Jump to content

J-Hob

Honorary Members
  • Posts

    27
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I currently have the free version of avira installed on my home computer but can get mcafee through work. I was looking for some advice as to whether I would be advised to change my anti-virus from avira to mcafee or not?
  2. Looks like the only the issue showing in the event logs now is: Event Type: Warning Event Source: Google Update Event Category: None Event ID: 12 Date: 06/03/2009 Time: 16:41:50 User: JOHN-PC\John Computer: JOHN-PC Description: The description for Event ID ( 12 ) in Source ( Google Update ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Application update. ver=1.2.141.5, lang=en-GB, machine=0, extern=1 App={D0AB2EBC-931B-4013-9FEB-C9C4C2225C8C}, Ver=1.0.3.0, PrevVer=1.0.3.0, Status=0x00000642. I tried to re-install chrome and it failed, so looks like this is my last remaining problem. Thanks again for your help with this. Very much appreciated.
  3. Strange, I had run DDS again but hadn't deleted the files from the last run, looks like it didn't over-write them. Just realise it doesn't actually save the files, just displays them in notepad... Anyway, I have deleted them and run it again, results here: DDS (Ver_09-02-01.01) - NTFSx86 Run by John at 18:28:32.48 on 06/03/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2092 [GMT 0:00] AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) FW: COMODO Firewall *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ASUS\AI Gear2\GearHelp.exe C:\Program Files\ASUS\Ai Nap\AiNap.exe C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Taskix\Taskix32.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Dropbox\dropbox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Password Safe\pwsafe.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\John\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Documents and Settings\John\Desktop\dds.scr ============== Pseudo HJT Report =============== uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\john\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRunOnce: [MPlayer2_FixUp] c:\windows\inf\unregmp2.exe /Fixups mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [skyTel] SkyTel.EXE mRun: [Ai Gear Help] "c:\program files\asus\ai gear2\GearHelp.exe" mRun: [Ai Nap] "c:\program files\asus\ai nap\AiNap.exe" mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom 1.4\apdproxy.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [tsnp2std] c:\windows\tsnp2std.exe mRun: [snp2std] c:\windows\vsnp2std.exe mRun: [Taskix] c:\program files\taskix\Taskix32.exe start mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe mRun: [ElbyCheckAnyDVD] "c:\program files\slysoft\anydvd\ElbyCheck.exe" /L AnyDVD mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h StartupFolder: c:\docume~1\john\startm~1\programs\startup\dropbox.lnk - c:\program files\dropbox\dropbox.exe StartupFolder: c:\docume~1\john\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\john\startm~1\programs\startup\passwo~1.lnk - c:\program files\password safe\pwsafe.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hueypr~1.lnk - c:\program files\pantone\hueypro\hueyPROTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\siteco~1.lnk - c:\program files\sitecom\sitecom wireless network usb adapter turbo g wl-172\installer\WLANUTL.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Open with KUSO EXIF Viewer - c:\program files\kuso exif viewer\EXIF.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222601183843 DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://vpn1.hw.ac.uk/sre/ICSScanner.cab DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn1.hw.ac.uk/SNX/CSHELL/extender.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Notification Packages = cli scecli ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\9b35vlkn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\john\application data\mozilla\firefox\profiles\9b35vlkn.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll FF - component: c:\documents and settings\john\application data\mozilla\firefox\profiles\9b35vlkn.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll FF - component: c:\documents and settings\john\application data\mozilla\firefox\profiles\9b35vlkn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - component: c:\program files\google\google gears\firefox\components\gears.dll FF - plugin: c:\documents and settings\john\application data\mozilla\firefox\profiles\9b35vlkn.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\john\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\john\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll ============= SERVICES / DRIVERS =============== R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-9-25 38448] R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-6-7 11840] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-8-13 110992] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-8-13 24336] R2 AntiVirScheduler;Avira AntiVir Personal Attach.zip Attach.zip
  4. I have WAMP on my computer because I'm a web developer. Here's DDS.txt and attach.zip is attached as per instructions. DDS (Ver_09-02-01.01) - NTFSx86 Run by John at 19:17:56.37 on 03/03/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2481 [GMT 0:00] AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) FW: COMODO Firewall *disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ASUS\AI Gear2\GearHelp.exe C:\Program Files\ASUS\Ai Nap\AiNap.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\tsnp2std.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\uTorrent\uTorrent.exe C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\John\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\WINDOWS\system32\mmc.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\John\Desktop\dds.scr ============== Pseudo HJT Report =============== uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe uRun: [Google Update] "c:\documents and settings\john\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [skyTel] SkyTel.EXE mRun: [Ai Gear Help] "c:\program files\asus\ai gear2\GearHelp.exe" mRun: [Ai Nap] "c:\program files\asus\ai nap\AiNap.exe" mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r mRun: [Adobe Photo Downloader] "c:\program files\adobe\adobe photoshop lightroom 1.4\apdproxy.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [tsnp2std] c:\windows\tsnp2std.exe mRun: [snp2std] c:\windows\vsnp2std.exe mRun: [Taskix] c:\program files\taskix\Taskix32.exe start mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe mRun: [ElbyCheckAnyDVD] "c:\program files\slysoft\anydvd\ElbyCheck.exe" /L AnyDVD mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking9\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking9\Ereg.ini mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE StartupFolder: c:\docume~1\john\startm~1\programs\startup\dropbox.lnk - c:\program files\dropbox\dropbox.exe StartupFolder: c:\docume~1\john\startm~1\programs\startup\passwo~1.lnk - c:\program files\password safe\pwsafe.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hueypr~1.lnk - c:\program files\pantone\hueypro\hueyPROTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\siteco~1.lnk - c:\program files\sitecom\sitecom wireless network usb adapter turbo g wl-172\installer\WLANUTL.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Open with KUSO EXIF Viewer - c:\program files\kuso exif viewer\EXIF.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222601183843 DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://vpn1.hw.ac.uk/sre/ICSScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn1.hw.ac.uk/SNX/CSHELL/extender.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Notification Packages = cli scecli ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\9b35vlkn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\john\application data\mozilla\firefox\profiles\9b35vlkn.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll FF - component: c:\documents and settings\john\application data\mozilla\firefox\profiles\9b35vlkn.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll FF - component: c:\documents and settings\john\application data\mozilla\firefox\profiles\9b35vlkn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - component: c:\program files\google\google gears\firefox\components\gears.dll FF - plugin: c:\documents and settings\john\application data\mozilla\firefox\profiles\9b35vlkn.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\john\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\john\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll ============= SERVICES / DRIVERS =============== R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-9-25 38448] R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-6-7 11840] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-8-13 101776] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-8-13 31504] R2 AntiVirScheduler;Avira AntiVir Personal Attach.zip Attach.zip
  5. OK, seem to be getting somewhere now. I now have windows fully patched up and so far the system seems stable. What was it that caused these problems and how can avoid it happening again? Here's another HJT log as I'm guessing you might like to take a look at it: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:38:58, on 05/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ASUS\AI Gear2\GearHelp.exe C:\Program Files\ASUS\Ai Nap\AiNap.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Taskix\Taskix32.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Dropbox\dropbox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Password Safe\pwsafe.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\COMODO\Firewall\cfpupdat.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear2\GearHelp.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Nap\AiNap.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe O4 - Global Startup: hueyPROTray.lnk = C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with KUSO EXIF Viewer - C:\Program Files\KUSO EXIF Viewer\EXIF.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222601183843 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://vpn1.hw.ac.uk/sre/ICSScanner.cab O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://vpn1.hw.ac.uk/SNX/CSHELL/extender.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: Avira AntiVir Personal
  6. OK, made a bit of progress now. Managed to unlock those registry keys by first setting the owner to administrator and then setting the permissions to everyone with full control. I then managed to get rid of the old java installations, here's the log file: JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Mar 05 21:24:55 2009 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006 Found and removed: Software\JavaSoft\Java2D\1.6.0_01 ------------------------------------ Finished reporting.
  7. Well, my computer still isn't the happiest bunny in the woods. Installation just seem to hang now. I tried to remove those registry keys but it won't let me and I can't add any permissions to allow me to do so. I tried running regassassin to unlock them but despite claiming to have unlocked them it hadn't actually done so. What is actually wrong with my computer? Has it just got in to a tangle or is it as a result of some sort of malware infection?
  8. Do you think I should try re-running the SP2 update before I attempt SP3 seeing as this may not have installed cleanly before?
  9. Strangely I don't have the 'Local System' key in my registry. I just have: S-1-5-18 with sub-keys Components, Products, Patches and S-1-5-21-861567501-1364589140-839522115-1003 with sub-keys Components, Products This looks as though the keys have been renamed, is that right? Should I renamed them to Local System and something else? That would at least explain why combofix couldn't change the permissions. I have run the microsoft restore security settings tool too.
  10. Well, I'm pleased to report that after running combofix my windows installer service has started! I've not actually tried installing anything yet but that's definitely an improvement. I will go through all the other steps you suggest first. I'm delighted with this result, thanks so much for your help!
  11. ComboFix 09-03-02.03 - John 2009-03-05 8:46:04.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2571 [GMT 0:00] Running from: c:\documents and settings\John\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) FW: COMODO Firewall *disabled* * Created a new restore point FILE :: c:\documents and settings\John\Application Data\SAS7_000.DAT c:\program files\NetMeter\NetMeter.exe c:\windows\002741_.tmp c:\windows\002749_.tmp c:\windows\002765_.tmp c:\windows\002781_.tmp c:\windows\006317_.tmp c:\windows\imsins.BAK c:\windows\SET494.tmp c:\windows\SETD2.tmp c:\windows\SETE7.tmp c:\windows\system32\SET10B5.tmp c:\windows\system32\SET10B6.tmp c:\windows\system32\SET10B9.tmp c:\windows\system32\SET10C1.tmp c:\windows\system32\SET1194.tmp c:\windows\system32\SET1236.tmp c:\windows\system32\SET1237.tmp c:\windows\system32\SET123A.tmp c:\windows\system32\SET1242.tmp c:\windows\system32\SET1334.tmp c:\windows\system32\SET1335.tmp c:\windows\system32\SET1338.tmp c:\windows\system32\SET1340.tmp c:\windows\system32\SET142F.tmp c:\windows\system32\SET1430.tmp c:\windows\system32\SET1433.tmp c:\windows\system32\SET143B.tmp c:\windows\system32\SET179.tmp c:\windows\system32\SET187.tmp c:\windows\system32\SET18E.tmp c:\windows\system32\SET18F.tmp c:\windows\system32\SET194.tmp c:\windows\system32\SET1CA.tmp c:\windows\system32\SET1CB.tmp c:\windows\system32\SET1D9.tmp c:\windows\system32\SET20C.tmp c:\windows\system32\SET2F2.tmp c:\windows\system32\SET38E.tmp c:\windows\system32\SET45C.tmp c:\windows\system32\SET45F.tmp c:\windows\system32\SET461.tmp c:\windows\system32\SET464.tmp c:\windows\system32\SET467.tmp c:\windows\system32\SET469.tmp c:\windows\system32\SETFB2.tmp c:\windows\system32\SETFB3.tmp c:\windows\system32\SETFB6.tmp c:\windows\system32\SETFBE.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\John\Application Data\SAS7_000.DAT c:\documents and settings\John\Local Settings\Temporary Internet Files\SLC_John.prx c:\program files\NetMeter\NetMeter.exe c:\windows\002741_.tmp c:\windows\002749_.tmp c:\windows\002765_.tmp c:\windows\002781_.tmp c:\windows\006317_.tmp c:\windows\imsins.BAK c:\windows\SET494.tmp c:\windows\SETD2.tmp c:\windows\SETE7.tmp c:\windows\system32\SET10B5.tmp c:\windows\system32\SET10B6.tmp c:\windows\system32\SET10B9.tmp c:\windows\system32\SET10C1.tmp c:\windows\system32\SET1194.tmp c:\windows\system32\SET1236.tmp c:\windows\system32\SET1237.tmp c:\windows\system32\SET123A.tmp c:\windows\system32\SET1242.tmp c:\windows\system32\SET1334.tmp c:\windows\system32\SET1335.tmp c:\windows\system32\SET1338.tmp c:\windows\system32\SET1340.tmp c:\windows\system32\SET142F.tmp c:\windows\system32\SET1430.tmp c:\windows\system32\SET1433.tmp c:\windows\system32\SET143B.tmp c:\windows\system32\SET179.tmp c:\windows\system32\SET187.tmp c:\windows\system32\SET18E.tmp c:\windows\system32\SET18F.tmp c:\windows\system32\SET194.tmp c:\windows\system32\SET1CA.tmp c:\windows\system32\SET1CB.tmp c:\windows\system32\SET1D9.tmp c:\windows\system32\SET20C.tmp c:\windows\system32\SET2F2.tmp c:\windows\system32\SET38E.tmp c:\windows\system32\SET45C.tmp c:\windows\system32\SET45F.tmp c:\windows\system32\SET461.tmp c:\windows\system32\SET464.tmp c:\windows\system32\SET467.tmp c:\windows\system32\SET469.tmp c:\windows\system32\SETFB2.tmp c:\windows\system32\SETFB3.tmp c:\windows\system32\SETFB6.tmp c:\windows\system32\SETFBE.tmp . ((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 ))))))))))))))))))))))))))))))) . 2009-03-05 08:09 . 2009-03-05 08:09 <DIR> d-------- c:\program files\Trend Micro 2009-03-03 21:23 . 2009-03-03 22:10 <DIR> d-------- c:\program files\Canta 2009-03-03 19:44 . 2009-03-03 20:36 250 --a------ c:\windows\gmer.ini 2009-03-03 17:47 . 2009-03-03 17:47 <DIR> d-------- c:\documents and settings\John\Application Data\Windows Search 2009-03-01 11:56 . 2008-12-20 23:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-03-01 11:56 . 2007-04-17 09:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-03-01 11:56 . 2007-03-08 05:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-03-01 11:56 . 2008-12-20 23:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-03-01 11:56 . 2008-12-20 23:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-03-01 11:56 . 2008-12-20 23:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-03-01 11:56 . 2008-12-20 23:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-03-01 11:56 . 2008-12-20 23:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-03-01 11:56 . 2008-12-19 09:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-03-01 11:31 . 2009-03-05 08:50 <DIR> d-------- c:\windows\system32\CatRoot2 2009-03-01 09:34 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-01 09:34 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-01 09:34 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-01 09:34 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-01 09:32 . 2008-04-14 00:12 1,306,624 -----c--- c:\windows\system32\dllcache\msxml6.dll 2009-03-01 09:32 . 2008-04-14 00:12 380,416 --------- c:\windows\system32\irprops.cpl 2009-03-01 09:32 . 2008-04-14 00:10 102,912 -----c--- c:\windows\system32\dllcache\dpcdll.dll 2009-03-01 09:32 . 2008-04-13 21:57 79,872 -----c--- c:\windows\system32\dllcache\msxml6r.dll 2009-03-01 09:32 . 2008-04-14 00:09 24,064 -----c--- c:\windows\system32\dllcache\pidgen.dll 2009-03-01 09:32 . 2008-04-14 00:12 10,752 --------- c:\windows\system32\smtpapi.dll 2009-03-01 09:32 . 2008-04-14 00:12 9,728 --------- c:\windows\system32\rwnh.dll 2009-03-01 09:29 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2009-03-01 09:21 . 2008-06-17 19:02 8,461,312 -----c--- c:\windows\system32\dllcache\shell32.dll 2009-03-01 09:21 . 2008-04-11 19:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-03-01 09:21 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-03-01 09:21 . 2008-12-11 10:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-03-01 09:21 . 2008-05-01 14:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-03-01 09:21 . 2008-05-08 14:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2009-03-01 09:20 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-03-01 09:20 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-03-01 09:20 . 2008-10-03 10:02 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll 2009-03-01 00:21 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl 2009-03-01 00:21 . 2008-10-16 14:12 213,528 --a--c--- c:\windows\system32\dllcache\wuaucpl.cpl 2009-03-01 00:20 . 2009-03-01 09:49 <DIR> d-------- c:\windows\ServicePackFiles 2009-02-28 23:54 . 2008-04-14 00:12 4,274,816 --a------ c:\windows\system32\nv4_disp.dll 2009-02-28 23:52 . 2009-03-01 00:13 2,167,506 --a------ c:\windows\setupapi.log.5.old 2009-02-28 23:28 . 2009-02-28 23:48 2,224,825 --a------ c:\windows\setupapi.log.4.old 2009-02-28 23:04 . 2004-08-04 00:56 2,804,224 --a------ c:\windows\system32\SET55E.tmp 2009-02-28 23:01 . 2009-02-28 23:25 2,160,634 --a------ c:\windows\setupapi.log.3.old 2009-02-28 22:22 . 2004-08-04 00:56 3,003,392 --a------ c:\windows\system32\SET4B2.tmp 2009-02-28 22:21 . 2004-08-04 00:56 656,384 --a------ c:\windows\system32\SET1C6.tmp 2009-02-28 19:16 . 2004-08-04 00:56 8,384,000 --a------ c:\windows\system32\SET212.tmp 2009-02-28 18:55 . 2002-08-29 12:00 455,168 --a--c--- c:\windows\system32\dllcache\tintsetp.exe 2009-02-28 18:54 . 2002-08-29 12:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll 2009-02-28 18:52 . 2002-08-29 12:00 73,728 --a--c--- c:\windows\system32\dllcache\icwtutor.exe 2009-02-28 18:52 . 2002-08-29 12:00 61,440 --a--c--- c:\windows\system32\dllcache\icwres.dll 2009-02-28 18:52 . 2002-08-29 12:00 40,960 --a--c--- c:\windows\system32\dllcache\trialoc.dll 2009-02-28 18:52 . 2009-02-28 18:52 749 -rah----- c:\windows\WindowsShell.Manifest 2009-02-28 18:52 . 2009-02-28 18:52 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2009-02-28 18:52 . 2009-02-28 18:52 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2009-02-28 18:52 . 2009-02-28 18:52 749 -rah----- c:\windows\system32\nwc.cpl.manifest 2009-02-28 18:52 . 2009-02-28 18:52 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2009-02-28 18:52 . 2009-02-28 18:52 488 -rah----- c:\windows\system32\logonui.exe.manifest 2009-02-28 18:51 . 2008-04-14 00:11 167,424 --a------ c:\windows\system32\comsnap.dll 2009-02-28 18:51 . 2008-04-14 00:11 97,792 --a------ c:\windows\system32\comrepl.dll 2009-02-28 18:51 . 2008-04-14 00:12 59,392 --a------ c:\windows\system32\stclient.dll 2009-02-28 18:51 . 2008-04-14 00:12 34,304 --a------ c:\windows\system32\mtxlegih.dll 2009-02-28 18:51 . 2008-04-14 00:12 30,720 --a------ c:\windows\system32\mtxdm.dll 2009-02-28 18:51 . 2008-04-14 00:11 28,160 --a------ c:\windows\system32\comaddin.dll 2009-02-28 18:51 . 2008-04-14 00:12 6,144 --a------ c:\windows\system32\dcomcnfg.exe 2009-02-28 18:51 . 2008-04-14 00:12 4,096 --a------ c:\windows\system32\mtxex.dll 2009-02-28 18:42 . 2002-08-29 12:00 24,661 --a------ c:\windows\system32\spxcoins.dll 2009-02-28 18:42 . 2002-08-29 12:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll 2009-02-28 18:42 . 2002-08-29 12:00 13,312 --a------ c:\windows\system32\irclass.dll 2009-02-28 18:42 . 2002-08-29 12:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll 2009-02-28 18:41 . 2002-08-29 12:00 797,189 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT 2009-02-28 18:41 . 2002-08-29 12:00 657,548 --a--c--- c:\windows\system32\dllcache\CLASSES.CAT 2009-02-28 18:41 . 2002-08-29 12:00 399,645 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT 2009-02-28 18:41 . 2002-08-29 12:00 56,081 --a--c--- c:\windows\system32\dllcache\DAJAVAC.CAT 2009-02-28 18:41 . 2002-08-29 12:00 52,311 --a--c--- c:\windows\system32\dllcache\DX3.CAT 2009-02-28 18:41 . 2002-08-29 12:00 37,484 --a--c--- c:\windows\system32\dllcache\MW770.CAT 2009-02-28 18:41 . 2002-08-29 12:00 14,031 --a--c--- c:\windows\system32\dllcache\MSJDBC.CAT 2009-02-28 18:41 . 2002-08-29 12:00 13,472 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT 2009-02-28 18:41 . 2002-08-29 12:00 8,574 --a--c--- c:\windows\system32\dllcache\IASNT4.CAT 2009-02-28 18:41 . 2002-08-29 12:00 7,382 --a--c--- c:\windows\system32\dllcache\OEMBIOS.CAT 2009-02-28 18:40 . 2009-02-28 22:57 2,997,144 --a------ c:\windows\setupapi.log.2.old 2009-02-28 14:16 . 2009-02-28 14:16 <DIR> d-------- c:\documents and settings\John\Application Data\Xitona 2009-02-28 13:49 . 2009-02-28 13:49 <DIR> d-------- c:\program files\Singing Tutor 2009-02-28 13:49 . 2003-02-14 13:47 150 --a------ c:\windows\Song_w.ini 2009-02-28 12:43 . 2009-02-28 12:44 <DIR> d-------- c:\program files\Singing Tutor Duet 2.2 Win 2k-XP 2009-02-22 17:55 . 2009-02-22 17:55 <DIR> d-------- c:\program files\Ulead Systems 2009-02-05 20:53 . 2009-02-11 12:12 <DIR> d-------- c:\documents and settings\John\Application Data\Spotify 2009-02-05 20:52 . 2009-02-05 20:53 <DIR> d-------- c:\program files\Spotify . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-05 08:53 --------- d-----w c:\documents and settings\John\Application Data\Dropbox 2009-03-05 08:53 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki 2009-03-05 08:52 --------- d-----w c:\program files\Password Safe 2009-03-05 08:51 --------- d-----w c:\documents and settings\John\Application Data\WTablet 2009-03-05 08:46 --------- d-----w c:\program files\NetMeter 2009-03-05 08:44 --------- d-----w c:\documents and settings\John\Application Data\uTorrent 2009-03-04 07:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-01 15:44 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-01 12:11 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet 2009-03-01 11:33 --------- d-----w c:\documents and settings\John\Application Data\Orbit 2009-03-01 11:25 --------- d-----w c:\program files\MSECache 2009-03-01 08:55 --------- d-----w c:\documents and settings\John\Application Data\U3 2009-02-28 13:23 --------- d-----w c:\program files\Orbitdownloader 2009-02-14 10:56 --------- d-----w c:\program files\Google 2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-02 17:47 --------- d-----w c:\documents and settings\John\Application Data\foobar2000 2009-01-24 14:21 --------- d-----w c:\program files\RescuePRO 2009-01-24 13:56 286,720 ----a-w c:\windows\iun507.exe 2009-01-20 23:48 --------- d-----w c:\documents and settings\John\Application Data\Photojunction 2009-01-19 17:15 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-17 10:21 --------- d-----w c:\program files\CCleaner 2009-01-16 18:47 --------- d-----w c:\program files\PJ Remix 2009-01-15 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\Photojunction 2009-01-15 08:14 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-14 23:34 --------- d-----w c:\documents and settings\John\Application Data\Media Player Classic 2009-01-11 09:44 --------- d-----w c:\program files\K-Lite Codec Pack 2009-01-08 17:33 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys 2009-01-08 17:32 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys 2009-01-08 16:44 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision 2009-01-08 16:43 --------- d-----w c:\program files\Common Files\Macromedia Shared 2009-01-08 16:42 --------- d-----w c:\program files\Macromedia 2009-01-08 16:42 --------- d-----w c:\program files\Common Files\Macromedia 2009-01-08 15:14 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-01-08 15:13 --------- d-----w c:\program files\Sitecom 2009-01-07 13:28 --------- d-----w c:\program files\Common Files\Adobe 2009-01-06 19:26 --------- d-----w c:\program files\Free Easy Burner 2009-01-06 16:53 --------- d-----w c:\program files\Microsoft Reader 2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-03_18.04.54.89 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-03 19:44:33 884,736 ----a-w c:\windows\gmer.dll + 2008-04-17 21:13:00 811,008 ----a-w c:\windows\gmer.exe - 2009-03-03 17:57:37 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-03-04 17:41:27 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-03-03 17:57:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-03-04 17:41:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-03-03 17:57:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-03-04 17:41:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-03-03 19:44:33 85,969 ----a-w c:\windows\system32\drivers\gmer.sys + 2009-03-05 08:51:48 16,384 ----atw c:\windows\temp\Perflib_Perfdata_26c.dat + 2009-03-05 08:51:51 16,384 ----atw c:\windows\temp\Perflib_Perfdata_28c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2008-06-13 22:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2008-06-13 22:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2008-06-13 22:19 527296 -ra------ c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2008-09-07 07:20 143360 --a------ c:\program files\Dropbox\DropboxExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2008-09-07 07:20 143360 --a------ c:\program files\Dropbox\DropboxExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2008-09-07 07:20 143360 --a------ c:\program files\Dropbox\DropboxExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Google Update"="c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ai Gear Help"="c:\program files\ASUS\AI Gear2\GearHelp.exe" [2006-07-27 415744] "Ai Nap"="c:\program files\ASUS\Ai Nap\AiNap.exe" [2007-01-12 1423360] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497] "Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 675935] "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600] "tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 270336] "snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064] "Taskix"="c:\program files\Taskix\Taskix32.exe" [2008-04-02 61440] "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-13 600000] "ElbyCheckAnyDVD"="c:\program files\SlySoft\AnyDVD\ElbyCheck.exe" [2003-09-20 45056] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624] "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-01-08 1797880] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 c:\windows\RTHDCPL.exe] c:\documents and settings\John\Start Menu\Programs\Startup\ Dropbox.lnk - c:\program files\Dropbox\dropbox.exe [2008-09-26 24096981] Password Safe.lnk - c:\program files\Password Safe\pwsafe.exe [2008-08-30 1949696] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hueyPROTray.lnk - c:\program files\Pantone\hueyPRO\hueyPROTray.exe [2008-06-07 1081344] Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE [2009-01-08 913408] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ cli scecli [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-06-27 18:03 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera] --a------ 2007-07-11 15:09 20480 c:\windows\FixCamera.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 15:15 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2008-09-11 10:16 143360 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-10-25 08:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\TVAnts\\Tvants.exe"= "c:\\Program Files\\PPMate\\ppamnet.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program Files\\CheckPoint\\SSL Network Extender\\slimsvc.exe"= "c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-09-25 38448] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-08-13 101776] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-08-13 31504] R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [2008-06-05 344161] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-06-07 3024168] R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2008-06-05 120976] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-06-07 15144] S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [2009-01-15 112835] S2 gupdate1c90d32140ed6d4;Google Update Service (gupdate1c90d32140ed6d4);c:\program files\Google\Update\GoogleUpdate.exe [2008-09-02 133104] S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [2009-01-15 5325] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-11-11 13352] S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2008-06-07 83880] S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2008-06-07 15016] S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2008-06-07 110632] S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2008-06-07 104616] S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2008-06-07 25512] S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2008-06-07 100648] S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2008-06-07 110120] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-03-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-09-02 19:28] 2009-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1364589140-839522115-1003.job - c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:28] . - - - - ORPHANS REMOVED - - - - HKCU-Run-c:\program files\NetMeter\NetMeter.exe - c:\program files\NetMeter\NetMeter.exe . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with KUSO EXIF Viewer - c:\program files\KUSO EXIF Viewer\EXIF.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://vpn1.hw.ac.uk/sre/ICSScanner.cab DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn1.hw.ac.uk/SNX/CSHELL/extender.cab FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\9b35vlkn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\9b35vlkn.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\9b35vlkn.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll FF - component: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\9b35vlkn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll FF - plugin: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\9b35vlkn.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\John\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\John\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-05 08:53:45 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\038648152B7E812498867BF7F04F578B\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\0B79C053C7D38EE4AB9A00CB3B5D2472\Features] @DACL=(02 0000) "WebPublFiles"="]aZF&kXsf(lf*L[_GKba}gbvW,Qmf(G'*L[H+8]b_aZF&kXsf(lf*L[_GKba_{@h=i,nf(R8(L[JO9}X_}M^V8Xqf(Rp)L[_GKbahlT]jI{jf(=1&L[-81-]eoT]jI{jf(=1&L[-81-]as@O+Khtf(=V*L[JO9}X" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\10AF64009B5C5894ABBC93D84C08CF50\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\13353B9B4E7BC5E4FBC4B78C876521D4\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\1CB5DF8CFE2951C4299A9FCAF71689F5\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\2AD5C400150252D449AB15FC18C019BE\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\2B09DDDD2F08A314A8E8835C70A6D7AB\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\4DE556595AC7FD6409F7174478A7235E\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\5C3BD7DD3AF63AF4A8172C2F49E00B92\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\5DE5D10FA35D86444B8241D92CBC1301\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\5EAD28C50BE647342945EB3391ABE428\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\8A0F842331866D117AB7000B0D610006\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\8A0F842331866D117AB7000B0D610007\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\B024059C2814AE9458A06A2ABA0FC6B6\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\B0B4314DB9AE53847AA706EB6E721710\Transforms] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\D6437D424B4D8E5489AE57CE414BD28D\Transforms] @DACL=(02 0000) . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Carbonite\Carbonite Backup\CarboniteService.exe c:\program files\COMODO\Firewall\cmdagent.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Kontiki\KService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\msiexec.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\searchindexer.exe c:\windows\system32\WTablet\Pen_TabletUser.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\vssvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\dllhost.exe c:\windows\system32\msdtc.exe . ************************************************************************** . Completion time: 2009-03-05 8:57:31 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-05 08:57:28 ComboFix2.txt 2009-03-03 18:05:45 Pre-Run: 108,918,595,584 bytes free Post-Run: 108,923,006,976 bytes free 534 --- E O F --- 2009-03-03 03:00:37
  12. yeah I do, it's a pre-SP1 CD so needs SP2 and SP3 installed on top if I do a reinstall. I might be able to get an SP3 install CD from work but not sure if I would be able to use that with my system.
  13. Bit of a problem on the java unistall - it uses the windows installer service which isn't working. I get the error message 'The Windows Installer Service could not be accessed' How should I proceed?
  14. Thanks for the reply, I'll work through those steps later. Here's the new HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:09:14, on 05/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ASUS\AI Gear2\GearHelp.exe C:\Program Files\ASUS\Ai Nap\AiNap.exe C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Taskix\Taskix32.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\NetMeter\NetMeter.exe C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Dropbox\dropbox.exe C:\Program Files\Password Safe\pwsafe.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\John\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear2\GearHelp.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Nap\AiNap.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe O4 - Global Startup: hueyPROTray.lnk = C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with KUSO EXIF Viewer - C:\Program Files\KUSO EXIF Viewer\EXIF.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222601183843 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://vpn1.hw.ac.uk/sre/ICSScanner.cab O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://vpn1.hw.ac.uk/SNX/CSHELL/extender.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: Avira AntiVir Personal
  15. I have been through every step now. The MSI service still refuses to start (started and then stopped) Event Type: Warning Event Source: MsiInstaller Event Category: None Event ID: 1015 Date: 04/03/2009 Time: 04:24:29 User: JOHN-PC\John Computer: JOHN-PC Description: The description for Event ID ( 1015 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: 0x80080005, (NULL), (NULL), (NULL), (NULL), , .
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.