Funny Xp Startup issue.
-
Funny Xp Startup issue.
Hi All
I have a funny xp pro sp2 startup issue that I have posted in the windows xp help forum.
Can someone please check my hijack this log and see if any unwanted strangers are lurking in my computer and possibly causing this issue.
All help appreciated
midgo
Logfile of HijackThis v1.99.1
Scan saved at 12:07:10 AM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OptusNet Usage Meter\OptusNet Usage Meter.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Opera\Opera-.exe
D:\Flashget\Cracked-MaRKuS-TH_DJM\flashget.exe
C:\Dads Downloads\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Flashget\Cracked-MaRKuS-TH_DJM\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Flashget\CRACKE~1\fgiebar.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [\\CHRIS\EPSON Stylus Photo RX430 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI 9CP.EXE" /P39 "\\CHRIS\EPSON Stylus Photo RX430 Series" /O6 "USB002" /M "Stylus Photo RX430"
O4 - HKLM\..\Run: [OptusNetUsage] C:\Program Files\OptusNet Usage Meter\OptusNet Usage Meter.exe -mini
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [nod32upd] rundll32 "C:\Program Files\Eset\fc_upd.dll",NOD32Ioctl
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Flashget\Cracked-MaRKuS-TH_DJM\jc_all.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download using FlashGet - D:\Flashget\Cracked-MaRKuS-TH_DJM\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Flashget\Cracked-MaRKuS-TH_DJM\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Flashget\Cracked-MaRKuS-TH_DJM\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ZDelete Auto-Cleaner - {EB7F329E-F14E-48ae-AB69-4E28C492D382} - C:\PROGRA~1\LSOFTT~1\ACTIVE~1\ZDelete.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: tdqfh.dll - {00000000-0000-0000-0000-000000040107} - C:\WINDOWS\system32\tdqfh.dll
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
-
What kind of startup issue are you having? What happens?
Running windows defender and spysweeper at the same time could cause some kind of conflict, may not be compatible.
Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:
C:\WINDOWS\system32\tdqfh.dll
Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
Please go to hijackthis.exe and right click on it and then click on rename and rename it to foolyou.exe
and post a new log from the newly renamed hijackthis.exe.
What is this below?
D:\Flashget\Cracked-MaRKuS-TH_DJM\jccatch.dll
Let me see a AVG anti-spyware log please.
-
Thanks for your response.
I have described my issue here.
http://www.d-a-l.com/help/showthread...694#post125694
Scanned file is here
Complete scanning result of "tdqfh.dll", received in VirusTotal at 12.09.2006, 22:53:00 (CET).
Antivirus Version Update Result
AntiVir 7.2.0.49 12.08.2006 HEUR/Malware
Authentium 4.93.8 12.08.2006 no virus found
Avast 4.7.892.0 12.08.2006 Win32:Qhost-AI
AVG 386 12.09.2006 no virus found
BitDefender 7.2 12.09.2006 no virus found
CAT-QuickHeal 8.00 12.09.2006 no virus found
ClamAV devel-20060426 12.09.2006 no virus found
DrWeb 4.33 12.09.2006 no virus found
eSafe 7.0.14.0 12.07.2006 no virus found
eTrust-InoculateIT 23.73.81 12.09.2006 no virus found
eTrust-Vet 30.3.3238 12.08.2006 no virus found
Ewido 4.0 12.09.2006 no virus found
Fortinet 2.82.0.0 12.09.2006 no virus found
F-Prot 3.16f 12.08.2006 no virus found
F-Prot4 4.2.1.29 12.08.2006 no virus found
Ikarus T3.1.0.26 12.07.2006 Email-Worm.Win32.Delf.z
Kaspersky 4.0.2.24 12.09.2006 no virus found
McAfee 4914 12.08.2006 no virus found
Microsoft 1.1804 12.09.2006 no virus found
NOD32v2 1913 12.09.2006 no virus found
Norman 5.80.02 12.08.2006 no virus found
Panda 9.0.0.4 12.09.2006 Suspicious file
Prevx1 V2 12.09.2006 no virus found
Sophos 4.12.0 12.08.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.130 12.06.2006 no virus found
UNA 1.83 12.08.2006 no virus found
VBA32 3.11.1 12.09.2006 no virus found
Foolyou.exe new log here
Logfile of HijackThis v1.99.1
Scan saved at 9:10:03 AM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OptusNet Usage Meter\OptusNet Usage Meter.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Opera\Opera-.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\nod32.exe
D:\Hijack This\foolyou.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Flashget\Cracked-MaRKuS-TH_DJM\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Flashget\CRACKE~1\fgiebar.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [\\CHRIS\EPSON Stylus Photo RX430 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI 9CP.EXE" /P39 "\\CHRIS\EPSON Stylus Photo RX430 Series" /O6 "USB002" /M "Stylus Photo RX430"
O4 - HKLM\..\Run: [OptusNetUsage] C:\Program Files\OptusNet Usage Meter\OptusNet Usage Meter.exe -mini
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [nod32upd] rundll32 "C:\Program Files\Eset\fc_upd.dll",NOD32Ioctl
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Flashget\Cracked-MaRKuS-TH_DJM\jc_all.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download using FlashGet - D:\Flashget\Cracked-MaRKuS-TH_DJM\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Flashget\Cracked-MaRKuS-TH_DJM\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Flashget\Cracked-MaRKuS-TH_DJM\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ZDelete Auto-Cleaner - {EB7F329E-F14E-48ae-AB69-4E28C492D382} - C:\PROGRA~1\LSOFTT~1\ACTIVE~1\ZDelete.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: tdqfh.dll - {00000000-0000-0000-0000-000000040107} - C:\WINDOWS\system32\tdqfh.dll
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
What is this below?
D:\Flashget\Cracked-MaRKuS-TH_DJM\jccatch.dll
Not sure what this is although I do use flashget as a download manager.
Let me see a AVG anti-spyware log please.
Latest AVG scan log here.
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:26:21 AM 10/12/2006
+ Scan result:
Nothing found.
::Report end
Hope this helps further.
Looking forward to your conclusions.
-
Well, this is perplexing I usually like to get at least three confirmations that a file is infected, the one by antivi is a possibility:
http://www.avira.com/en/threats/sect...r_malware.html
that leaves two confirmations, so..
Find the file right click on it and select properties and post the properties back here please.
Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.
When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).
And post a new HJT log also..
-
Bitdefender Scan Results Here.
BitDefender Online Scanner
Scan report generated at: Mon, Dec 11, 2006 - 09:43:01
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;
Statistics
Time
03:22:45
Files
1255749
Folders
15914
Boot Sectors
6
Archives
6797
Packed Files
234173
Results
Identified Viruses
4
Infected Files
25
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
25
Engines Info
Virus Definitions
328364
Engine build
AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\ESET\infected\A31DB3DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Infected with: Virtool.Pwdump.2.0
C:\Program Files\ESET\infected\A31DB3DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Disinfection failed
C:\Program Files\ESET\infected\A31DB3DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Deleted
C:\Program Files\ESET\infected\A31DB3DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\A31DB3DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Infected with: Trojan.Hacktool.Pwdump.A
C:\Program Files\ESET\infected\A31DB3DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Disinfection failed
C:\Program Files\ESET\infected\A31DB3DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Deleted
C:\Program Files\ESET\infected\A31DB3DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\AK1CXYAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Infected with: Virtool.Pwdump.2.0
C:\Program Files\ESET\infected\AK1CXYAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Disinfection failed
C:\Program Files\ESET\infected\AK1CXYAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Deleted
C:\Program Files\ESET\infected\AK1CXYAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\AK1CXYAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Infected with: Trojan.Hacktool.Pwdump.A
C:\Program Files\ESET\infected\AK1CXYAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Disinfection failed
C:\Program Files\ESET\infected\AK1CXYAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Deleted
C:\Program Files\ESET\infected\AK1CXYAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\ENBPRVCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Infected with: Virtool.Pwdump.2.0
C:\Program Files\ESET\infected\ENBPRVCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Disinfection failed
C:\Program Files\ESET\infected\ENBPRVCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Deleted
C:\Program Files\ESET\infected\ENBPRVCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\ENBPRVCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Infected with: Trojan.Hacktool.Pwdump.A
C:\Program Files\ESET\infected\ENBPRVCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Disinfection failed
C:\Program Files\ESET\infected\ENBPRVCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Deleted
C:\Program Files\ESET\infected\ENBPRVCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\JA31J5DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Infected with: Virtool.Pwdump.2.0
C:\Program Files\ESET\infected\JA31J5DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Disinfection failed
C:\Program Files\ESET\infected\JA31J5DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Deleted
C:\Program Files\ESET\infected\JA31J5DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\JA31J5DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Infected with: Trojan.Hacktool.Pwdump.A
C:\Program Files\ESET\infected\JA31J5DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Disinfection failed
C:\Program Files\ESET\infected\JA31J5DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Deleted
C:\Program Files\ESET\infected\JA31J5DA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\JNG0NUAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Infected with: Virtool.Pwdump.2.0
C:\Program Files\ESET\infected\JNG0NUAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Disinfection failed
C:\Program Files\ESET\infected\JNG0NUAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Deleted
C:\Program Files\ESET\infected\JNG0NUAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\JNG0NUAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Infected with: Trojan.Hacktool.Pwdump.A
C:\Program Files\ESET\infected\JNG0NUAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Disinfection failed
C:\Program Files\ESET\infected\JNG0NUAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Deleted
C:\Program Files\ESET\infected\JNG0NUAA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\NUPGPHBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Infected with: Virtool.Pwdump.2.0
C:\Program Files\ESET\infected\NUPGPHBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Disinfection failed
C:\Program Files\ESET\infected\NUPGPHBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Deleted
C:\Program Files\ESET\infected\NUPGPHBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\NUPGPHBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Infected with: Trojan.Hacktool.Pwdump.A
C:\Program Files\ESET\infected\NUPGPHBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Disinfection failed
C:\Program Files\ESET\infected\NUPGPHBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Deleted
C:\Program Files\ESET\infected\NUPGPHBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\OCTPPTBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Infected with: Virtool.Pwdump.2.0
C:\Program Files\ESET\infected\OCTPPTBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Disinfection failed
C:\Program Files\ESET\infected\OCTPPTBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Deleted
C:\Program Files\ESET\infected\OCTPPTBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\OCTPPTBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Infected with: Trojan.Hacktool.Pwdump.A
C:\Program Files\ESET\infected\OCTPPTBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Disinfection failed
C:\Program Files\ESET\infected\OCTPPTBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Deleted
C:\Program Files\ESET\infected\OCTPPTBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\OIJL4RCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Infected with: Virtool.Pwdump.2.0
C:\Program Files\ESET\infected\OIJL4RCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Disinfection failed
C:\Program Files\ESET\infected\OIJL4RCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Deleted
C:\Program Files\ESET\infected\OIJL4RCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\OIJL4RCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Infected with: Trojan.Hacktool.Pwdump.A
C:\Program Files\ESET\infected\OIJL4RCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Disinfection failed
C:\Program Files\ESET\infected\OIJL4RCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Deleted
C:\Program Files\ESET\infected\OIJL4RCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\P4SEQCBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Infected with: Virtool.Pwdump.2.0
C:\Program Files\ESET\infected\P4SEQCBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Disinfection failed
C:\Program Files\ESET\infected\P4SEQCBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Deleted
C:\Program Files\ESET\infected\P4SEQCBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\P4SEQCBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Infected with: Trojan.Hacktool.Pwdump.A
C:\Program Files\ESET\infected\P4SEQCBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Disinfection failed
C:\Program Files\ESET\infected\P4SEQCBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Deleted
C:\Program Files\ESET\infected\P4SEQCBA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\SZPCUCCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Infected with: Trojan.Hacktool.Pwdump.A
C:\Program Files\ESET\infected\SZPCUCCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Disinfection failed
C:\Program Files\ESET\infected\SZPCUCCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Deleted
C:\Program Files\ESET\infected\SZPCUCCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\SZPCUCCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Infected with: Virtool.Pwdump.2.0
C:\Program Files\ESET\infected\SZPCUCCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Disinfection failed
C:\Program Files\ESET\infected\SZPCUCCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Deleted
C:\Program Files\ESET\infected\SZPCUCCA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\ZFQX3RDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Infected with: Virtool.Pwdump.2.0
C:\Program Files\ESET\infected\ZFQX3RDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Disinfection failed
C:\Program Files\ESET\infected\ZFQX3RDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\pwdump2.exe
Deleted
C:\Program Files\ESET\infected\ZFQX3RDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
C:\Program Files\ESET\infected\ZFQX3RDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Infected with: Trojan.Hacktool.Pwdump.A
C:\Program Files\ESET\infected\ZFQX3RDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Disinfection failed
C:\Program Files\ESET\infected\ZFQX3RDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)=>pwdump2\samdump.dll
Deleted
C:\Program Files\ESET\infected\ZFQX3RDA.NQF=>(Quarantine-PE)=>(RAR Sfx o)
Update failed
New Hijackthis Scan Here.
Logfile of HijackThis v1.99.1
Scan saved at 9:52:31 AM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OptusNet Usage Meter\OptusNet Usage Meter.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Opera\Opera-.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCSVR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Hijack This\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Flashget\Cracked-MaRKuS-TH_DJM\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Flashget\CRACKE~1\fgiebar.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [\\CHRIS\EPSON Stylus Photo RX430 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI 9CP.EXE" /P39 "\\CHRIS\EPSON Stylus Photo RX430 Series" /O6 "USB002" /M "Stylus Photo RX430"
O4 - HKLM\..\Run: [OptusNetUsage] C:\Program Files\OptusNet Usage Meter\OptusNet Usage Meter.exe -mini
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [nod32upd] rundll32 "C:\Program Files\Eset\fc_upd.dll",NOD32Ioctl
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - Startup: Z00001.tmp
O4 - Startup: Z00002.tmp
O4 - Startup: Z00003.tmp
O4 - Startup: Z00004.tmp
O4 - Startup: Z00005.tmp
O4 - Startup: Z00006.tmp
O4 - Startup: Z00007.tmp
O4 - Startup: Z00008.tmp
O4 - Startup: Z00009.tmp
O4 - Startup: Z00010.tmp
O4 - Startup: Z00011.tmp
O4 - Startup: Z00012.tmp
O4 - Startup: Z00013.tmp
O4 - Startup: Z00014.tmp
O4 - Startup: Z00015.tmp
O4 - Startup: Z00016.tmp
O4 - Startup: Z00017.tmp
O4 - Startup: Z00018.tmp
O4 - Startup: Z00019.tmp
O4 - Startup: Z00020.tmp
O4 - Startup: Z00021.tmp
O4 - Startup: Z00022.tmp
O4 - Startup: Z00023.tmp
O4 - Startup: Z00024.tmp
O4 - Startup: Z00025.tmp
O4 - Startup: Z00026.tmp
O4 - Startup: Z00027.tmp
O4 - Startup: Z00028.tmp
O4 - Startup: Z00029.tmp
O4 - Startup: Z00030.tmp
O4 - Startup: Z00031.tmp
O4 - Startup: Z00032.tmp
O4 - Startup: Z00033.tmp
O4 - Startup: Z00034.tmp
O4 - Startup: Z00035.tmp
O4 - Startup: Z00036.tmp
O4 - Startup: Z00037.tmp
O4 - Startup: Z00038.tmp
O4 - Startup: Z00039.tmp
O4 - Startup: Z00040.tmp
O4 - Startup: Z00041.tmp
O4 - Startup: Z00042.tmp
O4 - Startup: Z00043.tmp
O4 - Startup: Z00044.tmp
O4 - Startup: Z00045.tmp
O4 - Startup: Z00046.tmp
O4 - Startup: Z00047.tmp
O4 - Startup: Z00048.tmp
O4 - Startup: Z00049.tmp
O4 - Startup: Z00050.tmp
O4 - Startup: Z00051.tmp
O4 - Startup: Z00052.tmp
O4 - Startup: Z00053.tmp
O4 - Startup: Z00054.tmp
O4 - Startup: Z00055.tmp
O4 - Startup: Z00056.tmp
O4 - Startup: Z00057.tmp
O4 - Startup: Z00058.tmp
O4 - Startup: Z00059.tmp
O4 - Startup: Z00060.tmp
O4 - Startup: Z00061.tmp
O4 - Startup: Z00062.tmp
O4 - Startup: Z00063.tmp
O4 - Startup: Z00064.tmp
O4 - Startup: Z00065.tmp
O4 - Startup: Z00066.tmp
O4 - Startup: Z00067.tmp
O4 - Startup: Z00068.tmp
O4 - Startup: Z00069.tmp
O4 - Startup: Z00070.tmp
O4 - Startup: Z00071.tmp
O4 - Startup: Z00072.tmp
O4 - Startup: Z00073.tmp
O4 - Startup: Z00074.tmp
O4 - Startup: Z00075.tmp
O4 - Startup: Z00076.tmp
O4 - Startup: Z00077.tmp
O4 - Startup: Z00078.tmp
O4 - Startup: Z00079.tmp
O4 - Startup: Z00080.tmp
O4 - Startup: Z00081.tmp
O4 - Startup: Z00082.tmp
O4 - Startup: Z00083.tmp
O4 - Startup: Z00084.tmp
O4 - Startup: Z00085.tmp
O4 - Startup: Z00086.tmp
O4 - Startup: Z00087.tmp
O4 - Startup: Z00088.tmp
O4 - Startup: Z00089.tmp
O4 - Startup: Z00090.tmp
O4 - Startup: Z00091.tmp
O4 - Startup: Z00092.tmp
O4 - Startup: Z00093.tmp
O4 - Startup: Z00094.tmp
O4 - Startup: Z00095.tmp
O4 - Startup: Z00096.tmp
O4 - Startup: Z00097.tmp
O4 - Startup: Z00098.tmp
O4 - Startup: Z00099.tmp
O4 - Startup: Z00100.tmp
O4 - Startup: Z00101.tmp
O4 - Startup: Z00102.tmp
O4 - Startup: Z00103.tmp
O4 - Startup: Z00104.tmp
O4 - Startup: Z00105.tmp
O4 - Startup: Z00106.tmp
O4 - Startup: Z00107.tmp
O4 - Startup: Z00108.tmp
O4 - Startup: Z00109.tmp
O4 - Startup: Z00110.tmp
O4 - Startup: Z00111.tmp
O4 - Startup: Z00112.tmp
O4 - Startup: Z00113.tmp
O4 - Startup: Z00114.tmp
O4 - Startup: Z00115.tmp
O4 - Startup: Z00116.tmp
O4 - Startup: Z00117.tmp
O4 - Startup: Z00118.tmp
O4 - Startup: Z00119.tmp
O4 - Startup: Z00120.tmp
O4 - Startup: Z00121.tmp
O4 - Startup: Z00122.tmp
O4 - Startup: Z00123.tmp
O4 - Startup: Z00124.tmp
O4 - Startup: Z00125.tmp
O4 - Startup: Z00126.tmp
O4 - Startup: Z00127.tmp
O4 - Startup: Z00128.tmp
O4 - Startup: Z00129.tmp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Z00001.tmp
O4 - Global Startup: Z00002.tmp
O4 - Global Startup: Z00003.tmp
O4 - Global Startup: Z00004.tmp
O4 - Global Startup: Z00005.tmp
O4 - Global Startup: Z00006.tmp
O4 - Global Startup: Z00007.tmp
O4 - Global Startup: Z00008.tmp
O4 - Global Startup: Z00009.tmp
O4 - Global Startup: Z00010.tmp
O4 - Global Startup: Z00011.tmp
O4 - Global Startup: Z00012.tmp
O4 - Global Startup: Z00013.tmp
O4 - Global Startup: Z00014.tmp
O4 - Global Startup: Z00015.tmp
O4 - Global Startup: Z00016.tmp
O4 - Global Startup: Z00017.tmp
O4 - Global Startup: Z00018.tmp
O4 - Global Startup: Z00019.tmp
O4 - Global Startup: Z00020.tmp
O4 - Global Startup: Z00021.tmp
O4 - Global Startup: Z00022.tmp
O4 - Global Startup: Z00023.tmp
O4 - Global Startup: Z00024.tmp
O4 - Global Startup: Z00025.tmp
O4 - Global Startup: Z00026.tmp
O4 - Global Startup: Z00027.tmp
O4 - Global Startup: Z00028.tmp
O4 - Global Startup: Z00029.tmp
O4 - Global Startup: Z00030.tmp
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Flashget\Cracked-MaRKuS-TH_DJM\jc_all.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download using FlashGet - D:\Flashget\Cracked-MaRKuS-TH_DJM\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Flashget\Cracked-MaRKuS-TH_DJM\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Flashget\Cracked-MaRKuS-TH_DJM\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ZDelete Auto-Cleaner - {EB7F329E-F14E-48ae-AB69-4E28C492D382} - C:\PROGRA~1\LSOFTT~1\ACTIVE~1\ZDelete.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: tdqfh.dll - {00000000-0000-0000-0000-000000040107} - C:\WINDOWS\system32\tdqfh.dll
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Hope this Helps
-
What the heck happened? Did you take a look at your hijackthis log? What a mess!!
I still need the file properties of that file I asked about please.
To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner
Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Uncheck cookies
Before first use:
Select Options then Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.
Then Reboot (Exit)
I think we should uninstall flashget for now in case that is infected, there are others out there or get flashget again later.
We must disable the Real-Time Protection feature of Windows Defender for it may interfere with the changes we need to make.
To disable Real-Time Protection:- Go to "Tools" | "General Settings"
- Scroll down to "Real-time protection options"
- Uncheck "Turn on real-time protection (recommended)"
- Remember to reactivate this feature when we have finished all our work.
We must disable Spy Sweeper for it may interfere with our fix
To disable SpySweeper:- Right click on the SpySweeper icon in your System Tray (near the clock).
- From the pop up menu, left click on Shields, this will open the program at the same time.
- Under the Internet Explorer Tab, uncheck all boxes (if already checked).
- Under the Windows System Tab, uncheck the following shields (if already checked):
- Memory Shield
- Spy Installation Shield
- Under the Startup Programs Tab, uncheck the Startup Shield box (if already checked).
- Under the Browser Add-ons Tab, uncheck the Browser Helper Object box (if already checked).
Note: Remember to re-enable these shields once we have completed our work.
Launch AVG anti-spyware and click on shield at the top and click on active to inactivate it
The above programs can interfer with the fix to follow.
Run hijackthis and click on scan button and put checks next to these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - Startup: Z00001.tmp
O4 - Startup: Z00002.tmp
O4 - Startup: Z00003.tmp
O4 - Startup: Z00004.tmp
O4 - Startup: Z00005.tmp
O4 - Startup: Z00006.tmp
O4 - Startup: Z00007.tmp
O4 - Startup: Z00008.tmp
O4 - Startup: Z00009.tmp
O4 - Startup: Z00010.tmp
O4 - Startup: Z00011.tmp
O4 - Startup: Z00012.tmp
O4 - Startup: Z00013.tmp
O4 - Startup: Z00014.tmp
O4 - Startup: Z00015.tmp
O4 - Startup: Z00016.tmp
O4 - Startup: Z00017.tmp
O4 - Startup: Z00018.tmp
O4 - Startup: Z00019.tmp
O4 - Startup: Z00020.tmp
O4 - Startup: Z00021.tmp
O4 - Startup: Z00022.tmp
O4 - Startup: Z00023.tmp
O4 - Startup: Z00024.tmp
O4 - Startup: Z00025.tmp
O4 - Startup: Z00026.tmp
Fix all the 04"s that look like the above ONLY
Reboot and post a new hijackthis log and the file properties I asked about. Thanks.
-
Hi and thanks for ongoing help.
Here is lates hijack this log.
Logfile of HijackThis v1.99.1
Scan saved at 7:39:14 AM, on 13/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OptusNet Usage Meter\OptusNet Usage Meter.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Opera\Opera-.exe
D:\Hijack This\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 203.229.247.9:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapso dy_app*.listen.com;<local>
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Flashget\Cracked-MaRKuS-TH_DJM\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Flashget\CRACKE~1\fgiebar.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [\\CHRIS\EPSON Stylus Photo RX430 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI 9CP.EXE" /P39 "\\CHRIS\EPSON Stylus Photo RX430 Series" /O6 "USB002" /M "Stylus Photo RX430"
O4 - HKLM\..\Run: [OptusNetUsage] C:\Program Files\OptusNet Usage Meter\OptusNet Usage Meter.exe -mini
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [PtiuPbmd] "Rundll32.exe" ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [nod32upd] rundll32 "C:\Program Files\Eset\fc_upd.dll",NOD32Ioctl
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Flashget\Cracked-MaRKuS-TH_DJM\jc_all.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download using FlashGet - D:\Flashget\Cracked-MaRKuS-TH_DJM\jc_link.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Flashget\Cracked-MaRKuS-TH_DJM\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Flashget\Cracked-MaRKuS-TH_DJM\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ZDelete Auto-Cleaner - {EB7F329E-F14E-48ae-AB69-4E28C492D382} - C:\PROGRA~1\LSOFTT~1\ACTIVE~1\ZDelete.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: tdqfh.dll - {00000000-0000-0000-0000-000000040107} - C:\WINDOWS\system32\tdqfh.dll
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegVac Registry Service (RegVacService) - Super Win Software, Inc. - C:\Program Files\RegVac Registry Cleaner\RegVserv.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
I have kept flashget as I had this program before this issue occured.
I am confused about the properties of the file you asked for can you explain further please.
All help is appreciated.
-
Find the file>right click on it>and click on properties and tell me what it says when you click on properties.
-
Properties of file tdqfh.dll
Type of File: Application Extension.
Opens With: Unknown Application.
Location: C:\Windows\System32
Size: 22.0 KB
Size on disk: 24 KB
Created: Saturday 2 December 2006 8.10.32 am
Modified: Today 14 December 2006 7.21.55 am
Accessed: Saturday 2 December 2006 8.10.32 am
I can't recall what program was installed that included this file.
I hope it is of use to you.
Any help appreciated.
-
Here is what I need you to do please.
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Run AVG anti-spyware from safe mode and post the log and thanks.
