bobbybrown

Members
  • Content Count

    35
  • Joined

  • Last visited

Community Reputation

0 Neutral

About bobbybrown

  • Rank
    Advanced Member
  1. Hi there, I hope someone can help me. I am running win xp with sp2. I have 1 gig of ram and lots of HDD space available. When trying to run autodata on my computer, I get an error message when trying to use the program. The error is "Not enough storage is available to process this command". I only get the error with this program. I have tried installing it to my harddrive and running it from the disc, but I still get the error. I used to be able to run it fine, on this computer. I have recently done a fresh install of XP as this is another hard drive I'm using as my old one gave up and died. I hope someone can help me get rid of this error, I have plenty of ram to use this program. Its autodata 2005, I hope someone can help me with the error, I can post whichever logs you require. Also, recently my dvd rewriter drive has started being strange, it will burn dvd's no problem, but every time I try to burn a cd, it fails. I have posted a Hijackthis log below, I hope it gives some insight to the causse of these two weird problems. I look forward to your help. Thanks for reading. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:53:22, on 01/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\ntvdm.exe C:\PROGRA~1\ITEDOS~1\ISOVIE~1\IsoEngine.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\DOCUME~1\Dan\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe C:\DOCUME~1\Dan\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe C:\Documents and Settings\Dan\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [shockAero3D] C:\Documents and Settings\Dan\Desktop\ShockAero3D\ShockAero3D.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F0F3A52F-E364-4FD3-BF57-7C84C7D475EF}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{FC7F6E5A-2125-47E9-B502-56EA1EAF3322}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE -- End of file - 7134 bytes
  2. Hi, The problem is I can't get on to any websites that are secure, such as banks, paypal etc. It kind of starts to load, but then stops before the page is displayed, also sometimes when I click the link to go to the login pages it just does nothing. I'll get a firewall, any you suggest? I haven't tried to fix anything myself, as I'm unsure of what I'm doing, all I did was look on my ISP's website and follow their instructions, which was to basically clear temporary internet files and cookies, which hasn't worked.
  3. Hi, Thanks for the reply. Here is my hijack this log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:28:16 PM, on 12/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Dan\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 85.18.242.30:80 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKCU\..\Run: [uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s O4 - HKCU\..\Run: [uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 3029 bytes
  4. hi, Its like I said in the title, I cannot open any secure sites using either firefox or IE6. I'm running win xp. I'm really stuck what to do. If you would like a HiJack This log please say so and I will post one up straight away. Thanks for reading.
  5. Hi, I recently got a new laptop pc, with windows vista on it. It was using my internet connection that is on my pc as the broadband internet modem is wireless, and all was working fine until yesterday. I'm not sure if I'm infected with something, or not, but I can't access certain websites, well one that I have found so far, and its one that I need to be able to access. I've tried restarting both computers, and tried leaving both off for a while, also tried turning off internet modem, and tried leaving it off too, I've done a DNS flush on my pc, but on the laptop it says it needs elevation so I'm not sure what to do. Pc is XP, laptop is Vista. I hope someone can help me get this sorted. Thanks for taking the time to read this. Here is a Hi Jack This log file from my pc. Logfile of HijackThis v1.99.1 Scan saved at 15:06:56, on 31/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\sysmngt\instsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ps2.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\syscfg32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\sysmngt\instsvc.exe C:\WINDOWS\sysmngt\sysmngt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.orange.co.uk/iesearch/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gb10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange R3 - URLSearchHook: (no name) - {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - C:\PROGRA~1\ORANGE~1\TOOLBA~2.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file) O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Microsoft System Configurator] syscfg32.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\RunServices: [Microsoft System Configurator] syscfg32.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185754995471 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185755090674 O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: System Configurator (SysConfig) - Unknown owner - C:\WINDOWS\sysmngt\instsvc.exe O23 - Service: System Management (SysMngt) - Unknown owner - C:\WINDOWS\sysmngt\instsvc.exe
  6. Hi, I have win xp on my computer. I think I may have an infection as when I try to change the time and date, I change it in the option window, then click apply and it instantly flashes back to the date and time that was displayed before. For example, if it was 25th june 01 now and I changed it to 1st jan 1999, it would instantly go back to 25/06/01 as soon as I click apply. I have made sure that automatic update time and sync time using internet are unticked, could this be an infection? If so what do I need to do to be able to change the date and time? Thanks for any help.
  7. Hi, I've tried that but I get some errors, can you help me with it please. The errors I get are: I get a blue screen when I try to install SP2, it gets so far through the setup process then I get the blue screen, which says: STOP: 0x0000008e (0xc0000005, 0xBF806B89, 0xB641DC94, 0x00000000) Win32k.sys - address BF806B89 base at BF800000, datestamp 4341DCFF Beginning dump of physical memory. Physical memory dump complete. Contact your system administrator or technical support groupe for further assistance. Hope you can help me with this, I have no idea what to do next. Thanks.
  8. All done, except for the Java. Once downloaded and trying to install, it says it cannot find some of the DLL files it needs, I'll keep trying anyway. This is the second problem you have cured for me, you helped me out back in November of 2006, and I'm very greatful for both times. Thanks ever so much, I really do appreciate all of your help.
  9. Hi, Here is the hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 10:18:22, on 19/04/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\System32\sysmlds.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Access Manager\newadmin.exe C:\WINDOWS\System32\ModemLockDown.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Billionton\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [softickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [ChildrenControl] "C:\Program Files\iws_ccon\chiconsrv.exe" -auto O4 - HKLM\..\Run: [00saskda] "C:\Program Files\Access Manager\newadmin.exe" saskda O4 - HKLM\..\Run: [AModemLockDown] C:\WINDOWS\System32\ModemLockDown.exe start O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: System Mld (MldServ) - Unknown owner - C:\WINDOWS\System32\sysmlds.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe The pc is not as bad now, its running quicker and the pop ups haven't happened since yesterday, therefore the avast scanner hasn't gone crazy, so its looking good
  10. Ok, Here are the logs you asked for: SuperAntiSpyware Log: SUPERAntiSpyware Scan Log Generated 04/18/2007 at 11:02 PM Application Version : 3.6.1000 Core Rules Database Version : 3220 Trace Rules Database Version: 1230 Scan type : Complete Scan Total Scan Time : 01:39:03 Memory items scanned : 149 Memory threats detected : 0 Registry items scanned : 6304 Registry threats detected : 24 File items scanned : 67021 File threats detected : 59 Trojan.WinFixer HKLM\Software\Classes\CLSID\{4FF5D544-5C55-4FA5-86D4-D06A9075DA2A} HKCR\CLSID\{4FF5D544-5C55-4FA5-86D4-D06A9075DA2A} HKCR\CLSID\{4FF5D544-5C55-4FA5-86D4-D06A9075DA2A}\InprocServer32 HKCR\CLSID\{4FF5D544-5C55-4FA5-86D4-D06A9075DA2A}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\PMKJH.DLL HKLM\Software\Classes\CLSID\{E2C1E27B-DDB1-49EA-AB13-D6C4D94285CC} HKCR\CLSID\{E2C1E27B-DDB1-49EA-AB13-D6C4D94285CC} HKCR\CLSID\{E2C1E27B-DDB1-49EA-AB13-D6C4D94285CC}\InprocServer32 HKCR\CLSID\{E2C1E27B-DDB1-49EA-AB13-D6C4D94285CC}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\AWTSP.DLL Adware.Vundo Variant HKLM\Software\Classes\CLSID\{67C55A8D-E808-4caa-9EA7-F77102DE0BB6} HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6} HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32 HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\WNFROHUC.DLL HKLM\Software\Classes\CLSID\{9D7EF71F-92F4-4E1E-93DE-E21436E4C815} HKCR\CLSID\{9D7EF71F-92F4-4E1E-93DE-E21436E4C815} HKCR\CLSID\{9D7EF71F-92F4-4E1E-93DE-E21436E4C815}\InprocServer32 HKCR\CLSID\{9D7EF71F-92F4-4E1E-93DE-E21436E4C815}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\OPNLKIG.DLL HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6} HKCR\CLSID\{9D7EF71F-92F4-4E1E-93DE-E21436E4C815} C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MLJIFFD.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OPNLKIG.DLL.VIR C:\WINDOWS\SYSTEM32\MLJIFFD.DLL Adware.Tracking Cookie C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Dan & Nic.DAN\Cookies\dan & [email protected][1].txt C:\Documents and Settings\Dan & Nic.DAN\Cookies\dan & [email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Adware.TrustInCash HKU\S-1-5-21-2014392641-2216467428-1820005876-1003\Software\TrustIn HKCR\InetLoader.WeeklyExecuter HKCR\InetLoader.WeeklyExecuter\CLSID HKCR\InetLoader.WeeklyExecuter\CurVer HKCR\InetLoader.WeeklyExecuter.1 HKCR\InetLoader.WeeklyExecuter.1\CLSID Adware.MyWay C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL C:\Program Files\MyWay\myBar\1.bin C:\Program Files\MyWay\myBar\History\search C:\Program Files\MyWay\myBar\History C:\Program Files\MyWay\myBar\Settings\prevcfg.htm C:\Program Files\MyWay\myBar\Settings C:\Program Files\MyWay\myBar C:\Program Files\MyWay Unclassified.Unknown Origin C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\ACTIVESCREENLOCKV1.1SERIALBOKIV\KEYGEN.NFO C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\KEYGEN.LNK Adware.180solutions/ZangoSearch C:\RECYCLER\S-1-5-21-2014392641-2216467428-1820005876-1003\DC164.EXE Trojan.Downloader-Gen/LIB C:\VUNDOFIX BACKUPS\RPWKLKMX.DLL.BAD Trojan.Downloader-SpyTool C:\VUNDOFIX BACKUPS\WPNEPRBV.DLL.BAD Unclassified.Unknown Origin/System C:\WINDOWS\SYSTEM32\MLJGF.DLL Worm.Forbot-AH C:\WINDOWS\SYSTEM32\WIND32.EXE VBG log: [04/18/2007, 23:08:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Owner\Desktop\VirtumundoBeGone.exe" ) [04/18/2007, 23:08:14] - Detected System Information: [04/18/2007, 23:08:14] - Windows Version: 5.1.2600, Service Pack 1 [04/18/2007, 23:08:14] - Current Username: Owner (Admin) [04/18/2007, 23:08:14] - Windows is in SAFE mode with Networking. [04/18/2007, 23:08:14] - Searching for Browser Helper Objects: [04/18/2007, 23:08:14] - Finished Searching Browser Helper Objects [04/18/2007, 23:08:14] - Finishing up... [04/18/2007, 23:08:14] - Nothing found! Exiting...
  11. scratch that, this has just popped up! Combofix log: "Owner" - 07-04-18 0:22:41 Service Pack 1 ComboFix 07-04-18.V - Running from: C:\Documents and Settings\Owner\Desktop\ (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\nmftbhgn.dll C:\WINDOWS\system32\snnnumpl.dll C:\WINDOWS\system32\jkkjk.dll C:\WINDOWS\system32\mljgf.dll C:\WINDOWS\system32\mljiffd.dll C:\WINDOWS\system32\pstwa.bak1 C:\WINDOWS\system32\pstwa.ini C:\WINDOWS\system32\fgjlm.ini C:\WINDOWS\system32\awtsp.dll C:\WINDOWS\system32\opnlkig.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\AlxRes070414.exe C:\WINDOWS\system32\scrsys070414.scr C:\WINDOWS\system32\scrsys16_070414.scr C:\WINDOWS\system32\mywebhit.ini C:\WINDOWS\system32\mywebhit.ini.tmp C:\install.log C:\WINDOWS\mywinsys.ini ((((((((((((((((((((((((((((((( Files Created from 2007-03-18 to 2007-04-18 )))))))))))))))))))))))))))))))))) 2007-04-18 00:13 125,460 --a------ C:\WINDOWS\system32\daddihxg.dll 2007-04-18 00:11 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2007-04-17 23:56 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-04-17 23:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-04-17 23:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec 2007-04-17 23:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun 2007-04-17 23:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic 2007-04-17 23:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView 2007-04-17 09:49 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe 2007-04-17 09:49 8,234 --a------ C:\clean.bat 2007-04-17 09:49 4,096 --a------ C:\WINDOWS\system32\reboot.exe 2007-04-17 09:49 38,400 --a------ C:\WINDOWS\system32\moveex.exe 2007-04-16 22:03 71,334,800 --a------ C:\registrybackup.reg 2007-04-16 10:02 <DIR> d-------- C:\VundoFix Backups 2007-04-15 23:28 2,816 --a------ C:\WINDOWS\oleme32m.dll 2007-04-15 23:28 163,840 --a------ C:\WINDOWS\oleme64m.dll 2007-04-15 23:28 <DIR> d-------- C:\Program Files\Common Files\eSellerate 2007-04-15 23:19 <DIR> d-------- C:\Program Files\Access Manager 2007-04-15 22:52 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Children Control 2007-04-15 22:47 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2007-04-15 14:49 <DIR> d-------- C:\Program Files\ActiveScreenLock 2007-04-10 16:28 769,340 ---hs---- C:\WINDOWS\system32\hjkmp.ini2 2007-04-10 16:28 766,099 ---hs---- C:\WINDOWS\system32\hjkmp.bak2 2007-04-10 16:00 777,881 ---hs---- C:\WINDOWS\system32\hjkmp.bak1 2007-04-10 15:45 233,472 --a------ C:\WINDOWS\system32\Ilda32.dll 2007-04-10 15:45 <DIR> d-------- C:\Program Files\Monthly Bill Manager 2000 2007-03-27 13:51 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-03-27 13:51 4 --a------ C:\WINDOWS\vx86036.dat 2007-03-27 13:43 73,728 --a------ C:\WINDOWS\system32\Crypserv.exe 2007-03-27 13:43 31,654 --a------ C:\WINDOWS\system32\Ckldrv.sys 2007-03-27 13:43 27,648 -ra------ C:\WINDOWS\Setup_ck.exe 2007-03-27 13:43 18,432 --a------ C:\WINDOWS\Setup_ck.dll 2007-03-27 13:43 165,888 --a------ C:\WINDOWS\Ckconfig.exe 2007-03-27 13:43 11,776 --a------ C:\WINDOWS\Ckrfresh.exe 2007-03-27 13:40 <DIR> d-------- C:\Program Files\i-CD 2007-03-27 13:24 <DIR> d-------- C:\Program Files\Alcohol Soft 2007-03-27 13:11 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-03-20 00:22 <DIR> d-------- C:\Program Files\BingoLinerUK (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-17 23:54 12 --a------ C:\WINDOWS\bthservsdp.dat 2007-04-15 22:48 33 --a------ C:\AUTOEXEC.BAT 2007-04-15 17:45 -------- d-------- C:\Program Files\winamp 2007-04-15 17:44 -------- d-------- C:\Program Files\spyware doctor 2007-04-15 17:36 -------- d-------- C:\Program Files\multimedia card reader 2007-04-15 17:31 -------- d-------- C:\Program Files\lexmark 1200 series 2007-04-15 17:29 -------- d-------- C:\Program Files\itunes 2007-04-13 20:47 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\wholesecurity 2007-04-13 11:44 -------- d-------- C:\Program Files\morpheus 2007-04-10 16:16 -------- d-------- C:\Program Files\microsoft frontpage 2007-04-02 19:03 3688 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-03-27 13:40 -------- d--h----- C:\Program Files\installshield installation information 2007-03-15 16:24 -------- d-------- C:\Program Files\slysoft 2007-03-08 00:18 -------- d-------- C:\Program Files\itedo software 2007-03-02 01:47 -------- d-------- C:\Program Files\av vcs 4.0 2007-03-02 01:38 -------- d-------- C:\Program Files\etalonsoft 2007-03-02 01:29 -------- d-------- C:\Program Files\miksoft 2007-03-02 01:19 -------- d-------- C:\Program Files\magic rm to mp3 converter 2007-03-01 00:50 -------- d-------- C:\Program Files\shoutcast (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll {4FF5D544-5C55-4FA5-86D4-D06A9075DA2A} C:\WINDOWS\System32\pmkjh.dll [x] {56B38F40-4E70-11d4-A076-0080AD86BA2F} C:\WINDOWS\System32\cgmopenbho.dll {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll {B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll {CBE5909E-02B3-4D2A-BF13-843545B12425} C:\WINDOWS\System32\daddihxg.dll {CC26587D-B80F-4614-A45F-E0BB1C58C29F} C:\WINDOWS\System32\awtsp.dll [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AModemLockDown"="C:\\WINDOWS\\System32\\ModemLockDown.exe start" "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe" "HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe" "HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe" "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /installquiet /keeploaded /nodetect" "VTTimer"="VTTimer.exe" "ATIModeChange"="Ati2mdxx.exe" "AlcxMonitor"="ALCXMNTR.EXE" "PS2"="C:\\WINDOWS\\system32\\ps2.exe" "Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe" "BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "Lexmark 1200 Series"="\"C:\\Program Files\\Lexmark 1200 Series\\lxczbmgr.exe\"" "eBayToolbar"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "SoftickPPP"="\"C:\\Program Files\\Softick\\PPP\\Bin\\PPPGate.exe\"" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "00saskda"="\"C:\\Program Files\\Access Manager\\newadmin.exe\" saskda" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "RecordNow!"="" "NVIEW"="rundll32.exe nview.dll,nViewLoadHook" "Acme.PCHButton"="C:\\PROGRA~1\\HPPAVI~1\\Pavilion\\XPHWWBP4\\plugin\\bin\\PCHButton.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideShutdownScripts"=dword:00000000 "RunLogonScriptSync"=dword:00000000 "RunStartupScriptSync"=dword:00000000 "HideStartupScripts"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableChangePassword"=dword:00000000 "DisableLockWorkstation"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoDispCPL"=dword:00000000 "NoDispAppearancePage"=dword:00000000 "NoDispBackgroundPage"=dword:00000000 "NoDispScrSavPage"=dword:00000000 "NoDispSettingsPage"=dword:00000000 "NoVisualStyleChoice"=dword:00000000 "NoColorChoice"=dword:00000000 "NoSizeChoice"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 "NoWelcomeScreen"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoChangeStartMenu"=dword:00000000 "NoClose"=dword:00000000 "NoLogOff"=dword:00000000 "NoBlock"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoThemesTab"=dword:00000000 "NoChangeKeyboardNavigationIndicators"=dword:00000000 "NoChangeAnimation"=dword:00000000 "NoAddPrinter"=dword:00000000 "NoDeletePrinter"=dword:00000000 "RestrictCpl"=dword:00000000 "DisallowCpl"=dword:00000000 "NoViewOnDrive"=dword:00000000 "RestrictRun"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run] HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\ Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\ Notification Packages REG_MULTI_SZ scecli\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ bthsvcs REG_MULTI_SZ BthServ\ Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\{126A289A-524A-4777-948D-129BF33590D2}_DAN_Owner.job C:\WINDOWS\tasks\{1F4F8705-4D12-4A1E-871F-5F19C02B9F7F}_DAN_Owner.job C:\WINDOWS\tasks\{9935E4CE-C4A7-40BE-BE1A-4AC92FEF035C}_DAN_Owner.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IV6ZQDQ7\iframe[2].html 64 bytes C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IV6ZQDQ7\iframe[3].html 64 bytes C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IV6ZQDQ7\iframe[4].html 64 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 3 ******************************************************************** Completion time: 07-04-18 0:59:30 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-04-18 00:59 C:\ComboFix2.txt ... 06-12-01 02:05
  12. by the way, thats all combofix cameup with, I have looked where it said the log would be (c:\combofix.txt) and this is the only thing there. Hope its all good and that theres not too much further to go to sort this problem. Look forward to your reply.
  13. Right, I cannot update the Java as it says my windows installer cannot be access for some reason, also for the last few hours I have been getting an error saying buffer over run in explorer.exe, it then closes explorer and reopens it, then the error comes back. Also, I am still getting lots of pop ups that make my avast scanner go mad saying they are infected with this trojan and that trojan. Anyway, here are the logs you asked for, Hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 00:56, on 07-04-18 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\System32\sysmlds.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\System32\ModemLockDown.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Access Manager\newadmin.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Internet Explorer\iexplore.exe C:\ComboFix\11860.cfexe C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: (no name) - {4FF5D544-5C55-4FA5-86D4-D06A9075DA2A} - C:\WINDOWS\System32\pmkjh.dll (file missing) O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\System32\cgmopenbho.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {CBE5909E-02B3-4D2A-BF13-843545B12425} - C:\WINDOWS\System32\daddihxg.dll O2 - BHO: (no name) - {CC26587D-B80F-4614-A45F-E0BB1C58C29F} - C:\WINDOWS\System32\awtsp.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O4 - HKLM\..\Run: [AModemLockDown] C:\WINDOWS\System32\ModemLockDown.exe start O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [softickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [00saskda] "C:\Program Files\Access Manager\newadmin.exe" saskda O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: System Mld (MldServ) - Unknown owner - C:\WINDOWS\System32\sysmlds.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Combofix Log: 05-09-10 12:44 286 --a------ C:\Qoobox\Quarantine\C\INSTALL.LOG.vir 07-04-10 15:52 26694 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\opnlkig.dll.vir 07-04-10 15:53 26694 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mljiffd.dll.vir 07-04-10 16:00 280676 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mljgf.dll.vir 07-04-10 16:00 353 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fgjlm.ini.vir 07-04-15 23:37 18432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\scrsys16_070414.scr.vir 07-04-15 23:37 90224 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\AlxRes070414.exe.vir 07-04-15 23:37 90224 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\scrsys070414.scr.vir 07-04-16 10:26 280676 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\awtsp.dll.vir 07-04-16 10:26 766167 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pstwa.bak1.vir 07-04-16 10:47 422 --a------ C:\Qoobox\Quarantine\C\WINDOWS\mywinsys.ini.vir 07-04-16 10:54 157 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mywebhit.ini.vir 07-04-16 10:55 5771 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mywebhit.ini.tmp.vir 07-04-16 21:59 123972 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\snnnumpl.dll.vir 07-04-18 00:11 281172 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkjk.dll.vir 07-04-18 00:13 123972 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nmftbhgn.dll.vir 07-04-18 00:20 830162 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pstwa.ini.vir Folder PATH listing for volume HP_PAVILION Volume serial number is 71FAE346 64F0:3DDF C:\QOOBOX \---Quarantine +---C | | INSTALL.LOG.vir | | | \---WINDOWS | | mywinsys.ini.vir | | | \---system32 | AlxRes070414.exe.vir | awtsp.dll.vir | fgjlm.ini.vir | jkkjk.dll.vir | mljgf.dll.vir | mljiffd.dll.vir | mywebhit.ini.tmp.vir | mywebhit.ini.vir | nmftbhgn.dll.vir | opnlkig.dll.vir | pstwa.bak1.vir | pstwa.ini.vir | scrsys070414.scr.vir | scrsys16_070414.scr.vir | snnnumpl.dll.vir | \---Registry_backups
  14. Here you go, haxfix log: HAXFIX logfile - by Marckie version 4.39 17/04/2007 21:57:44.10 --- Auto Haxdoorfix --- searching for files: searching for services.... service utgrbe found [sWSC] DeleteService SUCCESS service ufgrbe found [sWSC] DeleteService SUCCESS --- Goldunfix --- searching for files: checking iexplore.exe iexplore.exe is not infected searching for SSODLkeys: no SSODLkeys found searching for notifykeys: no notifykeys found searching for services: no services found .....rebooting the computer..... searching for ssodlkeys not needed searching for notifykeys notifykey utgrbe not found searching for services service utgrbe not found service ufgrbe not found searching for safeboot services safeboot service ufgrbe.sys not found searching for files utgrbe.dll exists deleting utgrbe.dll utgrbe.dll has been deleted ufgrbe.sys exists deleting ufgrbe.sys ufgrbe.sys has been deleted utgrbe.sys exists deleting utgrbe.sys utgrbe.sys has been deleted checking for other files nmk4.dat exists deleting nmk4.dat nmk4.dat has been deleted checking for a3d files no a3d files found Finished Hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 22:23:32, on 17/04/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\System32\sysmlds.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Access Manager\newadmin.exe C:\WINDOWS\System32\ModemLockDown.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Billionton\Bluetooth Software\BTTray.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [softickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [ChildrenControl] "C:\Program Files\iws_ccon\chiconsrv.exe" -auto O4 - HKLM\..\Run: [00saskda] "C:\Program Files\Access Manager\newadmin.exe" saskda O4 - HKLM\..\Run: [AModemLockDown] C:\WINDOWS\System32\ModemLockDown.exe start O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\System32\pxiqqpbn.dll",setvm O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: System Mld (MldServ) - Unknown owner - C:\WINDOWS\System32\sysmlds.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
  15. Here you go HAXFIX logfile - by Marckie version 4.39 17/04/2007 9:49:51.76 --- Checking for Haxdoor --- checking for a3d files a3d files not found checking for matching notify keys matching notify keys found utgrbe checking for matching services matching services found Aspi32 utgrbe ufgrbe checking for matching safeboot services matching safeboot services found ufgrbe.sys checking for other Haxdoor-files no other Haxdoor-files found --- Checking for Goldun --- checking for SSODL keys no ssodl keys found checking for notify keys no notify keys found checking for services no services found checking for other Goldun-files no other Goldun-files found checking iexplore.exe iexplore.exe is not infected Finished!