Virus help please! Task bar & software reverts to older style

Question

splashgecko 0 Newbie Poster

13 Years Ago

Hi folks,

First time user of the forum, desparately needing help with an infection/virus/malware on my PC running XP.

My antivirus has started going bonkers popping up with messages similar to "A threat has been detected and has now been fixed. Click here for further details". My AV software is Norton Internet Security with Live Update. In addition, my desktop taskbar at the bottom of the screen has reverted from a nice blue to an older style grey, and so has other software I use including Internet Explorer and various design software I use for business. Another thing I've noticed that's occurred a handful of times is that I will hear a beep similar to an error beep, but there isn't a window or message anywhere, or a box to click "OK".

I have run the suggested cleanups that are recommended prior to posting on this forum - ATF Cleaner (cleaner freed up 89.430MBs), Microsoft Malicious Software Removal Tool (no malicious software detected), GMER Rootkit scanner (log posted below) and Malwarebytes Anti-Malware (nothing found - log below). All requested logs are posted below.

I'm not an expert by any means, but know the basics so please list a bit of detail for me when responding... hehehe. Thanks for any help, greatly appreciated. (By the way, I'm in Australia so there's a bit of time difference).

:(

Here are the logs:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-16 12:43:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 SAMSUNG_HD501LJ rev.CR100-13
Running: 22wvo9o3.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kfpoafoc.sys

---- System - GMER 1.0.15 ----

SSDT spej.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spej.sys ZwEnumerateValueKey [0xB9EC7030]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\azhsmtj3 \Device\Scsi\azhsmtj31 8A65C500
Device \Driver\azhsmtj3 \Device\Scsi\azhsmtj31Port7Path0Target0Lun0 8A65C500
Device 8A8E21F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 8A521500
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-16 19:18:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 SAMSUNG_HD501LJ rev.CR100-13
Running: 22wvo9o3.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kfpoafoc.sys

---- System - GMER 1.0.15 ----

SSDT 8A5290B8 ZwConnectPort
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB37746FA]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB3752F68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB3753230]
SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0xBA5FC700]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB37750B4]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB377543E]
SSDT spej.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spej.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT 8A4DD520 ZwLoadDriver
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB3773938]
SSDT spej.sys ZwQueryKey [0xB9EC7108]
SSDT spej.sys ZwQueryValueKey [0xB9EC6F88]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB3775982]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB3774AB8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB37529D8]

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B5A2616D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) B5A25FC2
INT 0x63 ? 8A8E3BF8
INT 0x63 ? 8A8E3BF8
INT 0x63 ? 8A8E3BF8
INT 0x63 ? 8A8E3BF8
INT 0x63 ? 8A8E3BF8
INT 0x83 ? 8A8E3BF8
INT 0x83 ? 8A8E3BF8
INT 0x83 ? 8A6BCBF8
INT 0x84 ? 8A6BCBF8
INT 0x94 ? 8A6BCBF8
INT 0xA4 ? 8A6BCBF8
INT 0xA4 ? 8A6BCBF8
INT 0xA4 ? 8A6BCBF8
INT 0xA4 ? 8A6BCBF8
INT 0xB4 ? 8A6BCBF8

---- Devices - GMER 1.0.15 ----

Device 8A8E21F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 8A521500
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\sptd \Device\1635261800 spej.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A70B1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A70B1F8
Device \Driver\usbuhci \Device\USBPDO-2 8A70B1F8
Device \Driver\PCI_PNP8050 \Device\00000053 spej.sys
Device \Driver\usbehci \Device\USBPDO-3 8A6AB1F8
Device \Driver\usbuhci \Device\USBPDO-4 8A70B1F8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 8A70B1F8
Device \Driver\usbuhci \Device\USBPDO-6 8A70B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A9531F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BC8DA9E9-9CBC-4D25-9BCC-D3DECE2DF067} 89E751F8
Device \Driver\usbehci \Device\USBPDO-7 8A6AB1F8
Device \Driver\Cdrom \Device\CdRom0 8A6651F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A6651F8
Device \Driver\Cdrom \Device\CdRom2 8A6651F8
Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools)
Device \Driver\NetBT \Device\NetBt_Wins_Export 89E751F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{147B7C30-C433-411C-AC95-EC3B8E9A01F9} 89E751F8
Device \Driver\NetBT \Device\NetbiosSmb 89E751F8

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8A70B1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A70B1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4B8500
Device \Driver\usbuhci \Device\USBFDO-2 8A70B1F8
Device 8A4B8500
Device \Driver\usbehci \Device\USBFDO-3 8A6AB1F8
Device \Driver\usbuhci \Device\USBFDO-4 8A70B1F8
Device \Driver\Ftdisk \Device\FtControl 8A9531F8
Device \Driver\usbuhci \Device\USBFDO-5 8A70B1F8
Device \Driver\usbuhci \Device\USBFDO-6 8A70B1F8
Device \Driver\usbehci \Device\USBFDO-7 8A6AB1F8
Device \Driver\azhsmtj3 \Device\Scsi\azhsmtj31 8A65C500
Device \Driver\azhsmtj3 \Device\Scsi\azhsmtj31Port7Path0Target0Lun0 8A65C500

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x88 0x55 0x90 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7A 0x3D 0xBD 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x1D 0x92 0x39 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x88 0x55 0x90 0x68 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7A 0x3D 0xBD 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0x1D 0x92 0x39 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5325

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/12/2010 8:34:57 PM
mbam-log-2010-12-16 (20-34-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 385161
Time elapsed: 1 hour(s), 4 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS (Ver_10-12-12.02) - NTFSx86
Run by User at 20:51:40.59 on Thu 16/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1024 [GMT 11:00]

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\umonit.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetComm\NP545\Installer\WINXP\NP545 Wireless Client Utility.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\DANIWEB downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://au.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://au.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\17.8.0.5\coIEPlg.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [NBCore] "c:\program files\common files\nero\nero backitup 4\NBCore.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UMonit] c:\windows\system32\umonit.exe
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BigDog305] c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
mRun: [NBKeyScan] "c:\program files\nero\nero backitup 4\NBKeyScan.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PrnStatusMX] c:\program files\hewlett-packard\prnstatusmx\PrnStatusMX.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [B2C_AGENT] c:\documents and settings\all users\application data\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\user\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\np545w~1.lnk - c:\program files\netcomm\np545\installer\winxp\NP545 Wireless Client Utility.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: vic.gov.au\sgate.ses
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230067505437
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-9-22 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-9-22 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-9-22 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-9-22 116784]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-22 126392]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-12-24 38656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-13 102448]
R3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20101213.001\IDSXpx86.sys [2010-12-15 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20101215.041\NAVENG.SYS [2010-12-16 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20101215.041\NAVEX15.SYS [2010-12-16 1360248]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2009-1-4 81408]
R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2009-1-4 63488]
R3 sense4v2;Senselock SenseIV v2.x Service;c:\windows\system32\drivers\sense4v2.sys [2004-8-7 10496]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
R4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctds.sys --> c:\windows\system32\drivers\pctDS.sys [?]
R4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctefa.sys --> c:\windows\system32\drivers\pctEFA.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-28 136176]
S2 ose32;Office Source Engine ;c:\windows\system32\idq32.exe --> c:\windows\system32\idq32.exe [?]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2009-2-21 6016]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [2010-5-11 16896]
S3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-8-20 59552]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys [2009-8-21 474368]
S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\drivers\usbVM305.sys [2009-8-21 1470336]
UnknownUnknown CH341SER;CH341SER; [x]

=============== Created Last 30 ================

2010-12-16 08:29:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-16 08:29:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-16 08:29:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-16 08:22:01 -------- d-----w- c:\windows\8C69F830E2D64881A8DA807A21B2C302.TMP
2010-12-15 21:35:00 -------- d-----w- c:\program files\PC Tools Security
2010-12-15 21:35:00 -------- d-----w- c:\program files\common files\PC Tools
2010-12-15 21:25:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-15 20:23:26 -------- d-----w- c:\program files\Enigma Software Group
2010-12-15 20:23:09 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-12-15 02:58:50 98816 ----a-w- c:\windows\sed.exe
2010-12-15 02:58:50 89088 ----a-w- c:\windows\MBR.exe
2010-12-15 02:58:50 256512 ----a-w- c:\windows\PEV.exe
2010-12-15 02:58:50 161792 ----a-w- c:\windows\SWREG.exe
2010-12-04 03:09:22 0 ---ha-w- c:\documents and settings\user\atsgnsagct.tmp
2010-12-04 03:07:12 -------- d-sh--w- c:\windows\system32\975D124CDB3ECE5DB929174BD99765AB
2010-12-04 03:06:53 203776 --sh--w- c:\windows\system32\unrar.exe
2010-12-04 00:47:14 -------- d-----w- c:\program files\Thomas Wright Consulting
2010-12-04 00:46:52 724992 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iKernel.dll
2010-12-04 00:46:52 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\ctor.dll
2010-12-04 00:46:52 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
2010-12-04 00:46:52 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iscript.dll
2010-12-04 00:46:52 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iuser.dll
2010-12-04 00:46:51 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\Setup.dll
2010-12-04 00:46:51 184452 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iGdi.dll
2010-12-04 00:41:27 -------- d-----w- c:\docume~1\user\applic~1\GetRightToGo

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 01:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

============= FINISH: 20:52:10.93 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 23/12/2008 2:07:03 PM
System Uptime: 16/12/2010 3:16:05 AM (17 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5K
Processor: Intel Pentium III Xeon processor | LGA775 | 2509/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 401.382 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
G: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1400782C&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1400782C&0
Service: i8042prt

==== System Restore Points ===================

RP633: 18/09/2010 11:53:09 AM - System Checkpoint
RP634: 19/09/2010 12:24:45 PM - System Checkpoint
RP635: 20/09/2010 1:24:45 PM - System Checkpoint
RP636: 21/09/2010 9:39:30 PM - System Checkpoint
RP637: 22/09/2010 10:19:32 PM - System Checkpoint
RP638: 23/09/2010 11:19:31 PM - System Checkpoint
RP639: 25/09/2010 12:07:31 AM - System Checkpoint
RP640: 26/09/2010 12:19:32 AM - System Checkpoint
RP641: 27/09/2010 2:56:44 AM - System Checkpoint
RP642: 28/09/2010 3:28:40 AM - System Checkpoint
RP643: 29/09/2010 4:19:31 AM - System Checkpoint
RP644: 30/09/2010 3:00:13 AM - Software Distribution Service 3.0
RP645: 1/10/2010 3:19:32 AM - System Checkpoint
RP646: 2/10/2010 4:19:32 AM - System Checkpoint
RP647: 3/10/2010 5:19:33 AM - System Checkpoint
RP648: 4/10/2010 7:07:32 AM - System Checkpoint
RP649: 5/10/2010 8:07:31 AM - System Checkpoint
RP650: 6/10/2010 3:00:14 AM - Software Distribution Service 3.0
RP651: 7/10/2010 3:20:36 AM - System Checkpoint
RP652: 8/10/2010 3:32:36 AM - System Checkpoint
RP653: 9/10/2010 4:32:36 AM - System Checkpoint
RP654: 10/10/2010 4:56:39 AM - System Checkpoint
RP655: 11/10/2010 5:20:36 AM - System Checkpoint
RP656: 12/10/2010 5:32:36 AM - System Checkpoint
RP657: 13/10/2010 6:20:37 AM - System Checkpoint
RP658: 14/10/2010 3:00:27 AM - Software Distribution Service 3.0
RP659: 15/10/2010 3:26:46 AM - System Checkpoint
RP660: 16/10/2010 4:26:47 AM - System Checkpoint
RP661: 17/10/2010 6:40:16 AM - System Checkpoint
RP662: 18/10/2010 6:52:45 AM - System Checkpoint
RP663: 19/10/2010 7:26:45 AM - System Checkpoint
RP664: 20/10/2010 7:39:51 AM - System Checkpoint
RP665: 21/10/2010 8:38:45 AM - System Checkpoint
RP666: 22/10/2010 9:38:45 AM - System Checkpoint
RP667: 23/10/2010 10:26:45 AM - System Checkpoint
RP668: 24/10/2010 11:17:57 AM - System Checkpoint
RP669: 25/10/2010 3:09:19 PM - System Checkpoint
RP670: 26/10/2010 3:29:57 PM - System Checkpoint
RP671: 27/10/2010 4:29:57 PM - System Checkpoint
RP672: 28/10/2010 5:29:56 PM - System Checkpoint
RP673: 29/10/2010 6:17:56 PM - System Checkpoint
RP674: 30/10/2010 6:29:57 PM - System Checkpoint
RP675: 2/11/2010 10:22:44 AM - System Checkpoint
RP676: 3/11/2010 11:05:31 AM - System Checkpoint
RP677: 4/11/2010 2:31:18 PM - System Checkpoint
RP678: 5/11/2010 3:55:22 PM - System Checkpoint
RP679: 6/11/2010 4:42:05 PM - System Checkpoint
RP680: 8/11/2010 1:21:02 PM - System Checkpoint
RP681: 9/11/2010 1:22:40 PM - System Checkpoint
RP682: 10/11/2010 1:36:56 PM - System Checkpoint
RP683: 11/11/2010 3:00:17 AM - Software Distribution Service 3.0
RP684: 12/11/2010 3:35:13 AM - System Checkpoint
RP685: 13/11/2010 4:23:12 AM - System Checkpoint
RP686: 14/11/2010 4:35:12 AM - System Checkpoint
RP687: 15/11/2010 5:23:12 AM - System Checkpoint
RP688: 16/11/2010 6:23:12 AM - System Checkpoint
RP689: 17/11/2010 7:23:14 AM - System Checkpoint
RP690: 18/11/2010 7:33:26 AM - System Checkpoint
RP691: 19/11/2010 8:21:26 AM - System Checkpoint
RP692: 20/11/2010 9:28:55 AM - System Checkpoint
RP693: 21/11/2010 9:34:12 AM - System Checkpoint
RP694: 22/11/2010 9:59:12 AM - System Checkpoint
RP695: 23/11/2010 10:34:11 AM - System Checkpoint
RP696: 24/11/2010 10:42:56 AM - System Checkpoint
RP697: 25/11/2010 10:49:36 AM - System Checkpoint
RP698: 26/11/2010 11:34:11 AM - System Checkpoint
RP699: 27/11/2010 1:52:18 PM - System Checkpoint
RP700: 28/11/2010 2:34:11 PM - System Checkpoint
RP701: 29/11/2010 3:25:18 PM - System Checkpoint
RP702: 30/11/2010 3:56:22 PM - System Checkpoint
RP703: 1/12/2010 5:44:39 PM - System Checkpoint
RP704: 2/12/2010 7:05:27 PM - System Checkpoint
RP705: 3/12/2010 8:13:22 PM - System Checkpoint
RP706: 4/12/2010 11:47:14 AM - Installed KeyGen Software License Key Generator Demo
RP707: 4/12/2010 4:00:48 PM - Removed e-tax 2009
RP708: 4/12/2010 4:02:04 PM - Removed GEAR ISO Burn.
RP709: 11/12/2010 12:37:44 PM - System Checkpoint
RP710: 14/12/2010 1:36:08 PM - System Checkpoint
RP711: 15/12/2010 6:49:35 PM - Software Distribution Service 3.0
RP712: 16/12/2010 7:23:25 AM - Installed SpyHunter
RP713: 16/12/2010 7:22:29 PM - Removed SpyHunter

==== Installed Programs ======================

100,000 Clipart - Volume 2
3DVIA player 4.1
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Attansic Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
Bonjour
Citrix Presentation Server Client
Common-Use Signing Interface
CorelDRAW 11 SA
CorelDRAW SA 11
Critical Update for Windows Media Player 11 (KB959772)
Digital Photo Navigator 1.5
Flash Slideshow Generator 2.1.4
FlexiSIGN-PRO 7.6v2
FlexiSIGN-PRO 8.1v1
Future Corporation 512mb Dongle Driver
FutureRIP_SE_R05
getPlus(R) for Corel
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Color LaserJet CP1210 Series
HP Color LaserJet CP1210 Series Toolbox
HP LaserJet Toolbox
HP Software Update
hppusgCP1215
HPSSupply
Infineon USB driver 1.0.0.6
iPod for Windows 2005-09-06
iTunes
KeyGen Software License Key Generator Demo
LG USB Modem Driver
Listing Factory 2008 v3.0
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# 2.0 Redistributable Package
MobileMe Control Panel
MosChip Multi-IO Controller
MrvlUsgTracking
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BackItUp
Nero BackItUp 4 Essentials
Nero ControlCenter
Nero Installer
NetComm NB6 Series ADSL2+ Router USB Driver
Norton Internet Security
NP545 Wireless Client Utility
NVIDIA Drivers
OGA Notifier 1.7.0105.35.0
PowerCinema NE for Everio
PowerDirector Express
PowerProducer
QuickBooks EasyStart 2010-11
QuickTime
Realtek High Definition Audio Driver
Roland SP-300
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sentinel System Driver
SignBlazer\06 release 6.0.11
SignBlazer5.5 XP buttons
SupportSoft Assisted Service
Turbo Lister 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2466076)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Flash Port Driver
USB PC Camera VC305
VBA (2627.01)
Vimicro USB PC Camera(VC0305)
WebFldrs XP
Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinZip 14.0

==== Event Viewer Messages From Past Week ========

16/12/2010 7:22:37 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
15/12/2010 2:10:43 PM, error: Par1284 [3] -
15/12/2010 2:10:29 PM, error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: The system cannot find the device specified.
15/12/2010 2:10:29 PM, error: Service Control Manager [7000] - The Machnm32 Driver service failed to start due to the following error: The system cannot find the file specified.
13/12/2010 9:49:26 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/12/2010 9:58:45 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/12/2010 9:37:13 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
12/12/2010 10:03:17 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/12/2010 12:06:44 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126ADB-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================

microsoft virus-malware windows-virus windows-xp

4 Contributors
12 Replies
490 Views
1 Month Discussion Span
Latest Post 13 Years Ago Latest Post by splashgecko

gerbil 216 Industrious Poster

13 Years Ago

You could restore these 2 entries from hijackthis backup. They are benign, and useful.
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
This one is a USB connection monitor. Up to you. It is not needed.
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe

crunchie 990 Most Valuable Poster

13 Years Ago

Also, it is best not to use Hijackthis to remove 023 service entries. Hijackthis fails to read the entries correctly, hence the (file missing) at the end.
Best to ask the OP if the programs actually exist before 'fixing' them :).

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Waffles007 -1 Light Poster · Answer 1 · 2010-12-21T00:40:00+00:00

Hi,

Hmm, it sounds like whatever bug you have is changing it's name whenever it gets "deleted"

Can you download Spybot Search & Destroy (http://www.safer-networking.org/index2.html) and install it and update it then reboot the computer into Safe Mode (Hit F8 repeatedly once the system starts to reboot)

Then run Spybot in Safe Mode. In Safe Mode there "shouldn't" be any bugs running, so a cleaning in safe mode is your best bet to remove a stubborn bug.

Hope this helps.

Waffles

splashgecko 0 Newbie Poster · Answer 2 · 2010-12-21T11:17:22+00:00

Hey Waffles,

Thanks for the help.

I've downloaded Spybot from your link and run in Safe Mode. It came up with 6 tracking cookies - Adviva, DoubleClick, FastClick, MediaPlex, Right Media and WebTrends live. I selected "fix" for all of them and they were successfully removed according to Spybot. I have reverted the menu bar manually to XP blue and have rebooted - all seems OK at this stage. Any other recommendations?

Thanks again, much appreciated!

SG

Waffles007 -1 Light Poster · Answer 3 · 2010-12-22T08:36:30+00:00

Good to hear it's clean SG. Hmmm, it only found tracking cookies. Is it still reverting? If so, I would recommend going back into safe mode and see if Norton will run it's anti-virus scan. Some anti-virus' will not run in safe mode so it's a hit or miss attempt.

I'm noticing a couple programs that seem "suspicious". Do you know if they were installed by you or installed from a trusted source?

KeyGen Software License Key Generator Demo
MarketResearch

Also if it is still occurring can you run this little guy and post the results here.

http://free.antivirus.com/hijackthis/

Hijackthis will scan and display all your currently running software.

Waffles

splashgecko 0 Newbie Poster · Answer 4 · 2010-12-23T11:08:10+00:00

Righto, have done as suggested...

At the moment, the bottom bar is remaining blue (I manually changed it to blue about a week ago and it has remained blue so that's good). However, Internet Explorer is still randomly (once every day or so) playing up - I am running IE 8 and where the task bar is with File; Edit; View etc etc this whole line goes black right across the screen, blacking out the menu options and so on. When I close IE, then reopen it reverts back to normal.

I started in Safe mode and ran Norton - it found 15 tracking cookies plus 1 Heuristic virus, which it automatically "fixed". The details on the virus related to a program we'd downloaded but hadn't installed called BenVista Photozoom (it was a .exe file if this helps at all).

In relation to the two files you mention above - the keygen software is a file that came with another program we downloaded, which we haven't used and don't need/want. The marketresearch we have no knowledge on, and don't know where it came from.

Have also run the hijackthis link, here's the info from the log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:27:29 AM, on 23/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\umonit.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NetComm\NP545\Installer\WINXP\NP545 Wireless Client Utility.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\DANIWEB downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NP545 Wireless Client Utility.lnk = C:\Program Files\NetComm\NP545\Installer\WINXP\NP545 Wireless Client Utility.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230067505437
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Installer - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose32) - Unknown owner - C:\WINDOWS\system32\idq32.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11477 bytes

Thanks for the ongoing help, greatly appreciated :)

splashgecko 0 Newbie Poster · Answer 5 · 2010-12-23T11:25:14+00:00

Sorry, forgot to add that after running Norton in safe mode, when I restarted in normal mode the following message box popped up:

SYSTEM CONFIGURATION UTILITIES
You have used the System Configuration Utility to make changes to the way Windows . . (yep, two dots! no words, just the dots)
The Sytem Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the normal startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.
[] Don't show this message or launch the System Configuration Utility when windows starts.

Not sure if this was supposed to happen? After clicking OK, it opened a System Configuration window with a few tick boxes - I clicked cancel and didn't change any of them.

Waffles007 -1 Light Poster · Answer 6 · 2010-12-23T22:46:51+00:00

Glad I can help. Run Highjackthis again, select these to remove.

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Office Source Engine (ose32) - Unknown owner - C:\WINDOWS\system32\idq32.exe (file missing)

Once those guys are gone, hold down your "Windows" key and press R to bring up the Run Command box. type "msconfig" without quotations and hit enter.

Select Normal Startup then hit Ok. If it asks to restart the computer, save any open documents and restart the computer.

I don't see anything that specifically opens internet explorer, but I did notice 4 IEXPLORER.EXE's in your printout.

Once the computer reboots, hit CTRL-SHIFT-ESC to bring up the task mamnager. Is IEXPLORER.EXE Running? If so, select it and hit End Process.

Hope this clears up some things.

Waffles

splashgecko 0 Newbie Poster · Answer 7 · 2010-12-24T10:53:57+00:00

Righto,

Have run Hijackthis again and removed all the above listed except the following item, as it did not appear in the list when I ran the scan:

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

After removing the other files, and holding down the Windows button and hitting "R" key to bring up the run command box, that all worked and the system config box opened; the "Normal Startup" box was already ticked so I just hit OK, BUT when I did, a message popped up saying that I would need to log in as an administrator and re-do these actions for changes to take effect. I am the only user account with admin rights, and was using this account at the time so not sure what the go is there??

Anyway, rebooted as it advised and iexplorer.exe was not running in task manager (there was a similar item called explorer.exe running which I left).

Thanks Waffles...

Waffles007 -1 Light Poster · Answer 8 · 2010-12-24T11:37:31+00:00

That's good to hear splashgecko. I suspect one of the items was already disabled and when we removed it, the system reverted because no items were currently disabled.
Explorer.exe is the windows display file, so we'll want that one running all the time or our desktops would be very bare.
Strange it told you an admin needed to alter the config.

I hope all is well on your end. If anything changes, just drop a line here. I'm always willing to help.

Thanks Gerbil. I could not find enough info on their uses they seemed safe to be removed to see if they were part of the problem.

As for the umon file, yes it can be harmless however some were stating it can be infected at times. It not a nessary item though as you stated.
Waffles

splashgecko 0 Newbie Poster · Answer 9 · 2010-12-24T13:37:57+00:00

Thanks Gerbil & Waffles for all your help - I'll keep an eye on things over the next few days and let you know if any further drama's arise, but all good at the moment (touch wood!).

Santa will be here in 6 hours, Merry Christmas to you both :)

splashgecko 0 Newbie Poster · Answer 10 · 2011-01-27T10:11:22+00:00

Hey Waffles and others toward the end... thanks for your help with my problem - I am happy to report that my PC is back to normal, and no more funny business has occurred since the above posts around Christmas. Very grateful for your help, thanks guys!