Sign in to follow this  
AnnaP

"Warning! Potential Spyware Operation!" popup plus other probs

Recommended Posts

Hello – hope you can help. For several days I’ve been getting popups every 5 mins or so saying “Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! Click YES to download spyware remover... “ (Spelling mistakes are theirs! Link leads to SpyHunter website).

 

Other symptoms are:

 

1) AVG resident shield comes up with warning about ksacre.exe often – heals, but keeps coming back.

2) Homepage is always reset to www.google.com at reboot, although keeps my setting between reboots.

3) Many options in Control Panel now unusable. I get “This operation has been cancelled due to restrictions in effect on this computer. Please contact your System Administratorâ€

4) Sometimes redirected to a website which claims to be running a AVSystemCare scan.

 

Have dabbled a bit (sorry!) and run SmitFraudfix.exe, including Clean option; made no difference. Will include the log.

 

Here’s the Highjackthis log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:14:56, on 26/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\WINDOWS\system32\timoty.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\EPSON\ESM2\eEBSVC.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\CA\eTrust Antivirus\InoTask.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\spider.exe

C:\Program Files\HighjackThis\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by evesham.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2:8080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\timoty.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [startUp] C:\WINDOWS\trayicons.exe /optimize speed

O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: setings.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe

O4 - Global Startup: startup.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\sol629.txt

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

--

End of file - 7354 bytes

 

Also the Ad-Aware log:

 

Ad-Aware SE Build 1.06r1

Logfile Created on:26 November 2007 18:49:10

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R205 26.11.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):12 total references

Tracking Cookie(TAC index:3):2 total references

Windows(TAC index:3):3 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

26-11-2007 18:49:10 - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\Martin Edge\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\office\11.0\access\settings

Description : list of recently opened documents in microsoft access

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 576

ThreadCreationTime : 26-11-2007 18:00:43

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 640

ThreadCreationTime : 26-11-2007 18:00:44

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 664

ThreadCreationTime : 26-11-2007 18:00:45

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 712

ThreadCreationTime : 26-11-2007 18:00:45

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 724

ThreadCreationTime : 26-11-2007 18:00:45

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 892

ThreadCreationTime : 26-11-2007 18:00:47

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 972

ThreadCreationTime : 26-11-2007 18:00:47

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1068

ThreadCreationTime : 26-11-2007 18:00:47

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1172

ThreadCreationTime : 26-11-2007 18:00:48

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1280

ThreadCreationTime : 26-11-2007 18:00:49

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1528

ThreadCreationTime : 26-11-2007 18:00:50

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:12 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1592

ThreadCreationTime : 26-11-2007 18:00:50

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:13 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1872

ThreadCreationTime : 26-11-2007 18:00:53

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:14 [igfxtray.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1880

ThreadCreationTime : 26-11-2007 18:00:53

BasePriority : Normal

FileVersion : 3,0,0,2082

ProductVersion : 7,0,0,2082

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : igfxTray Module

InternalName : IGFXTRAY

LegalCopyright : Copyright 1999-2003, Intel Corporation

OriginalFilename : IGFXTRAY.EXE

 

#:15 [hkcmd.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1888

ThreadCreationTime : 26-11-2007 18:00:53

BasePriority : Normal

FileVersion : 3,0,0,2082

ProductVersion : 7,0,0,2082

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2003, Intel Corporation

OriginalFilename : HKCMD.EXE

 

#:16 [drgtodsc.exe]

FilePath : C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\

ProcessID : 1916

ThreadCreationTime : 26-11-2007 18:00:54

BasePriority : Normal

FileVersion : 7.1.0.219

ProductVersion : 7.1.0.219

ProductName : Drag-to-Disc

CompanyName : Roxio

FileDescription : Drag To Disc Application

InternalName : D2D

LegalCopyright : Copyright © 1994-2004 Roxio, Inc.

LegalTrademarks : Copyright © 1994-2004 Roxio, Inc.

OriginalFilename : BurnCtrl.EXE

 

#:17 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ProcessID : 1928

ThreadCreationTime : 26-11-2007 18:00:54

BasePriority : Normal

FileVersion : 0.1.0.3018

ProductVersion : 0.1.0.3018

ProductName : RealPlayer (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:18 [avgcc.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 1944

ThreadCreationTime : 26-11-2007 18:00:55

BasePriority : Normal

FileVersion : 7.5.0.497

ProductVersion : 7.5.0.497

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Control Center

InternalName : AvgCC

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : AvgCC.EXE

 

#:19 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ProcessID : 1972

ThreadCreationTime : 26-11-2007 18:00:55

BasePriority : Normal

FileVersion : 7.1.6

ProductVersion : QuickTime 7.1.6

ProductName : QuickTime

CompanyName : Apple Inc.

FileDescription : QuickTime Task

InternalName : QuickTime Task

LegalCopyright : Copyright Apple Inc. 1989-2007

OriginalFilename : QTTask.exe

 

#:20 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 1980

ThreadCreationTime : 26-11-2007 18:00:55

BasePriority : Normal

FileVersion : 7.2.0.35

ProductVersion : 7.2.0.35

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © 2003-2007 Apple Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:21 [jusched.exe]

FilePath : C:\Program Files\Java\j2re1.4.2_05\bin\

ProcessID : 1992

ThreadCreationTime : 26-11-2007 18:00:56

BasePriority : Normal

 

 

#:22 [timoty.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2000

ThreadCreationTime : 26-11-2007 18:00:56

BasePriority : Normal

 

 

#:23 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 2008

ThreadCreationTime : 26-11-2007 18:00:56

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:24 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2020

ThreadCreationTime : 26-11-2007 18:00:56

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:25 [googletoolbarnotifier.exe]

FilePath : C:\Program Files\Google\GoogleToolbarNotifier\

ProcessID : 2044

ThreadCreationTime : 26-11-2007 18:00:56

BasePriority : Normal

FileVersion : 2, 0, 301, 1654

ProductVersion : 2, 0, 301, 1654

ProductName : GoogleToolbarNotifier

CompanyName : Google Inc.

FileDescription : GoogleToolbarNotifier

LegalCopyright : Copyright © 2005-2007

OriginalFilename : GoogleToolbarNotifier.exe

 

#:26 [bigfix.exe]

FilePath : C:\Program Files\BigFix\

ProcessID : 228

ThreadCreationTime : 26-11-2007 18:00:58

BasePriority : Normal

FileVersion : 1, 6, 1, 6

ProductVersion : 1, 6, 1, 6

ProductName : BigFix

CompanyName : BigFix Inc.

FileDescription : BigFix Client Application

InternalName : BigFix

LegalCopyright : Copyright © 2000

OriginalFilename : BigFix.exe

 

#:27 [dslmon.exe]

FilePath : C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\

ProcessID : 300

ThreadCreationTime : 26-11-2007 18:00:58

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : DSLMON Application

FileDescription : ADIMON MFC Application

InternalName : DSLMON

LegalCopyright : Copyright © 2000

OriginalFilename : ADIMON.EXE

 

#:28 [quickdcf.exe]

FilePath : C:\Program Files\FinePixViewer\

ProcessID : 424

ThreadCreationTime : 26-11-2007 18:00:59

BasePriority : Normal

FileVersion : 5, 0, 0, 2

ProductVersion : 5, 0, 0, 2

ProductName : FinePixViewer

CompanyName : FUJI PHOTO FILM CO., LTD.

FileDescription : Exif Launcher

InternalName : QuickDCF

LegalCopyright : Copyright 2000-2004 FUJI PHOTO FILM CO.,LTD.

OriginalFilename : QuickDCF.exe

 

#:29 [eebsvc.exe]

FilePath : C:\Program Files\EPSON\ESM2\

ProcessID : 244

ThreadCreationTime : 26-11-2007 18:01:01

BasePriority : Normal

 

 

#:30 [avgamsvr.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 1040

ThreadCreationTime : 26-11-2007 18:01:02

BasePriority : Normal

FileVersion : 7.5.0.496

ProductVersion : 7.5.0.496

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Alert Manager

InternalName : avgamsvr

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : avgamsvr.EXE

 

#:31 [avgupsvc.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 1060

ThreadCreationTime : 26-11-2007 18:01:03

BasePriority : Normal

FileVersion : 7.5.0.420

ProductVersion : 7.5.0.420

ProductName : AVG 7.5 Anti-Virus System

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Update Service

InternalName : avgupsvc

LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.

OriginalFilename : avgupdsvc.EXE

 

#:32 [inorpc.exe]

FilePath : C:\Program Files\CA\eTrust Antivirus\

ProcessID : 1236

ThreadCreationTime : 26-11-2007 18:01:03

BasePriority : Normal

FileVersion : 7.1.192.0

ProductVersion : 7.1.192.0

ProductName : eTrust Antivirus

CompanyName : Computer Associates International, Inc.

InternalName : InoRpc.exe

LegalCopyright : Copyright 2004 Computer Associates International, Inc.

LegalTrademarks : eTrust is a trademark of Computer Associates Int'l, Inc.

OriginalFilename : InoRpc.exe

Comments : eTrust Antivirus English Version

 

#:33 [inort.exe]

FilePath : C:\Program Files\CA\eTrust Antivirus\

ProcessID : 1276

ThreadCreationTime : 26-11-2007 18:01:03

BasePriority : Normal

FileVersion : 7.1.192.0

ProductVersion : 7.1.192.0

ProductName : eTrust Antivirus

CompanyName : Computer Associates International, Inc.

InternalName : InoRT.dll

LegalCopyright : Copyright 2004 Computer Associates International, Inc.

LegalTrademarks : eTrust is a trademark of Computer Associates Int'l, Inc.

OriginalFilename : InoRT.dll

Comments : eTrust Antivirus English Version

 

#:34 [inotask.exe]

FilePath : C:\Program Files\CA\eTrust Antivirus\

ProcessID : 1364

ThreadCreationTime : 26-11-2007 18:01:04

BasePriority : Normal

FileVersion : 7.1.192.0

ProductVersion : 7.1.192.0

ProductName : eTrust Antivirus

CompanyName : Computer Associates International, Inc.

InternalName : InoTask.exe

LegalCopyright : Copyright 2004 Computer Associates International, Inc.

LegalTrademarks : eTrust is a trademark of Computer Associates Int'l, Inc.

OriginalFilename : InoTask.exe

Comments : eTrust Antivirus English Version

 

#:35 [mdm.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\

ProcessID : 1816

ThreadCreationTime : 26-11-2007 18:01:06

BasePriority : Normal

FileVersion : 7.00.9466

ProductVersion : 7.00.9466

ProductName : Microsoft® Visual Studio .NET

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : mdm.exe

 

#:36 [ipodservice.exe]

FilePath : C:\Program Files\iPod\bin\

ProcessID : 2660

ThreadCreationTime : 26-11-2007 18:01:14

BasePriority : Normal

FileVersion : 7.2.0.35

ProductVersion : 7.2.0.35

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iPodService Module

InternalName : iPodService

LegalCopyright : © 2003-2007 Apple Inc. All Rights Reserved.

OriginalFilename : iPodService.exe

 

#:37 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2968

ThreadCreationTime : 26-11-2007 18:01:15

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:38 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3716

ThreadCreationTime : 26-11-2007 18:02:14

BasePriority : Normal

 

 

#:39 [msimn.exe]

FilePath : C:\Program Files\Outlook Express\

ProcessID : 3028

ThreadCreationTime : 26-11-2007 18:25:42

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Outlook Express

InternalName : MSIMN

LegalCopyright : © 2004 Microsoft Corporation. All rights reserved.

OriginalFilename : MSIMN.EXE

 

#:40 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 3924

ThreadCreationTime : 26-11-2007 18:48:53

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 12

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Windows Object Recognized!

Type : RegData

Data :

TAC Rating : 3

Category : Vulnerability

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\policies\system

Value : DisableTaskMgr

Data :

 

Windows Object Recognized!

Type : RegData

Data :

TAC Rating : 3

Category : Vulnerability

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-3548506766-1261576165-1492151830-1006\software\microsoft\windows\currentversion\policies\system

Value : DisableRegistryTools

Data :

 

Windows Object Recognized!

Type : RegData

Data : explorer.exe c:\windows\system32\msanton.exe

TAC Rating : 3

Category : Vulnerability

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows nt\currentversion\winlogon

Value : Shell

Data : explorer.exe c:\windows\system32\msanton.exe

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 3

Objects found so far: 15

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 15

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : martin [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:5

Value : Cookie:martin [email protected]/

Expires : 25-11-2008 18:08:54

LastSync : Hits:5

UseCount : 0

Hits : 5

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : martin [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:martin [email protected]/

Expires : 26-11-2007 17:32:32

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 2

Objects found so far: 17

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 17

 

19:06:40 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:17:30.0

Objects scanned:199868

Objects identified:5

Objects ignored:0

New critical objects:5

 

 

 

And finally the output from the cleaning run of SmitFraudfix:

 

SmitFraudFix v2.255

 

Scan done at 17:54:42.75, 26/11/2007

Run from C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\bronto.dll Deleted

C:\WINDOWS\system32\winter.exe Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8E1F6918-567C-49A5-AC07-8114F06F181F}: DhcpNameServer=62.241.162.200 62.241.163.200

HKLM\SYSTEM\CS1\Services\Tcpip\..\{8E1F6918-567C-49A5-AC07-8114F06F181F}: DhcpNameServer=62.241.162.200 62.241.163.200

HKLM\SYSTEM\CS3\Services\Tcpip\..\{8E1F6918-567C-49A5-AC07-8114F06F181F}: DhcpNameServer=62.241.162.200 62.241.163.200

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=62.241.162.200 62.241.163.200

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=62.241.162.200 62.241.163.200

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=62.241.162.200 62.241.163.200

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

Thanks for any help you can give!

 

Anna

 

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

Welcome to the Lavasoft Support Forums AnnaP ;)

 

If you're still in need of assistance, please download ComboFix by sUBs from here or here, saving the file to your desktop.

 

 

Scan again with HijackThis and place a check next to the following entry, then click Fix Checked and close HijackThis.

 

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

 

  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Share this post


Link to post
Share on other sites
Welcome to the Lavasoft Support Forums AnnaP :wub:

 

If you're still in need of assistance, please download ComboFix by sUBs from here or here, saving the file to your desktop.

Scan again with HijackThis and place a check next to the following entry, then click Fix Checked and close HijackThis.

 

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

 

Thanks

 

I've done as you suggested and seem to have regained control over the Control Panel.

 

Below is the log created by 'Combofix' as requested.

 

Thanks for your help

 

AnnaP

 

_____________________________________________________________________________________________

 

ComboFix 07-11-19.4C - Martin Edge 2007-11-30 10:14:19.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.188 [GMT 0:00]

Running from: C:\Documents and Settings\Martin Edge\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))

.

2007-11-26 21:12 <DIR> d-------- C:\Program Files\HighjackThis

2007-11-22 20:26 <DIR> d-------- C:\Program Files\Enigma Software Group

2007-11-22 11:19 800 --a------ C:\WINDOWS\system32\2032.lps

2007-11-22 11:05 3,250 --a------ C:\WINDOWS\system32\opseti

2007-11-22 10:53 6,144 --a------ C:\WINDOWS\system32\msanton.exe

2007-11-22 09:48 28,417 --a------ C:\Documents and Settings\Martin Edge\wn852.exe

2007-10-09 19:59 <DIR> d-------- C:\Program Files\GPLGS

2007-10-09 19:53 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll

2007-10-09 19:52 <DIR> d-------- C:\Program Files\Acro Software

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-30 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7

2007-11-22 21:16 --------- d-----w C:\Documents and Settings\Martin Edge\Application Data\AVG7

2007-11-22 13:42 6,144 ----a-w C:\WINDOWS\system32\timoty.exe

2007-11-22 10:06 15,872 ----a-w C:\WINDOWS\windisk.dll

2007-11-22 09:48 28,417 ----a-w C:\WINDOWS\trayicons.exe

2007-11-17 15:56 --------- d-----w C:\Program Files\FinePixViewer

2007-10-15 14:11 --------- d-----w C:\Documents and Settings\Martin Edge\Application Data\AdobeUM

2007-10-05 12:16 --------- d-----w C:\Documents and Settings\Martin Edge\Application Data\DivX

2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll

2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-08-15 22:33 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-08-15 22:33 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-08-15 22:33 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2005-11-03 14:47 252 ----a-w C:\Documents and Settings\Martin Edge\Application Data\wklnhst.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]

"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-11-08 15:34]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 17:48]

"froody"="C:\WINDOWS\system32\timoty.exe" [2007-11-22 13:42]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-31 15:09]

"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14]

"Cmaudio"="RunDll32 cmicnfg.cpl" []

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-03-11 18:24]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-03-11 18:11]

"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-28 22:50]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-27 13:30]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 07:32]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 21:05]

"version"="C:\WINDOWS\system32\timoty.exe" [2007-11-22 13:42]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 07:32]

C:\Documents and Settings\Martin Edge\Start Menu\Programs\Startup\

setings.exe [2007-11-22 13:42:33]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-03-17 11:43:15]

DSLMON.lnk - C:\Program Files\Zoom Telephonics, Inc.\Zoom ADSL USB Modem\dslmon.exe [2005-08-26 16:39:58]

EPSON Background Monitor.lnk - C:\Program Files\EPSON\ESM2\STMS.exe [1999-06-07 10:11:18]

Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-05-09 19:01:12]

Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [2005-11-29 16:16:14]

startup.exe [2007-11-22 13:42:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"= 1 (0x1)

"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"= 1 (0x1)

"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSimpleStartMenu"= 0 (0x0)

"NoToolbarsOnTaskbar"= 0 (0x0)

"NoControlPanel"= 1 (0x1)

"NoWindowsUpdate"= 1 (0x1)

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys

R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys

R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys

R2 cmaphole;cmaphole;C:\WINDOWS\system32\drivers\cmaphole.sys

R2 eugss;EUTRON SmartKey GSS2 Driver;\??\C:\WINDOWS\system32\Drivers\eugssxp.sys

R2 eusk2par;EUTRON SmartKey Parallel Driver;\??\C:\WINDOWS\system32\Drivers\eusk2par.sys

S2 MPManF50;MPMan F50 USB Driver;C:\WINDOWS\system32\Drivers\MPManF50.sys

S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae2e3ea-07e1-11da-8ab5-001109edccde}]

\Shell\AutoRun\command - E:\autorun.exe

.

Contents of the 'Scheduled Tasks' folder

"2007-11-26 20:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-30 10:19:25

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-30 10:20:02 - machine was rebooted

.

--- E O F ---

Share this post


Link to post
Share on other sites

Please create and post a new HijackThis log.

 

It will be late before I get a chance to check back in. Off to work ......... :wub:

Share this post


Link to post
Share on other sites

Huge thanks for looking at this...

 

Here's the current output from Highjack This:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:48:03, on 03/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\CA\ETRUST~1\realmon.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\Citrix\ICA Client\pnagent.exe

C:\Program Files\EPSON\ESM2\eEBSVC.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\CA\eTrust Antivirus\InoTask.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

c:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\HighjackThis\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.rgu.ac.uk/exchange/m.edge/inbox/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2:8080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\timoty.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: setings.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe

O4 - Global Startup: startup.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

--

End of file - 7275 bytes

 

 

 

Anna

Share this post


Link to post
Share on other sites

Highlight and copy the bolded command below.

 

sc stop cmaphole

 

Click Start>Run then paste the command and hit enter.

 

Now do the next command.

 

sc config cmaphole start=disabled

 

 

Download Flash_Disinfector by sUBs and save it to your desktop:

 

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

 

Plug in your USB flash drive.

Double-click Flash_Disinfector.exe to run it.

Follow any prompts that may appear.

Your desktop will vanish for a while, and then reappear. This is normal.

Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

 

 

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

 

Filename: CFScript.txt

Save As Type: All Files (*.*)

 

File::
C:\WINDOWS\system32\2032.lps
C:\WINDOWS\system32\opseti
C:\WINDOWS\system32\msanton.exe
C:\Documents and Settings\Martin Edge\wn852.exe
C:\WINDOWS\system32\timoty.exe
C:\WINDOWS\windisk.dll
C:\WINDOWS\trayicons.exe

 

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

 

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Share this post


Link to post
Share on other sites

Thanks again for help - we've got several flash drives, I'm just making sure I've found them all and run the exe against them before posting anything else. Just so I'm sure - should I run it also against the USB-connected portable disk drive that I have? or is it only relevant to the stick-things?

 

Anna

Share this post


Link to post
Share on other sites

Here's the log from this run of ComboFix - please note I've run the Flash Disinfector against all my flash drives, but not yet against the USB-connected hard drive. It's connected to the computer all the time, but powered off & on as needed, mostly used to back up data from C drive.

 

Hope this helps...

 

 

ComboFix 07-11-19.4C - Martin Edge 2007-12-04 7:45:41.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.137 [GMT 0:00]

Running from: C:\Documents and Settings\Martin Edge\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Martin Edge\Desktop\CFScript.txt

* Created a new restore point

 

FILE

C:\Documents and Settings\Martin Edge\wn852.exe

C:\WINDOWS\system32\2032.lps

C:\WINDOWS\system32\msanton.exe

C:\WINDOWS\system32\opseti

C:\WINDOWS\system32\timoty.exe

C:\WINDOWS\trayicons.exe

C:\WINDOWS\windisk.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Martin Edge\wn852.exe

C:\WINDOWS\system32\2032.lps

C:\WINDOWS\system32\opseti

C:\WINDOWS\trayicons.exe

C:\WINDOWS\windisk.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))

.

 

2007-11-26 21:12 <DIR> d-------- C:\Program Files\HighjackThis

2007-11-26 17:33 2,960 --a------ C:\WINDOWS\system32\tmp.reg

2007-11-22 20:26 <DIR> d-------- C:\Program Files\Enigma Software Group

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-04 06:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7

2007-11-22 21:16 --------- d-----w C:\Documents and Settings\Martin Edge\Application Data\AVG7

2007-11-17 15:56 --------- d-----w C:\Program Files\FinePixViewer

2007-10-15 14:11 --------- d-----w C:\Documents and Settings\Martin Edge\Application Data\AdobeUM

2007-10-09 19:59 --------- d-----w C:\Program Files\GPLGS

2007-10-09 19:52 --------- d-----w C:\Program Files\Acro Software

2007-10-05 12:16 --------- d-----w C:\Documents and Settings\Martin Edge\Application Data\DivX

2005-11-03 14:47 252 ----a-w C:\Documents and Settings\Martin Edge\Application Data\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]

"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-11-08 15:34]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 17:48]

"froody"="C:\WINDOWS\system32\timoty.exe" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-31 15:09]

"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14]

"Cmaudio"="RunDll32 cmicnfg.cpl" []

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-03-11 18:24]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-03-11 18:11]

"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-02-28 22:50]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-27 13:30]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 07:32]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 21:05]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 07:32]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-03-17 11:43:15]

DSLMON.lnk - C:\Program Files\Zoom Telephonics, Inc.\Zoom ADSL USB Modem\dslmon.exe [2005-08-26 16:39:58]

EPSON Background Monitor.lnk - C:\Program Files\EPSON\ESM2\STMS.exe [1999-06-07 10:11:18]

Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-05-09 19:01:12]

Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [2005-11-29 16:16:14]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSimpleStartMenu"= 0 (0x0)

"NoToolbarsOnTaskbar"= 0 (0x0)

 

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys

R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys

R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys

R2 cmaphole;cmaphole;C:\WINDOWS\system32\drivers\cmaphole.sys

R2 eugss;EUTRON SmartKey GSS2 Driver;\??\C:\WINDOWS\system32\Drivers\eugssxp.sys

R2 eusk2par;EUTRON SmartKey Parallel Driver;\??\C:\WINDOWS\system32\Drivers\eusk2par.sys

S2 MPManF50;MPMan F50 USB Driver;C:\WINDOWS\system32\Drivers\MPManF50.sys

S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae2e3ea-07e1-11da-8ab5-001109edccde}]

\Shell\AutoRun\command - E:\autorun.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2007-12-03 20:22:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-04 07:48:57

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-04 7:49:41 - machine was rebooted

C:\ComboFix2.txt ... 2007-11-30 10:20

.

--- E O F ---

 

 

 

For info - PC behaving much better now. Haven't seen a pop-up for a while, and Control panel is back, even after rebooting. Homepage is staying at my setting too. Feeling optimistic... am I clear?

 

 

THanks again

 

Anna

Edited by AnnaP

Share this post


Link to post
Share on other sites

Still a few things to check out. Please highlight and copy the following bolded command (both lines at once, including quotes).

 

regedit /e "%userprofile%\desktop\cmap.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole"

 

Click Start>Run and paste the command on the Run line then hit enter. A file named cmap.txt should appear on your desktop. Please open it and post it's contents here.

 

Please create and post a fresh HijackThis log as well.

Share this post


Link to post
Share on other sites

You're doing wonders here, Noahdfear. thanks again.

 

Command output:

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole]

@=""

"GROUP"="Extended Base"

"ERRORCONTROL"=dword:00000001

"START"=dword:00000002

"TYPE"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole\Enum]

"0"="Root\\LEGACY_CMAPHOLE"

"Count"=dword:00000001

"NextInstance"=dword:00000001

 

 

 

And HighjackThis output:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:54:20, on 05/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\CA\ETRUST~1\realmon.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\EPSON\ESM2\eEBSVC.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\CA\eTrust Antivirus\InoTask.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\HighjackThis\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.rgu.ac.uk/exchange/m.edge/inbox/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2:8080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

--

End of file - 6909 bytes

 

 

 

Anna

Share this post


Link to post
Share on other sites

Let's first make a backup of that registry key. Again, copy the following bolded command and paste it on the Run line.

 

regedit /e "%userprofile%\desktop\cmap.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole"

 

It will create a reg file on your desktop named cmap.reg

Verify the reg file is present prior to continuing.

 

 

Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

 

Filename: fix.reg

Save as type: All Files (*.*)

 

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmaphole]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMAPHOLE]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae2e3ea-07e1-11da-8ab5-001109edccde}]

 

Double click fix.reg and allow it to merge with the registry.

 

Scan again with HijackThis and place a check next to the following entry then click Fix Checked.

 

O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe

 

 

Reboot and run another scan with dss and post the log please.

 

BTW, I failed to respond to your question about the USB backup drive ..... sorry. It should be OK, but you should probably run a virus scan on it once we get this all cleaned up.

Share this post


Link to post
Share on other sites

I've followed all the instructions and everything has run fine.

 

Here's the DSS log (main bit):

 

Deckard's System Scanner v20071014.68

Run by Martin Edge on 2007-12-06 08:54:47

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 5 Restore Point(s) --

75: 2007-12-06 08:54:56 UTC - RP756 - Deckard's System Scanner Restore Point

74: 2007-12-05 13:35:12 UTC - RP755 - System Checkpoint

73: 2007-12-04 07:45:23 UTC - RP754 - ComboFix created restore point

72: 2007-12-03 13:09:13 UTC - RP753 - System Checkpoint

71: 2007-11-30 10:14:00 UTC - RP752 - ComboFix created restore point

 

 

-- First Restore Point --

1: 2007-09-09 16:56:31 UTC - RP682 - System Checkpoint

 

 

Backed up registry hives.

Performed disk cleanup.

 

Total Physical Memory: 496 MiB (512 MiB recommended).

 

 

-- HijackThis (run as Martin Edge.exe) -----------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:55:49, on 06/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\CA\ETRUST~1\realmon.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\Citrix\ICA Client\pnagent.exe

C:\Program Files\EPSON\ESM2\eEBSVC.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\CA\eTrust Antivirus\InoTask.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Martin Edge\Desktop\dss.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\HIGHJA~1\HIJACK~1\Martin Edge.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.rgu.ac.uk/exchange/m.edge/inbox/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2:8080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

--

End of file - 6894 bytes

 

-- HijackThis Fixed Entries (C:\PROGRA~1\HIGHJA~1\HIJACK~1\backups\) -----------

 

backup-20071130-101054-429 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

backup-20071206-084706-653 O4 - HKCU\..\Run: [froody] C:\WINDOWS\system32\timoty.exe

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R0 INO_FLPY - c:\windows\system32\drivers\ino_flpy.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 7.X/6.X/4.X>

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>

R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

R2 eugss (EUTRON SmartKey GSS2 Driver) - c:\windows\system32\drivers\eugssxp.sys <Not Verified; EUTRON; SmartKey GSS>

R2 eusk2par (EUTRON SmartKey Parallel Driver) - c:\windows\system32\drivers\eusk2par.sys <Not Verified; EUTRON; Smartkey>

R2 INO_FLTR - c:\windows\system32\drivers\ino_fltr.sys <Not Verified; Computer Associates; CA eTrust Antivirus/InoculateIT version 7.X/6.X>

 

S2 MPManF50 (MPMan F50 USB Driver) - c:\windows\system32\drivers\mpmanf50.sys <Not Verified; MPMan.com,Inc.; MPMan-F50>

S3 catchme - c:\docume~1\martin~1\locals~1\temp\catchme.sys (file missing)

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 EpsonBidirectionalService - c:\program files\epson\esm2\eebsvc.exe

R2 InoRPC (eTrust Antivirus RPC Server) - "c:\program files\ca\etrust antivirus\inorpc.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>

R2 InoRT (eTrust Antivirus Realtime Server) - "c:\program files\ca\etrust antivirus\inort.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>

R2 InoTask (eTrust Antivirus Job Server) - "c:\program files\ca\etrust antivirus\inotask.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>

 

S3 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-12-03 20:22:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

 

 

-- Files created between 2007-11-06 and 2007-12-06 -----------------------------

 

2007-12-05 10:42:01 0 d-------- C:\WINDOWS\system32\LogFiles

2007-12-04 07:25:53 0 drahs---- C:\autorun.inf

2007-11-26 21:12:09 0 d-------- C:\Program Files\HighjackThis

2007-11-26 17:50:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities

2007-11-26 17:50:14 0 d--h----- C:\Documents and Settings\Administrator\Templates

2007-11-26 17:50:14 0 dr------- C:\Documents and Settings\Administrator\Start Menu

2007-11-26 17:50:14 0 dr-h----- C:\Documents and Settings\Administrator\SendTo

2007-11-26 17:50:14 0 dr-h----- C:\Documents and Settings\Administrator\Recent

2007-11-26 17:50:14 0 d--h----- C:\Documents and Settings\Administrator\PrintHood

2007-11-26 17:50:14 0 d--h----- C:\Documents and Settings\Administrator\NetHood

2007-11-26 17:50:14 0 dr------- C:\Documents and Settings\Administrator\My Documents

2007-11-26 17:50:14 0 d--h----- C:\Documents and Settings\Administrator\Local Settings

2007-11-26 17:50:14 0 dr------- C:\Documents and Settings\Administrator\Favorites

2007-11-26 17:50:14 0 d-------- C:\Documents and Settings\Administrator\Desktop

2007-11-26 17:50:14 0 d---s---- C:\Documents and Settings\Administrator\Cookies

2007-11-26 17:50:14 0 dr-h----- C:\Documents and Settings\Administrator\Application Data

2007-11-26 17:50:14 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2007-11-26 17:50:13 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT

2007-11-26 17:33:04 2960 --a------ C:\WINDOWS\system32\tmp.reg

2007-11-22 20:26:03 0 d-------- C:\Program Files\Enigma Software Group

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-11-22 21:16:55 0 d-------- C:\Documents and Settings\Martin Edge\Application Data\AVG7

2007-11-17 15:56:10 0 d-------- C:\Program Files\FinePixViewer

2007-10-20 10:03:59 0 d-------- C:\Documents and Settings\Martin Edge\Application Data\Identities

2007-10-15 14:11:41 0 d-------- C:\Documents and Settings\Martin Edge\Application Data\AdobeUM

2007-10-09 19:59:02 0 d-------- C:\Program Files\GPLGS

2007-10-09 19:52:58 0 d-------- C:\Program Files\Acro Software

2007-09-17 18:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>

2007-09-17 18:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>

2007-09-17 18:22:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>

2007-09-17 18:22:58 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [31/01/2005 15:09]

"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [06/04/2004 17:14]

"Cmaudio"="cmicnfg.cpl" [07/01/2004 15:14 C:\WINDOWS\CMICNFG.CPL]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/03/2003 18:24]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/03/2003 18:11]

"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [28/02/2005 22:50]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [27/08/2005 13:30]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 21:32]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [25/10/2007 07:32]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 08:41]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/06/2007 15:51]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [03/06/2004 21:05]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]

"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [08/11/2006 15:34]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [25/07/2007 17:48]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [17/03/2005 11:43:15]

DSLMON.lnk - C:\Program Files\Zoom Telephonics, Inc.\Zoom ADSL USB Modem\dslmon.exe [26/08/2005 16:39:58]

EPSON Background Monitor.lnk - C:\Program Files\EPSON\ESM2\STMS.exe [07/06/1999 10:11:18]

Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [09/05/2006 19:01:12]

Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe [29/11/2005 16:16:14]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoPropertiesRecycleBin"=0 (0x0)

"NoPropertiesMyComputer"=0 (0x0)

"NoPropertiesMyDocuments"=0 (0x0)

"NoDesktopCleanupWizard"=0 (0x0)

"DisablePersonalDirChange"=0 (0x0)

"NoSimpleStartMenu"=0 (0x0)

"NoChangeStartMenu"=0 (0x0)

"NoNetworkConnections"=0 (0x0)

"NoSetTaskbar"=0 (0x0)

"NoToolbarsOnTaskbar"=0 (0x0)

"NoStartMenuNetworkPlaces"=0 (0x0)

"NoSMMyDocs"=0 (0x0)

"NoSMHelp"=0 (0x0)

"NoManageMyComputerVerb"=0 (0x0)

"NoSecConsole"=0 (0x0)

"NoSharedDocuments"=0 (0x0)

"NoSecurityTab"=0 (0x0)

"NoHardwareTab"=0 (0x0)

"NoFileMenu"=0 (0x0)

"NoNetConnectDisconnect"=0 (0x0)

 

 

 

 

-- End of Deckard's System Scanner: finished at 2007-12-06 08:56:45 ------------

 

 

 

 

And here's the Extra bit:

 

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

 

CPU 0: Intel® Celeron® CPU 2.93GHz

Percentage of Memory in Use: 71%

Physical Memory (total/avail): 495.48 MiB / 139.7 MiB

Pagefile Memory (total/avail): 1158.29 MiB / 893.6 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1931.16 MiB

 

C: is Fixed (NTFS) - 149.05 GiB total, 119.77 GiB free.

D: is CDROM (No Media)

 

\\.\PHYSICALDRIVE0 - WDC WD1600JB-00GVC0 - 149.05 GiB - 1 partition

\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is set to notify before download.

Windows Internal Firewall is enabled.

 

FirstRunDisabled is set.

 

AV: AVG 7.5.503 v7.5.503 (Grisoft)

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Martin Edge\Application Data

AVENGINE=C:\PROGRA~1\CA\SHARED~1\SCANEN~1

CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=YOUR-5A76E71088

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Martin Edge

INOCULAN=C:\PROGRA~1\CA\ETRUST~1

LOGONSERVER=\\YOUR-5A76E71088

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0304

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp

TMP=C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp

USERDOMAIN=YOUR-5A76E71088

USERNAME=Martin Edge

USERPROFILE=C:\Documents and Settings\Martin Edge

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

Martin Edge (admin)

Administrator (new local, admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A00000000001}

Adobe Reader Multimedia Package --> MsiExec.exe /I{AC76BA86-7AD7-EF45-47A7-7E8A45A00001}

Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}

AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"

C-MAP NT PC Selector --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FE167F9A-EDD3-4677-8B3E-F9789FA3FCB3}

C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe

CA eTrust Antivirus --> MsiExec.exe /X{99747F0D-D4F8-4877-9CA0-4AE96D963633}

Chart Catalogue --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Chart Catalogue\Uninst.isu"

CNXT V92 Data Fax Voice --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F01&SUBSYS_9305141C\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F01&SUBSYS_9305141C

CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall

DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r

EPSON Status Monitor 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{87C51198-5A95-4577-9F47-B953D862FA90}

eTrust Registration --> MsiExec.exe /X{6BFF4534-7608-41F0-85F7-31A0569D8960}

FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9

FinePixViewer Ver.5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9

FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"

Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"

GPS Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{219BB7DF-83BA-44C6-A362-D17981FBD285}\Setup.exe"

HijackThis 2.0.2 --> "C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe" /uninstall

ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9

Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572

Intel® PRO Network Adapters and Drivers --> Prounstl.exe

iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}

Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}

Learning Ladder 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC0BA581-E3EC-11D5-9194-00105A68CFFF}\setup.exe"

MetaFrame Presentation Server Client --> MsiExec.exe /I{DF1D5FEC-D67C-43C8-9230-41F5DF350196}

Microsoft Entertainment Pack: The Puzzle Collection --> C:\Program Files\Microsoft Games\Puzzle Collection\Uninstal.exe /uninstall

Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}

MPMan Manager F50 V2.1 --> C:\PROGRA~1\MPMANF~1\UNWISE.EXE C:\PROGRA~1\MPMANF~1\INSTALL.LOG

PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed

QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}

RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Roxio Easy Media Creator 7 Basic DVD Edition --> MsiExec.exe /I{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5}

SmartKey Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB3ED071-8BE8-4E2D-BE04-993F1FDBDA35}\Setup.exe" -l0x9

Software-On-Board SOBv90 --> C:\SOBv90\uninst.exe

Sonic CinePlayer --> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}

Tide Plotter 2006 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Belfield Software\Tide Plotter 2006\Uninst.isu"

Zoom ADSL USB Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> -l0x9 -L0x9

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type1961 / Error

Event Submitted/Written: 12/05/2007 03:19:57 PM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application acrord32.exe, version 6.0.1.1091, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Processing media-specific event for [acrord32.exe!ws!]

 

Event Record #/Type1960 / Error

Event Submitted/Written: 12/05/2007 10:37:56 AM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Event Record #/Type1959 / Error

Event Submitted/Written: 12/05/2007 10:37:37 AM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Event Record #/Type1949 / Warning

Event Submitted/Written: 12/04/2007 07:47:18 AM

Event ID/Source: 1524 / Userenv

Event Description:

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

 

Event Record #/Type1941 / Warning

Event Submitted/Written: 11/30/2007 04:48:22 PM

Event ID/Source: 1524 / Userenv

Event Description:

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type5053 / Error

Event Submitted/Written: 12/06/2007 08:53:59 AM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The MPMan F50 USB Driver service failed to start due to the following error:

%%1058

 

Event Record #/Type5052 / Error

Event Submitted/Written: 12/06/2007 08:53:59 AM

Event ID/Source: 7000 / Service Control Manager

Event Description:

The General Purpose USB Driver (adildr.sys) service failed to start due to the following error:

%%1058

 

Event Record #/Type5047 / Error

Event Submitted/Written: 12/05/2007 07:58:23 PM

Event ID/Source: 1002 / Dhcp

Event Description:

The IP address lease 192.168.1.100 for the Network Card with network address 001109EDCCDE has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

 

Event Record #/Type5046 / Warning

Event Submitted/Written: 12/05/2007 04:39:17 PM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

 

Event Record #/Type5042 / Warning

Event Submitted/Written: 12/05/2007 10:39:51 AM

Event ID/Source: 1003 / Dhcp

Event Description:

Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 001109EDCCDE. The following

error occurred:

%%121.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.

 

 

 

-- End of Deckard's System Scanner: finished at 2007-12-06 08:56:45 ------------

 

 

 

 

Thanks, Noahdfear.

 

 

Anna

Share this post


Link to post
Share on other sites

Looks good. Lets tidy up a bit and run an online scan to make sure we haven't missed something. Click Start>Run and type ComboFix /u to remove ComboFix and the files it quarantined.

 

Download ATF Cleaner by Atribune and save it to your Desktop.

  • Double click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
     
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Java Cache
    • Recycle bin

     

    [*]The rest are optional - if you want it to remove everything check "Select All".

    [*]Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

    [*]If you use Firefox or Mozilla, I recommend you clean there cookies and temps too.

Reboot

 

Please do an online scan with Kaspersky WebScanner

 

Click on Kaspersky Online Scanner

 

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

      Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

Post the Kaspersky log and one more fresh HijackThis log.

Share this post


Link to post
Share on other sites

Thanks

 

Here's the Kaspersky log....

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, December 07, 2007 10:27:50 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 7/12/2007

Kaspersky Anti-Virus database records: 475009

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

C:\

D:\

 

Scan Statistics:

Total number of scanned objects: 61329

Number of viruses found: 2

Number of infected objects: 6

Number of suspicious objects: 0

Duration of the scan process: 00:53:35

 

Infected Object Name / Virus Name / Last Action

C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\Martin Edge\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\Martin Edge\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Martin Edge\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Martin Edge\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Martin Edge\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Martin Edge\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Martin Edge\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped

C:\Martin\Proposals\ARC Energy Group\ARC Energy Present 6-1-03\Codec\DivXPro501GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3102 skipped

C:\Martin\Proposals\ARC Energy Group\ARC Energy Present 6-1-03\Codec\DivXPro501GAINBundle.exe Vise: infected - 1 skipped

C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\notes.dat Object is locked skipped

C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\partner-700.dat Object is locked skipped

C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\subscrip-2000.dat Object is locked skipped

C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\survey.dat Object is locked skipped

C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\updates-300.dat Object is locked skipped

C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\urgent-800.dat Object is locked skipped

C:\Program Files\BigFix\__Data\evesham\__Local\Tmp\evesham-100.dat Object is locked skipped

C:\Program Files\BigFix\__Data\evesham\__Local\Tmp\Tips-700.dat Object is locked skipped

C:\Program Files\BigFix\__Data\__Global\Logs\20071207.log Object is locked skipped

C:\Program Files\CA\Etrust Antivirus\DB\rtmaster.dbf Object is locked skipped

C:\Program Files\CA\Etrust Antivirus\DB\rtmaster.ntx Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{DF86A8A6-7FBA-4D8C-BDD8-6B65A5E1E70E}\RP757\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{129AD1FD-8FA7-4061-9AFE-324CAB8968A9}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

 

_____________________________________________________________________________________

 

...and the 'Hijack this log...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:57:25, on 07/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\EPSON\ESM2\eEBSVC.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\CA\ETRUST~1\realmon.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\CA\eTrust Antivirus\InoTask.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\Citrix\ICA Client\pnagent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\HighjackThis\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.rgu.ac.uk/exchange/m.edge/inbox/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2:8080

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

--

End of file - 7011 bytes

 

________________________________________________________________________________________________-

 

The Kaspersky scan shows 2 viruses and 6 infected objects.

 

Thanks

 

Anna

Share this post


Link to post
Share on other sites

Looks great, Anna!

 

Delete the following files then empty the recycle bin.

 

C:\Documents and Settings\Martin Edge\Desktop\SmitfraudFix.exe

C:\Martin\Proposals\ARC Energy Group\ARC Energy Present 6-1-03\Codec\DivXPro501GAINBundle.exe

 

That should finish things up. Everything seem to be working as it should?

 

miekiemoes has put together a great page full of prevention information and tips that I recommend you check out.

Share this post


Link to post
Share on other sites

Wonderful, Noahdfear, I really appreaciate your help. Everything looks as it should and working fine.

 

I'll check out the list you've pointed me at.

 

Another happy customer!

 

Anna

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. ;)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this