Reputation:
Solved Threads: 761
•
•
•
•
Originally Posted by swfcrule4eva
just right click hijackthis and click rename and put analysethis? not sure if thats what you meant but I tried that and now it wont open because it says changing the file name made it unstable.
Do not change the file extension, just the file name.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
I did that but it keeps saying "if you change a file name extension, the file may become unstable" even though im doing what you said and not trying to change the extension.
•
•
Join Date: Feb 2004
Posts: 10,044
Reputation:
Solved Threads: 761
Wierd. Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Deckard's System Scanner v20071014.68
Run by Rob on 2008-06-17 08:57:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 4 Restore Point(s) --
4: 2008-06-17 07:44:45 UTC - RP10 - Deckard's System Scanner Restore Point
3: 2008-06-16 18:11:32 UTC - RP9 - System Checkpoint
2: 2008-06-15 14:21:40 UTC - RP8 - Installed Folder Guard Professional Edition 7.91
1: 2008-06-11 02:00:38 UTC - RP7 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 2.4 GiB (less than 15%) free.
-- HijackThis (run as Rob.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:59:04, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Folder Guard Pro\FGKey.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
C:\Program Files\Sheffield Wednesday - DNA\app.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temporary Internet Files\Content.IE5\35EWTHFC\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rob.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard Pro\FGKey.exe /Start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sheffield Wednesday - Desktop News Alerts] C:\Program Files\Sheffield Wednesday - DNA\launch.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 9923 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080427-215616-312 O4 - HKLM\..\Run: [BMd31f0700] Rundll32.exe "C:\WINDOWS\system32\limaqdtv.dll",s
backup-20080427-215616-801 O4 - HKLM\..\Run: [d02c349c] rundll32.exe "C:\WINDOWS\system32\vsxjfsya.dll",b
backup-20080430-233949-203 O2 - BHO: (no name) - {0BB6EF78-FFC8-4F7A-BD2C-09DA1169A4B5} - C:\WINDOWS\system32\qoMfeFus.dll (file missing)
backup-20080430-233949-296 O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
backup-20080430-233949-485 O16 - DPF: {46058878-5352-4550-8CD0-839BE09FAD8E} (PowerFootball1.PowerFootballLoader1) - http://adidas.powerchallenge.com/app...ballLoader.CAB
backup-20080430-233949-621 O2 - BHO: (no name) - {DE941056-6FDB-4A2F-8830-A6522C79D0DB} - C:\WINDOWS\system32\nnnoLEXq.dll (file missing)
backup-20080430-233949-841 O2 - BHO: {4af55fbc-3bd3-79db-de94-0b2c00568da4} - {4ad86500-c2b0-49ed-bd97-3db3cbf55fa4} - C:\WINDOWS\system32\xwblcdiq.dll (file missing)
backup-20080430-233950-344 O20 - Winlogon Notify: qoMfeFus - qoMfeFus.dll (file missing)
backup-20080508-180600-181 O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
backup-20080508-180600-401 O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Rob.ROBERT\cftmon.exe
backup-20080508-180600-546 O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
backup-20080519-202508-243 O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
-- File Associations -----------------------------------------------------------
.chm - unable to read key
.chm - unable to read key
.js - unable to read key
.js - unable to read key
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 catchme - c:\docume~1\rob~1.rob\locals~1\temp\catchme.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S2 UleadBurningHelper (Ulead Burning Helper) - c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01811028&REV_03\4&10416D21&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01811028&REV_03\4&10416D21&0&40F0
Service: E100B
-- Scheduled Tasks -------------------------------------------------------------
2008-06-17 08:41:03 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-01 00:02:36 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-05-17 and 2008-06-17 -----------------------------
2008-06-16 23:55:32 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\MailFrontier
2008-06-16 23:46:46 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2008-06-16 23:46:24 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-16 17:25:16 0 d-------- C:\Program Files\uTorrent
2008-06-16 17:25:14 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\uTorrent
2008-06-15 15:23:07 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\Folder Guard
2008-06-15 15:21:42 0 d-------- C:\Program Files\Folder Guard Pro
2008-06-15 13:29:37 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\Malwarebytes
2008-06-15 13:29:27 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-15 13:29:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-15 10:06:53 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\TmpRecentIcons
2008-06-15 00:33:51 92544 -----n--- C:\WINDOWS\system32\brhxuhem.dll
2008-06-15 00:32:58 323456 -----n--- C:\WINDOWS\system32\ljJBtqqP.dll
2008-06-15 00:27:56 155648 -----n--- C:\WINDOWS\rtsplgob.dll
2008-06-15 00:27:55 29824 -----n--- C:\WINDOWS\system32\awtrSkjI.dll
2008-06-15 00:27:55 245760 -----n--- C:\WINDOWS\kvsdpfeadgl.dll
2008-06-02 23:48:24 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-05-27 16:36:27 0 d--h----- C:\Documents and Settings\Rob.ROBERT\igLoader Files
2008-05-23 20:38:41 0 d-------- C:\Program Files\Alwil Software
-- Find3M Report ---------------------------------------------------------------
2008-06-17 08:53:42 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 1
2008-06-17 08:52:50 0 d-------- C:\Program Files\Sheffield Wednesday - DNA
2008-06-17 08:48:40 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\LimeWire
2008-06-17 08:03:21 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-16 17:29:03 0 d-------- C:\Program Files\LimeWire
2008-05-20 03:00:52 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-10 18:17:18 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\Adobe
2008-05-05 19:38:24 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-01 00:26:04 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 00:22:35 0 d-------- C:\Program Files\iTunes
2008-05-01 00:21:51 0 d-------- C:\Program Files\iPod
2008-05-01 00:17:37 0 d-------- C:\Program Files\QuickTime
2008-05-01 00:05:02 0 d-------- C:\Program Files\Safari
2008-04-30 18:54:36 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\AVGTOOLBAR
2008-04-27 22:06:00 374115 --ahs---- C:\WINDOWS\system32\qXELonnn.ini2
2008-04-27 12:57:09 0 d-------- C:\Program Files\AVG
2008-04-17 18:03:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-17 18:03:35 0 d-------- C:\Program Files\Memeo
2008-04-17 18:03:35 0 d-------- C:\Program Files\Common Files
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [27/07/2006 16:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [18/11/2006 23:53]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [27/02/2008 17:56]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [07/08/2007 01:05]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [14/11/2007 16:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"FG_Monitor"="C:\Program Files\Folder Guard Pro\FGKey.exe" [25/02/2007 00:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02/04/2008 21:07]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [12/08/2004 14:56]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"Sheffield Wednesday - Desktop News Alerts"="C:\Program Files\Sheffield Wednesday - DNA\launch.exe" [07/04/2006 18:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [25/06/2007 19:43]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [27/02/2008 17:56]
C:\Documents and Settings\Rob.ROBERT\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 20:24:54]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe [24/08/2006 09:44:45]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispCPL"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMorePrograms"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoSetFolders"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
-- End of Deckard's System Scanner: finished at 2008-06-17 09:01:31 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2558.07 MiB / 2000.62 MiB
Pagefile Memory (total/avail): 3173.29 MiB / 2659.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.16 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 70.93 GiB total, 2.4 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is Fixed (FAT32) - 465.65 GiB total, 463.12 GiB free.
\\.\PHYSICALDRIVE0 - Maxtor 6Y080M0 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 70.93 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB
\\.\PHYSICALDRIVE1 - WD 5000AAV External USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Unknown - 465.76 GiB - G:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntivirusOverride is set.
FW: ZoneAlarm Security Suite Firewall v7.0.473.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.473.000 (Check Point, LTD.)
AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:Enabled:µTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:Enabled
elivery Manager Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:Enabled:iTunes"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Rob.ROBERT\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CM3_DATA=C:\Program Files\Championship Manager 01-02\data\
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROBERT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rob.ROBERT
LOGONSERVER=\\ROBERT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ROB~1.ROB\LOCALS~1\Temp
TMP=C:\DOCUME~1\ROB~1.ROB\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=ROBERT
USERNAME=Rob
USERPROFILE=C:\Documents and Settings\Rob.ROBERT
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Rob.ROBERT (admin)
Administrator.ROBERT (admin)
-- Add/Remove Programs ---------------------------------------------------------
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
HijackThis 2.0.2 --> "C:\PROGRA~1\TRENDM~1\HIJACK~1\HijackThis.exe" /uninstall
Tapani Patch Addition --> rundll32.exe dfshim.dll,ShArpMaintain Tapani Patch Addition.application, Culture=neutral, PublicKeyToken=b9cb9cadbaafeb31, processorArchitecture=msil
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type19518 / Error
Event Submitted/Written: 06/17/2008 08:15:18 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application KService.exe, version 5.12.707.160, faulting module KService.exe, version 5.12.707.160, fault address 0x0021215a.
Processing media-specific event for [KService.exe!ws!]
Event Record #/Type19513 / Error
Event Submitted/Written: 06/17/2008 00:08:05 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application KService.exe, version 5.12.707.160, faulting module KService.exe, version 5.12.707.160, fault address 0x0021215a.
Processing media-specific event for [KService.exe!ws!]
Event Record #/Type19496 / Success
Event Submitted/Written: 06/16/2008 10:34:03 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type19485 / Error
Event Submitted/Written: 06/16/2008 10:00:38 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x000108a9.
Processing media-specific event for [services.exe!ws!]
Event Record #/Type19477 / Success
Event Submitted/Written: 06/16/2008 09:52:40 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2020747 / Error
Event Submitted/Written: 06/17/2008 08:51:56 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The KService service hung on starting.
Event Record #/Type2020746 / Error
Event Submitted/Written: 06/17/2008 08:51:55 AM
Event ID/Source: 1003 / System Error
Event Description:
Error code 10000050, parameter1 bad0b148, parameter2 00000000, parameter3 8056c77b, parameter4 00000000.
Event Record #/Type2020744 / Error
Event Submitted/Written: 06/17/2008 08:49:20 AM / 06/17/2008 08:50:20 AM
Event ID/Source: 5003 / E100B
Event Description:
Intel(R) PRO/100 VE Network Connection : Could not find an adapter.
Event Record #/Type2020743 / Error
Event Submitted/Written: 06/17/2008 08:50:04 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Ulead Burning Helper service failed to start due to the following error:
%%2
Event Record #/Type2020739 / Warning
Event Submitted/Written: 06/17/2008 08:35:13 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
-- End of Deckard's System Scanner: finished at 2008-06-17 09:01:31 ------------
Run by Rob on 2008-06-17 08:57:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 4 Restore Point(s) --
4: 2008-06-17 07:44:45 UTC - RP10 - Deckard's System Scanner Restore Point
3: 2008-06-16 18:11:32 UTC - RP9 - System Checkpoint
2: 2008-06-15 14:21:40 UTC - RP8 - Installed Folder Guard Professional Edition 7.91
1: 2008-06-11 02:00:38 UTC - RP7 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 2.4 GiB (less than 15%) free.
-- HijackThis (run as Rob.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:59:04, on 17/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Folder Guard Pro\FGKey.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
C:\Program Files\Sheffield Wednesday - DNA\app.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temporary Internet Files\Content.IE5\35EWTHFC\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rob.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard Pro\FGKey.exe /Start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sheffield Wednesday - Desktop News Alerts] C:\Program Files\Sheffield Wednesday - DNA\launch.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 9923 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080427-215616-312 O4 - HKLM\..\Run: [BMd31f0700] Rundll32.exe "C:\WINDOWS\system32\limaqdtv.dll",s
backup-20080427-215616-801 O4 - HKLM\..\Run: [d02c349c] rundll32.exe "C:\WINDOWS\system32\vsxjfsya.dll",b
backup-20080430-233949-203 O2 - BHO: (no name) - {0BB6EF78-FFC8-4F7A-BD2C-09DA1169A4B5} - C:\WINDOWS\system32\qoMfeFus.dll (file missing)
backup-20080430-233949-296 O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
backup-20080430-233949-485 O16 - DPF: {46058878-5352-4550-8CD0-839BE09FAD8E} (PowerFootball1.PowerFootballLoader1) - http://adidas.powerchallenge.com/app...ballLoader.CAB
backup-20080430-233949-621 O2 - BHO: (no name) - {DE941056-6FDB-4A2F-8830-A6522C79D0DB} - C:\WINDOWS\system32\nnnoLEXq.dll (file missing)
backup-20080430-233949-841 O2 - BHO: {4af55fbc-3bd3-79db-de94-0b2c00568da4} - {4ad86500-c2b0-49ed-bd97-3db3cbf55fa4} - C:\WINDOWS\system32\xwblcdiq.dll (file missing)
backup-20080430-233950-344 O20 - Winlogon Notify: qoMfeFus - qoMfeFus.dll (file missing)
backup-20080508-180600-181 O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
backup-20080508-180600-401 O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Rob.ROBERT\cftmon.exe
backup-20080508-180600-546 O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
backup-20080519-202508-243 O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
-- File Associations -----------------------------------------------------------
.chm - unable to read key
.chm - unable to read key
.js - unable to read key
.js - unable to read key
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 catchme - c:\docume~1\rob~1.rob\locals~1\temp\catchme.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S2 UleadBurningHelper (Ulead Burning Helper) - c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01811028&REV_03\4&10416D21&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01811028&REV_03\4&10416D21&0&40F0
Service: E100B
-- Scheduled Tasks -------------------------------------------------------------
2008-06-17 08:41:03 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-01 00:02:36 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-05-17 and 2008-06-17 -----------------------------
2008-06-16 23:55:32 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\MailFrontier
2008-06-16 23:46:46 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2008-06-16 23:46:24 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-16 17:25:16 0 d-------- C:\Program Files\uTorrent
2008-06-16 17:25:14 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\uTorrent
2008-06-15 15:23:07 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\Folder Guard
2008-06-15 15:21:42 0 d-------- C:\Program Files\Folder Guard Pro
2008-06-15 13:29:37 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\Malwarebytes
2008-06-15 13:29:27 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-15 13:29:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-15 10:06:53 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\TmpRecentIcons
2008-06-15 00:33:51 92544 -----n--- C:\WINDOWS\system32\brhxuhem.dll
2008-06-15 00:32:58 323456 -----n--- C:\WINDOWS\system32\ljJBtqqP.dll
2008-06-15 00:27:56 155648 -----n--- C:\WINDOWS\rtsplgob.dll
2008-06-15 00:27:55 29824 -----n--- C:\WINDOWS\system32\awtrSkjI.dll
2008-06-15 00:27:55 245760 -----n--- C:\WINDOWS\kvsdpfeadgl.dll
2008-06-02 23:48:24 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-05-27 16:36:27 0 d--h----- C:\Documents and Settings\Rob.ROBERT\igLoader Files
2008-05-23 20:38:41 0 d-------- C:\Program Files\Alwil Software
-- Find3M Report ---------------------------------------------------------------
2008-06-17 08:53:42 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 1
2008-06-17 08:52:50 0 d-------- C:\Program Files\Sheffield Wednesday - DNA
2008-06-17 08:48:40 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\LimeWire
2008-06-17 08:03:21 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-16 17:29:03 0 d-------- C:\Program Files\LimeWire
2008-05-20 03:00:52 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-10 18:17:18 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\Adobe
2008-05-05 19:38:24 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-01 00:26:04 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 00:22:35 0 d-------- C:\Program Files\iTunes
2008-05-01 00:21:51 0 d-------- C:\Program Files\iPod
2008-05-01 00:17:37 0 d-------- C:\Program Files\QuickTime
2008-05-01 00:05:02 0 d-------- C:\Program Files\Safari
2008-04-30 18:54:36 0 d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\AVGTOOLBAR
2008-04-27 22:06:00 374115 --ahs---- C:\WINDOWS\system32\qXELonnn.ini2
2008-04-27 12:57:09 0 d-------- C:\Program Files\AVG
2008-04-17 18:03:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-17 18:03:35 0 d-------- C:\Program Files\Memeo
2008-04-17 18:03:35 0 d-------- C:\Program Files\Common Files
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [27/07/2006 16:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [18/11/2006 23:53]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [27/02/2008 17:56]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [07/08/2007 01:05]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [14/11/2007 16:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"FG_Monitor"="C:\Program Files\Folder Guard Pro\FGKey.exe" [25/02/2007 00:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [02/04/2008 21:07]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [12/08/2004 14:56]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"Sheffield Wednesday - Desktop News Alerts"="C:\Program Files\Sheffield Wednesday - DNA\launch.exe" [07/04/2006 18:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [25/06/2007 19:43]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [27/02/2008 17:56]
C:\Documents and Settings\Rob.ROBERT\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 20:24:54]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe [24/08/2006 09:44:45]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispCPL"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMorePrograms"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoSetFolders"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
-- End of Deckard's System Scanner: finished at 2008-06-17 09:01:31 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2558.07 MiB / 2000.62 MiB
Pagefile Memory (total/avail): 3173.29 MiB / 2659.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.16 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 70.93 GiB total, 2.4 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is Fixed (FAT32) - 465.65 GiB total, 463.12 GiB free.
\\.\PHYSICALDRIVE0 - Maxtor 6Y080M0 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 70.93 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB
\\.\PHYSICALDRIVE1 - WD 5000AAV External USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Unknown - 465.76 GiB - G:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntivirusOverride is set.
FW: ZoneAlarm Security Suite Firewall v7.0.473.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.473.000 (Check Point, LTD.)
AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
:Enabled:Windows Live Messenger""C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe
:Enabled:Windows Live Messenger (Phone)"[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe
:Enabled:µTorrent""C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe
:Enabled:LimeWire""C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
:Enabled:Windows Live Messenger""C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe
:Enabled:Windows Live Messenger (Phone)""C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe
:Enabledelivery Manager Service""C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe
:Enabled:iTunes"-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Rob.ROBERT\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CM3_DATA=C:\Program Files\Championship Manager 01-02\data\
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROBERT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rob.ROBERT
LOGONSERVER=\\ROBERT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ROB~1.ROB\LOCALS~1\Temp
TMP=C:\DOCUME~1\ROB~1.ROB\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=ROBERT
USERNAME=Rob
USERPROFILE=C:\Documents and Settings\Rob.ROBERT
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Rob.ROBERT (admin)
Administrator.ROBERT (admin)
-- Add/Remove Programs ---------------------------------------------------------
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
HijackThis 2.0.2 --> "C:\PROGRA~1\TRENDM~1\HIJACK~1\HijackThis.exe" /uninstall
Tapani Patch Addition --> rundll32.exe dfshim.dll,ShArpMaintain Tapani Patch Addition.application, Culture=neutral, PublicKeyToken=b9cb9cadbaafeb31, processorArchitecture=msil
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type19518 / Error
Event Submitted/Written: 06/17/2008 08:15:18 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application KService.exe, version 5.12.707.160, faulting module KService.exe, version 5.12.707.160, fault address 0x0021215a.
Processing media-specific event for [KService.exe!ws!]
Event Record #/Type19513 / Error
Event Submitted/Written: 06/17/2008 00:08:05 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application KService.exe, version 5.12.707.160, faulting module KService.exe, version 5.12.707.160, fault address 0x0021215a.
Processing media-specific event for [KService.exe!ws!]
Event Record #/Type19496 / Success
Event Submitted/Written: 06/16/2008 10:34:03 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type19485 / Error
Event Submitted/Written: 06/16/2008 10:00:38 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application services.exe, version 5.1.2600.2180, faulting module services.exe, version 5.1.2600.2180, fault address 0x000108a9.
Processing media-specific event for [services.exe!ws!]
Event Record #/Type19477 / Success
Event Submitted/Written: 06/16/2008 09:52:40 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2020747 / Error
Event Submitted/Written: 06/17/2008 08:51:56 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The KService service hung on starting.
Event Record #/Type2020746 / Error
Event Submitted/Written: 06/17/2008 08:51:55 AM
Event ID/Source: 1003 / System Error
Event Description:
Error code 10000050, parameter1 bad0b148, parameter2 00000000, parameter3 8056c77b, parameter4 00000000.
Event Record #/Type2020744 / Error
Event Submitted/Written: 06/17/2008 08:49:20 AM / 06/17/2008 08:50:20 AM
Event ID/Source: 5003 / E100B
Event Description:
Intel(R) PRO/100 VE Network Connection : Could not find an adapter.
Event Record #/Type2020743 / Error
Event Submitted/Written: 06/17/2008 08:50:04 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Ulead Burning Helper service failed to start due to the following error:
%%2
Event Record #/Type2020739 / Warning
Event Submitted/Written: 06/17/2008 08:35:13 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
-- End of Deckard's System Scanner: finished at 2008-06-17 09:01:31 ------------
•
•
Join Date: Feb 2004
Posts: 10,044
Reputation:
Solved Threads: 761
Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.
C:\WINDOWS\system32\brhxuhem.dll
C:\WINDOWS\system32\ljJBtqqP.dll
C:\WINDOWS\rtsplgob.dll
C:\WINDOWS\system32\awtrSkjI.dll
C:\WINDOWS\kvsdpfeadgl.dll
================
Please download DAFT and save it to your desktop:
Post the contents of that logfile with your next post.
===============
Please download ComboFix by sUBs from HERE or HERE
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
C:\WINDOWS\system32\brhxuhem.dll
C:\WINDOWS\system32\ljJBtqqP.dll
C:\WINDOWS\rtsplgob.dll
C:\WINDOWS\system32\awtrSkjI.dll
C:\WINDOWS\kvsdpfeadgl.dll
================
Please download DAFT and save it to your desktop:
- Double-click the daft.exe icon. Read the disclaimer and click OK.
- Click on the Scan button.
- Place a checkmark next to the following entries:
.chm
.js
.reg
.scr
- Click the Fix button.
- Re-scan and save a logfile. By default, it will save as daft.txt.
Post the contents of that logfile with your next post.
===============
Please download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
File brhxuhem.dll received on 06.17.2008 22:52:58 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/33 (6.07%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.6.18.0 2008.06.17 -
AntiVir 7.8.0.55 2008.06.17 TR/Trash.Gen
Authentium 5.1.0.4 2008.06.17 -
Avast 4.8.1195.0 2008.06.17 -
AVG 7.5.0.516 2008.06.17 -
BitDefender 7.2 2008.06.17 -
CAT-QuickHeal 9.50 2008.06.17 -
ClamAV 0.93.1 2008.06.17 -
DrWeb 4.44.0.09170 2008.06.17 -
eSafe 7.0.15.0 2008.06.17 -
eTrust-Vet 31.6.5881 2008.06.17 -
Ewido 4.0 2008.06.17 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.17 -
Fortinet 3.14.0.0 2008.06.17 -
GData 2.0.7306.1023 2008.06.17 -
Ikarus T3.1.1.26.0 2008.06.17 -
Kaspersky 7.0.0.125 2008.06.17 -
McAfee 5319 2008.06.17 -
Microsoft 1.3604 2008.06.17 -
NOD32v2 3195 2008.06.17 -
Norman 5.80.02 2008.06.17 -
Panda 9.0.0.4 2008.06.17 -
Prevx1 V2 2008.06.17 -
Rising 20.49.11.00 2008.06.17 -
Sophos 4.30.0 2008.06.17 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.17 -
TheHacker 6.2.92.353 2008.06.17 -
TrendMicro 8.700.0.1004 2008.06.17 -
VBA32 3.12.6.7 2008.06.17 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.17 Trojan.Trash.Gen
Additional information
File size: 92544 bytes
MD5...: 4065dbe44a4ffc6ebb973a807200a22f
SHA1..: a5ef7e92f34bb61e8f10f97fb65f50fc9e997175
SHA256: 0206aea27fbd1ccc8e19e3543d0492ccd963817cf9c2c9c4e02e83b1389e91fc
SHA512: 59ef406fb9ed0f7e115bab3cda51002308202ebf7ec18f8dc6f7139518adb8c8
185093bf4b1cc58d24475719ddb8564ec722bc8811d2aa4d6af1ba0fd8c20660
PEiD..: -
PEInfo: -
File ljJBtqqP.dll received on 06.17.2008 22:54:34 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/33 (12.13%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.6.18.0 2008.06.17 -
AntiVir 7.8.0.55 2008.06.17 TR/Trash.Gen
Authentium 5.1.0.4 2008.06.17 -
Avast 4.8.1195.0 2008.06.17 Win32:Virtumonde-LB
AVG 7.5.0.516 2008.06.17 -
BitDefender 7.2 2008.06.17 -
CAT-QuickHeal 9.50 2008.06.17 -
ClamAV 0.93.1 2008.06.17 -
DrWeb 4.44.0.09170 2008.06.17 -
eSafe 7.0.15.0 2008.06.17 -
eTrust-Vet 31.6.5881 2008.06.17 -
Ewido 4.0 2008.06.17 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.17 -
Fortinet 3.14.0.0 2008.06.17 -
GData 2.0.7306.1023 2008.06.17 Win32:Virtumonde-LB
Ikarus T3.1.1.26.0 2008.06.17 -
Kaspersky 7.0.0.125 2008.06.17 -
McAfee 5319 2008.06.17 -
Microsoft 1.3604 2008.06.17 -
NOD32v2 3195 2008.06.17 -
Norman 5.80.02 2008.06.17 -
Panda 9.0.0.4 2008.06.17 -
Prevx1 V2 2008.06.17 -
Rising 20.49.11.00 2008.06.17 -
Sophos 4.30.0 2008.06.17 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.17 -
TheHacker 6.2.92.353 2008.06.17 -
TrendMicro 8.700.0.1004 2008.06.17 -
VBA32 3.12.6.7 2008.06.17 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.17 Trojan.Trash.Gen
Additional information
File size: 323456 bytes
MD5...: fa9cd054a6aeb5f8b5851bbdf1aa614d
SHA1..: 346ab1d966fdf70b10e48bfca07359390e8b3c45
SHA256: c083d348ea5b318e8715fd292c21e4bce8ecc7b3d1892a9a2d7a2068463e8181
SHA512: bc3dcdefb03c8a6db48309555163f593ff66e888ff92399c1ceee65051ddf084
abde14ceea05ba94acfe3dcf2e9c4a020c4f6933185f7a522ca6079d80e18bf6
PEiD..: -
PEInfo: -
File rtsplgob.dll received on 06.17.2008 22:56:17 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 3/33 (9.1%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.6.18.0 2008.06.17 -
AntiVir 7.8.0.55 2008.06.17 TR/Trash.Gen
Authentium 5.1.0.4 2008.06.17 -
Avast 4.8.1195.0 2008.06.17 -
AVG 7.5.0.516 2008.06.17 Downloader.Zlob.SE
BitDefender 7.2 2008.06.17 -
CAT-QuickHeal 9.50 2008.06.17 -
ClamAV 0.93.1 2008.06.17 -
DrWeb 4.44.0.09170 2008.06.17 -
eSafe 7.0.15.0 2008.06.17 -
eTrust-Vet 31.6.5881 2008.06.17 -
Ewido 4.0 2008.06.17 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.17 -
Fortinet 3.14.0.0 2008.06.17 -
GData 2.0.7306.1023 2008.06.17 -
Ikarus T3.1.1.26.0 2008.06.17 -
Kaspersky 7.0.0.125 2008.06.17 -
McAfee 5319 2008.06.17 -
Microsoft 1.3604 2008.06.17 -
NOD32v2 3195 2008.06.17 -
Norman 5.80.02 2008.06.17 -
Panda 9.0.0.4 2008.06.17 -
Prevx1 V2 2008.06.17 -
Rising 20.49.11.00 2008.06.17 -
Sophos 4.30.0 2008.06.17 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.17 -
TheHacker 6.2.92.353 2008.06.17 -
TrendMicro 8.700.0.1004 2008.06.17 -
VBA32 3.12.6.7 2008.06.17 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.17 Trojan.Trash.Gen
Additional information
File size: 155648 bytes
MD5...: 9a84d8cec19b53ee40b49e0ff515bcf6
SHA1..: 4fa8a66774f43eb0c2bf37bb1bae9ee379fcb700
SHA256: d74d967651d92cc8634e3f6b9c7ca52e46a2ee9787d5ed8bcc00a42f582b4287
SHA512: ea1311c0dd24c798c4dc585084ee2257a4ef66a8e416bb8a4215c0857cce80ef
9f4878646d8d80f97b214db74ab7447999043ac7dcf442df7841e9e81accdcba
PEiD..: -
PEInfo: -
File awtrSkjI.dll received on 06.17.2008 22:57:14 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/33 (12.13%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.6.18.0 2008.06.17 -
AntiVir 7.8.0.55 2008.06.17 TR/Trash.Gen
Authentium 5.1.0.4 2008.06.17 -
Avast 4.8.1195.0 2008.06.17 Win32:Agent-ZFK
AVG 7.5.0.516 2008.06.17 -
BitDefender 7.2 2008.06.17 -
CAT-QuickHeal 9.50 2008.06.17 -
ClamAV 0.93.1 2008.06.17 -
DrWeb 4.44.0.09170 2008.06.17 -
eSafe 7.0.15.0 2008.06.17 -
eTrust-Vet 31.6.5881 2008.06.17 -
Ewido 4.0 2008.06.17 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.17 -
Fortinet 3.14.0.0 2008.06.17 -
GData 2.0.7306.1023 2008.06.17 Win32:Agent-ZFK
Ikarus T3.1.1.26.0 2008.06.17 -
Kaspersky 7.0.0.125 2008.06.17 -
McAfee 5319 2008.06.17 -
Microsoft 1.3604 2008.06.17 -
NOD32v2 3195 2008.06.17 -
Norman 5.80.02 2008.06.17 -
Panda 9.0.0.4 2008.06.17 -
Prevx1 V2 2008.06.17 -
Rising 20.49.11.00 2008.06.17 -
Sophos 4.30.0 2008.06.17 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.17 -
TheHacker 6.2.92.353 2008.06.17 -
TrendMicro 8.700.0.1004 2008.06.17 -
VBA32 3.12.6.7 2008.06.17 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.17 Trojan.Trash.Gen
Additional information
File size: 29824 bytes
MD5...: 86366915413145c7e5ac463ab4830bf3
SHA1..: f116ea7d53aa2ae18ff8fa55bdde1d94a924d7cf
SHA256: e40d6ef09ccbbb1cca08bb1d63de9f5371fdd6582e1a9d5ea04822dbfeffbf17
SHA512: 8b7b61a1d83987e4b991dce6c6a1d87b35c594e5914af803c63e5dfd50541106
94dea39764bbc1bd695d6d1eb0ff9e06b3fecf7821fb4bb12dd97c6b698fee0c
PEiD..: -
PEInfo: -
File kvsdpfeadgl.dll received on 06.17.2008 22:58:40 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 5/33 (15.16%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.6.18.0 2008.06.17 -
AntiVir 7.8.0.55 2008.06.17 TR/Killav.28714
Authentium 5.1.0.4 2008.06.17 -
Avast 4.8.1195.0 2008.06.17 Win32:Vapsup-EB
AVG 7.5.0.516 2008.06.17 Downloader.Adload.MB
BitDefender 7.2 2008.06.17 -
CAT-QuickHeal 9.50 2008.06.17 -
ClamAV 0.93.1 2008.06.17 -
DrWeb 4.44.0.09170 2008.06.17 -
eSafe 7.0.15.0 2008.06.17 -
eTrust-Vet 31.6.5881 2008.06.17 -
Ewido 4.0 2008.06.17 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.17 -
Fortinet 3.14.0.0 2008.06.17 -
GData 2.0.7306.1023 2008.06.17 Win32:Vapsup-EB
Ikarus T3.1.1.26.0 2008.06.17 -
Kaspersky 7.0.0.125 2008.06.17 -
McAfee 5319 2008.06.17 -
Microsoft 1.3604 2008.06.17 -
NOD32v2 3195 2008.06.17 -
Norman 5.80.02 2008.06.17 -
Panda 9.0.0.4 2008.06.17 -
Prevx1 V2 2008.06.17 -
Rising 20.49.11.00 2008.06.17 -
Sophos 4.30.0 2008.06.17 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.17 -
TheHacker 6.2.92.353 2008.06.17 -
TrendMicro 8.700.0.1004 2008.06.17 -
VBA32 3.12.6.7 2008.06.17 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.17 Trojan.Killav.28714
Additional information
File size: 245760 bytes
MD5...: ccf56f2d68127889da0159be54b32824
SHA1..: 9f055ce846078fb0a299c3301906a311f679a4ba
SHA256: eeeb9c1858fc5c802f3985cd4e9fed3e92a2b745e1b643e173d96fcb0836caf6
SHA512: 5f3253b4bd487483e0cb613d02dc4d08b658d1daf93138f112b886bcdb2f075b
c387a5f45040d5c659157c41b2bdf5d95de034d1ce13585bc2d4ec11a64a53bd
PEiD..: -
PEInfo: -
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/33 (6.07%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.6.18.0 2008.06.17 -
AntiVir 7.8.0.55 2008.06.17 TR/Trash.Gen
Authentium 5.1.0.4 2008.06.17 -
Avast 4.8.1195.0 2008.06.17 -
AVG 7.5.0.516 2008.06.17 -
BitDefender 7.2 2008.06.17 -
CAT-QuickHeal 9.50 2008.06.17 -
ClamAV 0.93.1 2008.06.17 -
DrWeb 4.44.0.09170 2008.06.17 -
eSafe 7.0.15.0 2008.06.17 -
eTrust-Vet 31.6.5881 2008.06.17 -
Ewido 4.0 2008.06.17 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.17 -
Fortinet 3.14.0.0 2008.06.17 -
GData 2.0.7306.1023 2008.06.17 -
Ikarus T3.1.1.26.0 2008.06.17 -
Kaspersky 7.0.0.125 2008.06.17 -
McAfee 5319 2008.06.17 -
Microsoft 1.3604 2008.06.17 -
NOD32v2 3195 2008.06.17 -
Norman 5.80.02 2008.06.17 -
Panda 9.0.0.4 2008.06.17 -
Prevx1 V2 2008.06.17 -
Rising 20.49.11.00 2008.06.17 -
Sophos 4.30.0 2008.06.17 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.17 -
TheHacker 6.2.92.353 2008.06.17 -
TrendMicro 8.700.0.1004 2008.06.17 -
VBA32 3.12.6.7 2008.06.17 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.17 Trojan.Trash.Gen
Additional information
File size: 92544 bytes
MD5...: 4065dbe44a4ffc6ebb973a807200a22f
SHA1..: a5ef7e92f34bb61e8f10f97fb65f50fc9e997175
SHA256: 0206aea27fbd1ccc8e19e3543d0492ccd963817cf9c2c9c4e02e83b1389e91fc
SHA512: 59ef406fb9ed0f7e115bab3cda51002308202ebf7ec18f8dc6f7139518adb8c8
185093bf4b1cc58d24475719ddb8564ec722bc8811d2aa4d6af1ba0fd8c20660
PEiD..: -
PEInfo: -
File ljJBtqqP.dll received on 06.17.2008 22:54:34 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/33 (12.13%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.6.18.0 2008.06.17 -
AntiVir 7.8.0.55 2008.06.17 TR/Trash.Gen
Authentium 5.1.0.4 2008.06.17 -
Avast 4.8.1195.0 2008.06.17 Win32:Virtumonde-LB
AVG 7.5.0.516 2008.06.17 -
BitDefender 7.2 2008.06.17 -
CAT-QuickHeal 9.50 2008.06.17 -
ClamAV 0.93.1 2008.06.17 -
DrWeb 4.44.0.09170 2008.06.17 -
eSafe 7.0.15.0 2008.06.17 -
eTrust-Vet 31.6.5881 2008.06.17 -
Ewido 4.0 2008.06.17 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.17 -
Fortinet 3.14.0.0 2008.06.17 -
GData 2.0.7306.1023 2008.06.17 Win32:Virtumonde-LB
Ikarus T3.1.1.26.0 2008.06.17 -
Kaspersky 7.0.0.125 2008.06.17 -
McAfee 5319 2008.06.17 -
Microsoft 1.3604 2008.06.17 -
NOD32v2 3195 2008.06.17 -
Norman 5.80.02 2008.06.17 -
Panda 9.0.0.4 2008.06.17 -
Prevx1 V2 2008.06.17 -
Rising 20.49.11.00 2008.06.17 -
Sophos 4.30.0 2008.06.17 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.17 -
TheHacker 6.2.92.353 2008.06.17 -
TrendMicro 8.700.0.1004 2008.06.17 -
VBA32 3.12.6.7 2008.06.17 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.17 Trojan.Trash.Gen
Additional information
File size: 323456 bytes
MD5...: fa9cd054a6aeb5f8b5851bbdf1aa614d
SHA1..: 346ab1d966fdf70b10e48bfca07359390e8b3c45
SHA256: c083d348ea5b318e8715fd292c21e4bce8ecc7b3d1892a9a2d7a2068463e8181
SHA512: bc3dcdefb03c8a6db48309555163f593ff66e888ff92399c1ceee65051ddf084
abde14ceea05ba94acfe3dcf2e9c4a020c4f6933185f7a522ca6079d80e18bf6
PEiD..: -
PEInfo: -
File rtsplgob.dll received on 06.17.2008 22:56:17 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 3/33 (9.1%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.6.18.0 2008.06.17 -
AntiVir 7.8.0.55 2008.06.17 TR/Trash.Gen
Authentium 5.1.0.4 2008.06.17 -
Avast 4.8.1195.0 2008.06.17 -
AVG 7.5.0.516 2008.06.17 Downloader.Zlob.SE
BitDefender 7.2 2008.06.17 -
CAT-QuickHeal 9.50 2008.06.17 -
ClamAV 0.93.1 2008.06.17 -
DrWeb 4.44.0.09170 2008.06.17 -
eSafe 7.0.15.0 2008.06.17 -
eTrust-Vet 31.6.5881 2008.06.17 -
Ewido 4.0 2008.06.17 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.17 -
Fortinet 3.14.0.0 2008.06.17 -
GData 2.0.7306.1023 2008.06.17 -
Ikarus T3.1.1.26.0 2008.06.17 -
Kaspersky 7.0.0.125 2008.06.17 -
McAfee 5319 2008.06.17 -
Microsoft 1.3604 2008.06.17 -
NOD32v2 3195 2008.06.17 -
Norman 5.80.02 2008.06.17 -
Panda 9.0.0.4 2008.06.17 -
Prevx1 V2 2008.06.17 -
Rising 20.49.11.00 2008.06.17 -
Sophos 4.30.0 2008.06.17 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.17 -
TheHacker 6.2.92.353 2008.06.17 -
TrendMicro 8.700.0.1004 2008.06.17 -
VBA32 3.12.6.7 2008.06.17 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.17 Trojan.Trash.Gen
Additional information
File size: 155648 bytes
MD5...: 9a84d8cec19b53ee40b49e0ff515bcf6
SHA1..: 4fa8a66774f43eb0c2bf37bb1bae9ee379fcb700
SHA256: d74d967651d92cc8634e3f6b9c7ca52e46a2ee9787d5ed8bcc00a42f582b4287
SHA512: ea1311c0dd24c798c4dc585084ee2257a4ef66a8e416bb8a4215c0857cce80ef
9f4878646d8d80f97b214db74ab7447999043ac7dcf442df7841e9e81accdcba
PEiD..: -
PEInfo: -
File awtrSkjI.dll received on 06.17.2008 22:57:14 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/33 (12.13%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.6.18.0 2008.06.17 -
AntiVir 7.8.0.55 2008.06.17 TR/Trash.Gen
Authentium 5.1.0.4 2008.06.17 -
Avast 4.8.1195.0 2008.06.17 Win32:Agent-ZFK
AVG 7.5.0.516 2008.06.17 -
BitDefender 7.2 2008.06.17 -
CAT-QuickHeal 9.50 2008.06.17 -
ClamAV 0.93.1 2008.06.17 -
DrWeb 4.44.0.09170 2008.06.17 -
eSafe 7.0.15.0 2008.06.17 -
eTrust-Vet 31.6.5881 2008.06.17 -
Ewido 4.0 2008.06.17 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.17 -
Fortinet 3.14.0.0 2008.06.17 -
GData 2.0.7306.1023 2008.06.17 Win32:Agent-ZFK
Ikarus T3.1.1.26.0 2008.06.17 -
Kaspersky 7.0.0.125 2008.06.17 -
McAfee 5319 2008.06.17 -
Microsoft 1.3604 2008.06.17 -
NOD32v2 3195 2008.06.17 -
Norman 5.80.02 2008.06.17 -
Panda 9.0.0.4 2008.06.17 -
Prevx1 V2 2008.06.17 -
Rising 20.49.11.00 2008.06.17 -
Sophos 4.30.0 2008.06.17 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.17 -
TheHacker 6.2.92.353 2008.06.17 -
TrendMicro 8.700.0.1004 2008.06.17 -
VBA32 3.12.6.7 2008.06.17 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.17 Trojan.Trash.Gen
Additional information
File size: 29824 bytes
MD5...: 86366915413145c7e5ac463ab4830bf3
SHA1..: f116ea7d53aa2ae18ff8fa55bdde1d94a924d7cf
SHA256: e40d6ef09ccbbb1cca08bb1d63de9f5371fdd6582e1a9d5ea04822dbfeffbf17
SHA512: 8b7b61a1d83987e4b991dce6c6a1d87b35c594e5914af803c63e5dfd50541106
94dea39764bbc1bd695d6d1eb0ff9e06b3fecf7821fb4bb12dd97c6b698fee0c
PEiD..: -
PEInfo: -
File kvsdpfeadgl.dll received on 06.17.2008 22:58:40 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 5/33 (15.16%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.6.18.0 2008.06.17 -
AntiVir 7.8.0.55 2008.06.17 TR/Killav.28714
Authentium 5.1.0.4 2008.06.17 -
Avast 4.8.1195.0 2008.06.17 Win32:Vapsup-EB
AVG 7.5.0.516 2008.06.17 Downloader.Adload.MB
BitDefender 7.2 2008.06.17 -
CAT-QuickHeal 9.50 2008.06.17 -
ClamAV 0.93.1 2008.06.17 -
DrWeb 4.44.0.09170 2008.06.17 -
eSafe 7.0.15.0 2008.06.17 -
eTrust-Vet 31.6.5881 2008.06.17 -
Ewido 4.0 2008.06.17 -
F-Prot 4.4.4.56 2008.06.12 -
F-Secure 6.70.13260.0 2008.06.17 -
Fortinet 3.14.0.0 2008.06.17 -
GData 2.0.7306.1023 2008.06.17 Win32:Vapsup-EB
Ikarus T3.1.1.26.0 2008.06.17 -
Kaspersky 7.0.0.125 2008.06.17 -
McAfee 5319 2008.06.17 -
Microsoft 1.3604 2008.06.17 -
NOD32v2 3195 2008.06.17 -
Norman 5.80.02 2008.06.17 -
Panda 9.0.0.4 2008.06.17 -
Prevx1 V2 2008.06.17 -
Rising 20.49.11.00 2008.06.17 -
Sophos 4.30.0 2008.06.17 -
Sunbelt 3.0.1153.1 2008.06.15 -
Symantec 10 2008.06.17 -
TheHacker 6.2.92.353 2008.06.17 -
TrendMicro 8.700.0.1004 2008.06.17 -
VBA32 3.12.6.7 2008.06.17 -
VirusBuster 4.3.26:9 2008.06.12 -
Webwasher-Gateway 6.6.2 2008.06.17 Trojan.Killav.28714
Additional information
File size: 245760 bytes
MD5...: ccf56f2d68127889da0159be54b32824
SHA1..: 9f055ce846078fb0a299c3301906a311f679a4ba
SHA256: eeeb9c1858fc5c802f3985cd4e9fed3e92a2b745e1b643e173d96fcb0836caf6
SHA512: 5f3253b4bd487483e0cb613d02dc4d08b658d1daf93138f112b886bcdb2f075b
c387a5f45040d5c659157c41b2bdf5d95de034d1ce13585bc2d4ec11a64a53bd
PEiD..: -
PEInfo: -
 |
Similar Threads
- I keep getting the message Virus Alert Critical System Error on my taskbar. (Viruses, Spyware and other Nasties)
- "Virus Alert" on my taskbar!! (Viruses, Spyware and other Nasties)
- Virus Alert on Taskbar (Viruses, Spyware and other Nasties)
- need help deserately! virus won't go away! (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: help needed
- Next Thread: help "Virus Alert"
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm yahoo
