Jump to content

carpgod

Members
  • Content Count

    77
  • Joined

  • Last visited

About carpgod

  • Rank
    Member
  • Birthday 01/30/1966

Contact Methods

  • AIM
    0
  • MSN
    0
  • Website URL
    http://members.ebay.co.uk/aboutme/rulebritainia/
  • ICQ
    0
  • Yahoo
    0

Profile Information

  • Location
    England the land of the carpgod
  • Interests
    Carp fishing and QPR FC

Previous Fields

  • System Specifications:
    Mobo K7S5A AMD XP1900 XP home 512 ddr 60hdd Sony 52x24x52 CD-RW Pioneer 117 DVD-ROM
  • TechExpress Link:
    http://www.pcpitstop.com/techexpress.asp?i...GXZAWARQ7PSJGW3
  • Teams:
    Nothing Selected
  1. Hello Wademan, I decided to go for a Hitachi HST541616J9AT00 160gb hard drive instead, so it arrives today and I have installed it but I cant setup XP....I dont know if theres something I should do first so Im asking for your help, a blow by blow explanation would be a great help, Kind regards carpgod
  2. Hello wademan , I have decided to upgrade the hard drive to a ST9160821A from seagate its a 160gb storage capability which is exactly what I need for my music making. The hard drive before was only 30gb so this will give the storage I need. Also I will not be installing 2000 pro and XP as I found that I didnt really use 2000 pro and its because of this I have these problems!! Its really strange is it ran hand in hand for over 2 years and all of a sudden it went on me! Anyway a normal install of XP is what will happen and thats no problem. I will upping the ram also to 1gb as I only run 512mg at the moment so the performance should be optimum as the NX9005 can handle up to 1024mb. It wont be for a couple of weeks untill everything is sorted out due to other monitary commitments but Im looking forward to coming back with my tests and HJT results for more kind help from yourself and others, speak soon carpgod P.S. thanks also to the team you had working on this problem too
  3. Hello wademan, Hey your help has been great !! believe me I know how hard you have worked on this for me and its so much appreciated I sort of knew in the back of my mind that I would probably have to buy a new hard drive. No I dont get a screen for windows at all, I have taken some shots for you to see: Firstly insert disc! hehe This is the options screen xp or 2000pro The dreaded error screen of death!! So as you can see apart from the two screens and F8 and F2 I cant do a thing Here are some shots of the dismantle of the NX9005: Intact!! Remove hinge/button section (2 screws) Remove the keyboard (4 screws) Finally the drive (two screws) Im going to study Shaun Greys idea and will you know if I try that!! thanks once again for your prompt replies and hard work, regards carpgod
  4. Hello Wademan, Yes the guide was good help although a little vague it certainly helped and now I can get to the hard drive on all HP laptops we have here in under 5 minutes!! theres only a total of 8 screws to remove!! Yes I did have the windows disk in the drive when I booted!! hehe but what it is that I get a screen asking me to choose between 2000 pro and XP and when I do that I get the error message the same as when I try boot up in safe mode!! or any of the others in F8, frustrating isnt the word!!!, So what next Im real confused now! Thanks again wademan regards carpgod
  5. Hello again everyone, I have looked and looked for a way out of this and I would really appreciate some help resolving this issue , I thought once I had installed the drive then that would be the end of my problems!! we have 4 puters here at home and the 3 HP had all had problems!!! I have repaired one but I do need help with this!! thanks guys regards carpgod
  6. Hello Wademan, ( or anyone else who could possibly help!!) I have replaced the CD-rom drive and it was very easy, I have put together a tutorial!!( If needed where would I post it?) Now I need some expert advice. How do I boot from the CD-rom when all I get is that error message? Tell you what happens.....I boot up , you get a choice of what operating system you want in my case its Windows XP or 2000 pro (Im sure they are on the same partition!!) then the error comes up. I can get into the bios and I can get the screen with the options to start in save mode etc etc. Im really stuck but Im sure you will know the answer, regards carpgod
  7. Hello Wademan, Thats a very old avatar!! Ive had that for years!! hehe Yes I pointed the bootup to A: but as I said it was no good I kept getting the same error message . I dont feel any worries about opening the laptop as I have done one before and I was once a service engineer so I have all the tools I need but that guide will help with the final stages of dismantling . I now have sourced the correct CD-RW/DVD drive in Germany and its an exact replacement to the one thats in my laptop. Your help has been superb and I will let you know when I have broken...opps repaired my laptop!! Ther forums here are the best around by far, Kind regards carpgod
  8. Hello guys, Let me explain, firstly let me say thanks to you Wademan and to you also Juliet as you have recently been helping me with my popup probs...well its that puter Im hoping to save!! and secondly carpbud is my girlfriend who has also signed up to help me out.....At the moment I have taken my daughters puter thats how Im online now!! its a PC and taking up too much room!! hhehe. Seriously though Thats the model Juliet spot on but I have no drives except floppy and PCMCIA cd rom drive and no way of getting to the hard drive. Wademan great help and much appreciated I think the drive I need is the SBW-241 or GCC-4243N they are used in many slimline laptops and I have located 14 across ebay and also I really appreciate the info on how to fit the unit as I have tried before there was always one stage I could not get through so thats why I bought the PCMCIA cd rom drive. any extra info would be superb, thanks so much guys regards carpgod
  9. Hello Juliet, Thanks Im very very happy, well done with all you have done, I use the majority of what you recommended so I must be doing something right!! Thanks again for all your hard work, regards carpgod
  10. Hello Juliet, I have now been popup free for over 24 hours thanks to your kind help, I have done the last removals and all were successful. I have reloaded a new firewall I chose Sygate over zonealarm and I stopped the windows firewall! Everything seems ok and Im very grateful for everything you have done , its been quite a learning curve , here is hopefully my last HJT log but if theres anything more I can improve let me know, Kind regards carpgod P.S. I was wondering about all the processes running Logfile of HijackThis v1.99.1 Scan saved at 12:13:11, on 09/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\The Only Carpgod\Desktop\carpgod.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [smartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  11. Hello Juliet I have scanned the suspicious file ( RE:C:\WINDOWS\system32\dbrename7.exe) again and I feel I should remove when I checked at virustotal I found AGAIN 2 entries thus: eSafe 7.0.15.0 06.06.2007 Suspicious Trojan/Worm FileAdvisor 1 06.09.2007 Low threat detected Let me know on this I will gladly remove if needed. I finally managed to remove: O20 - AppInit_DLLs: c:\windows\system32\jkkklli.dll O20 - Winlogon Notify: igmntw - igmntw.dll (file missing) ComboFix-Do.txt "The Only Carpgod" - 2007-06-08 23:36:11 Service Pack 2 NTFS Command switches used :: ""C:\Documents and Settings\The Only Carpgod\Desktop\ComboFix-Do.txt.txt"" ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\QooBox C:\QooBox\Quarantine\C\DOCUME~1\THEONL~1\APPLIC~1\tmp21.tmp.exe.vir C:\QooBox\Quarantine\C\DOCUME~1\THEONL~1\APPLIC~1\tmp3.tmp.exe.vir C:\QooBox\Quarantine\C\DOCUME~1\THEONL~1\APPLIC~1\tmp3B9.tmp.exe.vir C:\QooBox\Quarantine\C\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe.vir C:\QooBox\Quarantine\C\Program Files\Screensavers.com\Wallpaper\SpongeBob - Battle for Bikini Bottom 2.jpg.vir C:\QooBox\Quarantine\C\Program Files\Screensavers.com\Wallpaper\swpstart.exe.vir C:\QooBox\Quarantine\C\VundoFix Backups\addmorefiles.txt.vir C:\QooBox\Quarantine\C\VundoFix Backups\ijjjkj.ini.bad.vir C:\QooBox\Quarantine\C\VundoFix Backups\jkjjji.dll.bad.vir C:\QooBox\Quarantine\C\VundoFix Backups\tmp20.tmp.dll.bad.vir C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\Quarantine\ppqdb.dat.vir C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\Quarantine\ppqsdb.dat.vir C:\QooBox\Quarantine\C\WINDOWS\system32\igmntw.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32\jkkklli.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32\mmsest.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32\tmp2.tmp.dll.vir C:\QooBox\Quarantine\C\WINDOWS\system32\tmp3B8.tmp.dll.vir C:\QooBox\Quarantine\C\WINDOWS\utwvxx.ini.vir C:\QooBox\Quarantine\C\WINDOWS\xxvwtu.dll.vir C:\QooBox\Quarantine\Registry_backups\services_nm.reg.cf C:\QooBox\Quarantine\Registry_backups\services_npf.reg.cf C:\WINDOWS\system32\ddcyx.exe C:\WINDOWS\system32\nnnnl.exe ((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 ))))))))))))))))))))))))))))))) 2007-06-08 18:09 <DIR> d-------- C:\DOCUME~1\THEONL~1\DoctorWeb 2007-06-08 16:15 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-07 23:12 <DIR> d-------- C:\Program Files\Lavasoft 2007-06-07 13:34 <DIR> d-------- C:\Program Files\QPST 2007-06-06 17:52 <DIR> d-------- C:\Program Files\BitPim 2007-06-05 14:02 58,880 --a------ C:\WINDOWS\system32\dbrename7.exe 2007-06-05 14:02 <DIR> d-------- C:\Program Files\TrafficSeeker 8.0 2007-06-03 23:57 91,136 --a------ C:\WINDOWS\system32\drivers\susbser.sys 2007-06-03 23:55 <DIR> d-------- C:\Program Files\BenQ 2007-06-03 23:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WinZip 2007-05-24 19:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-05-24 19:08 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-05-23 20:47 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-05-15 17:06 <DIR> d-------- C:\WINDOWS\system32\UpMedia (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-08 20:47:45 -------- d-----w C:\DOCUME~1\THEONL~1\APPLIC~1\Lavasoft 2007-06-08 19:36:20 -------- d-----w C:\Program Files\SpywareBlaster 2007-06-08 16:14:35 -------- d-----w C:\DOCUME~1\THEONL~1\APPLIC~1\MailWasherPro 2007-06-08 08:13:39 -------- d-----w C:\Program Files\PCPitstop 2007-06-07 12:34:22 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-05 16:54:53 -------- d-----w C:\Program Files\Google 2007-05-07 11:46:31 4 ----a-w C:\WINDOWS\jknradee.sys 2007-05-07 11:25:01 4 ---ha-w C:\WINDOWS\ukcpinfo.sys 2007-04-25 17:34:14 -------- d-----w C:\Program Files\AnalogX 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-13 17:03:14 -------- d-----w C:\Program Files\MSXML 4.0 2007-04-13 16:58:51 -------- d-----w C:\DOCUME~1\THEONL~1\APPLIC~1\XCPCSync.OEM 2007-04-13 16:55:11 -------- d-----w C:\Program Files\Mobile Phone Manager 2007-04-13 16:52:53 -------- d-----w C:\Program Files\Common Files\XCPCSync.OEM 2007-04-13 16:48:06 -------- d-----w C:\Program Files\WMV9_VCM 2007-04-10 13:56:30 -------- d-----w C:\Program Files\eBay 2007-03-29 16:50:10 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll 2007-03-29 16:50:10 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55] {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2001-08-16 17:35] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CARPService"="C:\Documents and Settings\nx90051\Local Settings\Temp\SETUP\CARPSERV.EXE" [2003-11-08 04:00] "VersatoMs"="C:\Program Files\MagicMus\MulMouse.exe" [2004-06-17 17:14] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 C:\WINDOWS\system32\bthprops.cpl] "NAV Agent"="C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" [2001-08-16 18:52] "SmartSync - ScheduleSync"="C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2006-02-02 15:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) "Ati HotKey Poller"=2 (0x2) "WMPNetworkSvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the 'Scheduled Tasks' folder 2007-06-08 19:02:03 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job 2007-06-08 16:30:39 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job 2007-06-08 20:53:57 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-08 23:40:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... cmd.exe [220] scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}] Completion time: 2007-06-08 23:41:45 C:\ComboFix-quarantined-files.txt ... 2007-06-08 17:58 C:\ComboFix2.txt ... 2007-06-08 17:58 C:\ComboFix3.txt ... 2007-06-08 16:15 --- E O F --- I have reset system restore via the method you described too ... here is also the latest HJT log Logfile of HijackThis v1.99.1 Scan saved at 00:10:48, on 09/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\nx90051\Local Settings\Temp\SETUP\CARPSERV.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\The Only Carpgod\Desktop\carpgod.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CARPService] C:\Documents and Settings\nx90051\Local Settings\Temp\SETUP\CARPSERV.EXE O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [smartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe Also Juliet I removed zonealarm a few weeks ago and used just windows firewall would your recommend reusing or is there a better alternative......I hope I have covered everything you asked me to do? let me know the next move if any....anyway great news no popups for hours now and Im really pleased with the outcome but let me know if I need to do anything else to improve performance, respect carpgod
  12. Hello Juliet, ok I have finally completed all the actions you asked : Combofix-log "The Only Carpgod" - 2007-06-08 17:48:53 Service Pack 2 NTFS Command switches used :: ""C:\Documents and Settings\The Only Carpgod\Desktop\ComboFix-Do.txt.txt"" (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\igmntw.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\THEONL~1\APPLIC~1\tmp2.tmp.exe C:\DOCUME~1\THEONL~1\APPLIC~1\tmp20.tmp.exe C:\DOCUME~1\THEONL~1\APPLIC~1\tmp21.tmp.exe C:\DOCUME~1\THEONL~1\APPLIC~1\tmp3.tmp.exe C:\DOCUME~1\THEONL~1\APPLIC~1\tmp3B8.tmp.exe C:\DOCUME~1\THEONL~1\APPLIC~1\tmp3B9.tmp.exe C:\VundoFix Backups C:\VundoFix Backups\addmorefiles.txt C:\VundoFix Backups\ijjjkj.ini.bad C:\VundoFix Backups\jkjjji.dll.bad C:\VundoFix Backups\tmp20.tmp.dll.bad C:\WINDOWS\system32\jkkklli.dll ((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 ))))))))))))))))))))))))))))))) 2007-06-08 16:22 47,899 --a------ C:\WINDOWS\system32\ddcyx.exe 2007-06-08 16:15 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-07 23:12 <DIR> d-------- C:\Program Files\Lavasoft 2007-06-07 13:59 47,899 --a------ C:\WINDOWS\system32\nnnnl.exe 2007-06-07 13:34 <DIR> d-------- C:\Program Files\QPST 2007-06-06 17:52 <DIR> d-------- C:\Program Files\BitPim 2007-06-05 14:02 58,880 --a------ C:\WINDOWS\system32\dbrename7.exe 2007-06-05 14:02 <DIR> d-------- C:\Program Files\TrafficSeeker 8.0 2007-06-03 23:57 91,136 --a------ C:\WINDOWS\system32\drivers\susbser.sys 2007-06-03 23:55 <DIR> d-------- C:\Program Files\BenQ 2007-06-03 23:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WinZip 2007-05-24 19:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-05-24 19:08 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-05-23 20:47 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-05-15 17:06 <DIR> d-------- C:\WINDOWS\system32\UpMedia (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-08 16:14:35 -------- d-----w C:\DOCUME~1\THEONL~1\APPLIC~1\MailWasherPro 2007-06-08 08:13:39 -------- d-----w C:\Program Files\PCPitstop 2007-06-07 22:12:56 -------- d-----w C:\DOCUME~1\THEONL~1\APPLIC~1\Lavasoft 2007-06-07 18:29:21 -------- d-----w C:\Program Files\SpywareBlaster 2007-06-07 12:34:22 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-05 16:54:53 -------- d-----w C:\Program Files\Google 2007-05-07 11:46:31 4 ----a-w C:\WINDOWS\jknradee.sys 2007-05-07 11:25:01 4 ---ha-w C:\WINDOWS\ukcpinfo.sys 2007-04-25 17:34:14 -------- d-----w C:\Program Files\AnalogX 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-13 17:03:14 -------- d-----w C:\Program Files\MSXML 4.0 2007-04-13 16:58:51 -------- d-----w C:\DOCUME~1\THEONL~1\APPLIC~1\XCPCSync.OEM 2007-04-13 16:55:11 -------- d-----w C:\Program Files\Mobile Phone Manager 2007-04-13 16:52:53 -------- d-----w C:\Program Files\Common Files\XCPCSync.OEM 2007-04-13 16:48:06 -------- d-----w C:\Program Files\WMV9_VCM 2007-04-10 13:56:30 -------- d-----w C:\Program Files\eBay 2007-03-29 16:50:10 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll 2007-03-29 16:50:10 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55] {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2001-08-16 17:35] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CARPService"="C:\Documents and Settings\nx90051\Local Settings\Temp\SETUP\CARPSERV.EXE" [2003-11-08 04:00] "VersatoMs"="C:\Program Files\MagicMus\MulMouse.exe" [2004-06-17 17:14] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 C:\WINDOWS\system32\bthprops.cpl] "NAV Agent"="C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe" [2001-08-16 18:52] "SmartSync - ScheduleSync"="C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2006-02-02 15:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igmntw] igmntw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=c:\windows\system32\jkkklli.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) "Ati HotKey Poller"=2 (0x2) "WMPNetworkSvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the 'Scheduled Tasks' folder 2007-06-01 19:00:18 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job 2007-06-08 16:30:39 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job 2007-06-08 16:56:21 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-08 17:56:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001101-0000-1000-8000-00805f9b34fb}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}] Completion time: 2007-06-08 17:58:49 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-08 17:58 C:\ComboFix2.txt ... 2007-06-08 16:15 --- E O F --- Dr web log Never saved as a csv log -saved as excel InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably MULDROP.Trojan;Incurable.Moved.; tmp2.tmp.exe.vir;C:\QooBox\Quarantine\C\DOCUME~1\THEONL~1\APPLIC~1;Trojan.Packed.49;Deleted.; tmp20.tmp.exe.vir;C:\QooBox\Quarantine\C\DOCUME~1\THEONL~1\APPLIC~1;Trojan.Packed.49;Deleted.; tmp3B8.tmp.exe.vir;C:\QooBox\Quarantine\C\DOCUME~1\THEONL~1\APPLIC~1;Trojan.Packed.49;Deleted.; SSSInst.dll.vir;C:\QooBox\Quarantine\C\Program Files\Screensavers.com\SSSInst\bin;Adware.Comet;Incurable.Moved.; 00007063;C:\RECYCLER\NPROTECT;Trojan.Packed.49;Deleted.; A0171957.exe;C:\System Volume Information\_restore{7D57A828-1F23-46D0-9C0B-E7770A895626}\RP469;Trojan.DownLoader.19426;Deleted.; A0173083.exe;C:\System Volume Information\_restore{7D57A828-1F23-46D0-9C0B-E7770A895626}\RP469;Trojan.Packed.49;Deleted.; A0173219.dll;C:\System Volume Information\_restore{7D57A828-1F23-46D0-9C0B-E7770A895626}\RP469;Adware.Comet;Incurable.Moved.; A0173589.exe;C:\System Volume Information\_restore{7D57A828-1F23-46D0-9C0B-E7770A895626}\RP470;Trojan.Packed.49;Deleted.; A0173592.exe;C:\System Volume Information\_restore{7D57A828-1F23-46D0-9C0B-E7770A895626}\RP470;Trojan.Packed.49;Deleted.; A0173594.exe;C:\System Volume Information\_restore{7D57A828-1F23-46D0-9C0B-E7770A895626}\RP470;Trojan.Packed.49;Deleted.; actskn45.ocx;C:\WINDOWS\system32;Trojan.Isbar.439;Deleted.; new HJT log Logfile of HijackThis v1.99.1 Scan saved at 20:06:42, on 08/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\nx90051\Local Settings\Temp\SETUP\CARPSERV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\The Only Carpgod\Desktop\carpgod.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CARPService] C:\Documents and Settings\nx90051\Local Settings\Temp\SETUP\CARPSERV.EXE O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [smartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O20 - AppInit_DLLs: c:\windows\system32\jkkklli.dll O20 - Winlogon Notify: igmntw - igmntw.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe Further, I tried to delete O20 - AppInit_DLLs: c:\windows\system32\jkkklli.dll but I couldnt and I cant find Java version 1.5.0.6 to delete also, Im using IE again and so far no popups but time will tell, Let me know what you want me to do next, thanks and regards carpgod
  13. Hi Juliet, here are the results of the scans from: Kaspersky You're clean! Kaspersky Anti-Virus has not detected any viruses at this time in the file you submitted. and Virus total Antivirus Version Update Result AhnLab-V3 2007.5.31.2 06.08.2007 no virus found AntiVir 7.4.0.32 06.08.2007 no virus found Authentium 4.93.8 05.23.2007 no virus found Avast 4.7.997.0 06.07.2007 no virus found AVG 7.5.0.467 06.08.2007 no virus found BitDefender 7.2 06.08.2007 no virus found CAT-QuickHeal 9.00 06.08.2007 no virus found ClamAV devel-20070416 06.08.2007 no virus found DrWeb 4.33 06.08.2007 no virus found eSafe 7.0.15.0 06.06.2007 Suspicious Trojan/Worm eTrust-Vet 30.7.3703 06.08.2007 no virus found Ewido 4.0 06.08.2007 no virus found FileAdvisor 1 06.08.2007 Low threat detected Fortinet 2.85.0.0 06.08.2007 no virus found F-Prot 4.3.2.48 06.07.2007 no virus found F-Secure 6.70.13030.0 06.08.2007 no virus found Ikarus T3.1.1.8 06.08.2007 no virus found Kaspersky 4.0.2.24 06.08.2007 no virus found McAfee 5048 06.07.2007 no virus found Microsoft 1.2503 06.08.2007 no virus found NOD32v2 2318 06.08.2007 no virus found Norman 5.80.02 06.08.2007 no virus found Panda 9.0.0.4 06.08.2007 no virus found Prevx1 V2 06.08.2007 no virus found Sophos 4.18.0 06.01.2007 no virus found Sunbelt 2.2.907.0 06.07.2007 no virus found Symantec 10 06.08.2007 no virus found TheHacker 6.1.6.131 06.08.2007 no virus found VBA32 3.12.0 06.07.2007 no virus found VirusBuster 4.3.23:9 06.08.2007 no virus found Webwasher-Gateway 6.0.1 06.08.2007 no virus found Aditional Information File size: 58880 bytes MD5: aaebd2892a9b5b41e6df9bf1d405f123 SHA1: a46fef03b296c6e06761078b1419673b8ddc6958 packers: ASPACK Bit9 info: http://fileadvisor.bit9.com/services/extin...6df9bf1d405f123 packers: Aspack I have removed: Java version is 1.4.2.5 But cant find Java version is 1.5.0.6 in add remove programs, Im going to complete the other items then get back to you, regards carpgod
×
×
  • Create New...