Jump to content

scribbly

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by scribbly

  1. Not had a problem since unenabling the Desktop Manager, but to be sure... Malwarebytes' Anti-Malware 1.30 Database version: 1316 Windows 5.1.2600 Service Pack 3 25/10/2008 10:44:44 PM mbam-log-2008-10-25 (22-44-44).txt Scan type: Quick Scan Objects scanned: 53294 Time elapsed: 3 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:45:10 PM, on 25/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\$ISR\0\ISRService.exe C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe C:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe C:\Program Files\Powerware\LanSafe\bin\httpserver.exe C:\Program Files\Powerware\LanSafe\bin\status_glance.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\system32\ctfmon.exe C:\$ISR\$APP\ISRMonitor.exe C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Chameleon Startup Manager 2\csmonitor.exe G:\Programmes\TaskSwitchXP\TaskSwitchXP.exe C:\Program Files\Wakoopa\Wakoopa.exe C:\Program Files\Software Informer\softinfo.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\KlipFolio\KlipFolio.exe C:\Documents and Settings\CompAdmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\ProcessTamer\ProcessTamerTray.exe c:\progra~1\intern~2\mum.exe c:\windows\system32\wtablet\tabuserw.exe c:\program files\picasa2\picasamediadetector.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe g:\programmes\cfdbutton\cfdbutton.exe g:\programmes\multimonitormouse\multimonitormouse.exe c:\program files\launchbarcommander\launchbarcommander.exe c:\program files\findandrunrobot\findandrunrobot.exe c:\program files\siber systems\ai roboform\robotaskbaricon.exe c:\program files\sandboxie\sbiectrl.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\program files\netcomm\mfp server control center\control center.exe c:\program files\digsby\lib\digsby-app.exe c:\program files\free download manager\fum\fum.exe c:\program files\softland\backup4all 3\backup4all.exe c:\program files\softland\backup4all 3\backup4all.exe c:\program files\common files\logishrd\lcommgr\communications_helper.exe c:\program files\logitech\quickcam\quickcam.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\java\jre1.6.0_02\bin\jusched.exe G:\Programmes\NexusFile\NexusFile.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\PSPad editor\PSPad.exe g:\programmes\hijackthis\hijackthis.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [iSR_MONITOR] C:\$ISR\$APP\ISRMonitor.exe O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [LsTrayAgent] C:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Chameleon Startup Monitor] "C:\Program Files\Chameleon Startup Manager 2\csmonitor.exe" /startup O4 - HKCU\..\Run: [TaskSwitchXP] G:\Programmes\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Wakoopa] C:\Program Files\Wakoopa\Wakoopa.exe O4 - HKCU\..\Run: [software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [KlipFolio] "C:\Program Files\KlipFolio\KlipFolio.exe" /BOOT O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe (User 'Default user') O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: eNF: AddLink - C:\Documents and Settings\CompAdmin\Local Settings\Apps\2.0\XHY67WXM.YR2\7Y7ZO9E4.0VC\enuf..tion_36add1d41e4bde84_0000.0001_752b80b7735258ef\IE\AddURL.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Surfulater: Add &new Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDTOSURFULATER.HTML O8 - Extra context menu item: Surfulater: Add Article pl&us Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDANDATTACHTOSURFULATER.HTML O8 - Extra context menu item: Surfulater: Attac&h Page to Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/ATTACHTOSURFULATER.HTML O8 - Extra context menu item: Surfulater: Book&mark this Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/BOOKMARKINSURFULATER.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Surfulater - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exe O9 - Extra 'Tools' menuitem: SAIG Surfula&ter - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: FirstDefense-ISR Service (ISRService) - Raxco Software, Inc. - C:\$ISR\0\ISRService.exe O23 - Service: LanSafe Power Monitor (LanSafe PM) - Eaton Corporation - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe O23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O24 - Desktop Component 0: (no name) - G:\Documents\My Pictures\ScribblyWallPapperRight.jpg -- End of file - 13980 bytes
  2. Hi: sorry I've been away (had to take a rest from these problems ) I wondered if it was a hardware problem... On the way home from work I thought I'd re-check my hard drives: which all ended up fine BTW. But in the process, I re-remembered that nVidia's nView Desktop Manager sometimes produces problems (take a look at the 50,000 google hits!). So I unEnabled it and I think I found the problem! Been working all night so far without a problem. Sorry, it seems we've all been barking up the wrong tree: but I hope it may shorten other people's search if they have similar problems. Thanks for your time and help!!
  3. See my reply here. The virusTotal log (this was a similar result to the two others that I tried): File PD_Pro_4_1_Update.exe received on 10.16.2008 23:51:48 (CET) Result: 1/36 (2.78%) Antivirus Version Last Update Result AhnLab-V3 2008.10.17.0 2008.10.16 - AntiVir 7.9.0.4 2008.10.16 - Authentium 5.1.0.4 2008.10.16 - Avast 4.8.1248.0 2008.10.15 - AVG 8.0.0.161 2008.10.16 - BitDefender 7.2 2008.10.16 - CAT-QuickHeal 9.50 2008.10.16 - ClamAV 0.93.1 2008.10.16 - DrWeb 4.44.0.09170 2008.10.16 - eSafe 7.0.17.0 2008.10.16 Suspicious File eTrust-Vet 31.6.6151 2008.10.16 - Ewido 4.0 2008.10.16 - F-Prot 4.4.4.56 2008.10.16 - F-Secure 8.0.14332.0 2008.10.16 - Fortinet 3.113.0.0 2008.10.16 - GData 19 2008.10.16 - Ikarus T3.1.1.44.0 2008.10.16 - K7AntiVirus 7.10.497 2008.10.16 - Kaspersky 7.0.0.125 2008.10.16 - McAfee 5407 2008.10.16 - Microsoft 1.4005 2008.10.16 - NOD32 3528 2008.10.16 - Norman 5.80.02 2008.10.16 - Panda 9.0.0.4 2008.10.16 - PCTools 4.4.2.0 2008.10.16 - Prevx1 V2 2008.10.16 - Rising 20.66.32.00 2008.10.16 - SecureWeb-Gateway 6.7.6 2008.10.16 - Sophos 4.34.0 2008.10.16 - Sunbelt 3.1.1728.1 2008.10.16 - Symantec 10 2008.10.16 - TheHacker 6.3.1.0.116 2008.10.16 - TrendMicro 8.700.0.1004 2008.10.16 - VBA32 3.12.8.7 2008.10.16 - ViRobot 2008.10.16.1423 2008.10.16 - VirusBuster 4.5.11.0 2008.10.16 - Additional information File size: 2705590 bytes MD5...: 2971bae6e0c95c8f1e754df0fd9d87e8 SHA1..: b0904981c3321fbe732d948dedc9df0dc48431fb SHA256: 3fdcc3303cf7d52f346b82fc75419e1e39f71f2ecba47eb1c74a97d214b4cbec SHA512: b1330ff1690ed19b7a85249801c30264afc47d2be75dd713d714ddf74247df70 76814a102922a8bbd61a38b57baf98ca4e9d99124a18304c811b52a530cefde0 PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser TrID..: File type identification Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x430a50 timedatestamp.....: 0x3d2b40d9 (Tue Jul 09 20:00:25 2002) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x26000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x27000 0xa000 0x9c00 7.88 97106e4bb31a1f074266664eaf025e74 .rsrc 0x31000 0x3000 0x2600 5.49 39848f8386e3d717d0281c495bb08514 ( 7 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess > ADVAPI32.DLL: IsValidAcl > COMCTL32.DLL: InitCommonControls > CRTDLL.DLL: _iob > GDI32.DLL: SetPixel > SHELL32.DLL: ShellExecuteA > USER32.DLL: GetDC ( 0 exports ) packers (Kaspersky): UPX, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE packers (F-Prot): UPX, ZIP, XORCrypt
  4. OK, I've tried that here but the zipped file is 2.6Mb which is a little bigger than what is allowed for attachments. I had to go and download it again as I'd deleted it before I got your post. While I was at it I put it through some one line scanners at http://www.virscan.org/ and http://www.virus.org/. I ran the Panda again, but it's just down to Tracking Cookies.
  5. And the Active Log (though I think that the DogWaffle entries are false positives): ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-10-16 07:11:00 PROTECTIONS: 1 MALWARE: 13 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== avast! antivirus 4.8.1229 [VPS 081014-0] 4.8.1229 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00024402 Exploit/iFrame HackTools No 0 Yes No M:\eMail\MAIL\Survey\fol068b4.pmm.zip[fol068b4.pmm][~0000391.~] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\CompAdmin\Cookies\compadmin@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\CompAdmin\Cookies\compadmin@atdmt[1].txt 00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\$ISR\6\Documents and Settings\CompAdmin\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.tucows.com/] 00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\$ISR\6\Documents and Settings\CompAdmin\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.tucows.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\3\Documents and Settings\Papa Oh\Application Data\Mozilla\Firefox\Profiles\j5wnroue.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\6\Documents and Settings\CompAdmin\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\MyNewSandbaox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.com.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CompAdmin\Cookies\compadmin@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CompAdmin\Cookies\compadmin@bs.serving-sys[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\$ISR\3\Documents and Settings\Papa Oh\Application Data\Mozilla\Firefox\Profiles\j5wnroue.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Cookies\compadmin@go[1].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[searchportal.information.com/] 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[searchportal.information.com/] 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[searchportal.information.com/] 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[searchportal.information.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.did-it.com/] 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\$ISR\5\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmd.exe 01262593 Application/NirCmd.A HackTools No 0 Yes No G:\My Downloads\Software\FARR\nircmd.zip[nircmd/nircmd.exe] 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmd.exe 01262593 Application/NirCmd.A HackTools No 0 Yes No C:\$ISR\2\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmd.exe 02899655 Application/NirCmd.A HackTools No 0 Yes No C:\$ISR\5\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmdc.exe 02899655 Application/NirCmd.A HackTools No 0 Yes No G:\My Downloads\Software\FARR\nircmd.zip[nircmd/nircmdc.exe] 02899655 Application/NirCmd.A HackTools No 0 Yes No C:\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmdc.exe 03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\005.dat 03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\004.dat 03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\003.dat 03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\007.dat 03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\001.dat 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][000.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][001.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][003.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][004.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][005.dat] 03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\009.dat 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][009.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][000.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][001.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][002.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][005.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][007.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][008.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][010.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][011.dat] 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][013.dat] 03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\000.dat 03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][007.dat] ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location Q ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description Q ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = ===================
  6. I'll take your word for it, but looking at two different HJT logs, one run from C Drive and the other run from a second internal drive (G), are very similar... Yep, I've done that, and yes many MB's of data were deleted!! Here is the MBAM log: Malwarebytes' Anti-Malware 1.28 Database version: 1271 Windows 5.1.2600 Service Pack 2 15/10/2008 10:22:18 PM mbam-log-2008-10-15 (22-22-18).txt Scan type: Quick Scan Objects scanned: 51211 Time elapsed: 3 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HJT (Run from the C Drive): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:23:26 PM, on 15/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\$ISR\0\ISRService.exe C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Powerware\LanSafe\bin\httpserver.exe C:\$ISR\$APP\ISRMonitor.exe C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Powerware\LanSafe\bin\status_glance.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Chameleon Startup Manager 2\csmonitor.exe G:\Programmes\TaskSwitchXP\TaskSwitchXP.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Wakoopa\Wakoopa.exe C:\Program Files\Software Informer\softinfo.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\KlipFolio\KlipFolio.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ProcessTamer\ProcessTamerTray.exe C:\WINDOWS\system32\msdtc.exe c:\progra~1\intern~2\mum.exe C:\WINDOWS\System32\svchost.exe c:\windows\system32\wtablet\tabuserw.exe c:\program files\picasa2\picasamediadetector.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe g:\programmes\cfdbutton\cfdbutton.exe g:\programmes\multimonitormouse\multimonitormouse.exe c:\program files\launchbarcommander\launchbarcommander.exe c:\program files\findandrunrobot\findandrunrobot.exe c:\program files\siber systems\ai roboform\robotaskbaricon.exe c:\program files\mozilla firefox\firefox.exe c:\program files\sandboxie\sbiectrl.exe C:\Program Files\Free Download Manager\fdm.exe c:\program files\netcomm\mfp server control center\control center.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\PSPad editor\PSPad.exe c:\program files\free download manager\fum\fum.exe c:\program files\softland\backup4all 3\backup4all.exe c:\program files\softland\backup4all 3\backup4all.exe c:\program files\common files\logishrd\lcommgr\communications_helper.exe c:\program files\logitech\quickcam\quickcam.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe G:\Programmes\NexusFile\NexusFile.exe C:\Program Files\HiJackThis\HijackThis.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [iSR_MONITOR] C:\$ISR\$APP\ISRMonitor.exe O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [LsTrayAgent] C:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exe O4 - HKCU\..\Run: [Chameleon Startup Monitor] "C:\Program Files\Chameleon Startup Manager 2\csmonitor.exe" /startup O4 - HKCU\..\Run: [TaskSwitchXP] G:\Programmes\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Wakoopa] C:\Program Files\Wakoopa\Wakoopa.exe O4 - HKCU\..\Run: [software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [KlipFolio] "C:\Program Files\KlipFolio\KlipFolio.exe" /BOOT O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe (User 'Default user') O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: eNF: AddLink - C:\Documents and Settings\CompAdmin\Local Settings\Apps\2.0\XHY67WXM.YR2\7Y7ZO9E4.0VC\enuf..tion_36add1d41e4bde84_0000.0001_752b80b7735258ef\IE\AddURL.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Surfulater: Add &new Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDTOSURFULATER.HTML O8 - Extra context menu item: Surfulater: Add Article pl&us Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDANDATTACHTOSURFULATER.HTML O8 - Extra context menu item: Surfulater: Attac&h Page to Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/ATTACHTOSURFULATER.HTML O8 - Extra context menu item: Surfulater: Book&mark this Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/BOOKMARKINSURFULATER.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Surfulater - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exe O9 - Extra 'Tools' menuitem: SAIG Surfula&ter - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: FirstDefense-ISR Service (ISRService) - Raxco Software, Inc. - C:\$ISR\0\ISRService.exe O23 - Service: LanSafe Power Monitor (LanSafe PM) - Eaton Corporation - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe O23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 13739 bytes HJT (Run from the G Drive): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:25:49 PM, on 15/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\$ISR\0\ISRService.exe C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Powerware\LanSafe\bin\httpserver.exe C:\$ISR\$APP\ISRMonitor.exe C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Powerware\LanSafe\bin\status_glance.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Chameleon Startup Manager 2\csmonitor.exe G:\Programmes\TaskSwitchXP\TaskSwitchXP.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Wakoopa\Wakoopa.exe C:\Program Files\Software Informer\softinfo.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\KlipFolio\KlipFolio.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ProcessTamer\ProcessTamerTray.exe C:\WINDOWS\system32\msdtc.exe c:\progra~1\intern~2\mum.exe C:\WINDOWS\System32\svchost.exe c:\windows\system32\wtablet\tabuserw.exe c:\program files\picasa2\picasamediadetector.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe g:\programmes\cfdbutton\cfdbutton.exe g:\programmes\multimonitormouse\multimonitormouse.exe c:\program files\launchbarcommander\launchbarcommander.exe c:\program files\findandrunrobot\findandrunrobot.exe c:\program files\siber systems\ai roboform\robotaskbaricon.exe c:\program files\mozilla firefox\firefox.exe c:\program files\sandboxie\sbiectrl.exe C:\Program Files\Free Download Manager\fdm.exe c:\program files\netcomm\mfp server control center\control center.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\PSPad editor\PSPad.exe c:\program files\free download manager\fum\fum.exe c:\program files\softland\backup4all 3\backup4all.exe c:\program files\softland\backup4all 3\backup4all.exe c:\program files\common files\logishrd\lcommgr\communications_helper.exe c:\program files\logitech\quickcam\quickcam.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe G:\Programmes\NexusFile\NexusFile.exe c:\program files\java\jre1.6.0_02\bin\jusched.exe g:\programmes\hijackthis\hijackthis.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [iSR_MONITOR] C:\$ISR\$APP\ISRMonitor.exe O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [LsTrayAgent] C:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exe O4 - HKCU\..\Run: [Chameleon Startup Monitor] "C:\Program Files\Chameleon Startup Manager 2\csmonitor.exe" /startup O4 - HKCU\..\Run: [TaskSwitchXP] G:\Programmes\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Wakoopa] C:\Program Files\Wakoopa\Wakoopa.exe O4 - HKCU\..\Run: [software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [KlipFolio] "C:\Program Files\KlipFolio\KlipFolio.exe" /BOOT O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe (User 'SYSTEM') O4 - .DEFAULT Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe (User 'Default user') O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: eNF: AddLink - C:\Documents and Settings\CompAdmin\Local Settings\Apps\2.0\XHY67WXM.YR2\7Y7ZO9E4.0VC\enuf..tion_36add1d41e4bde84_0000.0001_752b80b7735258ef\IE\AddURL.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Surfulater: Add &new Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDTOSURFULATER.HTML O8 - Extra context menu item: Surfulater: Add Article pl&us Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDANDATTACHTOSURFULATER.HTML O8 - Extra context menu item: Surfulater: Attac&h Page to Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/ATTACHTOSURFULATER.HTML O8 - Extra context menu item: Surfulater: Book&mark this Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/BOOKMARKINSURFULATER.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Surfulater - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exe O9 - Extra 'Tools' menuitem: SAIG Surfula&ter - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: FirstDefense-ISR Service (ISRService) - Raxco Software, Inc. - C:\$ISR\0\ISRService.exe O23 - Service: LanSafe Power Monitor (LanSafe PM) - Eaton Corporation - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe O23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe -- End of file - 13787 bytes And that's actually interesting: The only difference between the two logs is that the log file run from the G Drive contains an extra entry: c:\program files\java\jre1.6.0_02\bin\jusched.exeHow is that?? Thanks for your help by the way: this is driving me crazy. I'll go and run an Active scan again... I ran Avast over my system today as well, and it found: File Name: SpybotSD.exe.hdmpVirus Description: Win32:Agent-COH [Trj] Original Location: F:CompAdmin\Temp\WERb56c.dir00
  7. No, sorry: "in self defense" = a general light-hearted comment. I meant I'd only seen the Active log today. I've been using MBAM for the last week since the problem has gotten a lot worse, but apart from the first run that showed something, it's generally clean. I've run Avast over all the drives as well, which has not caught a lot either. The Active Scan seemed to find a lot more than what Avast did. Did you mean move HJT to the C: drive? Does that change something?
  8. Hi: Thanks! In self defense: first time I've seen what Active Scan reported (and I've been using quite a few tools recently). Avast didn't find any of that (it Project Dogwaffle bits and pieces, that if it is infected, wasn't when downloaded?) I'll do that tonight, off to work now...
  9. Ah, thanks! Should add that MBAM found and removed a couple of things previously...
  10. Hi: OK, what happens is that a programme, it will generally be Explorer.exe, will start maxing out the CPU. It can sometime be some other programme, but often when the Process is displayed for the offending programme, Explorer will be highlighted, not the process for that programme. Once that process is killed, then Explorer will max out the CPU until I kill the process. Often the Explorer process will restart automatically, which I kill. This can happen a couple of times. Once it's gone I can start Explorer manually, and everything will be fine for a while. Though the problem is not automatic, but seems worse when using some programmes. I've been chasing this seriously for a couple of days now and have progressively cleaned the machine using different tools. Here are the log files: ...now attached, as they made the post too long... ScanLogs_2005_10_15.txt ScanLogs_2005_10_15.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.