Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Pop up errors from SpyBot S&D ... please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Pop up errors from SpyBot S&D ... please help

Unread postby DJGarry » February 3rd, 2009, 9:33 am

Hi. I am getting an endless stream of popups from SpyBot tea timer I think about registry changes. They are slowing the system right down to a stop and making it unusable. It seems ok if I run in Safe Mode. Can you look at the Hijack This log below and see if you can help me out please ... Thankyou. Garry



Logfile of HijackThis v1.99.1
Scan saved at 10:53:54, on 01/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.elertzsearch.com/new/results.aspx?keyword=%search&toolbar_id=%toolbar_id&webmaster_id=%webmaster_id&affid=%affid
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Reactivator Class - {6C31790D-1EDF-4b05-83DC-925B3A8E2318} - C:\Program Files\elertz Toolbar\elertz.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: elertz Toolbar - {0C6DD65A-F36B-4ac8-89EB-6175AEE6BB8C} - C:\Program Files\elertz Toolbar\elertz.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SystemTime] magic.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0562907625
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK
Advertisement
Register to Remove

Re: Pop up errors from SpyBot S&D ... please help

Unread postby davis » February 8th, 2009, 9:52 am

Hi DJGarry,


Welcome to MRU. My name is davis. I will be helping you to fix your malware problems.
If your issues have been resolved or already received help elsewhere, then please let us know. If not, and still need help. Please follow the instructions in the following.
In the meantime, please refrain from making any changes to your computer. Please rescan your computer and post a new HJT log and an Uninstall List.

Make an Uninstall List

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button
5. Click on the Save list button
6. It will prompt you to save. Save this log in a convenient location. By default, it's named uninstall_list.txt.
7. Copy and paste the contents in your next reply and a fresh HJT log.

In your next reply, please post back:

1.New HJT log
2.Uninstall list Thanks.
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Pop up errors from SpyBot S&D ... please help

Unread postby davis » February 10th, 2009, 8:27 pm

Hi DJGarry,

How things are running now? Still with us? :sad3:
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Pop up errors from SpyBot S&D ... please help

Unread postby DJGarry » February 11th, 2009, 6:55 am

Hi there.

Yes I'm still with you ...
Unfortunately, the pc playing up is my parents and I can't always get direct access to it, except when I go over to their house.
It just means there will be a bit of a delay in implementing any of the 'fix it' instructions you advise.

I do hope you can bare with me on this as both my parents are pretty computer illiterate :-) and really just use it for a bit of browsing and the odd e-mail ...... as soon as I can run the last instructions, I will post a reply to you.

Many thanks,


Garry.
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Pop up errors from SpyBot S&D ... please help

Unread postby davis » February 11th, 2009, 11:14 am

Hi DJGarry,

Its ok. I understand the suitation is. Take you time. Good luck!! :)
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Pop up errors from SpyBot S&D ... please help

Unread postby DJGarry » February 12th, 2009, 5:22 pm

Thanks for your patients :-)

Right, here goes ................

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
AnyDVD
Apple Software Update
BitLord 1.1
Camera RAW Plug-In for EPSON Creativity Suite
CloneDVD2
CuteFTP 7 Professional
CuteHTML
CX4300_5500_DX4400 manual
Del Mp3 Karaoke 4.7.4700
DriverMagic
DVD Region-Free 3.10
DVD Shrink 3.2
elertz Toolbar
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
Google Earth
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
InCD
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
K-Lite Codec Pack 3.4.5 Full
LimeWire 4.14.10
MatchWare ScreenCorder 5.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MIKSOFT Mobile 3GP converter
MOV to AVI MPEG WMV Converter 3.0.2
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 6 Ultra Edition
Nero Digital
Nero Media Player
NeroMIX
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Numark Cue (Atomix Productions)
NVIDIA Drivers
Paint Shop Pro 7 ESD
PC Connectivity Solution
Protected Music Converter 0.99b
QuickTime
RealPlayer
ScreenCorder 1.0
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sound Blaster AudioPCI Drivers Online Help
Sound Blaster Live! 1024
Spybot - Search & Destroy 1.4
Steinberg Cubase SX v3.1.1.944
SyncroSoft Emu (Remove only)
Syncrosoft's License Control
Trust Mouse 14835
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VC 9.0 Runtime
VirtualCloneDrive
WIDCOMM Bluetooth Software
Winamp
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Easy Transfer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
YAMP v1.3
ZoneAlarm




AND THE HJT LOG:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:58, on 12/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.elertzsearch.com/new/results.aspx?keyword=%search&toolbar_id=%toolbar_id&webmaster_id=

%webmaster_id&affid=%affid
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: Reactivator Class - {6C31790D-1EDF-4b05-83DC-925B3A8E2318} - C:\Program Files\elertz

Toolbar\elertz.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program

Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: elertz Toolbar - {0C6DD65A-F36B-4ac8-89EB-6175AEE6BB8C} - C:\Program Files\elertz

Toolbar\elertz.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program

Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate

Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SystemTime] magic.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

/NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

/NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) -

http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -

http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windows ... b?11905629

07625
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -

http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -

http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program

Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents

and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7030 bytes
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Pop up errors from SpyBot S&D ... please help

Unread postby davis » February 14th, 2009, 11:46 am

Hi DJGarry,

I notice you have been running HJT in safe mode with network support. While running rsit, please run it in normal mode. Unplug the internet access if you run into problems.
While posting the logs into forum, ensure in notepad under Format, uncheck "Word Wrap" if you selected. Thanks.

Step1

  1. Please download this tool from Microsoft.
  2. Double click on MGADiag.exe to run it.
  3. Click Continue.
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Step2

Regarding to Malware Removal's P2P Programs Policy, please uninstall the following program before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate LimeWire 4.14.10, and BitLord 1.1 and click on the Change/Remove button to uninstall it.
  3. Close Add/Remove Programs and Control Panel when done.


Step3

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please post back:

1.MGADiag log
2.RSIT log.txt and info.txt. Thanks.
Last edited by davis on February 14th, 2009, 9:33 pm, edited 1 time in total.
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Pop up errors from SpyBot S&D ... please help

Unread postby DJGarry » February 14th, 2009, 9:25 pm

Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-PK63K-FQYW9-PMDRG
Windows Product Key Hash: PAwn5S3DaK165zNm5Q1UTEhzGHk=
Windows Product ID: 76487-OEM-2215576-71590
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {8351614F-BC73-4B71-9DAF-F8880BB25B06}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.8.31.9
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.8.31.9
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
Microsoft Office FrontPage 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{8351614F-BC73-4B71-9DAF-F8880BB25B06}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-PMDRG</PKey><PID>76487-OEM-2215576-71590</PID><PIDType>3</PIDType><SID>S-1-5-21-1935655697-854245398-1957994488</SID><SYSTEM><Manufacturer>Gigabyte Technology Co.</Manufacturer><Model>7IXE4</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>62710</Version><SMBIOSVersion major="2" minor="3"/><Date>20000601000000.000000+000</Date></BIOS><HWID>26C532E701842E69</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.8.31.9"/><File Name="WgaLogon.dll" Version="1.8.31.9"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57165</Pid><PidType>14</PidType></Product><Product GUID="{90170409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office FrontPage 2003</Name><Ver>11</Ver><Val>5EA9C3672EB0500</Val><Hash>GZD+9sfb5ecL3RxyV4F75a86u2M=</Hash><Pid>72079-640-0000106-55114</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="17" Version="11" Result="100"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

....................................................................................
....................................................................................
....................................................................................



info.txt logfile of random's system information tool 1.05 2009-02-15 01:06:52

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x9 UNINST
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
CuteFTP 7 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}\Setup.exe" -l0x9
CuteHTML-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\GLOBAL~1\CUTEHTML\UNWISE32.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\GLOBAL~1\CUTEHTML\INSTALL.LOG
CX4300_5500_DX4400 manual-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\ENG\USE_G\DOCUNINS.EXE
Del Mp3 Karaoke 4.7.4700-->MsiExec.exe /I{42070CF0-746C-4085-9FE2-E0007864CB8C}
DriverMagic-->MsiExec.exe /I{5BEB2F46-3723-47CF-BF7F-39C453B9D977}
DVD Region-Free 3.10-->"C:\Program Files\DVD Region-Free\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
elertz Toolbar-->C:\Program Files\elertz Toolbar\elertz_uninst.exe
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
K-Lite Codec Pack 3.4.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
MatchWare ScreenCorder 5.0-->MsiExec.exe /I{3C6C929D-EEC5-4494-8514-A7B381E4E031}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MIKSOFT Mobile 3GP converter-->"C:\Program Files\MIKSOFT\Mobile 3GP converter\unins000.exe"
MOV to AVI MPEG WMV Converter 3.0.2-->"C:\Program Files\MOV to AVI MPEG WMV Converter\unins000.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
NeroMIX-->C:\WINDOWS\UNNMIX.exe /UNINSTALL
Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_eng_web.exe
Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Numark Cue (Atomix Productions)-->C:\PROGRA~1\NUMARK~1\UNWISE.EXE C:\PROGRA~1\NUMARK~1\INSTALL.LOG
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Paint Shop Pro 7 ESD-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
Protected Music Converter 0.99b-->"C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ScreenCorder 1.0-->C:\PROGRA~1\SCREEN~1\UNWISE.EXE C:\PROGRA~1\SCREEN~1\INSTALL.LOG
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sound Blaster AudioPCI Drivers Online Help-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CREATIVE\AUDIO\HELP\SBPCIDRV.isu"
Sound Blaster Live! 1024-->C:\WINDOWS\CTDEL.EXE -[Sound Blaster Live! 1024
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steinberg Cubase SX v3.1.1.944-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosoft's License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Trust Mouse 14835-->C:\Program Files\Trust\Mouse 14835\uninst00.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Easy Transfer-->"C:\WINDOWS\$NtUninstallWETCable$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
YAMP v1.3-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\YAMP\UnInst.log" "/APPNAME=YAMP v1.3"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

System event log

Computer Name: MUMA-AMD
Event Code: 7035
Message: The TrueVector Internet Monitor service was successfully sent a start control.

Record Number: 23422
Source Name: Service Control Manager
Time Written: 20090112112528.000000+000
Event Type: information
User: MUMA-AMD\Beryl

Computer Name: MUMA-AMD
Event Code: 7034
Message: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 97 time(s).

Record Number: 23421
Source Name: Service Control Manager
Time Written: 20090112112526.000000+000
Event Type: error
User:

Computer Name: MUMA-AMD
Event Code: 7035
Message: The TrueVector Internet Monitor service was successfully sent a start control.

Record Number: 23420
Source Name: Service Control Manager
Time Written: 20090112112526.000000+000
Event Type: information
User: MUMA-AMD\Beryl

Computer Name: MUMA-AMD
Event Code: 7034
Message: The TrueVector Internet Monitor service terminated unexpectedly. It has done this 96 time(s).

Record Number: 23419
Source Name: Service Control Manager
Time Written: 20090112112524.000000+000
Event Type: error
User:

Computer Name: MUMA-AMD
Event Code: 7035
Message: The TrueVector Internet Monitor service was successfully sent a start control.

Record Number: 23418
Source Name: Service Control Manager
Time Written: 20090112112524.000000+000
Event Type: information
User: MUMA-AMD\Beryl

Application event log

Computer Name: MUMA-AMD
Event Code: 1
Message:
Record Number: 1125
Source Name: AVGEMS
Time Written: 20070915130923.000000+060
Event Type: information
User:

Computer Name: MUMA-AMD
Event Code: 1
Message:
Record Number: 1124
Source Name: Avg7UpdSvc
Time Written: 20070915130848.000000+060
Event Type: information
User:

Computer Name: MUMA-AMD
Event Code: 0
Message:
Record Number: 1123
Source Name: btwdins
Time Written: 20070915130827.000000+060
Event Type: information
User:

Computer Name: MUMA-AMD
Event Code: 1005
Message: The Windows Installer initiated a system restart to complete or continue the configuration of 'Nokia PC Suite'.

Record Number: 1122
Source Name: MsiInstaller
Time Written: 20070915130542.000000+060
Event Type: information
User: MUMA-AMD\Garry

Computer Name: MUMA-AMD
Event Code: 11707
Message: Product: Nokia PC Suite -- Installation operation completed successfully.

Record Number: 1121
Source Name: MsiInstaller
Time Written: 20070915130542.000000+060
Event Type: information
User: MUMA-AMD\Garry

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\PC Connectivity Solution\;C:\Program Files\QuickTime\QTSystem\;
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 4 Stepping 4, AuthenticAMD
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8

-----------------EOF-----------------



....................................................................................
....................................................................................
....................................................................................





Logfile of random's system information tool 1.05 (written by random/random)
Run by Garry at 2009-02-15 01:06:13
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (21%) free of 20 GB
Total RAM: 639 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:06:41, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Garry\Desktop\RSIT.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Trend Micro\HijackThis\Garry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.elertzsearch.com/new/results.aspx?keyword=%search&toolbar_id=%toolbar_id&

webmaster_id=%webmaster_id&affid=%affid
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Reactivator Class - {6C31790D-1EDF-4b05-83DC-925B3A8E2318} - C:\Program

Files\elertz Toolbar\elertz.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -

C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: elertz Toolbar - {0C6DD65A-F36B-4ac8-89EB-6175AEE6BB8C} - C:\Program

Files\elertz Toolbar\elertz.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -

C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft

IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Creative Launcher] C:\Program

Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate

Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite

6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite

6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -

{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) -

http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -

http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windows ... wuweb_site

.cab?1190562907625
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -

http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -

http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program

Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION -

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software

Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7661 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{6C31790D-1EDF-4b05-83DC-925B3A8E2318}]
Reactivator Class - C:\Program Files\elertz Toolbar\elertz.dll [2007-09-19 1089536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON

Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0C6DD65A-F36B-4ac8-89EB-6175AEE6BB8C} - elertz Toolbar - C:\Program Files\elertz

Toolbar\elertz.dll [2007-09-19 1089536]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program

Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2005-12-04

461584]
"Creative Launcher"=C:\Program Files\Creative\Launcher\CTLauncher.exe []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-07-15 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-15 4112384]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[2006-04-29 94208]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-04-01 36352]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-11-13

981904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[2005-05-31 1415824]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2007-12-14 1637312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate]
C:\WINDOWS\system32\BMUpdate.exe [2001-07-03 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\DriverMagicLogon]
C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe [2005-10-14 12288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MEDIAMOUSE]
C:\Program Files\Trust\Mouse 14835\lsmouse.exe [2007-09-12 2619392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime

Task]
C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll [2005-09-18 5376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDela

yLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteH

ooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll

[2003-08-26 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewa

llpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.d

ll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program

Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program

Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program

Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program

Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program

Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program

Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program

Files\BitLord\BitLord.exe:*:Enabled:BitLord"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewa

llpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.d

ll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{

9c8f1bd7-873f-11dc-82fe-0002e31d1a31}]
shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L


======List of files/folders created in the last 1 months======

2009-02-15 01:06:13 ----D---- C:\rsit
2009-02-14 20:51:51 ----D---- C:\Documents and Settings\All Users\Application

Data\Office Genuine Advantage
2009-02-01 00:25:53 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2009-02-15 01:06:44 ----D---- C:\WINDOWS\Temp
2009-02-15 01:06:42 ----D---- C:\WINDOWS\Internet Logs
2009-02-15 01:06:37 ----D---- C:\WINDOWS\Prefetch
2009-02-15 00:47:47 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-15 00:44:14 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-14 20:56:05 ----D---- C:\Program Files\BitLord
2009-02-14 20:54:35 ----RD---- C:\Program Files
2009-02-12 23:02:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-12 21:42:29 ----A---- C:\WINDOWS\DVDRegionFree.INI
2009-02-01 11:27:11 ----SHD---- C:\WINDOWS\CSC
2009-02-01 10:53:51 ----D---- C:\Program Files\HijackThis
2009-01-16 20:30:39 ----A---- C:\WINDOWS\SchedLgU.Txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand,

4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07

25160]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-06-04 28544]
R1 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2007-06-16 31616]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-11-13 353680]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-11-30 97216]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys

[2006-10-30 329901]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys

[2006-11-13 862922]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09

33792]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM);

C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;

C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 16074]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys

[2008-04-13 10368]
R3 MODEMCSA;Unimodem Streaming Filter Device;

C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04

12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-07-15 2459712]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;

C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13

59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;

C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USR1806V;U.S. Robotics Voice Modem Driver 1806;

C:\WINDOWS\System32\DRIVERS\USR1806V.SYS [2001-08-17 794399]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-06-04

91136]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13

14592]
S3 BTDriver;Bluetooth Virtual Communications Driver;

C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-30 30459]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys

[2006-10-30 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-10-30 47875]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-10-30

30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys

[2006-10-30 67672]
S3 cirrus;cirrus; C:\WINDOWS\system32\DRIVERS\cirrus.sys [2001-08-17 45696]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys

[2001-08-17 3712]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver;

C:\WINDOWS\System32\DRIVERS\point32.sys [2005-12-01 21760]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USB_NDIS_51;USB Ndis Cable Modem Network Device Driver;

C:\WINDOWS\system32\DRIVERS\bcmndis.sys [2007-07-09 20622]
S3 usbccgp;Microsoft USB Generic Parent Driver;

C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys

[2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13

15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

[2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver;

C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;

C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 ACPI;ACPI; C:\WINDOWS\system32\drivers\ACPI.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand,

4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe [2006-11-11 266295]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All

Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-06-04 1151090]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-15

114755]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[2008-11-13 2405776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source

Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program

Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework;

C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Pop up errors from SpyBot S&D ... please help

Unread postby davis » February 14th, 2009, 9:38 pm

Hi DJGarry,

The format is difficult to indetify and it's hard for reading.

Make sure you have uncheck "Word Wrap" in your text file. While posting the logs, please press Preview button to ensure the format is right, then press Submit. Thanks.
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Pop up errors from SpyBot S&D ... please help

Unread postby DJGarry » February 15th, 2009, 7:20 am

Sorry, I think thats the best it gets. The pc in touble has great difficulty stablising in mormal mode and definatley wont connect to the internet. The scan you requested was done in mormal mode but it took around an hour to get done ... it was then put back into safe mode to log on and post the files. Word wrap was ticked where appropriate but in safe mode this may be going out of the window :-)

Garry
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Pop up errors from SpyBot S&D ... please help

Unread postby davis » February 15th, 2009, 9:36 am

Hi DJGarry,

It's ok. I understand the suitation you're experiencing now.

All the instructions below can be proceeded via flash drive or usb if you can't dowonload files from the infected pc including MBAM update files.


Step1

I notice you have not any antivirus program installed in your system. it's somewhat suicidal in this digital world nowadays.
Please get ONE antivirus and install it. Restart the computer for changes to take effect and update your virus definitions.


AVG Free 8.0 for Windows
avast! 4 Home Edition
AntiVir Free Edition

Step2

Please go toJotti's Scan or Virus Total for scanning one suspicious file.
Copy /paste the below files path into the text box next to the Browse button at the top of the page

Code: Select all
C:\WINDOWS\system32\SVKP.sys 

Click the Submit or Send File button and copy "Scanner results", and paste the contents into your next reply.


Step3

Please disable Spybot S&D's protection,or it will interfere.

  1. You can enable it after you're clean.
  2. Open Spybot and click on 'Mode' and check 'Advanced Mode'.
  3. Click on 'Tools' in bottom left hand corner.
  4. Click on the 'System Startup' icon.
  5. Uncheck 'Teatimer' box and/or uncheck 'Resident'.
  6. Click the 'Allow Change' box.
  7. Then, check next to the computer clock to see if the icon for Spybot is still there.
  8. If it is, right click it and choose 'exit Spybot-S&D Resident'.
  9. Restart the computer.
  10. If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below.
  11. http://www.russelltexas.com/malware/teatimer.htm



Step4

Back up the whole registry with ERUNT


  1. Please use the following link and download ERUNT.
  2. http://aumha.org/freeware/freeware.php
  3. For the zipped version:
  4. Unzip all the files into a folder of your choice.
  5. Click Erunt.exe to backup your registry to the folder of your choice.
Note: to restore your registry, go to the folder and start ERDNT.exe


Step5

Download OTMoveIt3.exe by OldTimer and save it to your desktop.
  • Double click on OTMoveIt3.exe to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
  • Note: Do not type it out to minimize the risk of typo error
    Code: Select all
    :Processes 
    explorer.exe
    
    :Files
    C:\Program Files\BitLord
    C:\WINDOWS\system32\magic.exe
    C:\WINDOWS\system32\antiwpa.dll 
    c:\windows\tasks\*.job
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{12F02779-6D88-4958-8AD3-83C12D86ADC7}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    "C:\Program Files\BitLord\BitLord.exe"=-
    "C:\Program Files\Grisoft\AVG7\avginet.exe"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c8f1bd7-873f-11dc-82fe-0002e31d1a31}]
    
    :Commands
    [EmptyTemp]
    [start explorer]
    [Reboot]
  • Click on MoveIt!
  • When done, click on Exit
  • Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
  • A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.



Step6

Please download Malwarebytes' Anti-Malware from Here or Here

If you can't update the virus definitions, please manually download them from Here and just double-click on mbam-rules.exe to install updates in the infected pc.

  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select "Perform Quick Scan", then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  10. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  11. You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




In your next reply, please post back:

1.MBAM log
2.Scanner results log
3.RSIT log.txt

Tell me how things are going now.
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Pop up errors from SpyBot S&D ... please help

Unread postby DJGarry » February 15th, 2009, 11:48 am

Right,


I'm half way through doing the things in your last post and i've got a "Let's activate Windows" window opened. It says some hardware had changed since it was last activated and it needs to re do it ....... should i go thru with it or leave it til later???
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Pop up errors from SpyBot S&D ... please help

Unread postby davis » February 15th, 2009, 1:04 pm

Hi DJGarry,

You can wait a little bit moment, After all issues are clear, You can activate it as instructed in the following:

http://support.microsoft.com/kb/307890

Good luck!!
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Pop up errors from SpyBot S&D ... please help

Unread postby DJGarry » February 15th, 2009, 3:20 pm

Scanner results
Scan taken on 15 Feb 2009 14:05:56 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


............................................................
............................................................
............................................................


File SVKP.sys received on 02.15.2009 15:19:01 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/39 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to

wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: )

for an undefined time.

You can wait for web response (automatic reload) or type your email in the form

below and click "request" so the system sends you a notification when the scan is

finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.15 -
AhnLab-V3 5.0.0.2 2009.02.14 -
AntiVir 7.9.0.79 2009.02.13 -
Authentium 5.1.0.4 2009.02.14 -
Avast 4.8.1335.0 2009.02.14 -
AVG 8.0.0.237 2009.02.14 -
BitDefender 7.2 2009.02.15 -
CAT-QuickHeal 10.00 2009.02.13 -
ClamAV 0.94.1 2009.02.15 -
Comodo 978 2009.02.15 -
DrWeb 4.44.0.09170 2009.02.15 -
eSafe 7.0.17.0 2009.02.15 -
eTrust-Vet 31.6.6358 2009.02.14 -
F-Prot 4.4.4.56 2009.02.13 -
F-Secure 8.0.14470.0 2009.02.15 -
Fortinet 3.117.0.0 2009.02.15 -
GData 19 2009.02.15 -
Ikarus T3.1.1.45.0 2009.02.15 -
K7AntiVirus 7.10.630 2009.02.14 -
Kaspersky 7.0.0.125 2009.02.15 -
McAfee 5526 2009.02.14 -
McAfee+Artemis 5526 2009.02.14 -
Microsoft 1.4306 2009.02.15 -
NOD32 3853 2009.02.14 -
Norman 6.00.02 2009.02.13 -
nProtect 2009.1.8.0 2009.02.15 -
Panda 10.0.0.10 2009.02.14 -
PCTools 4.4.2.0 2009.02.15 -
Prevx1 V2 2009.02.15 -
Rising 21.16.62.00 2009.02.15 -
SecureWeb-Gateway 6.7.6 2009.02.15 -
Sophos 4.38.0 2009.02.15 -
Sunbelt 3.2.1851.2 2009.02.12 -
Symantec 10 2009.02.15 -
TheHacker 6.3.2.1.257 2009.02.15 -
TrendMicro 8.700.0.1004 2009.02.15 -
VBA32 3.12.8.12 2009.02.15 -
ViRobot 2009.2.14.1607 2009.02.15 -
VirusBuster 4.5.11.0 2009.02.14 -
Additional information
File size: 2368 bytes
MD5...: f05028b163b92c302a74409d683ac9b0
SHA1..: 74a943b9f3bf63f8de5c3175f96366b24a661067
SHA256: c43a744c18d12b8214e75f67c557974564f24ec318807bbe796b26619fce7154
SHA512: 6b03105a7ea5ae7ddd88ec83a4fbd12e495bbc21ab90484cfadf178583771ee9
a059823500b3d2c485600d0bc3b2455144ef5ffc651b44566c7f1b737a5d2cb5

ssdeep: 48:qbLNySE/Z3hfHSEgu57tZVRv3xiA6kPMsXL/hfVcY:mRqZx+Q7VjiBkPLZfV

PEiD..: -
TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43c
timedatestamp.....: 0x3e6cafde (Mon Mar 10 15:31:42 2003)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2a0 0x110 0x120 5.12 7dad7d6ca221d6725388d90f719d0c20
.data 0x3c0 0x28 0x40 1.74 e741cf2e01e1bea59fcfd4a89d4358ad
INIT 0x400 0x18a 0x1a0 5.03 7b36305b5ff4cad3eeaca307bbb0fd60
.rsrc 0x5a0 0x350 0x360 3.18 46fab0e7c9b34889fdfead1c6e17eae8
.reloc 0x900 0x34 0x40 3.39 a963ac053cb6e23a9fbf797befe868bb

( 1 imports )
> ntoskrnl.exe: IoCreateDevice, IoCreateSymbolicLink, IoDeleteDevice,

IoDeleteSymbolicLink, RtlInitUnicodeString, IoCompleteRequest

( 0 exports )

ThreatExpert info: <a

href='http://www.threatexpert.com/report.aspx?md5=f05028b163b92c302a74409d683ac9b0'

target='_blank'>http://www.threatexpert.com/report.aspx?md5=f05028b163b92c302a74409d

683ac9b0</a>




............................................................
............................................................
............................................................



========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\BitLord\Torrents moved successfully.
C:\Program Files\BitLord\rules moved successfully.
C:\Program Files\BitLord\lang moved successfully.
C:\Program Files\BitLord\Downloads moved successfully.
C:\Program Files\BitLord moved successfully.
File/Folder C:\WINDOWS\system32\magic.exe not found.
C:\WINDOWS\system32\antiwpa.dll unregistered successfully.
C:\WINDOWS\system32\antiwpa.dll moved successfully.
c:\windows\tasks\AppleSoftwareUpdate.job moved successfully.
c:\windows\tasks\At1.job moved successfully.
c:\windows\tasks\At10.job moved successfully.
c:\windows\tasks\At11.job moved successfully.
c:\windows\tasks\At12.job moved successfully.
c:\windows\tasks\At13.job moved successfully.
c:\windows\tasks\At14.job moved successfully.
c:\windows\tasks\At15.job moved successfully.
c:\windows\tasks\At16.job moved successfully.
c:\windows\tasks\At17.job moved successfully.
c:\windows\tasks\At18.job moved successfully.
c:\windows\tasks\At19.job moved successfully.
c:\windows\tasks\At2.job moved successfully.
c:\windows\tasks\At20.job moved successfully.
c:\windows\tasks\At21.job moved successfully.
c:\windows\tasks\At22.job moved successfully.
c:\windows\tasks\At23.job moved successfully.
c:\windows\tasks\At24.job moved successfully.
c:\windows\tasks\At3.job moved successfully.
c:\windows\tasks\At4.job moved successfully.
c:\windows\tasks\At5.job moved successfully.
c:\windows\tasks\At6.job moved successfully.
c:\windows\tasks\At7.job moved successfully.
c:\windows\tasks\At8.job moved successfully.
c:\windows\tasks\At9.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet

Explorer\URLSearchHooks\\{12F02779-6D88-4958-8AD3-83C12D86ADC7} deleted

successfully.
Registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12F02779-6D88-4958-8AD3-83C12D86ADC7}\

not found.
Registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\\ deleted successfully.
Registry value

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewal

lpolicy\standardprofile\authorizedapplications\list\\C:\Program

Files\LimeWire\LimeWire.exe deleted successfully.
Registry value

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewal

lpolicy\standardprofile\authorizedapplications\list\\C:\Program

Files\uTorrent\uTorrent.exe deleted successfully.
Registry value

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewal

lpolicy\standardprofile\authorizedapplications\list\\C:\Program

Files\BitLord\BitLord.exe deleted successfully.
Registry value

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewal

lpolicy\standardprofile\authorizedapplications\list\\C:\Program

Files\Grisoft\AVG7\avginet.exe deleted successfully.
Registry key

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9

c8f1bd7-873f-11dc-82fe-0002e31d1a31}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Garry\LOCALS~1\Temp\~DFE749.tmp scheduled to be

deleted on reboot.
File delete failed. C:\DOCUME~1\Garry\LOCALS~1\Temp\~DFE759.tmp scheduled to be

deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02152009_153313

Files moved on Reboot...
File C:\DOCUME~1\Garry\LOCALS~1\Temp\~DFE749.tmp not found!
File C:\DOCUME~1\Garry\LOCALS~1\Temp\~DFE759.tmp not found!





............................................................
............................................................
............................................................





Malwarebytes' Anti-Malware 1.34
Database version: 1764
Windows 5.1.2600 Service Pack 3

15/02/2009 19:18:40
mbam-log-2009-02-15 (19-18-40).txt

Scan type: Quick Scan
Objects scanned: 102486
Time elapsed: 9 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{85e0b171-04fa-11d1-b7da-00a0c90348a7} (Adware.SmartShopper)

-> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ed7d3de-6dbe

-4516-8712-01b1b64b7057} (Adware.SmartShopper) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9

-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted

successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet

Explorer\URLSearchHooks\{12f02779-6d88-4958-8ad3-83c12d86adc7}

(Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\systemtime

(Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Pop up errors from SpyBot S&D ... please help

Unread postby davis » February 15th, 2009, 5:48 pm

Hi DJGarry,

Can you give me a brand new RSIT log in normal mode? Please tell me how your pc is running now. Thanks.
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware