Author Topic: Wireless And Other Problems (Read 1949 times)

adelaide · « **on:** January 31, 2008, 02:42:05 AM »

I recently had a blue screen crash and after the crash my wireless no longer works. After searching online for a fix, I found out that the system file ndisuio is set to 4 in the registry. So I changed it to 1 to make it start and it seems to fix it for the beginning when I restart my computer. But after my computer restarts for a few minutes, my wireless would stop working again. I checked my registry and discover that every time I restart my computer, ndisuio would be reset to 4 again.

Then I tried running my antivirus program and hijack this to see if there's any virus/malware, but when I tried to run them the same error message popped up saying they'r not a valid win32 program. What should I do? I've also tried to reinstall my wireless network driver but it didn't fix anything. My Windows Restore is saying I can't restore to the previous restore points.

guestolo · « **Reply #1 on:** January 31, 2008, 09:13:28 PM »

Try this and see if you can get it to run
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

adelaide · « **Reply #2 on:** February 02, 2008, 06:04:40 AM »

I have uploaded the files. When I was running the program a virus scan warning popped up about a malicious program. Also, this program couldn't run my own version of Hijack This. But then it saids it's running a HiJack This CLone.

guestolo · « **Reply #3 on:** February 02, 2008, 10:42:45 PM »

Can you do the following
Temporarily disable your Antivirus software so it won't interfere with any fixes we try
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Then do the following
use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
  [color=\"#6666CC\"]Extended[/color]
Scan Options:
[color=\"#6666CC\"]Scan Archives[/color]

[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]

Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.

Along with the above report also post the combofix log
And do a fresh scan/savelogfile with hijackthis and post the new log

adelaide · « **Reply #4 on:** February 03, 2008, 01:09:12 AM »

I managed to download combofix.exe during the short period of time I was able to get online when I start up my computer. However, when I tried to run it, it saids it's not a valid Win32 application again.

Then when I tried to run Kaspersky, I clicked "yes" to install the activeX control, and then it just stays at the "Initializing" stage on the IE screen, until my wireless internet goes out again. That period was probably around 3-4 minutes (at the initializing stage) and it never got to download the virus definitions.

guestolo · « **Reply #5 on:** February 03, 2008, 02:05:49 PM »

Can you hook this computer directly to the router and enable the network adapter if disabled in Network connections
Try the scan again with Kaspersky

adelaide · « **Reply #6 on:** February 05, 2008, 03:40:28 AM »

I'm leaving for Germany for 1 week, so I'll do that and post the results once I get back~

guestolo · « **Reply #7 on:** February 06, 2008, 11:30:45 PM »

Bumping just to keep track of this topic

adelaide · « **Reply #8 on:** February 16, 2008, 02:59:37 AM »

So I'm back and I've hooked up this computer to a wired connection. The internet connection seems to be fine initially. I went to the Kaspersky scan site and tried to download the scan activeX program, however, it failed to download and this message appeared:

"Failed to load Kaspersky Online Scanner ActiveX control!

You must have administrative rights on this computer;
you also must have the IE security settings to the Medium level."

I only have one account on this computer and it is the administrator account. I double checked that I am logged into that account. Also, I have set the IE security setting to Medium level.

At that point the wired internet connection was still working. But approximately 2 minutes later, it wouldn't work again. The computer shows that I am connected to the internet, just like w/ my wireless connection would be, but it just wouldn't download/upload anything.

Does that mean there might be a virus/program that's controlling my admin account and resetting my internet?

I'm rather scared now...

guestolo · « **Reply #9 on:** February 16, 2008, 07:41:24 PM »

Can you delete your version of Combofix
Try redownloading from HERE
Try running it again, if it runs, let it continue and post it's log
If not let me know if you get the same error

adelaide · « **Reply #10 on:** February 17, 2008, 05:35:59 PM »

Here's the ComboFix log:
ComboFix 08-02-15.1 - Ada 2008-02-17 2:15:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.852.1033.18.143 [GMT -8:00]
Running from: C:\Documents and Settings\Ada\Desktop\Combo-Fix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\command.pif
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\101205.exe
C:\WINDOWS\system32\drivers\down\101866.exe
C:\WINDOWS\system32\drivers\down\102547.exe
C:\WINDOWS\system32\drivers\down\106182.exe
C:\WINDOWS\system32\drivers\down\122716.exe
C:\WINDOWS\system32\drivers\down\123717.exe
C:\WINDOWS\system32\drivers\down\123878.exe
C:\WINDOWS\system32\drivers\down\126632.exe
C:\WINDOWS\system32\drivers\down\129105.exe
C:\WINDOWS\system32\drivers\down\129155.exe
C:\WINDOWS\system32\drivers\down\130357.exe
C:\WINDOWS\system32\drivers\down\130407.exe
C:\WINDOWS\system32\drivers\down\131138.exe
C:\WINDOWS\system32\drivers\down\133051.exe
C:\WINDOWS\system32\drivers\down\133692.exe
C:\WINDOWS\system32\drivers\down\133792.exe
C:\WINDOWS\system32\drivers\down\134563.exe
C:\WINDOWS\system32\drivers\down\136816.exe
C:\WINDOWS\system32\drivers\down\137257.exe
C:\WINDOWS\system32\drivers\down\140411.exe
C:\WINDOWS\system32\drivers\down\140441.exe
C:\WINDOWS\system32\drivers\down\140562.exe
C:\WINDOWS\system32\drivers\down\140612.exe
C:\WINDOWS\system32\drivers\down\141102.exe
C:\WINDOWS\system32\drivers\down\141533.exe
C:\WINDOWS\system32\drivers\down\141683.exe
C:\WINDOWS\system32\drivers\down\143566.exe
C:\WINDOWS\system32\drivers\down\143626.exe
C:\WINDOWS\system32\drivers\down\143636.exe
C:\WINDOWS\system32\drivers\down\144327.exe
C:\WINDOWS\system32\drivers\down\144587.exe
C:\WINDOWS\system32\drivers\down\144627.exe
C:\WINDOWS\system32\drivers\down\145138.exe
C:\WINDOWS\system32\drivers\down\145208.exe
C:\WINDOWS\system32\drivers\down\145799.exe
C:\WINDOWS\system32\drivers\down\146280.exe
C:\WINDOWS\system32\drivers\down\14863212.exe
C:\WINDOWS\system32\drivers\down\14872074.exe
C:\WINDOWS\system32\drivers\down\14923128.exe
C:\WINDOWS\system32\drivers\down\151067.exe
C:\WINDOWS\system32\drivers\down\151838.exe
C:\WINDOWS\system32\drivers\down\153090.exe
C:\WINDOWS\system32\drivers\down\153190.exe
C:\WINDOWS\system32\drivers\down\153981.exe
C:\WINDOWS\system32\drivers\down\15442815.exe
C:\WINDOWS\system32\drivers\down\15444868.exe
C:\WINDOWS\system32\drivers\down\154602.exe
C:\WINDOWS\system32\drivers\down\15498195.exe
C:\WINDOWS\system32\drivers\down\156745.exe
C:\WINDOWS\system32\drivers\down\156765.exe
C:\WINDOWS\system32\drivers\down\15706484.exe
C:\WINDOWS\system32\drivers\down\157186.exe
C:\WINDOWS\system32\drivers\down\15719904.exe
C:\WINDOWS\system32\drivers\down\15772089.exe
C:\WINDOWS\system32\drivers\down\15787170.exe
C:\WINDOWS\system32\drivers\down\157907.exe
C:\WINDOWS\system32\drivers\down\15797175.exe
C:\WINDOWS\system32\drivers\down\158107.exe
C:\WINDOWS\system32\drivers\down\15848549.exe
C:\WINDOWS\system32\drivers\down\15850501.exe
C:\WINDOWS\system32\drivers\down\15856270.exe
C:\WINDOWS\system32\drivers\down\158788.exe
C:\WINDOWS\system32\drivers\down\15909596.exe
C:\WINDOWS\system32\drivers\down\160420.exe
C:\WINDOWS\system32\drivers\down\161151.exe
C:\WINDOWS\system32\drivers\down\161362.exe
C:\WINDOWS\system32\drivers\down\161852.exe
C:\WINDOWS\system32\drivers\down\16361096.exe
C:\WINDOWS\system32\drivers\down\16368817.exe
C:\WINDOWS\system32\drivers\down\16405109.exe
C:\WINDOWS\system32\drivers\down\164526.exe
C:\WINDOWS\system32\drivers\down\164616.exe
C:\WINDOWS\system32\drivers\down\16699762.exe
C:\WINDOWS\system32\drivers\down\16710899.exe
C:\WINDOWS\system32\drivers\down\167330.exe
C:\WINDOWS\system32\drivers\down\16743776.exe
C:\WINDOWS\system32\drivers\down\168782.exe
C:\WINDOWS\system32\drivers\down\168952.exe
C:\WINDOWS\system32\drivers\down\171206.exe
C:\WINDOWS\system32\drivers\down\171276.exe
C:\WINDOWS\system32\drivers\down\171596.exe
C:\WINDOWS\system32\drivers\down\172107.exe
C:\WINDOWS\system32\drivers\down\172167.exe
C:\WINDOWS\system32\drivers\down\172307.exe
C:\WINDOWS\system32\drivers\down\173459.exe
C:\WINDOWS\system32\drivers\down\174250.exe
C:\WINDOWS\system32\drivers\down\174460.exe
C:\WINDOWS\system32\drivers\down\176273.exe
C:\WINDOWS\system32\drivers\down\177455.exe
C:\WINDOWS\system32\drivers\down\177955.exe
C:\WINDOWS\system32\drivers\down\178586.exe
C:\WINDOWS\system32\drivers\down\179718.exe
C:\WINDOWS\system32\drivers\down\181731.exe
C:\WINDOWS\system32\drivers\down\182882.exe
C:\WINDOWS\system32\drivers\down\184725.exe
C:\WINDOWS\system32\drivers\down\185827.exe
C:\WINDOWS\system32\drivers\down\186898.exe
C:\WINDOWS\system32\drivers\down\187199.exe
C:\WINDOWS\system32\drivers\down\187339.exe
C:\WINDOWS\system32\drivers\down\187820.exe
C:\WINDOWS\system32\drivers\down\189202.exe
C:\WINDOWS\system32\drivers\down\189222.exe
C:\WINDOWS\system32\drivers\down\189682.exe
C:\WINDOWS\system32\drivers\down\189722.exe
C:\WINDOWS\system32\drivers\down\190423.exe
C:\WINDOWS\system32\drivers\down\191114.exe
C:\WINDOWS\system32\drivers\down\191565.exe
C:\WINDOWS\system32\drivers\down\191635.exe
C:\WINDOWS\system32\drivers\down\192086.exe
C:\WINDOWS\system32\drivers\down\192106.exe
C:\WINDOWS\system32\drivers\down\192166.exe
C:\WINDOWS\system32\drivers\down\192176.exe
C:\WINDOWS\system32\drivers\down\193037.exe
C:\WINDOWS\system32\drivers\down\193628.exe
C:\WINDOWS\system32\drivers\down\195761.exe
C:\WINDOWS\system32\drivers\down\196252.exe
C:\WINDOWS\system32\drivers\down\196642.exe
C:\WINDOWS\system32\drivers\down\197193.exe
C:\WINDOWS\system32\drivers\down\197574.exe
C:\WINDOWS\system32\drivers\down\198134.exe
C:\WINDOWS\system32\drivers\down\198976.exe
C:\WINDOWS\system32\drivers\down\200077.exe
C:\WINDOWS\system32\drivers\down\200448.exe
C:\WINDOWS\system32\drivers\down\201449.exe
C:\WINDOWS\system32\drivers\down\202441.exe
C:\WINDOWS\system32\drivers\down\202481.exe
C:\WINDOWS\system32\drivers\down\202751.exe
C:\WINDOWS\system32\drivers\down\202841.exe
C:\WINDOWS\system32\drivers\down\203041.exe
C:\WINDOWS\system32\drivers\down\203592.exe
C:\WINDOWS\system32\drivers\down\205165.exe
C:\WINDOWS\system32\drivers\down\205235.exe
C:\WINDOWS\system32\drivers\down\205705.exe
C:\WINDOWS\system32\drivers\down\205876.exe
C:\WINDOWS\system32\drivers\down\206096.exe
C:\WINDOWS\system32\drivers\down\206176.exe
C:\WINDOWS\system32\drivers\down\206446.exe
C:\WINDOWS\system32\drivers\down\206887.exe
C:\WINDOWS\system32\drivers\down\207067.exe
C:\WINDOWS\system32\drivers\down\207358.exe
C:\WINDOWS\system32\drivers\down\207588.exe
C:\WINDOWS\system32\drivers\down\207878.exe
C:\WINDOWS\system32\drivers\down\208409.exe
C:\WINDOWS\system32\drivers\down\208690.exe
C:\WINDOWS\system32\drivers\down\208770.exe
C:\WINDOWS\system32\drivers\down\208900.exe
C:\WINDOWS\system32\drivers\down\209020.exe
C:\WINDOWS\system32\drivers\down\209601.exe
C:\WINDOWS\system32\drivers\down\210272.exe
C:\WINDOWS\system32\drivers\down\211163.exe
C:\WINDOWS\system32\drivers\down\211444.exe
C:\WINDOWS\system32\drivers\down\211724.exe
C:\WINDOWS\system32\drivers\down\212054.exe
C:\WINDOWS\system32\drivers\down\212285.exe
C:\WINDOWS\system32\drivers\down\212345.exe
C:\WINDOWS\system32\drivers\down\212475.exe
C:\WINDOWS\system32\drivers\down\212725.exe
C:\WINDOWS\system32\drivers\down\213156.exe
C:\WINDOWS\system32\drivers\down\213336.exe
C:\WINDOWS\system32\drivers\down\214218.exe
C:\WINDOWS\system32\drivers\down\214588.exe
C:\WINDOWS\system32\drivers\down\214598.exe
C:\WINDOWS\system32\drivers\down\215009.exe
C:\WINDOWS\system32\drivers\down\215710.exe
C:\WINDOWS\system32\drivers\down\216240.exe
C:\WINDOWS\system32\drivers\down\216361.exe
C:\WINDOWS\system32\drivers\down\216401.exe
C:\WINDOWS\system32\drivers\down\216591.exe
C:\WINDOWS\system32\drivers\down\217642.exe
C:\WINDOWS\system32\drivers\down\217793.exe
C:\WINDOWS\system32\drivers\down\218233.exe
C:\WINDOWS\system32\drivers\down\219024.exe
C:\WINDOWS\system32\drivers\down\220126.exe
C:\WINDOWS\system32\drivers\down\221368.exe
C:\WINDOWS\system32\drivers\down\224052.exe
C:\WINDOWS\system32\drivers\down\224592.exe
C:\WINDOWS\system32\drivers\down\224753.exe
C:\WINDOWS\system32\drivers\down\225894.exe
C:\WINDOWS\system32\drivers\down\226175.exe
C:\WINDOWS\system32\drivers\down\226225.exe
C:\WINDOWS\system32\drivers\down\226635.exe
C:\WINDOWS\system32\drivers\down\227226.exe
C:\WINDOWS\system32\drivers\down\228758.exe
C:\WINDOWS\system32\drivers\down\228879.exe
C:\WINDOWS\system32\drivers\down\229540.exe
C:\WINDOWS\system32\drivers\down\229660.exe
C:\WINDOWS\system32\drivers\down\230741.exe
C:\WINDOWS\system32\drivers\down\232033.exe
C:\WINDOWS\system32\drivers\down\232824.exe
C:\WINDOWS\system32\drivers\down\233025.exe
C:\WINDOWS\system32\drivers\down\233846.exe
C:\WINDOWS\system32\drivers\down\234306.exe
C:\WINDOWS\system32\drivers\down\234737.exe
C:\WINDOWS\system32\drivers\down\236470.exe
C:\WINDOWS\system32\drivers\down\237271.exe
C:\WINDOWS\system32\drivers\down\237761.exe
C:\WINDOWS\system32\drivers\down\238012.exe
C:\WINDOWS\system32\drivers\down\238162.exe
C:\WINDOWS\system32\drivers\down\239023.exe
C:\WINDOWS\system32\drivers\down\240185.exe
C:\WINDOWS\system32\drivers\down\240966.exe
C:\WINDOWS\system32\drivers\down\242208.exe
C:\WINDOWS\system32\drivers\down\242568.exe
C:\WINDOWS\system32\drivers\down\243750.exe
C:\WINDOWS\system32\drivers\down\245823.exe
C:\WINDOWS\system32\drivers\down\247235.exe
C:\WINDOWS\system32\drivers\down\247565.exe
C:\WINDOWS\system32\drivers\down\248086.exe
C:\WINDOWS\system32\drivers\down\248917.exe
C:\WINDOWS\system32\drivers\down\250490.exe
C:\WINDOWS\system32\drivers\down\250560.exe
C:\WINDOWS\system32\drivers\down\250590.exe
C:\WINDOWS\system32\drivers\down\251972.exe
C:\WINDOWS\system32\drivers\down\252022.exe
C:\WINDOWS\system32\drivers\down\254826.exe
C:\WINDOWS\system32\drivers\down\254956.exe
C:\WINDOWS\system32\drivers\down\255627.exe
C:\WINDOWS\system32\drivers\down\258451.exe
C:\WINDOWS\system32\drivers\down\261075.exe
C:\WINDOWS\system32\drivers\down\263428.exe
C:\WINDOWS\system32\drivers\down\263769.exe
C:\WINDOWS\system32\drivers\down\264850.exe
C:\WINDOWS\system32\drivers\down\267835.exe
C:\WINDOWS\system32\drivers\down\269026.exe
C:\WINDOWS\system32\drivers\down\269427.exe
C:\WINDOWS\system32\drivers\down\270348.exe
C:\WINDOWS\system32\drivers\down\271009.exe
C:\WINDOWS\system32\drivers\down\272221.exe
C:\WINDOWS\system32\drivers\down\273082.exe
C:\WINDOWS\system32\drivers\down\273132.exe
C:\WINDOWS\system32\drivers\down\273773.exe
C:\WINDOWS\system32\drivers\down\274274.exe
C:\WINDOWS\system32\drivers\down\275696.exe
C:\WINDOWS\system32\drivers\down\277448.exe
C:\WINDOWS\system32\drivers\down\278550.exe
C:\WINDOWS\system32\drivers\down\278770.exe
C:\WINDOWS\system32\drivers\down\278921.exe
C:\WINDOWS\system32\drivers\down\280793.exe
C:\WINDOWS\system32\drivers\down\281865.exe
C:\WINDOWS\system32\drivers\down\283427.exe
C:\WINDOWS\system32\drivers\down\286311.exe
C:\WINDOWS\system32\drivers\down\308012.exe
C:\WINDOWS\system32\drivers\down\312028.exe
C:\WINDOWS\system32\drivers\down\31620477.exe
C:\WINDOWS\system32\drivers\down\31623782.exe
C:\WINDOWS\system32\drivers\down\316525.exe
C:\WINDOWS\system32\drivers\down\31661947.exe
C:\WINDOWS\system32\drivers\down\32190988.exe
C:\WINDOWS\system32\drivers\down\32196566.exe
C:\WINDOWS\system32\drivers\down\32237004.exe
C:\WINDOWS\system32\drivers\down\32464882.exe
C:\WINDOWS\system32\drivers\down\32475016.exe
C:\WINDOWS\system32\drivers\down\32518849.exe
C:\WINDOWS\system32\drivers\down\32544426.exe
C:\WINDOWS\system32\drivers\down\32552287.exe
C:\WINDOWS\system32\drivers\down\32597272.exe
C:\WINDOWS\system32\drivers\down\32603531.exe
C:\WINDOWS\system32\drivers\down\32612524.exe
C:\WINDOWS\system32\drivers\down\32658640.exe
C:\WINDOWS\system32\drivers\down\330314.exe
C:\WINDOWS\system32\drivers\down\33117220.exe
C:\WINDOWS\system32\drivers\down\33126212.exe
C:\WINDOWS\system32\drivers\down\33151879.exe
C:\WINDOWS\system32\drivers\down\333399.exe
C:\WINDOWS\system32\drivers\down\33457018.exe
C:\WINDOWS\system32\drivers\down\33464879.exe
C:\WINDOWS\system32\drivers\down\33496225.exe
C:\WINDOWS\system32\drivers\down\348981.exe
C:\WINDOWS\system32\drivers\down\349943.exe
C:\WINDOWS\system32\drivers\down\350303.exe
C:\WINDOWS\system32\drivers\down\357393.exe
C:\WINDOWS\system32\drivers\down\361249.exe
C:\WINDOWS\system32\drivers\down\365125.exe
C:\WINDOWS\system32\drivers\down\367057.exe
C:\WINDOWS\system32\drivers\down\370192.exe
C:\WINDOWS\system32\drivers\down\378884.exe
C:\WINDOWS\system32\drivers\down\383801.exe
C:\WINDOWS\system32\drivers\down\387797.exe
C:\WINDOWS\system32\drivers\down\389029.exe
C:\WINDOWS\system32\drivers\down\393435.exe
C:\WINDOWS\system32\drivers\down\396319.exe
C:\WINDOWS\system32\drivers\down\397862.exe
C:\WINDOWS\system32\drivers\down\426323.exe
C:\WINDOWS\system32\drivers\down\429557.exe
C:\WINDOWS\system32\drivers\down\433933.exe
C:\WINDOWS\system32\drivers\down\584069.exe
C:\WINDOWS\system32\drivers\down\587264.exe
C:\WINDOWS\system32\drivers\down\597709.exe
C:\WINDOWS\system32\drivers\down\602957.exe
C:\WINDOWS\system32\drivers\down\611288.exe
C:\WINDOWS\system32\drivers\down\628213.exe
C:\WINDOWS\system32\drivers\down\87846.exe
C:\WINDOWS\system32\drivers\down\88877.exe
C:\WINDOWS\system32\drivers\down\90349.exe
C:\WINDOWS\system32\drivers\down\92863.exe
C:\WINDOWS\system32\drivers\down\95347.exe
C:\WINDOWS\system32\drivers\down\97730.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\LEGACY_SROSA
-------\sfsync02
-------\srosa

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-17 04:06 . 2008-02-17 04:06   <DIR>   d--------   C:\WINDOWS\system32\drivers\down
2008-02-02 02:59 . 2008-02-02 02:59   <DIR>   d--------   C:\Deckard
2008-01-26 02:30 . 2008-01-26 03:19   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
2008-01-25 03:29 . 1998-06-18 00:00   89,360   --a------   C:\WINDOWS\system32\VB5DB.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 12:04   319,748   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-17 12:04   27,359,264   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-17 12:04   ---------   d-----w   C:\Documents and Settings\Ada\Application Data\Skype
2008-02-17 09:05   ---------   d-----w   C:\Program Files\WorldCommunityGrid
2008-01-29 04:27   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-27 12:33   21,419   ----a-w   C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 11:57   ---------   d-----w   C:\Program Files\eMule
2008-01-26 09:07   ---------   d-----w   C:\Program Files\NJStar Communicator
2007-11-24 04:46   37,315   ----a-w   C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_22_12_43_30_small.dmp.zip
2007-10-24 09:40   12,012,032   ----a-w   C:\WINDOWS\Internet Logs\xDB33.tmp
2007-09-14 09:34   5,311,488   ----a-w   C:\WINDOWS\Internet Logs\xDB32.tmp
2007-08-14 10:15   8,714,752   ----a-w   C:\WINDOWS\Internet Logs\xDB31.tmp
2007-07-23 01:17   8,133,632   ----a-w   C:\WINDOWS\Internet Logs\xDB30.tmp
2007-07-11 12:51   19,876,847   ----a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2007-05-28 18:39   6,973,440   ----a-w   C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-04-28 09:17   5,495,296   ----a-w   C:\WINDOWS\Internet Logs\xDB2E.tmp
2007-04-05 08:50   3,101,184   ----a-w   C:\WINDOWS\Internet Logs\xDB2D.tmp
2007-04-04 10:10   4,805,120   ----a-w   C:\WINDOWS\Internet Logs\xDB2C.tmp
2007-03-31 15:56   124,041   ----a-w   C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_30_22_51_33_small.dmp.zip
2007-03-21 09:00   3,037,184   ----a-w   C:\WINDOWS\Internet Logs\xDB2B.tmp
2007-03-20 00:26   3,009,024   ----a-w   C:\WINDOWS\Internet Logs\xDB2A.tmp
2007-03-15 08:48   5,723,648   ----a-w   C:\WINDOWS\Internet Logs\xDB29.tmp
2006-12-12 10:06   4,523,008   -c--a-w   C:\WINDOWS\Internet Logs\xDB28.tmp
2006-10-15 10:09   3,417,088   -c--a-w   C:\WINDOWS\Internet Logs\xDB27.tmp
2006-08-27 09:23   743,424   -c--a-w   C:\WINDOWS\Internet Logs\xDB26.tmp
2006-08-25 13:53   20,271,362   ----a-w   C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_08_16_09_24_57_full.dmp.zip
2006-08-25 04:54   3,860,480   -c--a-w   C:\WINDOWS\Internet Logs\xDB25.tmp
2006-07-28 08:59   4,215,808   -c--a-w   C:\WINDOWS\Internet Logs\xDB24.tmp
2006-07-28 08:59   2,966,016   -c--a-w   C:\WINDOWS\Internet Logs\xDB23.tmp
2006-07-01 05:40   4,165,120   -c--a-w   C:\WINDOWS\Internet Logs\xDB22.tmp
2006-06-26 18:24   3,033,088   -c--a-w   C:\WINDOWS\Internet Logs\xDB20.tmp
2006-06-21 08:16   3,985,920   -c--a-w   C:\WINDOWS\Internet Logs\xDB21.tmp
2006-06-21 08:16   3,144,704   -c--a-w   C:\WINDOWS\Internet Logs\xDB1F.tmp
2006-05-08 09:09   3,039,232   -c--a-w   C:\WINDOWS\Internet Logs\xDB1E.tmp
2006-04-06 08:57   3,059,200   -c--a-w   C:\WINDOWS\Internet Logs\xDB1D.tmp
2006-02-20 09:39   2,863,616   -c--a-w   C:\WINDOWS\Internet Logs\xDB1C.tmp
2006-02-06 08:29   2,981,888   -c--a-w   C:\WINDOWS\Internet Logs\xDB1B.tmp
2005-12-17 07:44   3,523,584   -c--a-w   C:\WINDOWS\Internet Logs\xDB1A.tmp
2005-11-26 05:12   1,968,640   -c--a-w   C:\WINDOWS\Internet Logs\xDB19.tmp
2005-11-20 09:08   3,421,184   -c--a-w   C:\WINDOWS\Internet Logs\xDB18.tmp
2005-11-20 00:23   3,420,672   -c--a-w   C:\WINDOWS\Internet Logs\xDB17.tmp
2005-11-20 00:23   2,853,376   -c--a-w   C:\WINDOWS\Internet Logs\xDB16.tmp
2005-10-24 00:43   3,357,696   -c--a-w   C:\WINDOWS\Internet Logs\xDB15.tmp
2005-10-24 00:43   2,703,872   -c--a-w   C:\WINDOWS\Internet Logs\xDB14.tmp
2005-10-11 05:54   783,872   -c--a-w   C:\WINDOWS\Internet Logs\xDB13.tmp
2005-10-09 19:53   2,929,152   -c--a-w   C:\WINDOWS\Internet Logs\xDB12.tmp
2005-10-05 19:01   2,902,016   -c--a-w   C:\WINDOWS\Internet Logs\xDB10.tmp
2005-10-03 18:14   2,896,384   -c--a-w   C:\WINDOWS\Internet Logs\xDBE.tmp
2005-10-03 18:14   199,168   -c--a-w   C:\WINDOWS\Internet Logs\xDBF.tmp
2005-07-02 07:28   139,776   -c--a-w   C:\WINDOWS\Internet Logs\xDB11.tmp
2005-07-02 05:04   2,860,032   -c--a-w   C:\WINDOWS\Internet Logs\xDBD.tmp
2005-06-15 01:01   1,816,576   -c--a-w   C:\WINDOWS\Internet Logs\xDBC.tmp
2005-06-14 22:33   2,855,424   -c--a-w   C:\WINDOWS\Internet Logs\xDBB.tmp
2005-05-26 06:15   2,903,552   -c--a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2005-05-26 06:15   2,843,648   -c--a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2005-05-15 06:53   2,763,776   -c--a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2005-05-13 21:49   2,746,880   -c--a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2005-05-09 06:47   2,732,544   -c--a-w   C:\WINDOWS\Internet Logs\xDBA.tmp
2005-04-26 18:27   2,655,744   -c--a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2005-03-18 07:43   2,418,176   -c--a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2005-03-17 05:45   2,776,064   -c--a-w   C:\WINDOWS\Internet Logs\xDB9.tmp
2005-03-17 05:16   2,420,224   -c--a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2005-03-14 04:59   2,415,104   -c--a-w   C:\WINDOWS\Internet Logs\xDB8.tmp
2005-01-02 20:49   457   -c--a-w   C:\Program Files\INSTALL.LOG
2007-03-30 21:28   105,984   --sh--w   C:\WINDOWS\Debug\UserMode\CBD61.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-23 08:01 938500]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-06-28 16:24 258048]
"000StTHK"="000StTHK.exe" [2001-06-23 19:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TFNF5"="TFNF5.exe" [2003-10-15 15:03 73728 C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 12:45 135168]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 00:01 86073]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 01:09 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 01:08 495616]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 13:47 1089589]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 17:00 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-19 23:00 88363 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"TPSMain"="TPSMain.exe" [2004-06-01 19:43 278528 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-09 14:58 3665920]
"nwiz"="nwiz.exe" [2004-07-09 14:58 790528 C:\WINDOWS\system32\nwiz.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-25 23:43 184320]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-11 22:04 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2008-02-17 02:58 75384]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-10-03 10:23 95960]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-07-19 11:03 94208]
"DAEMON Tools-2052"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 23:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 23:32 696320]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-17 02:58 919016]

C:\Documents and Settings\Ada\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-03 06:43:43 113664]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]
World Community Grid Agent.lnk - C:\Program Files\WorldCommunityGrid\UD.EXE [2005-04-29 14:12:42 482816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-03-29 03:29:03 25214]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-04 20:29:25 1183744]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-10-29 10:29:46 671744]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-09-14 13:52:30 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3CD55043-005A-49B8-B298-0618D55A543C}"= C:\WINDOWS\debug\userMode\CBD61.dll [ ]

R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2006-09-21 11:23]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2005-11-22 13:32]
R3 MaBtPort;MA Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\mabtport.sys [2006-09-27 09:47]
R3 MaBtVad;Mobile Action Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\MaBtVad.sys [2005-08-23 11:04]
S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\ES-620.sys [2003-04-17 17:42]
S3 hwmouser;HanWang Technology CO.LTD HID Tablet Device;C:\WINDOWS\system32\DRIVERS\hwpad_nt.sys [2001-07-06 19:05]
S3 jausbct;NEC Portable Phone KMP6J1L1 BUS Control Driver;C:\WINDOWS\system32\DRIVERS\jausbct.sys [2003-10-15 23:00]
S3 jausbfn;NEC Portable Phone KMP6J1L1 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\jausbfn.sys [2004-01-13 23:00]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}]
C:\WINDOWS\system32\msnvl.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 08:40:57 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2008-02-17 12:14:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2008-02-17 09:05:48 C:\WINDOWS\Tasks\User_Feed_Synchronization-{86729C8F-59F3-4C11-8E37-F1239F63425B}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 04:06:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-02-17 4:16:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 12:16:40
.
2008-01-09 11:09:00   --- E O F ---

I removed the attached file and added the contents to your reply
Much easier to follow along

guestolo · « **Reply #11 on:** February 17, 2008, 09:08:35 PM »

Can you do the following

Download and save to desktop SafeBootKeyRepair.exe
Leave it on desktop for now
We'll need this later

==Open notepad
Copy all the text in blue below and Paste to notepad
Don't use anything else than notepad or the script will not work
===================================================================

[color=\"#0000FF\"]File::
C:\WINDOWS\debug\userMode\CBD61.dll
C:\WINDOWS\Debug\UserMode\CBD61.exe
C:\WINDOWS\system32\msnvl.exe

Folder::
C:\WINDOWS\system32\drivers\down

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3CD55043-005A-49B8-B298-0618D55A543C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}]
[/color]

=========================================================
Save this as txtfile on your desktop
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Don't mouse click on it, let it complete

When finished, it shall produce a log for you again, with the same name C:\ComboFix.txt..
I'll need to see that again later

Ensure all open windows are closed
Double-click the SafeBootKeyRepair.exe file.
When finished, it shall produce a log for you.

Post back all the following, this will probably take more than one reply to post all the information, do so please
1. Post the entire contents of C:\SafeBoot_Repair.txt
2. Post the log again from Combofix
3. If you still have Hijackthis, can you delete your copy and redownload it from signature below
Try running it and if it runs, Scan>>Save logfile post the fresh log

After the above, if possible, can you go back to my previous post and try and run the Kaspersky scan again
If it will run, let it finish and post it's log also

adelaide · « **Reply #12 on:** February 18, 2008, 05:04:41 AM »

Here's the new ComboFix log:

ComboFix 08-02-15.1 - Ada 2008-02-18 1:35:22.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.852.1033.18.115 [GMT -8:00]
Running from: C:\Documents and Settings\Ada\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Ada\Desktop\CFScript.txt
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE
C:\WINDOWS\debug\userMode\CBD61.dll
C:\WINDOWS\Debug\UserMode\CBD61.exe
C:\WINDOWS\system32\msnvl.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\down

.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-02 02:59 . 2008-02-02 02:59   <DIR>   d--------   C:\Deckard
2008-01-26 02:30 . 2008-01-26 03:19   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
2008-01-25 03:29 . 1998-06-18 00:00   89,360   --a------   C:\WINDOWS\system32\VB5DB.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 09:26   320,108   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-18 09:26   27,359,264   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-18 09:08   ---------   d-----w   C:\Documents and Settings\Ada\Application Data\Skype
2008-02-17 09:05   ---------   d-----w   C:\Program Files\WorldCommunityGrid
2008-01-29 04:27   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-27 12:33   21,419   ----a-w   C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 11:57   ---------   d-----w   C:\Program Files\eMule
2008-01-26 09:07   ---------   d-----w   C:\Program Files\NJStar Communicator
2007-11-24 04:46   37,315   ----a-w   C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_22_12_43_30_small.dmp.zip
2007-10-24 09:40   12,012,032   ----a-w   C:\WINDOWS\Internet Logs\xDB33.tmp
2007-09-14 09:34   5,311,488   ----a-w   C:\WINDOWS\Internet Logs\xDB32.tmp
2007-08-14 10:15   8,714,752   ----a-w   C:\WINDOWS\Internet Logs\xDB31.tmp
2007-07-23 01:17   8,133,632   ----a-w   C:\WINDOWS\Internet Logs\xDB30.tmp
2007-07-11 12:51   19,876,847   ----a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2007-05-28 18:39   6,973,440   ----a-w   C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-04-28 09:17   5,495,296   ----a-w   C:\WINDOWS\Internet Logs\xDB2E.tmp
2007-04-05 08:50   3,101,184   ----a-w   C:\WINDOWS\Internet Logs\xDB2D.tmp
2007-04-04 10:10   4,805,120   ----a-w   C:\WINDOWS\Internet Logs\xDB2C.tmp
2007-03-31 15:56   124,041   ----a-w   C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_30_22_51_33_small.dmp.zip
2007-03-21 09:00   3,037,184   ----a-w   C:\WINDOWS\Internet Logs\xDB2B.tmp
2007-03-20 00:26   3,009,024   ----a-w   C:\WINDOWS\Internet Logs\xDB2A.tmp
2007-03-15 08:48   5,723,648   ----a-w   C:\WINDOWS\Internet Logs\xDB29.tmp
2006-12-12 10:06   4,523,008   -c--a-w   C:\WINDOWS\Internet Logs\xDB28.tmp
2006-10-15 10:09   3,417,088   -c--a-w   C:\WINDOWS\Internet Logs\xDB27.tmp
2006-08-27 09:23   743,424   -c--a-w   C:\WINDOWS\Internet Logs\xDB26.tmp
2006-08-25 13:53   20,271,362   ----a-w   C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_08_16_09_24_57_full.dmp.zip
2006-08-25 04:54   3,860,480   -c--a-w   C:\WINDOWS\Internet Logs\xDB25.tmp
2006-07-28 08:59   4,215,808   -c--a-w   C:\WINDOWS\Internet Logs\xDB24.tmp
2006-07-28 08:59   2,966,016   -c--a-w   C:\WINDOWS\Internet Logs\xDB23.tmp
2006-07-01 05:40   4,165,120   -c--a-w   C:\WINDOWS\Internet Logs\xDB22.tmp
2006-06-26 18:24   3,033,088   -c--a-w   C:\WINDOWS\Internet Logs\xDB20.tmp
2006-06-21 08:16   3,985,920   -c--a-w   C:\WINDOWS\Internet Logs\xDB21.tmp
2006-06-21 08:16   3,144,704   -c--a-w   C:\WINDOWS\Internet Logs\xDB1F.tmp
2006-05-08 09:09   3,039,232   -c--a-w   C:\WINDOWS\Internet Logs\xDB1E.tmp
2006-04-06 08:57   3,059,200   -c--a-w   C:\WINDOWS\Internet Logs\xDB1D.tmp
2006-02-20 09:39   2,863,616   -c--a-w   C:\WINDOWS\Internet Logs\xDB1C.tmp
2006-02-06 08:29   2,981,888   -c--a-w   C:\WINDOWS\Internet Logs\xDB1B.tmp
2005-12-17 07:44   3,523,584   -c--a-w   C:\WINDOWS\Internet Logs\xDB1A.tmp
2005-11-26 05:12   1,968,640   -c--a-w   C:\WINDOWS\Internet Logs\xDB19.tmp
2005-11-20 09:08   3,421,184   -c--a-w   C:\WINDOWS\Internet Logs\xDB18.tmp
2005-11-20 00:23   3,420,672   -c--a-w   C:\WINDOWS\Internet Logs\xDB17.tmp
2005-11-20 00:23   2,853,376   -c--a-w   C:\WINDOWS\Internet Logs\xDB16.tmp
2005-10-24 00:43   3,357,696   -c--a-w   C:\WINDOWS\Internet Logs\xDB15.tmp
2005-10-24 00:43   2,703,872   -c--a-w   C:\WINDOWS\Internet Logs\xDB14.tmp
2005-10-11 05:54   783,872   -c--a-w   C:\WINDOWS\Internet Logs\xDB13.tmp
2005-10-09 19:53   2,929,152   -c--a-w   C:\WINDOWS\Internet Logs\xDB12.tmp
2005-10-05 19:01   2,902,016   -c--a-w   C:\WINDOWS\Internet Logs\xDB10.tmp
2005-10-03 18:14   2,896,384   -c--a-w   C:\WINDOWS\Internet Logs\xDBE.tmp
2005-10-03 18:14   199,168   -c--a-w   C:\WINDOWS\Internet Logs\xDBF.tmp
2005-07-02 07:28   139,776   -c--a-w   C:\WINDOWS\Internet Logs\xDB11.tmp
2005-07-02 05:04   2,860,032   -c--a-w   C:\WINDOWS\Internet Logs\xDBD.tmp
2005-06-15 01:01   1,816,576   -c--a-w   C:\WINDOWS\Internet Logs\xDBC.tmp
2005-06-14 22:33   2,855,424   -c--a-w   C:\WINDOWS\Internet Logs\xDBB.tmp
2005-05-26 06:15   2,903,552   -c--a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2005-05-26 06:15   2,843,648   -c--a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2005-05-15 06:53   2,763,776   -c--a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2005-05-13 21:49   2,746,880   -c--a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2005-05-09 06:47   2,732,544   -c--a-w   C:\WINDOWS\Internet Logs\xDBA.tmp
2005-04-26 18:27   2,655,744   -c--a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2005-03-18 07:43   2,418,176   -c--a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2005-03-17 05:45   2,776,064   -c--a-w   C:\WINDOWS\Internet Logs\xDB9.tmp
2005-03-17 05:16   2,420,224   -c--a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2005-03-14 04:59   2,415,104   -c--a-w   C:\WINDOWS\Internet Logs\xDB8.tmp
2005-01-02 20:49   457   -c--a-w   C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-23 08:01 938500]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-06-28 16:24 258048]
"000StTHK"="000StTHK.exe" [2001-06-23 19:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TFNF5"="TFNF5.exe" [2003-10-15 15:03 73728 C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 12:45 135168]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 00:01 86073]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 01:09 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 01:08 495616]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 13:47 1089589]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 17:00 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-19 23:00 88363 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"TPSMain"="TPSMain.exe" [2004-06-01 19:43 278528 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-09 14:58 3665920]
"nwiz"="nwiz.exe" [2004-07-09 14:58 790528 C:\WINDOWS\system32\nwiz.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-25 23:43 184320]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-11 22:04 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2008-02-17 02:58 75384]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-10-03 10:23 95960]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-07-19 11:03 94208]
"DAEMON Tools-2052"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 23:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 23:32 696320]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-17 02:58 919016]

C:\Documents and Settings\Ada\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-03 06:43:43 113664]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]
World Community Grid Agent.lnk - C:\Program Files\WorldCommunityGrid\UD.EXE [2005-04-29 14:12:42 482816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-03-29 03:29:03 25214]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-04 20:29:25 1183744]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-10-29 10:29:46 671744]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-09-14 13:52:30 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2006-09-21 11:23]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2005-11-22 13:32]
R3 MaBtPort;MA Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\mabtport.sys [2006-09-27 09:47]
R3 MaBtVad;Mobile Action Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\MaBtVad.sys [2005-08-23 11:04]
S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\ES-620.sys [2003-04-17 17:42]
S3 hwmouser;HanWang Technology CO.LTD HID Tablet Device;C:\WINDOWS\system32\DRIVERS\hwpad_nt.sys [2001-07-06 19:05]
S3 jausbct;NEC Portable Phone KMP6J1L1 BUS Control Driver;C:\WINDOWS\system32\DRIVERS\jausbct.sys [2003-10-15 23:00]
S3 jausbfn;NEC Portable Phone KMP6J1L1 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\jausbfn.sys [2004-01-13 23:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 08:40:57 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exe
"2008-02-18 09:49:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2008-02-18 07:00:28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{86729C8F-59F3-4C11-8E37-F1239F63425B}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 01:43:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-18 1:50:18
ComboFix-quarantined-files.txt 2008-02-18 09:50:13
ComboFix2.txt 2008-02-18 09:05:32
ComboFix3.txt 2008-02-17 12:16:48
.
2008-01-09 11:09:00   --- E O F ---

adelaide · « **Reply #13 on:** February 18, 2008, 05:05:54 AM »

SafeBootKeyRepair log:

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC

adelaide · « **Reply #14 on:** February 18, 2008, 05:09:51 AM »

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:45 AM, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\WorldCommunityGrid\UD.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe" -lang 2052
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131755470149
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://telescope.aacb.com//webcam/AxisCamControl.ocx
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12606 bytes

adelaide · « **Reply #15 on:** February 18, 2008, 05:15:24 AM »

I wasn't able to run Kaspersky still....
My wireless internet was running OK for awhile, and then I couldn't download/upload anything again
However it does seem to be in a slightly better state than before....

guestolo · « **Reply #16 on:** February 18, 2008, 09:33:05 AM »

That's looking better

Can you do the following
You have older versions of Java installed that malware can use to infect your system

Can you access your add/remove programs and remove the following
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Java(tm) 6 Update 2

Don't reboot the computer yet
Instead, can we remove the older version of Ewido please, it's not malicious, just want to eliminate it from possibility of problems
In add/remove uninstall >>>ewido anti-spyware 4.0

Again, don't reboot yet
I'm not sure what version of ZoneAlarm you have installed, but can you uninstall it also
This could be a cause of problems with connection dropouts
Remove>>ZoneAlarm
Ensure to activate Windows Firewall when prompted or after reboot

Reboot the computer
Back in Windows can you try Kaspersky's one more time, if it won't run we'll try an alternative

NOTE: can you also let me know if Symantec's AV is running properly, it looks as if you have/had older versions installed
We can update you to a free AV that will be more up to date

adelaide · « **Reply #17 on:** February 18, 2008, 10:44:24 PM »

Here's Kaspersky's report, it looks scary to me...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 18, 2008 7:51:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/02/2008
Kaspersky Anti-Virus database records: 572594
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\

Scan Statistics:
   Total number of scanned objects: 157942
   Number of viruses found: 8
   Number of infected objects: 98
   Number of suspicious objects: 0
   Duration of the scan process: 02:20:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Ada\Application Data\$_hpcst$.hpc   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\call256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\callmember256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chat512.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chat8192.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg1024.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg2048.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg512.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\contactgroup256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\index2.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\profile256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\transfer256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\transfer512.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\user1024.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temp\WCESLog.log   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temp\~DFB7F3.tmp   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temp\~DFB8E0.tmp   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\Ada\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-18_Log.ALUSchedulerSvc.LiveUpdate   Object is locked   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\QooBox\Quarantine\C\WINDOWS\Debug\UserMode\CBD61.exe.vir   Infected: Trojan-PSW.Win32.QQPass.xw   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101205.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101866.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102547.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\106182.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\126632.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\129105.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\129155.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\130407.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\133051.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\133692.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\134563.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\136816.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\137257.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\141102.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\143566.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\143626.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\144587.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\146280.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\151067.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\156745.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\156765.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\157907.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\168952.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\348981.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\587264.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\597709.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87846.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\88877.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\90349.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\92863.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\95347.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\97730.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/srosa.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/wintems.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/mdelk.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/hldrrr.exe   Infected: Trojan-Downloader.Win32.Bagle.ir   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip   ZIP: infected - 4   skipped
C:\QooBox\Quarantine\Registry_backups\LEGACY_SROSA.reg.dat   Infected: Trojan-Downloader.Win32.Bagle.hp   skipped
C:\QooBox\Quarantine\Registry_backups\services_srosa.reg.dat   Infected: Trojan-Downloader.Win32.Bagle.hp   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000014.exe   Infected: Trojan-PSW.Win32.Delf.fy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000022.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000025.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000026.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000088.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000091.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000108.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000113.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000114.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP17\A0004887.exe   Infected: Trojan-PSW.Win32.Delf.fy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP18\change.log   Object is locked   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP3\A0000257.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP3\A0000281.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0000303.exe   Infected: Trojan-Downloader.Win32.Bagle.ir   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0000333.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0001333.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0002332.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003331.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003355.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003376.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003390.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003391.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003401.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003422.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003444.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003470.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003471.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003472.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003473.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003477.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003479.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003480.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003482.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003485.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003486.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003489.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003490.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003491.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003496.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003499.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003501.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003506.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003511.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003515.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003524.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003525.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003531.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003553.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003743.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003762.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003763.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003767.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003768.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003769.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003770.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003771.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003772.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP6\A0003841.exe   Infected: Trojan-PSW.Win32.QQPass.xw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP8\A0004011.exe   Infected: Trojan-Downloader.Win32.Bagle.ir   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt   Object is locked   skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{955B572B-947D-4276-9E44-9C302E115FF6}.bin   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\edb.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\default   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\system   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\drivers\fidbox.dat   Object is locked   skipped
C:\WINDOWS\system32\drivers\fidbox.idx   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped

Scan process completed.

guestolo · « **Reply #18 on:** February 18, 2008, 11:01:38 PM »

Quote

NOTE: can you also let me know if Symantec's AV is running properly, it looks as if you have/had older versions installed
We can update you to a free AV that will be more up to date

Can you let me know that please, it may not be running properly and I suggest if it's outdated we update to an alternative

Quote

Here's Kaspersky's report, it looks scary to me...

System restore points are infected, as long as you don't use it yet, your fine
We'll clean it and start you with a fresh restore point
Other infected files are in safe places for now

adelaide · « **Reply #19 on:** February 18, 2008, 11:05:24 PM »

I have removed the 2002 version of Symantec AV, but from the Add/Remove Program list it looks like I also have the 2005 version, which I wasn't able to remove (I clicked "uninstall" but it does nothing).

No, I haven't used any of the restore points yet.....(actually I tried to in the very beginning but the system wouldn't let me)

News:

Author Topic: Wireless And Other Problems (Read 1949 times)