Jump to content

drew shepherd

Advanced Member
  • Content Count

    257
  • Joined

  • Last visited

About drew shepherd

  • Rank
    Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    25 miles north of London, England

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi thanks for your reply, no it won't boot into safe mode, I did get into a blue screen with a few different options, auto repair being one of them which I tried to no avail.
  2. Hi all, my problem is that Windows refuses to boot at all, system starts up in BIOS ok but then just goes into a blank screen, I would like to avoid doing a fresh install if possible as I don't have a Windows disk. any help would be greatly appreciated. thanks
  3. Hi People, I have a small problem which I hope someone can help me with. I have an ipod and an iphone, both synced to itunes, my PC managed to catch a nasty virus which was removed, at some point afterwards I plugged my ipod in to charge it and walked away, itunes synced it and for some reason a lot of my music files and all my custom playlists were missing. Cant find them anywhere on the PC. My iphone has the original music and playlists on it but I dont want to connect it because it will sync and I will be in the same situation, is there a way to take the music off my iphone and put it on my PC, either just as a file or back into itunes, i'm not too worried about playlists but it would be nice if I can keep them. Thanks in advance Drew
  4. I have done all the above actions here is the log file for the eset scanner, regards Drew [email protected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=078cac2218c6944893b81b9548d16ba6 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-30 03:00:02 # local_time=2011-07-30 04:00:02 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 10962 10962 0 0 # compatibility_mode=5891 16776869 42 87 389 8907434 0 0 # compatibility_mode=8192 67108863 100 0 79 79 0 0 # scanned=77800 # found=0 # cleaned=0 # scan_time=1437
  5. HI I have now transfered my files to the new system, after which I have run a HJT scan to make sure the trojan has not infected this system could you take a look for me please, hopefully it will be clean Regards Drew Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:35:07, on 30/07/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\AI Direct Link\AsShare.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\trend micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files\ASUS\AI Direct Link\AsShare.exe" O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg O4 - HKLM\..\Run: [Maple_S2P] C:\Program Files\Samsung\Samsung CLX-216x Series\SPanel\Scan2pc.exe O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON SX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\WINDOWS\TEMP\E_S90.tmp" /EF "HKCU" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1220945662-1275210071-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\drew\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249819223312 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (file missing) -- End of file - 9097 bytes
  6. Ok great will let you now how I get on Thanks Drew
  7. Hi I tried the disc but didnt work same situation :-( .... I have substituted it with my sons system as he no longer uses it, however I really need some files on the old machine, if I put the HDD as a slave in the replacement system and transfer the required files over (some pictures and a fair amount of word docs) do you think it would be safe, once this is done I would then completely wipe it... Thanks Drew
  8. Hi OK thanks will give it a go and will let you know the results Drew
  9. HI I cant boot into safe mode at moment, system wont start at all... doesn't make it into BIOS screen, there is power as the fans turn and there is a green light on the MOBO, there is no beep from the POST on start up, the mouse doesnt light up and no power light on the front of the computer case Thanks Drew
  10. Hi Thanks for the reply, at the moment the system wont start up, could this have anything to do with this trojan, will sort out that problem, retrieve my essential files and reformat, will keep you posted Thanks Drew
  11. Hi, I hade a really nasty trojan, win32.fakesysdef, I have lost my desktop, just a white blank screen with no icons documents are missing from my documents, I have an external 500GB drive that now has nothing on it even though its properties are showing 160GB used. I have run Malware bytes which picked up some bad files and "fixed" them (see log below), trojan now seems to be gone but documents are still hidden from view and desktop is just blank white, oh and start>allprograms list is empty, have also placed a HJT log below.. Thanks Drew alwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7149 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 16/07/2011 07:17:22 mbam-log-2011-07-16 (07-17-22).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Objects scanned: 243610 Time elapsed: 6 hour(s), 57 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 13 Registry Values Infected: 0 Registry Data Items Infected: 8 Folders Infected: 3 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: e:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. e:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully. e:\program files\funwebproducts\Installr\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: e:\program files\funwebproducts\Installr\4.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. e:\program files\funwebproducts\Installr\4.bin\F3PLUGIN.DLL (PUP.FunWebProducts) -> Not selected for removal. e:\program files\funwebproducts\Installr\4.bin\NPFUNWEB.DLL (PUP.FunWebProducts) -> Not selected for removal. HJT log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:31:07, on 16/07/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe E:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe E:\Program Files\Bonjour\mDNSResponder.exe E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe E:\Program Files\Analog Devices\SoundMAX\Smax4.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\Program Files\Java\jre6\bin\jqs.exe E:\Program Files\Microsoft Security Client\msseces.exe E:\Program Files\Kontiki\KService.exe E:\Program Files\Common Files\Java\Java Update\jusched.exe C:\My Documents\iTunes\iTunesHelper.exe C:\ISO\PowerISO\PWRISOVM.EXE E:\WINDOWS\system32\pctspk.exe E:\PROGRA~1\WI83E4~1\Datamngr\DATAMN~1.EXE E:\WINDOWS\system32\PnkBstrA.exe E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Kontiki\KHost.exe E:\WINDOWS\system32\ctfmon.exe E:\WINDOWS\System32\StkASv2K.exe E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe E:\Program Files\iPod\bin\iPodService.exe E:\WINDOWS\system32\wuauclt.exe C:\my Documents\My Pictures\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - E:\Program Files\Vuze_Remote\prxtbVuze.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: jZip Toolbar - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - E:\PROGRA~1\WI83E4~1\Datamngr\ToolBar\jzipdtx.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: UrlHelper Class - {41C4AA37-1DDD-4345-B8DC-734E4B38414D} - E:\PROGRA~1\WI83E4~1\Datamngr\IEBHO.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - E:\Program Files\Vuze_Remote\prxtbVuze.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: jZip Toolbar - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - E:\PROGRA~1\WI83E4~1\Datamngr\ToolBar\jzipdtx.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - E:\Program Files\Vuze_Remote\prxtbVuze.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\prxConduitEngine.dll O4 - HKLM\..\Run: [EEventManager] E:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe O4 - HKLM\..\Run: [soundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSC] "E:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\My Documents\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\ISO\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [DATAMNGR] E:\PROGRA~1\WI83E4~1\Datamngr\DATAMN~1.EXE O4 - HKCU\..\Run: [kdx] E:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Azureus.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.11.0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O20 - AppInit_DLLs: E:\PROGRA~1\WI83E4~1\Datamngr\datamngr.dll E:\PROGRA~1\WI83E4~1\Datamngr\IEBHO.dll cru629.dat O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Crypkey License - Unknown owner - E:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KService - Kontiki Inc. - E:\Program Files\Kontiki\KService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - E:\WINDOWS\system32\pctspk.exe O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - E:\WINDOWS\system32\SUPDSvc.exe O23 - Service: ServiceLayer - Nokia - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - E:\WINDOWS\System32\StkASv2K.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9832 bytes
  12. All sorted the hijack guys sorted me out PCPITSTOP to the rescue again!!
  13. Thanks for the info, it seems to have done the trick.... Just one bit of info in case anyone else comes across the same problem, SDfix wouldn't do any thing when double clicked so I renamed the file and it started ok, as requested please find logs below SDFix: Version 1.208 Run by Administrator on 26/07/2008 at 09:16 Microsoft Windows XP [Version 5.1.2600] Running From: E:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Infected beep.sys Found! beep.sys File Locations: "E:\WINDOWS\system32\dllcache\beep.sys" 27136 24/07/2008 17:03 "E:\WINDOWS\system32\drivers\beep.sys" 27136 24/07/2008 17:03 Infected File Listed Below: E:\WINDOWS\system32\dllcache\beep.sys E:\WINDOWS\system32\drivers\beep.sys File copied to Backups Folder Attempting to replace beep.sys with original version Original beep.sys Restored "E:\WINDOWS\system32\dllcache\beep.sys" 4224 24/07/2008 01:25 "E:\WINDOWS\system32\drivers\beep.sys" 4224 24/07/2008 01:25 Checking Files : Trojan Files Found: E:\WINDOWS\system32\braviax.exe - Deleted E:\WINDOWS\system32\crypts.dll - Deleted E:\WINDOWS\system32\delself.bat - Deleted E:\WINDOWS\system32\winivstr.exe - Deleted E:\WINDOWS\system32\wsnpoem\video.dll - Deleted E:\WINDOWS\system32\wsnpoem\audio.dll - Deleted Folder E:\Documents and Settings\drew shepherd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed Folder E:\Documents and Settings\drew shepherd\Application Data\SpyGuarder - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-26 09:32:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\\Program Files\\Discover\\discover.exe"="E:\\Program Files\\Discover\\discover.exe:*:Enabled:discover" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="E:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" "E:\\WINDOWS\\system32\\PnkBstrA.exe"="E:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "E:\\WINDOWS\\system32\\PnkBstrB.exe"="E:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "E:\\WINDOWS\\system32\\dpnsvr.exe"="E:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server" "E:\\Program Files\\Bonjour\\mDNSResponder.exe"="E:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\My Documents\\iTunes\\iTunes.exe"="C:\\My Documents\\iTunes\\iTunes.exe:*:Enabled:iTunes" "E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="E:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "F:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="F:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="E:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - E:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 21 Jul 2008 20,487 A.SHR --- "E:\Program Files\McAfee\MQC\MRU.bak" Mon 21 Jul 2008 265 A.SHR --- "E:\Program Files\McAfee\MQC\qcconf.bak" Tue 27 May 2008 0 A.SH. --- "E:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 7 May 2008 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT2.tmp" Mon 28 Apr 2008 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT3.tmp" Mon 28 Apr 2008 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BIT2.tmp" Wed 16 Jul 2008 0 A..H. --- "E:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BITA.tmp" Finished! Malwarebytes' Anti-Malware 1.23 Database version: 993 Windows 5.1.2600 Service Pack 2 10:07:44 26/07/2008 mbam-log-7-26-2008 (10-07-44).txt Scan type: Quick Scan Objects scanned: 63047 Time elapsed: 10 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 5 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: E:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully. E:\Documents and Settings\drew shepherd\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. E:\Documents and Settings\drew shepherd\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. E:\Documents and Settings\drew shepherd\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully. E:\Documents and Settings\All Users\Start Menu\Programs\XPSecurityCenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. Files Infected: E:\WINDOWS\karina.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. E:\WINDOWS\system32\karina.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. E:\DOCUME~1\drew shepherd\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CBQCB7AA\Install[1].exe (Rogue.Installer) -> Quarantined and deleted successfully. E:\Documents and Settings\drew shepherd\Application Data\spyguarder.exe (Rogue.Installer) -> Quarantined and deleted successfully. E:\WINDOWS\system32\wsnpoem\video.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully. E:\Documents and Settings\drew shepherd\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully. E:\Documents and Settings\drew shepherd\Application Data\AdwareAlert\Log\2008 Jul 25 - 10_40_37 AM_906.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. E:\Documents and Settings\drew shepherd\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully. E:\Documents and Settings\All Users\Start Menu\Programs\XPSecurityCenter\Uninstall.lnk (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. E:\Documents and Settings\All Users\Start Menu\Programs\XPSecurityCenter\XPSecurityCenter.lnk (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully. E:\WINDOWS\Downloaded Program Files\PURen-gb.dll (Trojan.Agent) -> Quarantined and deleted successfully. E:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully. Deckard's System Scanner v20071014.68 Run by drew shepherd on 2008-07-26 10:08:31 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Failed to create restore point; System Restore is disabled (service is not running). Backed up registry hives. Performed disk cleanup. -- HijackThis (run as drew shepherd.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:09:07, on 26/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\LEXBCES.EXE E:\WINDOWS\system32\LEXPPS.EXE E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\Program Files\Bonjour\mDNSResponder.exe E:\WINDOWS\system32\crypserv.exe E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe E:\Program Files\McAfee\VirusScan\McShield.exe E:\Program Files\McAfee\MPF\MPFSrv.exe E:\Program Files\McAfee\MSK\MskSrver.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\PnkBstrA.exe E:\Program Files\SiteAdvisor\6261\SAService.exe E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\WINDOWS\system32\svchost.exe e:\PROGRA~1\mcafee.com\agent\mcagent.exe E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe E:\Program Files\Lexmark X5100 Series\lxbabmgr.exe E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe E:\Program Files\Lexmark X5100 Series\lxbabmon.exe E:\Program Files\Analog Devices\SoundMAX\Smax4.exe E:\Program Files\SiteAdvisor\6261\SiteAdv.exe E:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\My Documents\iTunes\iTunesHelper.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe E:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe E:\Program Files\PC Connectivity Solution\ServiceLayer.exe E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe E:\Program Files\MagicDisc\MagicDisc.exe E:\Program Files\Philips\Media Manager\Philips Media Manager.exe E:\Program Files\iPod\bin\iPodService.exe E:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe E:\WINDOWS\System32\svchost.exe e:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe E:\Documents and Settings\drew shepherd\Desktop\dss.exe E:\PROGRA~1\TRENDM~1\castle1\drew shepherd.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - E:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O4 - HKLM\..\Run: [Lexmark X5100 Series] "E:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [mcagent_exe] E:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] "E:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] E:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [NSLauncher] E:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\My Documents\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DelayShred] e:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q e:\DOCUME~1\DREWSH~1\LOCALS~1\temp\TEMPOR~1\Content.SH! e:\DOCUME~1\DREWSH~1\LOCALS~1\temp\TEMPOR~1.SH! e:\DOCUME~1\DREWSH~1\LOCALS~1\temp\HSPERF~1.SH! e:\DOCUME~1\DREWSH~1\LOCALS~1\temp\History\History.SH! e:\DOCUME~1\DREWSH~1\LOCALS~1\temp\History.SH! e:\DOCUME~1\DREWSH~1\LOCALS~1\temp\Cookies.SH! O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Azureus.exe O4 - Startup: MagicDisc.lnk = E:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: Philips Media Manager.lnk = E:\Program Files\Philips\Media Manager\Philips Media Manager.exe O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll (file missing) O20 - AppInit_DLLs: cru629.dat O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Crypkey License - Unknown owner - E:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - E:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SiteAdvisor Service - Unknown owner - E:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9071 bytes -- HijackThis Fixed Entries (E:\PROGRA~1\TRENDM~1\castle1\backups\) ------------ backup-20080725-171659-795 O4 - HKLM\..\Run: [XP SecurityCenter] "E:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide backup-20080725-171723-425 O4 - HKCU\..\Run: [spyGuarder] E:\Program Files\SpyGuarder\SpyGuarder.exe backup-20080725-171752-731 O4 - HKLM\..\Run: [spyHunter Security Suite] E:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 NetworkX - e:\windows\system32\ckldrv.sys R1 PQNTDrv - e:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product> R3 catchme - e:\docume~1\drewsh~1\locals~1\temp\catchme.sys (file missing) R3 mcdbus (Driver for MagicISO SCSI Host Controller) - e:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller> R3 SMBios (Intel ® System Managment BIOS Service) - e:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Managment BIOS Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "e:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service - "e:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 Crypkey License - crypserv.exe R3 ServiceLayer - "e:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Audio Controller Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_1144153B&REV_10\4&2E98101C&0&18F0 Manufacturer: Name: Multimedia Audio Controller PNP Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_1144153B&REV_10\4&2E98101C&0&18F0 Service: Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A} Description: Nokia N95 Device ID: ROOT\WPD\0000 Manufacturer: Nokia Name: Nokia N95 PNP Device ID: ROOT\WPD\0000 Service: WUDFRd -- Scheduled Tasks ------------------------------------------------------------- 2008-07-19 18:29:01 284 --a------ E:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-03-21 00:23:45 356 --a------ E:\WINDOWS\Tasks\McDefragTask.job 2008-03-21 00:23:43 348 --a------ E:\WINDOWS\Tasks\McQcTask.job -- Files created between 2008-06-26 and 2008-07-26 ----------------------------- 2008-07-26 09:48:11 0 d-------- E:\Documents and Settings\drew shepherd\Application Data\Malwarebytes 2008-07-26 09:48:07 0 d-------- E:\Program Files\Malwarebytes' Anti-Malware 2008-07-26 09:48:07 0 d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-26 09:12:29 0 d-------- E:\WINDOWS\ERUNT 2008-07-25 11:03:09 0 d-------- E:\Program Files\Enigma Software Group 2008-07-25 10:26:33 0 d-------- E:\Documents and Settings\drew shepherd\Application Data\AVGTOOLBAR 2008-07-25 10:26:26 0 d-------- E:\Program Files\AVG 2008-07-25 10:26:25 0 d-------- E:\Documents and Settings\All Users\Application Data\avg8 2008-07-25 10:04:36 0 d-------- E:\Documents and Settings\drew shepherd\.housecall6.6 2008-07-25 10:04:20 0 d-------- E:\WINDOWS\Sun 2008-07-25 10:04:20 0 d-------- E:\Documents and Settings\drew shepherd\Application Data\Sun 2008-07-25 10:03:43 0 d-------- E:\Program Files\Java 2008-07-25 10:03:21 0 d-------- E:\Program Files\Common Files\Java 2008-07-25 07:39:10 0 d-------- E:\Program Files\Trend Micro 2008-07-24 17:16:41 18366 --a------ E:\WINDOWS\wetupib.pif 2008-07-24 17:16:41 14832 --a------ E:\WINDOWS\system32\rysysan.scr 2008-07-24 17:16:41 11715 --a------ E:\WINDOWS\system32\givacub.pif 2008-07-24 17:16:41 15368 --a------ E:\WINDOWS\system32\cevaduve.bin 2008-07-24 17:16:41 17857 --a------ E:\WINDOWS\boqiwalazi.dat 2008-07-24 17:16:41 17201 --a------ E:\Program Files\Common Files\ovugexupo.vbs 2008-07-24 17:16:41 17466 --a------ E:\Documents and Settings\drew shepherd\Application Data\ruxaqateso.sys 2008-07-24 17:16:41 11030 --a------ E:\Documents and Settings\drew shepherd\Application Data\hasuby.pif 2008-07-18 11:26:05 0 d-------- E:\Program Files\Apple Software Update 2008-07-18 10:05:58 0 d-------- E:\charu kitchen 2008-07-08 18:41:56 0 d-------- E:\Program Files\Lavasoft 2008-07-08 18:41:36 0 d-------- E:\Program Files\Common Files\Wise Installation Wizard 2008-07-08 18:37:55 0 d-------- E:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-08 18:14:32 0 d-------- E:\Documents and Settings\Administrator\Favorites 2008-07-08 18:14:32 0 d-------- E:\Documents and Settings\Administrator\Desktop 2008-07-08 18:14:32 0 d--hs---- E:\Documents and Settings\Administrator\Cookies 2008-07-08 18:14:32 0 dr-h----- E:\Documents and Settings\Administrator\Application Data 2008-07-08 18:14:32 0 d---s---- E:\Documents and Settings\Administrator\Application Data\Microsoft 2008-07-08 18:14:31 0 d--h----- E:\Documents and Settings\Administrator\Templates 2008-07-08 18:14:31 0 dr------- E:\Documents and Settings\Administrator\Start Menu 2008-07-08 18:14:31 0 dr-h----- E:\Documents and Settings\Administrator\SendTo 2008-07-08 18:14:31 0 d--h----- E:\Documents and Settings\Administrator\Recent 2008-07-08 18:14:31 0 d--h----- E:\Documents and Settings\Administrator\PrintHood 2008-07-08 18:14:31 786432 --ah----- E:\Documents and Settings\Administrator\NTUSER.DAT 2008-07-08 18:14:31 0 d--h----- E:\Documents and Settings\Administrator\NetHood 2008-07-08 18:14:31 0 d-------- E:\Documents and Settings\Administrator\My Documents 2008-07-08 18:14:31 0 d--h----- E:\Documents and Settings\Administrator\Local Settings -- Find3M Report --------------------------------------------------------------- 2008-07-25 17:20:18 0 d-------- E:\Program Files\McAfee 2008-07-25 10:03:21 0 d-------- E:\Program Files\Common Files 2008-07-24 17:16:41 14188 --a------ E:\Program Files\Common Files\xuronipad.dl 2008-07-24 17:16:41 10753 --a------ E:\Program Files\Common Files\igyjaneso.ban 2008-07-24 17:16:41 10214 --a------ E:\Documents and Settings\drew shepherd\Application Data\adyqocy.lib 2008-07-12 14:10:59 0 d-------- E:\Documents and Settings\drew shepherd\Application Data\Azureus 2008-07-08 11:13:03 0 d-------- E:\Program Files\Windows Live 2008-06-30 16:59:36 0 d-------- E:\Documents and Settings\drew shepherd\Application Data\SiteAdvisor 2008-06-21 20:50:28 0 d--hs--c- E:\Program Files\Common Files\WindowsLiveInstaller 2008-05-27 18:45:32 0 d-------- E:\Documents and Settings\drew shepherd\Application Data\Apple Computer 2008-05-27 18:45:04 0 d-------- E:\Program Files\iPod 2008-05-27 18:44:43 0 d-------- E:\Program Files\Bonjour 2008-05-27 18:44:31 0 d-------- E:\Program Files\QuickTime 2008-05-27 18:43:23 0 d-------- E:\Program Files\Common Files\Apple 2008-05-27 07:39:20 0 d-------- E:\Program Files\Windows Media Connect 2 2008-05-23 22:19:46 21840 --a-----t E:\WINDOWS\system32\SIntfNT.dll 2008-05-23 22:19:46 17212 --a-----t E:\WINDOWS\system32\SIntf32.dll 2008-05-23 22:19:46 12067 --a-----t E:\WINDOWS\system32\SIntf16.dll 2008-05-11 07:34:16 16368 --a------ E:\Documents and Settings\drew shepherd\Application Data\GDIPFONTCACHEV1.DAT 2008-05-02 22:46:00 1630208 --a------ E:\WINDOWS\system32\nwiz.exe 2008-05-02 22:46:00 1019904 --a------ E:\WINDOWS\system32\nvwimg.dll 2008-05-02 22:46:00 1703936 --a------ E:\WINDOWS\system32\nvwdmcpl.dll 2008-05-02 22:46:00 466944 --a------ E:\WINDOWS\system32\nvshell.dll 2008-05-02 22:46:00 1486848 --a------ E:\WINDOWS\system32\nview.dll 2008-05-02 22:46:00 1339392 --a------ E:\WINDOWS\system32\nvdspsch.exe 2008-05-02 22:46:00 442368 --a------ E:\WINDOWS\system32\nvappbar.exe 2008-05-02 22:46:00 425984 --a------ E:\WINDOWS\system32\keystone.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lexmark X5100 Series"="E:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [04/03/2003 13:49] "Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [02/05/2008 22:46] "nwiz"="nwiz.exe" [02/05/2008 22:46 E:\WINDOWS\system32\nwiz.exe] "SoundMAXPnP"="E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [29/05/2003 17:28] "SoundMAX"="E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [30/05/2003 10:42] "mcagent_exe"="E:\Program Files\McAfee.com\Agent\mcagent.exe" [01/11/2007 20:12] "SiteAdvisor"="E:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [24/08/2007 22:57] "McENUI"="E:\PROGRA~1\McAfee\MHN\McENUI.exe" [30/11/2007 06:42] "NSLauncher"="E:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [28/11/2006 01:12] "QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37] "iTunesHelper"="C:\My Documents\iTunes\iTunesHelper.exe" [30/03/2008 10:36] "NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [02/05/2008 22:46] "SunJavaUpdateSched"="E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [13/04/2005 03:48] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00] "PcSync"="E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [26/03/2008 18:41] "PC Suite Tray"="E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [28/03/2008 11:20] "Nokia.PCSync"="E:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [26/03/2008 18:41] "msnmsgr"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe" [] "DelayShred"="e:\PROGRA~1\mcafee\mshr\ShrCL.exe" [04/12/2007 14:32] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"="E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog E:\Documents and Settings\drew shepherd\Start Menu\Programs\Startup\ Azureus.exe [03/12/2007 20:28:42] MagicDisc.lnk - E:\Program Files\MagicDisc\MagicDisc.exe [21/03/2008 00:14:17] Philips Media Manager.lnk - E:\Program Files\Philips\Media Manager\Philips Media Manager.exe [20/04/2008 18:25:58] E:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=cru629.dat [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^drew shepherd^Start Menu^Programs^Startup^Philips Media Manager.lnk] path=E:\Documents and Settings\drew shepherd\Start Menu\Programs\Startup\Philips Media Manager.lnk backup=E:\WINDOWS\pss\Philips Media Manager.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "E:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aba7ea8-0a02-11dd-b6ef-00146c8e7811}] AutoRun\command- J:\setupSNK.exe -- End of Deckard's System Scanner: finished at 2008-07-26 10:09:43 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 3.40GHz CPU 1: Intel® Pentium® 4 CPU 3.40GHz Percentage of Memory in Use: 24% Physical Memory (total/avail): 2558.67 MiB / 1936.66 MiB Pagefile Memory (total/avail): 4452.13 MiB / 3974.21 MiB Virtual Memory (total/avail): 2047.88 MiB / 1927.79 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 56.31 GiB total, 43.66 GiB free. D: is Fixed (NTFS) - 78.13 GiB total, 30.18 GiB free. E: is Fixed (NTFS) - 20.02 GiB total, 8.99 GiB free. F: is Fixed (NTFS) - 111.79 GiB total, 50.42 GiB free. G: is CDROM (No Media) H: is CDROM (No Media) I: is CDROM (No Media) \\.\PHYSICALDRIVE1 - Maxtor 6L200P0 - 189.92 GiB - 2 partitions \PARTITION0 - Installable File System - 78.13 GiB - D: \PARTITION1 - Installable File System - 111.79 GiB - F: \\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 56.31 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 20.02 GiB - E: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: McAfee Personal Firewall v (McAfee) AV: AVG Anti-Virus v8.0 (AVG Technologies) Disabled Outdated AV: McAfee VirusScan v (McAfee) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="E:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\\Program Files\\Discover\\discover.exe"="E:\\Program Files\\Discover\\discover.exe:*:Enabled:discover" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="E:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" "E:\\WINDOWS\\system32\\PnkBstrA.exe"="E:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "E:\\WINDOWS\\system32\\PnkBstrB.exe"="E:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "E:\\WINDOWS\\system32\\dpnsvr.exe"="E:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server" "E:\\Program Files\\Bonjour\\mDNSResponder.exe"="E:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\My Documents\\iTunes\\iTunes.exe"="C:\\My Documents\\iTunes\\iTunes.exe:*:Enabled:iTunes" "E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="E:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "F:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="F:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare " -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=E:\Documents and Settings\All Users APPDATA=E:\Documents and Settings\drew shepherd\Application Data CLASSPATH=.;E:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=E:\Program Files\Common Files COMPUTERNAME=STUDY ComSpec=E:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=E: HOMEPATH=\Documents and Settings\drew shepherd LOGONSERVER=\\STUDY NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=E:\Program Files\PC Connectivity Solution\;E:\WINDOWS\system32;E:\WINDOWS;E:\WINDOWS\System32\Wbem;E:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0401 ProgramFiles=E:\Program Files PROMPT=$P$G QTJAVA=E:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=E: SystemRoot=E:\WINDOWS TEMP=E:\DOCUME~1\DREWSH~1\LOCALS~1\Temp TMP=E:\DOCUME~1\DREWSH~1\LOCALS~1\Temp USERDOMAIN=STUDY USERNAME=drew shepherd USERPROFILE=E:\Documents and Settings\drew shepherd windir=E:\WINDOWS -- User Profiles --------------------------------------------------------------- drew shepherd (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player ActiveX --> E:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Reader 8.1.2 Security Update 1 (KB403742) --> Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Azureus Vuze --> C:\Azureus\uninstall.exe Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Call of Duty® 4 - Modern Warfare --> E:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409 Call of Duty® 4 - Modern Warfare 1.4 Patch --> E:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409 Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch --> E:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409 Call of Duty® 4 - Modern Warfare 1.6 Patch --> E:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409 Call of Duty® 4 - Modern Warfare 1.7 Patch --> E:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409 Discover --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{793F26A0-EF5D-11D6-AD03-0050BAC5DCED}\setup.exe" Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} HijackThis 2.0.2 --> "E:\Program Files\Trend Micro\castle1\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "E:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} Jump Ahead French --> E:\WINDOWS\IsUninst.exe -fC:\KA\JAFR\DeIsL2.isu Lexmark X5100 Series --> E:\WINDOWS\system32\spool\drivers\w32x86\3\LXBAUN5C.EXE -dLexmark X5100 Series MagicDisc 2.5.79 --> E:\PROGRA~1\MAGICD~1\UNWISE.EXE E:\PROGRA~1\MAGICD~1\INSTALL.LOG Malwarebytes' Anti-Malware --> "E:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee SecurityCenter --> E:\Program Files\McAfee\MSC\mcuninst.exe Microsoft Compression Client Pack 1.0 for Windows XP --> "E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "E:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "E:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1} Nokia Flashing Cable Driver --> MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999} Nokia Map Loader --> MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF} Nokia Multimedia Factory --> "E:\Documents and Settings\All Users\Application Data\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe" /MAINTENANCE /SILENT="SWLPCER" /LANG="2057" /MSI_COMMON_OPTIONS="PCSLANG= MMFLANG=eng" Nokia Multimedia Factory --> MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B} Nokia PC Suite --> E:\Documents and Settings\All Users\Application Data\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_eng.exe Nokia PC Suite --> MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47} Nokia Software Launcher --> MsiExec.exe /I{5CCABD37-479D-4304-B1A5-67952C25F8F2} Nokia Software Updater --> MsiExec.exe /X{2B06E7FD-C5A1-403E-B387-A8D4AA858F48} Nokia Video Manager --> "E:\Documents and Settings\All Users\Application Data\Installations\{B1B4E612-9ACC-4fab-BD04-1721D9503266}\NokiaVideoManager1.6.exe" /MAINTENANCE /SILENT="SGWLRPFCE" /LANG="2057" /O=";EXTUNINSTALL=1" Nokia Video Manager --> MsiExec.exe /I{B1B4E612-9ACC-4FAB-BD04-1721D9503266} NVIDIA Drivers --> E:\WINDOWS\system32\nvuninst.exe UninstallGUI Opus Plexus plugin --> E:\PROGRA~1\COMMON~1\DIGITA~1\IOOPUS~1\UNWISE.EXE E:\PROGRA~1\COMMON~1\DIGITA~1\IOOPUS~1\iOPlay.log PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930} Philips Media Manager 3.3.12.0004 --> E:\Program Files\Philips\Media Manager\uninstall.exe PowerQuest PartitionMagic 8.0 --> E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} SoundMAX --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" Status Monitor --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Status Monitor\Uninst.isu" UK-Info Disk 2000 --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0987124F-F2E8-11D1-A1EB-006052054007}\setup.exe" -uninst Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Driver Package - Nokia Modem (03/05/2008 3.7) --> E:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) --> E:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> E:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> E:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> E:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u E:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf Windows Imaging Component --> "E:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Media Format 11 runtime --> "E:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} XML Paper Specification Shared Components Pack 1.0 --> XMLinst --> MsiExec.exe /I{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0} XP Codec Pack --> E:\Program Files\XP Codec Pack\Uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type2064 / Error Event Submitted/Written: 07/25/2008 05:05:04 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application explorer.exe, version 6.0.2900.3156, faulting module explorer.exe, version 6.0.2900.3156, fault address 0x000118b8. Processing media-specific event for [explorer.exe!ws!] Event Record #/Type2062 / Warning Event Submitted/Written: 07/25/2008 05:03:28 PM Event ID/Source: 1 / Nokia software Event Description: Nokia software Nokia PCSuite connectivity API error. errorcode: 47001 CONAPI_errordesc: Failed to get connection to System. CONAPI_errorcode: 0x80100002 Stack trace: c:\build\workdir\nslauncher_1_1_workdir\mmlauncher\synchandler.cpp(49) : CSyncHandler::Init .\NConnAPI.cpp(80) : CNConnAPI::GetDeviceManager .\NCONADeviceManager.cpp(40) : CNCONADeviceManager::Init .\NCONADeviceManager.cpp(39) : CNCONADeviceManager::Init Event Record #/Type2061 / Warning Event Submitted/Written: 07/25/2008 05:03:28 PM Event ID/Source: 1 / Nokia software Event Description: Nokia software Exception caught in CSyncHandler::Init (c:\build\workdir\nslauncher_1_1_workdir\mmlauncher\synchandler.cpp : 49) Event Record #/Type2051 / Warning Event Submitted/Written: 07/25/2008 10:32:15 AM Event ID/Source: 1 / Nokia software Event Description: Nokia software Nokia PCSuite connectivity API error. errorcode: 47001 CONAPI_errordesc: Failed to get connection to System. CONAPI_errorcode: 0x80100002 Stack trace: c:\build\workdir\nslauncher_1_1_workdir\mmlauncher\synchandler.cpp(49) : CSyncHandler::Init .\NConnAPI.cpp(80) : CNConnAPI::GetDeviceManager .\NCONADeviceManager.cpp(40) : CNCONADeviceManager::Init .\NCONADeviceManager.cpp(39) : CNCONADeviceManager::Init Event Record #/Type2050 / Warning Event Submitted/Written: 07/25/2008 10:32:15 AM Event ID/Source: 1 / Nokia software Event Description: Nokia software Exception caught in CSyncHandler::Init (c:\build\workdir\nslauncher_1_1_workdir\mmlauncher\synchandler.cpp : 49) -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type10998 / Error Event Submitted/Written: 07/26/2008 09:29:08 AM Event ID/Source: 7023 / Service Control Manager Event Description: The System Restore Service service terminated with the following error: %%2 Event Record #/Type10997 / Error Event Submitted/Written: 07/26/2008 09:29:01 AM Event ID/Source: 104 / SRService Event Description: The System Restore initialization process failed. Event Record #/Type10994 / Error Event Submitted/Written: 07/26/2008 09:12:11 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Event Record #/Type10993 / Error Event Submitted/Written: 07/26/2008 09:12:00 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Event Record #/Type10992 / Error Event Submitted/Written: 07/26/2008 09:08:21 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A} -- End of Deckard's System Scanner: finished at 2008-07-26 10:09:43 ------------
  14. Yeah that worked, thanks... obvious really... but hey... see where we go from here
  15. Copied from user to user forum and put here as advixed Seem to have picked up a virus/spyware that loads itself and then keeps popping up and telling me I have numourous spyware and to get rid of them I have to purchase a license (yeah right.. not that stupid) I seem to have got rid of it through good old ad-aware and deleted entries from registry and turning off system restore, the only thing now mcafee is telling me I am not fully protected when I try to fix it I can't tas there is an error... any clues how to get round this or should I clean install mcafee Thanks Drew ogfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:21:14, on 25/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Lexmark X5100 Series\lxbabmgr.exe E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe E:\Program Files\Analog Devices\SoundMAX\Smax4.exe E:\Program Files\Lexmark X5100 Series\lxbabmon.exe E:\Program Files\McAfee.com\Agent\mcagent.exe E:\Program Files\SiteAdvisor\6261\SiteAdv.exe E:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\My Documents\iTunes\iTunesHelper.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\WINDOWS\system32\braviax.exe E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe E:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe E:\Documents and Settings\drew shepherd\Start Menu\Programs\Startup\Azureus.exe E:\Program Files\MagicDisc\MagicDisc.exe E:\Program Files\Philips\Media Manager\Philips Media Manager.exe E:\WINDOWS\system32\LEXBCES.EXE E:\WINDOWS\system32\LEXPPS.EXE E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\Program Files\Bonjour\mDNSResponder.exe E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe E:\Program Files\McAfee\MPF\MPFSrv.exe E:\Program Files\McAfee\MSK\MskSrver.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\PnkBstrA.exe E:\Program Files\SiteAdvisor\6261\SAService.exe E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\PC Connectivity Solution\ServiceLayer.exe E:\Program Files\iPod\bin\iPodService.exe E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe E:\WINDOWS\TEMP\DF73.tmp E:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Trend Micro\castle1\castle1.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - E:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O4 - HKLM\..\Run: [Lexmark X5100 Series] "E:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [mcagent_exe] E:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] "E:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] E:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [NSLauncher] E:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\My Documents\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [braviax] E:\WINDOWS\system32\braviax.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [buritos] buritos.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DelayShred] e:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q e:\DOCUME~1\DREWSH~1\LOCALS~1\temp\TEMPOR~1\Content.SH! e:\DOCUME~1\DREWSH~1\LOCALS~1\temp\TEMPOR~1.SH! e:\DOCUME~1\DREWSH~1\LOCALS~1\temp\HSPERF~1.SH! e:\DOCUME~1\DREWSH~1\LOCALS~1\temp\History\History.SH! e:\DOCUME~1\DREWSH~1\LOCALS~1\temp\History.SH! e:\DOCUME~1\DREWSH~1\LOCALS~1\temp\Cookies.SH! O4 - HKCU\..\Run: [AdwareAlert] E:\Program Files\AdwareAlert\AdwareAlert.exe -boot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Azureus.exe O4 - Startup: MagicDisc.lnk = E:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: Philips Media Manager.lnk = E:\Program Files\Philips\Media Manager\Philips Media Manager.exe O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll (file missing) O20 - AppInit_DLLs: cru629.dat O20 - Winlogon Notify: crypt - E:\WINDOWS\SYSTEM32\crypts.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Crypkey License - Unknown owner - E:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - E:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SiteAdvisor Service - Unknown owner - E:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9344 bytes
×
×
  • Create New...