Jump to content

Computer Infected With Tricky Virus


Recommended Posts

Hi there I recently posted a topic but then read what i had to do before posting a topic, for some reason my trend pc cillan is not working properly, and when i try to uninstall and reinstall it pops up with windows installer is not working properly, I have also tried to log into various web sites and it says that the security has expired? and it wont let me log in, i have done everything in the pre hjt log instructions and done it in the same order as instructed, here are the logs, any help about this virus/malware would be extremely helpful as i am freaking out because i do my internet banking on this computer, thanks Matt

P.S the panda active scan said that my antivirus (trend micro pc cillan 14) was not working..thanks...Matt

MBAM LOG

Malwarebytes' Anti-Malware 1.30

Database version: 1321

Windows 5.1.2600 Service Pack 3

22/11/2009 4:30:41 PM

mbam-log-2009-11-22 (16-30-41).txt

Scan type: Quick Scan

Objects scanned: 56414

Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Panda active Scan Results

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2009-11-22 18:26:49

PROTECTIONS: 2

MALWARE: 5

SUSPECTS: 4

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Trend Micro PC-Cillin Internet Security 14 14.10.1051 No No

Trend Micro Internet Security 2008 14.10.1051 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00366244 Application/NirCmd.A HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\New Folder\MI3\DATA\nircmd.zip[nircmd.exe]

00366244 Application/NirCmd.A HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\New Folder\MI3\DATA\nircmd.exe

01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Owner\My Documents\GameSpy Arcade\Services\_common\PortraitLoader.dll

01176994 Bck/VB.XB Virus/Trojan No 0 Yes No C:\Documents and Settings\Owner\Desktop\New Folder\MI3\DATA\nircmd.zip[nircmdc.exe]

02310881 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Nero\NeroKey.exe

02974895 Adware/SaveNow Adware No 0 Yes No C:\Program Files\DAEMON Tools Pro\dtprohlp.dll

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location c

;===============================================================================

================================================================================

=

===================

No C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0030739.exe c

No C:\Documents and Settings\Owner\DoctorWeb\Quarantine\psexec.cfexe c

No C:\Documents and Settings\Owner\My Documents\ComboFix.exe[32788R22FWJFW\psexec.cfexe] c

No C:\Program Files\OptusNet DSL Internet\DSC.exe c

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description c

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

HijackThis Log:\

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:29:36 PM, on 22/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll

O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll

O4 - HKLM\..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingA3253] command /c del "C:\WINDOWS\SchedLgU.Txt"

O4 - HKLM\..\RunOnce: [spybotDeletingC8933] cmd /c del "C:\WINDOWS\SchedLgU.Txt"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB1986] command /c del "C:\WINDOWS\SchedLgU.Txt"

O4 - HKCU\..\RunOnce: [spybotDeletingD8052] cmd /c del "C:\WINDOWS\SchedLgU.Txt"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-1935655697-2077806209-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-1935655697-2077806209-839522115-1003\..\RunOnce: [spybotDeletingB1986] command /c del "C:\WINDOWS\SchedLgU.Txt" (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221816248468

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{8971FCB1-16B4-403B-AA00-19B076156F41}: NameServer = 211.29.132.12,198.142.0.51

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - (no file)

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.gif

--

End of file - 9343 bytes

Link to post
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

It looks like you've run combofix already. Have you? If so, did you take this on yourself or did someone instruct you to do so?

Open HijackThis. Click-->Open the Misc Tools section-->Open Uninstall Manager-->Save list...and save the list to your Desktop, then close HijackThis.

A notepad file will open. Copy and paste the content of that text file back here on your next reply. Thanks!

Link to post
Share on other sites

Hey there, I run combofix myself in a act of desperation but it failed to have the desired affect, i have done wht you instructed and here are the results, thanks for helping me out! ...Matt

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Common File Installer

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Help Center 1.0

Adobe Illustrator CS2

Adobe Photoshop CS2

Adobe Reader 8.1.2

Adobe Stock Photos 1.0

Adobe SVG Viewer 3.0

Apple Mobile Device Support

Apple Software Update

Call of Duty Game of the Year Edition

ConvertXtoDVD 3.0.0.1

DirectXInstallService

Diskeeper Lite

DVD Shrink 3.2

EAX Unified

Google Earth

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

HP Document Viewer 5.3

HP Extended Capabilities 5.3

HP Image Zone 5.3

HP Imaging Device Functions 5.3

HP PSC & OfficeJet 5.3.A

HP Software Update

HP Solution Center & Imaging Support Tools 5.3

Intel A/V Codecs V2.0

iPod for Windows 2005-10-12

iTunes

Java 6 Update 5

Java 6 Update 7

Logitech Audio Echo Cancellation Component

Logitech QuickCam

Logitech Video Enumerator

Logitech

Link to post
Share on other sites

...for some reason my trend pc cillan is not working properly, and when i try to uninstall and reinstall it pops up with windows installer is not working properly, I have also tried to log into various web sites and it says that the security has expired? and it wont let me log in...

Your Trend Micro PC cillan isn't working properly because it's not installed according to your "Installed Programs" listing that you posted.

You can download the latest windows installer Here but you'll have to run the windows validation tool to download it. After installation, try to reinstall your Trend Micro product.

Since it's not listed in your add/remove programs list it's pointless to try an uninstall. The installation evidently, is damaged and the uninstall string is absent...reinstalling the software over itself should correct the issue. If You receive an option during the installation to either Unstall, modify, or repair. Select "Repair".

What do you use this program for...are you a game software developer?:

ScummVM 0.10.0

...and is this software licensed or has the trial period expired? By the way, if you consider yourself a novice, I would not recommend such software:

TuneUp Utilities 2008

You should uninstall the following outdated software:

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Reader 8.1.2

Java 6 Update 5

Java 6 Update 7

If you can't live without it, you can download the latest version of the Adobe Acrobat and reader Here. Personally, I use Foxit reader. It's very much the same, uses very little resources, and takes up little disk space.

Download the latest Java version Here.

OK...now, to business. Your log, strangely enough, seems to indicate that your version of windows is either Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows 98 Second Edition, or Microsoft Windows Millennium Edition (Me), although your installed software listing shows otherwise. Has this copy of windows been validated, activated and registered?

If you did not create the Desktop Component listed here, then you can run HijackThis again and check this entry:

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Owner/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.gif

Also, please post the log you produced the last time your ran combofix. Thanks!

Link to post
Share on other sites

Okay...

I tried to download the installer but it prompted me saying(setup has detected that the servgice pack version of this system is newer than the update you are applying.there is no need to install this update,

when i tried to download the latest jave this come up on firefox

Secure Connection Failed

cds.sun.com uses an invalid security certificate.

The certificate expired on 15/05/2009 9:59 AM.

(Error code: sec_error_expired_certificate)

* This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.

* If you have connected to this server successfully in the past, the error may be temporary, and you can try again lat

Or you can add an exception

Link to post
Share on other sites

Please delete the existing ComboFix.exe from your desktop and download the latest version following these instructions:

Download the latest combofix utility from This Webpage...and read through the instructions there for running the tool.

***Important Note***

Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you located here:

C:\Combofix.txt

Next, please open Notepad.

Copy and paste the text in the code box below into the blank Notepad:

DeQuarantine::C:\Qoobox\Quarantine\C:\WINDOWS\system32\nvsvc32.exeQuit::

Save the file to your desktop and name it CFScript.txt

Next, drag the CFScript.txt into the ComboFix.exe and it will run again automatically...When finished, it will produce a log for you, C:\DeQuarantine.txt.

Please post back the following on your next reply:

C:\ComboFix.txt

C:\DeQuarantine.txt

New HijackThis log.

Link to post
Share on other sites

okay i did everything you instructed but combo fix did not make a de quarantine file for some reason, also should i be running in recovery console or normal windows mode? here are the logs you requested hope this helps...cheers Matt

ComboFix 08-10-27.01 - Owner 2008-10-28 7:33:50.8 - NTFSx86

Command switches used :: C:\Documents and Settings\Owner\My Documents\CFScript.txt

* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))

.

2009-11-21 15:56 . 2009-11-21 15:56 <DIR> d-------- C:\Program Files\Panda Security

2009-11-21 14:19 . 2009-11-22 17:08 126 --a------ C:\WINDOWS\wininit.ini

2009-11-21 13:07 . 2009-11-21 15:42 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6

2008-10-31 12:21 . 2008-10-16 03:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-27 16:54 . 2008-10-27 16:57 <DIR> d-------- C:\Documents and Settings\Owner\.SunDownloadManager

2008-10-27 16:39 . 2008-10-27 16:39 <DIR> d-------- C:\Program Files\NOS

2008-10-27 16:39 . 2008-10-27 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS

2008-10-15 14:52 . 2008-09-15 23:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-15 14:52 . 2008-09-08 21:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-15 14:51 . 2008-08-14 21:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 14:51 . 2008-08-14 21:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 14:51 . 2008-08-14 20:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 14:51 . 2008-08-14 20:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-09-28 10:20 . 2008-10-14 18:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX

2008-09-28 10:19 . 2008-10-20 15:36 <DIR> d-------- C:\Program Files\DivX

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-23 05:12 --------- d-----w C:\Program Files\ScummVM

2009-11-21 04:54 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2009-11-21 04:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2009-11-20 06:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso

2008-10-31 21:40 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-10-31 20:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent

2008-10-27 08:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-10-27 06:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-10-27 06:15 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-10-23 08:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype

2008-10-23 08:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM

2008-10-22 05:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-22 05:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys

2008-10-15 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-10-14 02:47 --------- d-----w C:\Program Files\Java

2008-09-19 23:37 --------- d-----w C:\Program Files\Google

2008-09-18 05:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\GetRightToGo

2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-06 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-03-26 22:12 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys

2008-03-03 09:46 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-06-03 07:48 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008060320080604\index.dat

.

((((((((((((((((((((((((((((( snapshot@2009-11-22_16.21.15.81 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 09:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

+ 2008-05-18 19:33:20 4,445,184 -c----w C:\WINDOWS\system32\dllcache\msi.dll

+ 2008-05-18 14:57:42 95,744 -c----w C:\WINDOWS\system32\dllcache\msiexec.exe

+ 2008-05-18 19:33:20 332,800 -c----w C:\WINDOWS\system32\dllcache\msihnd.dll

+ 2008-04-16 14:43:24 2,560 -c----w C:\WINDOWS\system32\dllcache\msimsg.dll

+ 2008-05-18 19:33:20 18,944 -c----w C:\WINDOWS\system32\dllcache\msisip.dll

- 2008-04-13 19:42:00 2,843,136 ----a-w C:\WINDOWS\system32\msi.dll

+ 2008-05-18 19:33:20 4,445,184 ----a-w C:\WINDOWS\system32\msi.dll

- 2008-04-13 19:42:30 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe

+ 2008-05-18 14:57:42 95,744 ----a-w C:\WINDOWS\system32\msiexec.exe

- 2008-04-13 19:42:00 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll

+ 2008-05-18 19:33:20 332,800 ----a-w C:\WINDOWS\system32\msihnd.dll

- 2008-04-13 11:09:44 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

+ 2008-04-16 14:43:24 2,560 ----a-w C:\WINDOWS\system32\msimsg.dll

- 2008-04-13 19:42:00 15,360 ----a-w C:\WINDOWS\system32\msisip.dll

+ 2008-05-18 19:33:20 18,944 ----a-w C:\WINDOWS\system32\msisip.dll

- 2009-11-21 04:49:57 72,608 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-10-27 20:26:03 72,608 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2009-11-21 04:49:57 445,302 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-10-27 20:26:03 445,302 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-29 18:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-04-03 897089]

"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-08 576320]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 600896]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I263"= I263_32.drv

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= divxa32.acm

"msacm.lameacm"= LameACM.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

"Gainward"=C:\Program Files\XpertVision\TBPanel.exe /A

"RTHDCPL"=RTHDCPL.EXE

"Alcmtr"=ALCMTR.EXE

"nwiz"=nwiz.exe /install

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Call of Duty Game of the Year Edition\\CoDMP.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2008-10-27 C:\WINDOWS\Tasks\1-Click Maintenance.job

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 10:59]

2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:57]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-28 07:34:57

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-10-28 7:35:40

ComboFix-quarantined-files.txt 2008-10-27 20:35:28

ComboFix2.txt 2008-10-27 20:16:09

ComboFix3.txt 2008-10-27 20:03:49

ComboFix4.txt 2009-11-22 05:21:39

Pre-Run: 156,893,175,808 bytes free

Post-Run: 156,859,170,816 bytes free

171 --- E O F --- 2009-11-19 22:05:45

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:51:01 AM, on 28/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll

O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll

O4 - HKLM\..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-1935655697-2077806209-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221816248468

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{8971FCB1-16B4-403B-AA00-19B076156F41}: NameServer = 211.29.132.12,198.142.0.51

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - (no file)

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--

End of file - 8860 bytes

Link to post
Share on other sites

Did you disable your AVG before running combofix? Did you receive a message something on the order of:

At the end of the process, after the log appeared, Notepad gives you a dialog box with "Cannot find the \DeQuarantine.txt file. Do you want to create a new file?"

Link to post
Share on other sites

My apologies Mattwardinterglaze,

I had confused your log with another I am currently working...in fact I'm juggling logs from 13 different users at the moment and lost track of who is who. One other user had gotten excited at the first time he had seen some progress that he quickly installed AVG right in the middle of the fix and that's who I had you confused with.

We need to back-pedal just a bit. Looking back over this entire thread I see where I mistakenly offered you the download link for the Windows installer for Windows XPSP2 and prior...You can download the Windows installer for service pack 3 Here.

After successful download and installation, try once more to reinstall your Trend Micro Security. If you are successful at repairing that installation then please reboot at that point to properly record those changes to the hard disk.

When the system comes back up, and before continuing, please remember to disable all security software that is running as instructed previously so as not to interfere with the running of Combofix:

Now we need to run the cfscript again as we did in the previous instruction but be sure to copy and paste again as outlined below since the previous instruction for this particular step we took contained an error by failing to include required spacing properly between these commands:

Copy and paste the text in the code box below into a blank Notepad:

DeQuarantine::C:\Qoobox\Quarantine\C:\WINDOWS\system32\nvsvc32.exe
Quit::

Save the file to your desktop and name it CFScript.txt

Next, drag the CFScript.txt into the ComboFix.exe and it will run again automatically...When finished, it will produce a log for you, C:\DeQuarantine.txt.

Please post that log in your next reply along with a new HijackThis log. Thanks!

Link to post
Share on other sites

okay now i have tries to update my windows installer following the link you provided and chose this file to download :For Windows XP Service Pack 2 and Windows XP Service Pack 3 (32-bit platforms):

x86 Platform: WindowsXP-KB942288-v3-x86.exe which matches my operating system but when i try to run the file i get a pop up saying: the version of windows you have installed does not match the update you are trying to install. but there is only one file there that matches my system! ...Matt

Link to post
Share on other sites

yea mate i have updated the installer but the same pop up appears when i try to uninstall my trend anti virus....matt

The instructions didn't say a thing about uninstalling...try re-installing. Also, where are the requested logs?

Link to post
Share on other sites

Hey mate i made the file with the code you posted it went through the cycle but again didnt post the de quarntine file again, here is the log for como fix:

ComboFix 08-10-28.01 - Owner 2008-10-29 10:57:43.12 - NTFSx86

Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe

Command switches used :: C:\Documents and Settings\Owner\My Documents\CFScript.txt

* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))

.

2009-11-21 15:56 . 2009-11-21 15:56 <DIR> d-------- C:\Program Files\Panda Security

2009-11-21 14:19 . 2009-11-22 17:08 126 --a------ C:\WINDOWS\wininit.ini

2009-11-21 13:07 . 2009-11-21 15:42 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6

2008-10-31 12:21 . 2008-10-16 03:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-27 16:54 . 2008-10-27 16:57 <DIR> d-------- C:\Documents and Settings\Owner\.SunDownloadManager

2008-10-27 16:39 . 2008-10-27 16:39 <DIR> d-------- C:\Program Files\NOS

2008-10-27 16:39 . 2008-10-27 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS

2008-10-15 14:52 . 2008-09-15 23:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-15 14:52 . 2008-09-08 21:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-15 14:51 . 2008-08-14 21:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 14:51 . 2008-08-14 21:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 14:51 . 2008-08-14 20:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 14:51 . 2008-08-14 20:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-09-28 10:20 . 2008-10-14 18:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX

2008-09-28 10:19 . 2008-10-20 15:36 <DIR> d-------- C:\Program Files\DivX

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-23 05:12 --------- d-----w C:\Program Files\ScummVM

2009-11-21 04:54 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2009-11-21 04:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2009-11-20 06:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso

2008-10-31 21:40 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-10-31 20:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent

2008-10-28 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-10-27 06:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-10-27 06:15 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-10-23 08:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype

2008-10-23 08:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM

2008-10-22 05:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-22 05:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys

2008-10-15 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-10-14 02:47 --------- d-----w C:\Program Files\Java

2008-09-19 23:37 --------- d-----w C:\Program Files\Google

2008-09-18 05:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\GetRightToGo

2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-06 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-03-26 22:12 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys

2008-03-03 09:46 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-06-03 07:48 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008060320080604\index.dat

.

((((((((((((((((((((((((((((( snapshot@2009-11-22_16.21.15.81 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 09:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

+ 2008-05-18 19:33:20 4,445,184 -c----w C:\WINDOWS\system32\dllcache\msi.dll

+ 2008-05-18 14:57:42 95,744 -c----w C:\WINDOWS\system32\dllcache\msiexec.exe

+ 2008-05-18 19:33:20 332,800 -c----w C:\WINDOWS\system32\dllcache\msihnd.dll

+ 2008-04-16 14:43:24 2,560 -c----w C:\WINDOWS\system32\dllcache\msimsg.dll

+ 2008-05-18 19:33:20 18,944 -c----w C:\WINDOWS\system32\dllcache\msisip.dll

- 2008-04-13 19:42:00 2,843,136 ----a-w C:\WINDOWS\system32\msi.dll

+ 2008-05-18 19:33:20 4,445,184 ----a-w C:\WINDOWS\system32\msi.dll

- 2008-04-13 19:42:30 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe

+ 2008-05-18 14:57:42 95,744 ----a-w C:\WINDOWS\system32\msiexec.exe

- 2008-04-13 19:42:00 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll

+ 2008-05-18 19:33:20 332,800 ----a-w C:\WINDOWS\system32\msihnd.dll

- 2008-04-13 11:09:44 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

+ 2008-04-16 14:43:24 2,560 ----a-w C:\WINDOWS\system32\msimsg.dll

- 2008-04-13 19:42:00 15,360 ----a-w C:\WINDOWS\system32\msisip.dll

+ 2008-05-18 19:33:20 18,944 ----a-w C:\WINDOWS\system32\msisip.dll

- 2009-11-21 04:49:57 72,608 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-10-28 21:49:39 72,608 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2009-11-21 04:49:57 445,302 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-10-28 21:49:39 445,302 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-29 18:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-08 576320]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 600896]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I263"= I263_32.drv

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= divxa32.acm

"msacm.lameacm"= LameACM.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

"Gainward"=C:\Program Files\XpertVision\TBPanel.exe /A

"RTHDCPL"=RTHDCPL.EXE

"Alcmtr"=ALCMTR.EXE

"nwiz"=nwiz.exe /install

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Call of Duty Game of the Year Edition\\CoDMP.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2008-10-28 C:\WINDOWS\Tasks\1-Click Maintenance.job

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 10:59]

2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:57]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-29 10:58:34

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-10-29 10:59:09

ComboFix-quarantined-files.txt 2008-10-28 23:59:03

ComboFix2.txt 2008-10-28 10:00:19

ComboFix3.txt 2008-10-28 09:57:16

ComboFix4.txt 2008-10-28 09:31:56

ComboFix5.txt 2008-10-28 23:57:24

Pre-Run: 156,684,689,408 bytes free

Post-Run: 156,769,193,984 bytes free

173 --- E O F --- 2009-11-19 22:05:45

And the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:02:30 AM, on 29/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll

O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-1935655697-2077806209-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221816248468

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{8971FCB1-16B4-403B-AA00-19B076156F41}: NameServer = 211.29.132.12,198.142.0.51

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - (no file)

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--

End of file - 8671 bytes

Link to post
Share on other sites

Okay i have uninstalled Spybot and restarted my pc tried to reinstall trend anti virus and still getting that same popup about the windows installer for some reason, and when i click on the trend anti virus submenu the same message saying: no nework device found or there is a conflict with existing antivirus or security software. to enable full product funcionality uninstall conflicting software or connect to a network and restart the program.

and then i says: unable to read the configuration restart your computer and try again error=7413-238 hr=0x80040154

hope this helps mate...Matt

Link to post
Share on other sites

Copy and paste the following into a blank NotePad:

sc start ServiceLayer

sc stop Tmntsrv

sc stop TmPfw

sc stop tmproxy

sc stop PcCtlCom

sc delete Tmntsrv

sc delete TmPfw

sc delete tmproxy

sc delete PcCtlCom

Click File-->Save as and name the file delservice.bat

Under "Save as type" Select "all files" and save it to your Desktop.

Double-click the delservice.bat file on your Desktop. When the batch completes, delete the .bat file.

Run HijackThis again and check the box next to the following entries that may still exist:

O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O23 - Service: SessionLauncher - Unknown owner - (no file)

The entry below is affiliated with PunkBuster software and is seen as malicious by Prevx (and others). It is known to cause heartburn for some users. If you remove it, the game will not function but keeping it may cause you continued problems...you decide.

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Now close all windows (that includes this browser window)...leaving only the HijackThis application's window open, click the Fix Checked button.

Locate and delete the associated Trend Micro Internet Security Suite folder...please be careful NOT to delete the Trend Micro HijackThis folder.

Reboot the computer.

Install the following software:

BOClean

Avira Antivir

...allow the software to install using all default recommendations.

Once you have completed installing both applications, navigate the software and find the manual update feature. Run manual updates for both until no more updates are found. Reboot the computer again into safe mode. Open the Avira Antivir and run a complete system scan. Allow the software to quarantine whatever it complains of. Reboot back to your normal windows user mode and post back your results along with a fresh HijackThis log. Let's also have a run down of any other issues that are still present. Thanks!

Link to post
Share on other sites

Hey there again mate have done what you said (except for update of antivirus its not connecting to the website) and have the logs here for you, just wanted your opinion on the avira anti virus program, i only ask because i want to update and give trend pc cillan the flick...thanks again Matt

Hijack this:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:03:55 AM, on 30/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\Comodo\CBOClean\BOC427.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Comodo\CBOClean\BOCORE.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-1935655697-2077806209-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221816248468

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{8971FCB1-16B4-403B-AA00-19B076156F41}: NameServer = 211.29.132.12,198.142.0.51

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (file missing)

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--

End of file - 8131 bytes

Avira Log:

Avira AntiVir Personal

Report file date: Thursday, 30 October 2008 00:28

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Save mode with network

Username: Owner

Computer name: MATT-17DD1A18BC

Version information:

BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 25/06/2008 23:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 25/05/2008 22:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 03:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 25/05/2008 22:58:52

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 01:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 04:54:15

ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 20:20:53

ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 00:24:47

Engineversion : 8.1.1.19

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 00:58:21

AESCRIPT.DLL : 8.1.0.63 311673 Bytes 6/08/2008 04:13:47

AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 03:44:49

AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 03:37:48

AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 03:58:35

AEOFFICE.DLL : 8.1.0.21 192891 Bytes 17/07/2008 21:35:21

AEHEUR.DLL : 8.1.0.47 1368437 Bytes 6/08/2008 04:13:47

AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 03:44:48

AEGEN.DLL : 8.1.0.35 315764 Bytes 6/08/2008 05:38:47

AEEMU.DLL : 8.1.0.7 430452 Bytes 30/07/2008 23:33:21

AECORE.DLL : 8.1.1.8 172406 Bytes 30/07/2008 23:33:21

AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 03:44:48

AVWINLL.DLL : 1.0.0.12 15105 Bytes 8/07/2008 23:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 00:28:01

AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 05:35:20

AVREG.DLL : 8.0.0.1 33537 Bytes 9/05/2008 02:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 11/02/2008 23:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 03:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 08:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 03:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 03:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 04:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 04:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: Thursday, 30 October 2008 00:28

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'BOC427.EXE' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

14 processes with 14 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '58' files ).

Starting the file scan:

Begin scan in 'C:\' <Ultimate>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0030739.exe

[DETECTION] Is the TR/Click.GV Trojan

[NOTE] The file was moved to '4938670d.qua'!

C:\Program Files\Nero\NeroKey.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.Gen back-door program

[NOTE] The file was deleted!

C:\System Volume Information\_restore{F681A544-FDC4-480B-922B-5179769293F6}\RP11\A0001749.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '493869e7.qua'!

C:\System Volume Information\_restore{F681A544-FDC4-480B-922B-5179769293F6}\RP19\A0004192.exe

[DETECTION] Is the TR/Click.GV Trojan

[NOTE] The file was moved to '49386a08.qua'!

C:\System Volume Information\_restore{F681A544-FDC4-480B-922B-5179769293F6}\RP19\A0004193.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.Gen back-door program

[NOTE] The file was moved to '49386a0f.qua'!

C:\System Volume Information\_restore{F681A544-FDC4-480B-922B-5179769293F6}\RP8\A0001237.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49386a16.qua'!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

End of the scan: Thursday, 30 October 2008 00:57

Used time: 28:17 Minute(s)

The scan has been done completely.

7798 Scanning directories

277112 Files were scanned

6 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

1 files were deleted

0 files were repaired

5 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

277104 Files not concerned

1784 Archives were scanned

2 Warnings

6 Notes

Link to post
Share on other sites

The file tmdshell.dll doesn't have a standard path so I'd hate to guess at this (as an example, it may look like C:\Program Files\Trend Micro\internet security\tmdshell.dll)...locate that file and use the exact file path for the instruction below:

Run Hijackthis click--> "Open the Misc Tools section" then-->"delete file on reboot"

(exact spelling counts!!! make sure you copy and paste the exact file path you found and not my example above)

Copy/Paste the line below in bold into the File name box then click "Open",

C:\The exact name of the filepath you found\filepath.dll

Answer yes to the prompt to reboot the PC.

OK, (mate)...sorry just hadda say that. I'm an old Beatles fan and the British peculiarities just bring back memories. Thanks for that! Don't get me started though, I'll argue till dawn that the Beatles were the best group ever on the planet lol...ok, on to business.

...let's update Avira manually. Download the latest definition file Here. Save the zip file to your Desktop. Now open Avira Antivir and click Update from the menua at the top of the application, then scroll to "Manual update".

Navigate to the Desktop where you saved the zipped file and click on it to highlight it then click Open. It should take it away in a blink...when the update completes close the application and reboot to safe mode. Run a full system scan:

Open the application. Click "Local protection". From the right pane, right-click on the Complete system scan option and select "Start scan". Allow the scan to complete and do nothing else with the computer while the scan is underway. When it completes, allow the application to quarantine whatever it disagrees with.

Boot back to your normal windows user mode and post back the results along with a fresh HijackThis log. Also, please advise of any issues you are still having.

Don't be surprised if Avira complains of combofix...combofix is not malicious but some of it's components are recognized as such. Antivirus software can't distinguish between good intentions or bad so on occasion you will get false alarms such as what I just described. Your log will show me what we will need to restore from quarantine. Good Luck!

Link to post
Share on other sites

LOL sorry about that! that's my Aussie slang showing! as for your opinion in music ie (Beatles) I think that music hit its peak in the 60s and early 70s when you take a look at the bands today and compare to the Beatles,Stones,Doors,Led Zeppelin era it just does not rate, anyway. i manually updated the avira anti virus and done a complete scan and also done a fresh HJT as requested also this may not be related but when in normal windows mode my windows explorer keeps freezing up and i also deleted that trend micro file too! thanks mate (lol)....Matt

Anti Virus Log:

Avira AntiVir Personal

Report file date: Thursday, 30 October 2008 10:00

Scanning for 998155 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Save mode

Username: Owner

Computer name: MATT-17DD1A18BC

Version information:

BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 25/06/2008 23:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 25/05/2008 22:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 03:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 25/05/2008 22:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 01:29:38

ANTIVIR1.VDF : 7.1.0.1 2048 Bytes 27/10/2008 01:29:38

ANTIVIR2.VDF : 7.1.0.2 2048 Bytes 27/10/2008 01:29:38

ANTIVIR3.VDF : 7.1.0.14 88576 Bytes 29/10/2008 09:35:56

Engineversion : 8.2.0.10

AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 00:49:38

AESCRIPT.DLL : 8.1.1.9 319867 Bytes 16/10/2008 05:52:04

AESCN.DLL : 8.1.1.3 123252 Bytes 15/10/2008 00:49:38

AERDL.DLL : 8.1.1.2 438644 Bytes 18/09/2008 03:03:16

AEPACK.DLL : 8.1.2.4 369014 Bytes 15/10/2008 00:49:38

AEOFFICE.DLL : 8.1.0.29 196988 Bytes 23/10/2008 04:19:54

AEHEUR.DLL : 8.1.0.63 1479032 Bytes 23/10/2008 04:19:54

AEHELP.DLL : 8.1.1.2 115062 Bytes 15/10/2008 00:49:36

AEGEN.DLL : 8.1.0.42 319861 Bytes 24/10/2008 04:02:00

AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 00:49:36

AECORE.DLL : 8.1.2.9 172407 Bytes 28/10/2008 05:13:46

AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 00:49:34

AVWINLL.DLL : 1.0.0.12 15105 Bytes 8/07/2008 23:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 00:28:01

AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 05:35:20

AVREG.DLL : 8.0.0.1 33537 Bytes 9/05/2008 02:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 11/02/2008 23:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 03:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 08:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 03:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 03:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 04:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 04:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: Thursday, 30 October 2008 10:00

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

11 processes with 11 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '59' files ).

Starting the file scan:

Begin scan in 'C:\' <Ultimate>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

End of the scan: Thursday, 30 October 2008 10:45

Used time: 45:48 Minute(s)

The scan has been done completely.

7812 Scanning directories

276495 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

276493 Files not concerned

1780 Archives were scanned

2 Warnings

0 Notes

HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:50:47 AM, on 30/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\Comodo\CBOClean\BOC427.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Comodo\CBOClean\BOCORE.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-1935655697-2077806209-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221816248468

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{8971FCB1-16B4-403B-AA00-19B076156F41}: NameServer = 211.29.132.12,198.142.0.51

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (file missing)

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--

End of file - 8651 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.