Weird Virus.. No idea.. Plz help

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Thursday 6.3.2025 / 17:23

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > weird virus.. no idea.. plz help

Browse by topic

Forums

Start a new thread

Weird Virus.. No idea.. Plz help

Jump to:

Posted

Message

kgtrain

Member

19. June 2008 @ 10:00

Link to this message

Hey all.. So heres what happened. I downloaded some songs last night & everything i download goes into 'my downloads' folder. The problem is after i did it I went to go into the folder & get this msg

ERROR
OS: Windows XP Professional, SP2
CPU: GenuineIntel, Intel Pentium 4, MMX @ 2660 MHz

Application data:
VmVyc2lvbjogV2xGQlhVSlFWRlphUkU1RFJrTlZKQ2xTT3lRN1ZpQXN
BQWRWUHlFOEl6QnpaSHQrZHpNa0lqc2tJelpGY25SOWVHcC9SemM3Uj
NKNGIzRkRNUT09DQpJbWFnZUJhc2U6IDEyNDMwMDAwDQpFaXA6IDVBN
kNFQjANCkVheDogRDQ0MDAwMA0KRWN4OiAxMjVGNEE0Qw0KRWR4OiAw
DQpFYng6IDANCkVzaTogMTI1RjQ5OTQNCkVkaTogRDQ1MDAwMA0KRWJ
wOiBDNkZFNjRDDQpFc3A6IEM2RkU1MjANCi0xDQpDb2RlID0gWzIwNF
0NCi0gMA0KLSAyMDQNCi0gMjI3DQotIDANCi0gW10NCj4gQzpcV0lOR
E9XU1xFeHBsb3Jlci5FWEUNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxu
dGRsbC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxrZXJuZWwzMi5
kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxBRFZBUEkzMi5kbGwNCj
4gQzpcV0lORE9XU1xzeXN0ZW0zMlxSUENSVDQuZGxsDQo+IEM6XFdJT
kRPV1Ncc3lzdGVtMzJcU2VjdXIzMi5kbGwNCj4gQzpcV0lORE9XU1xz
eXN0ZW0zMlxCUk9XU0VVSS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0
zMlxHREkzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxVU0VSMz
IuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbXN2Y3J0LmRsbA0KP
iBDOlxXSU5ET1dTXHN5c3RlbTMyXG9sZTMyLmRsbA0KPiBDOlxXSU5E
T1dTXHN5c3RlbTMyXFNITFdBUEkuZGxsDQo+IEM6XFdJTkRPV1Ncc3l
zdGVtMzJcT0xFQVVUMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMz
JcU0hET0NWVy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxDUllQV
DMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TQVNOMS5kbGwN
Cj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxDUllQVFVJLmRsbA0KPiBDOlx
XSU5ET1dTXHN5c3RlbTMyXFdJTlRSVVNULmRsbA0KPiBDOlxXSU5ET1
dTXHN5c3RlbTMyXElNQUdFSExQLmRsbA0KPiBDOlxXSU5ET1dTXHN5c
3RlbTMyXE5FVEFQSTMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMy
XFdJTklORVQuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTm9ybWF
saXouZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcaWVydHV0aWwuZG
xsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0xEQVAzMi5kbGwNCj4gQ
zpcV0lORE9XU1xzeXN0ZW0zMlxWRVJTSU9OLmRsbA0KPiBDOlxXSU5E
T1dTXHN5c3RlbTMyXFNIRUxMMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3l
zdGVtMzJcVXhUaGVtZS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMl
xTaGltRW5nLmRsbA0KPiBDOlxXSU5ET1dTXEFwcFBhdGNoXEFjR2Vuc
mFsLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdJTk1NLmRsbA0K
PiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TQUNNMzIuZGxsDQo+IEM6XFd
JTkRPV1Ncc3lzdGVtMzJcVVNFUkVOVi5kbGwNCj4gQzpcV0lORE9XU1
xzeXN0ZW0zMlxJTU0zMi5ETEwNCj4gQzpcV0lORE9XU1xXaW5TeFNce
Dg2X01pY3Jvc29mdC5XaW5kb3dzLkNvbW1vbi1Db250cm9sc182NTk1
YjY0MTQ0Y2NmMWRmXzYuMC4yNjAwLjI5ODJfeC13d19hYzNmOWMwM1x
jb21jdGwzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxjb21jdG
wzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxtc2N0ZmltZS5pb
WUNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxhcHBIZWxwLmRsbA0KPiBD
OlxXSU5ET1dTXHN5c3RlbTMyXENMQkNBVFEuRExMDQo+IEM6XFdJTkR
PV1Ncc3lzdGVtMzJcQ09NUmVzLmRsbA0KPiBDOlxQUk9HUkF+MVxNSU
NST1N+NFxPZmZpY2UxMlxHUkE4RTF+MS5ETEwNCj4gQzpcUFJPR1JBf
jFcTUlDUk9TfjRcT2ZmaWNlMTJcR3Jvb3ZlVXRpbC5ETEwNCj4gQzpc
V0lORE9XU1xXaW5TeFNceDg2X01pY3Jvc29mdC5WQzgwLkNSVF8xZmM
4YjNiOWExZTE4ZTNiXzguMC41MDcyNy4xNDMzX3gtd3dfNWNmODQ0ZD
JcTVNWQ1I4MC5kbGwNCj4gQzpcUFJPR1JBfjFcTUlDUk9TfjRcT2Zma
WNlMTJcR3Jvb3ZlTmV3LkRMTA0KPiBDOlxXSU5ET1dTXFdpblN4U1x4
ODZfTWljcm9zb2Z0LlZDODAuQVRMXzFmYzhiM2I5YTFlMThlM2JfOC4
wLjUwNzI3Ljc2Ml94LXd3X2NiYjI3NDc0XEFUTDgwLkRMTA0KPiBDOl
xXSU5ET1dTXHN5c3RlbTMyXHJzYWVuaC5kbGwNCj4gQzpcV0lORE9XU
1xzeXN0ZW0zMlxNU0ltZzMyLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3Rl
bTMyXGNzY3VpLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTMyXENTQ0R
MTC5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb24gRmlsZXNcU3
ltYW50ZWMgU2hhcmVkXEJhY2t1cFxidVNoZWxsLmRsbA0KDQpTeW1hb
nRlYyBDb3Jwb3JhdGlvbg0KQmFja3VwIFNoZWxsDQoxLjAuMDAuMzgy
DQpCVVNoZWxsLmRsbA0KQ29weXJpZ2h0IChjKSAxOTk3LTIwMDggU3l
tYW50ZWMgQ29ycG9yYXRpb24NCkJVU2hlbGwuZGxsDQoxLjANCk5vcn
RvbiAzNjANCg0KPiBDOlxQcm9ncmFtIEZpbGVzXENvbW1vbiBGaWxlc
1xTeW1hbnRlYyBTaGFyZWRcY2NMNzBVLmRsbA0KDQpTeW1hbnRlYyBD
b3Jwb3JhdGlvbg0KU3ltYW50ZWMgTGlicmFyeQ0KMTA3LjAuNS41DQp
jY0xpYg0KQ29weXJpZ2h0IChjKSAyMDAwLTIwMDcgU3ltYW50ZWMgQ2
9ycG9yYXRpb24uIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQpjY0w3MC5kb
GwNCjEwNy4wLjUuNQ0KU3ltYW50ZWMgU2VjdXJpdHkgVGVjaG5vbG9n
aWVzDQoNCj4gQzpcV0lORE9XU1xXaW5TeFNceDg2X01pY3Jvc29mdC5
WQzgwLkNSVF8xZmM4YjNiOWExZTE4ZTNiXzguMC41MDcyNy4xNDMzX3
gtd3dfNWNmODQ0ZDJcTVNWQ1A4MC5kbGwNCj4gQzpcV0lORE9XU1xze
XN0ZW0zMlx3czJfMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJc
V1MySEVMUC5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb24gRml
sZXNcU3ltYW50ZWMgU2hhcmVkXGNjVnJUcnN0LmRsbA0KDQpTeW1hbn
RlYyBDb3Jwb3JhdGlvbg0KU3ltYW50ZWMgVHJ1c3QgVmFsaWRhdGlvb
iBFbmdpbmUNCjEwNy4wLjUuNQ0KY2NWclRyc3QNCkNvcHlyaWdodCAo
YykgMjAwMC0yMDA3IFN5bWFudGVjIENvcnBvcmF0aW9uLiBBbGwgcml
naHRzIHJlc2VydmVkLg0KY2NWclRyc3QuZGxsDQoxMDcuMC41LjUNCl
N5bWFudGVjIFNlY3VyaXR5IFRlY2hub2xvZ2llcw0KDQo+IEM6XFdJT
kRPV1Ncc3lzdGVtMzJcU0VUVVBBUEkuZGxsDQo+IEM6XFdJTkRPV1Nc
c3lzdGVtMzJcV1NPQ0szMi5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1x
Db21tb24gRmlsZXNcU3ltYW50ZWMgU2hhcmVkXGNjU2V0LmRsbA0KDQ
pTeW1hbnRlYyBDb3Jwb3JhdGlvbg0KU3ltYW50ZWMgU2V0dGluZ3MgT
WFuYWdlciBFbmdpbmUNCjEwNy4wLjUuNQ0KY2NTZXQNCkNvcHlyaWdo
dCAoYykgMjAwMC0yMDA3IFN5bWFudGVjIENvcnBvcmF0aW9uLiBBbGw
gcmlnaHRzIHJlc2VydmVkLg0KY2NTZXQuZGxsDQoxMDcuMC41LjUNCl
N5bWFudGVjIFNlY3VyaXR5IFRlY2hub2xvZ2llcw0KDQo+IEM6XFByb
2dyYW0gRmlsZXNcQ29tbW9uIEZpbGVzXFN5bWFudGVjIFNoYXJlZFxj
Y0lQQy5kbGwNCg0KU3ltYW50ZWMgQ29ycG9yYXRpb24NClN5bWFudGV
jIGNjSVBDIEVuZ2luZQ0KMTA3LjAuNS41DQpjY0lQQw0KQ29weXJpZ2
h0IChjKSAyMDAwLTIwMDcgU3ltYW50ZWMgQ29ycG9yYXRpb24uIEFsb
CByaWdodHMgcmVzZXJ2ZWQuDQpjY0lQQy5kbGwNCjEwNy4wLjUuNQ0K
U3ltYW50ZWMgU2VjdXJpdHkgVGVjaG5vbG9naWVzDQoNCj4gQzpcV0l
ORE9XU1xzeXN0ZW0zMlx0aGVtZXVpLmRsbA0KPiBDOlxXSU5ET1dTXH
N5c3RlbTMyXHhwc3AycmVzLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3Rlb
TMyXGFjdHhwcnh5LmRsbA0KPiBDOlxQUk9HUkF+MVxNSUNST1N+NFxP
ZmZpY2UxMlxHUjk5RDN+MS5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0
zMlx1cmxtb24uZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbXN4bW
wzLmRsbA0KPiBDOlxQcm9ncmFtIEZpbGVzXFdpbmRvd3MgRGVza3Rvc
CBTZWFyY2hcTVNOTE5hbWVzcGFjZU1nci5kbGwNCj4gQzpcV0lORE9X
U1xzeXN0ZW0zMlxpZWZyYW1lLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3R
lbTMyXFBTQVBJLkRMTA0KPiBDOlxQcm9ncmFtIEZpbGVzXENvbW1vbi
BGaWxlc1xTeW1hbnRlYyBTaGFyZWRcQXBwQ29yZVxBcHBNZ3IzMi5kb
GwNCg0KU3ltYW50ZWMgQ29ycG9yYXRpb24NClN5bWFudGVjIEFwcGxp
Y2F0aW9uIENvcmUgTWFuYWdlcg0KMi4wLjAwLjc5DQpBcHBNZ3IzMg0
KQ29weXJpZ2h0IChjKSAxOTk3LTIwMDggU3ltYW50ZWMgQ29ycG9yYX
Rpb24NCkFwcE1ncjMyLmRsbA0KMi4wDQpTeW1hbnRlYyBBcHBsaWNhd
GlvbiBDb3JlDQoNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxtc3V0Yi5k
bGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNU0NURi5kbGwNCj4gQzp
cV0lORE9XU1xzeXN0ZW0zMlxTQU1MSUIuZGxsDQo+IEM6XFdJTkRPV1
Ncc3lzdGVtMzJcbXNpLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyX
ExJTktJTkZPLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG50c2hy
dWkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQVRMLkRMTA0KPiB
DOlxXSU5ET1dTXHN5c3RlbTMyXE1MQU5HLmRsbA0KPiBDOlxXSU5ET1
dTXHN5c3RlbTMyXE5FVFNIRUxMLmRsbA0KPiBDOlxXSU5ET1dTXHN5c
3RlbTMyXHJ0dXRpbHMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJc
Y3JlZHVpLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGlwaGxwYXB
pLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdJTlNUQS5kbGwNCj
4gQzpcV0lORE9XU1xzeXN0ZW0zMlx3ZWJjaGVjay5kbGwNCj4gQzpcV
0lORE9XU1xzeXN0ZW0zMlxzdG9iamVjdC5kbGwNCj4gQzpcV0lORE9X
U1xzeXN0ZW0zMlxCYXRNZXRlci5kbGwNCj4gQzpcV0lORE9XU1xzeXN
0ZW0zMlxQT1dSUFJPRi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMl
xXVFNBUEkzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXUERTa
FNlcnZpY2VPYmouZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0lO
SFRUUC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxteWRvY3MuZGx
sDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcUG9ydGFibGVEZXZpY2VUeX
Blcy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxQb3J0YWJsZURld
mljZUFwaS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlx3ZG1hdWQu
ZHJ2DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbXNhY20zMi5kcnYNCj4
gQzpcV0lORE9XU1xzeXN0ZW0zMlxtaWRpbWFwLmRsbA0KPiBDOlxQUk
9HUkF+MVxNSUNST1N+NFxPZmZpY2UxMlxHUjMyNkN+MS5ETEwNCj4gQ
zpcV0lORE9XU1xzeXN0ZW0zMlxNUFIuZGxsDQo+IEM6XFdJTkRPV1Nc
U3lzdGVtMzJcZHJwcm92LmRsbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTM
yXG50bGFubWFuLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTMyXE5FVF
VJMC5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxORVRVSTEuZGxsD
Qo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcTkVUUkFQLmRsbA0KPiBDOlxX
SU5ET1dTXFN5c3RlbTMyXGRhdmNsbnQuZGxsDQo+IEM6XFdJTkRPV1N
cc3lzdGVtMzJcYnJvd3NlbGMuZGxsDQo+IEM6XFBST0dSQX4xXFNQWU
JPVH4xXFNESGVscGVyLmRsbA0KQmxvY2tpZXJ0IFVSTHMsIGRpZSBTc
Hl3YXJlLCBNYWx3YXJlIGV0Yy4gaW5zdGFsbGllcmVuIHf8cmRlbi4N
ClNhZmVyIE5ldHdvcmtpbmcgTGltaXRlZA0KU0JTRCBJRSBQcm90ZWN
0aW9uDQoxLCA1LCAwLCA4DQpTREhlbHBlcg0KqSAyMDAwLTIwMDcgU2
FmZXIgTmV0d29ya2luZyBMaW1pdGVkLiBBbGxlIFJlY2h0ZSB2b3JiZ
WhhbHRlbi4NCiJTcHlib3QiIHVuZCAiU3B5Ym90IC0gU2VhcmNoICYg
RGVzdHJveSIgc2luZCByZWdpc3RyaWVydGUgV2FyZW56ZWljaGVuLg0
Kc2RoZWxwZXIuZGxsDQoxLCA1LCAwLCAwDQpTcHlib3QgLSBTZWFyY2
ggJiBEZXN0cm95DQoNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxmYXVsd
HJlcC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxvbGVwcm8zMi5k
bGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xNaWNyb3NvZnQgT2ZmaWNlXE9
mZmljZTEyXDEwMzNcR3Jvb3ZlSW50bFJlc291cmNlLmRsbA0KPiBDOl
xXSU5ET1dTXHN5c3RlbTMyXE1TRlRFRElULkRMTA0KPiBDOlxXSU5ET
1dTXHN5c3RlbTMyXFNYUy5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0z
MlxEVVNFUi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxSQVNBUEk
zMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxyYXNtYW4uZGxsDQ
o+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcVEFQSTMyLmRsbA0KPiBDOlxXS
U5ET1dTXHN5c3RlbTMyXG1zdjFfMC5kbGwNCj4gQzpcUHJvZ3JhbSBG
aWxlc1xDb21tb24gRmlsZXNcQWRvYmVcQWNyb2JhdFxBY3RpdmVYXFB
ERlNoZWxsLmRsbA0KDQpBZG9iZSBTeXN0ZW1zLCBJbmMuDQpQREYgU2
hlbGwgRXh0ZW5zaW9uDQo4LjEuMC4wDQpQREZTaGVsbA0KQ29weXJpZ
2h0IDIwMDAtMjAwNyBBZG9iZSBTeXN0ZW1zLCBJbmMuDQpQREZTaGVs
bC5kbGwNCjguMS4wLjANCkFkb2JlIFBERiBTaGVsbCBFeHRlbnNpb24
NCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHdtdmNvcmUuZGxsDQo+IE
M6XFdJTkRPV1Ncc3lzdGVtMzJcV01BU0YuRExMDQo+IEM6XFdJTkRPV
1NcV2luU3hTXHg4Nl9NaWNyb3NvZnQuV2luZG93cy5HZGlQbHVzXzY1
OTViNjQxNDRjY2YxZGZfMS4wLjI2MDAuMjE4MF94LXd3XzUyMmY5Zjg
yXGdkaXBsdXMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbXNjbX
MuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0lOU1BPT0wuRFJWD
Qo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcY29tZGxnMzIuZGxsDQo+IEM6
XFdJTkRPV1Ncc3lzdGVtMzJcbXNkbW8uZGxsDQoNCjYuNS4yNjAwLjI
xODANCjYuNS4yNjAwLjIxODANCg0KPiBDOlxXSU5ET1dTXHN5c3RlbT
MyXGR4bWFzZi5kbGwNCg0KNi40LjkuMTEzMw0KNi40LjkuMTEzMw0KD
Qo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcRFJNQ2xpZW4uRExMDQo+IEM6
XFdJTkRPV1Ncc3lzdGVtMzJcZGRyYXcuZGxsDQo+IEM6XFdJTkRPV1N
cc3lzdGVtMzJcRENJTUFOMzIuZGxsDQo+IEM6XFByb2dyYW0gRmlsZX
NcQ29tbW9uIEZpbGVzXEFoZWFkXExpYlxBZHZyQ250ci5kbGwNCg0KQ
WhlYWQgU29mdHdhcmUgQUcNCkFkdnJDbnRyIE1vZHVsZQ0KMSwyLDEy
LCAyMzE0DQpBZHZyQ250cg0KQ29weXJpZ2h0IChjKSAxOTk1LTIwMDM
gQWhlYWQgU29mdHdhcmUgYW5kIGl0cyBsaWNlbnNvcnMNCkFkdnJDbn
RyLkRMTA0KMSwyLDEyLCAyMzE0DQpBZHZyQ250ciBNb2R1bGUNCg0KP
iBDOlxXSU5ET1dTXHN5c3RlbTMyXHNoZG9jbGMuZGxsDQo+IEM6XFdJ
TkRPV1Ncc3lzdGVtMzJcbDNjb2RlY2EuYWNtDQoNCkZyYXVuaG9mZXI
gSW5zdGl0dXQgSW50ZWdyaWVydGUgU2NoYWx0dW5nZW4gSUlTDQpNUE
VHIExheWVyLTMgQXVkaW8gQ29kZWMgZm9yIE1TQUNNDQoxLCA5LCAwL
CAwMzA1DQpsM2NvZGVjLmFjbQ0KQ29weXJpZ2h0IKkgMTk5Ni0xOTk5
IEZyYXVuaG9mZXIgSW5zdGl0dXQgSW50ZWdyaWVydGUgU2NoYWx0dW5
nZW4gSUlTDQpsM2NvZGVjLmFjbQ0KMSwgMCwgMCwgMA0KTVBFRyBMYX
llci0zIEF1ZGlvIENvZGVjIGZvciBNU0FDTQ0KDQo+IEM6XFdJTkRPV
1Ncc3lzdGVtMzJcTVNHSU5BLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3Rl
bTMyXE9EQkMzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxvZGJ
jaW50LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXENGR01HUjMyLm
RsbA0KPiBDOlxQcm9ncmFtIEZpbGVzXFdpbmRvd3MgRGVza3RvcCBTZ
WFyY2hcd2RzU2hlbGwuZGxsDQo+IEM6XFByb2dyYW0gRmlsZXNcV2lu
ZG93cyBEZXNrdG9wIFNlYXJjaFxlbi11c1xtc25sRXh0UmVzLmRsbC5
tdWkNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxtc2h0bWwuZGxsDQo+IE
M6XFdJTkRPV1Ncc3lzdGVtMzJcbXNsczMxLmRsbA0KPiBDOlxXSU5ET
1dTXHN5c3RlbTMyXG1zdGltZS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0
ZW0zMlxqc2NyaXB0LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG1
zaW10Zi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxkZHJhd2V4Lm
RsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHNlbnNhcGkuZGxsDQo+I
EM6XFdJTkRPV1NcU3lzdGVtMzJcbXN3c29jay5kbGwNCj4gQzpcV0lO
RE9XU1xzeXN0ZW0zMlxyYXNhZGhscC5kbGwNCj4gQzpcV0lORE9XU1x
zeXN0ZW0zMlxETlNBUEkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMz
JcaG5ldGNmZy5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlx3c2h0Y
3BpcC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxQUklOVFVJLmRs
bA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXEFDVElWRURTLmRsbA0KPiB
DOlxXSU5ET1dTXHN5c3RlbTMyXGFkc2xkcGMuZGxsDQo+IEM6XFdJTk
RPV1Ncc3lzdGVtMzJcTlRNQVJUQS5ETEwNCj4gQzpcV0lORE9XU1xze
XN0ZW0zMlxzaG1lZGlhLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMy
XE1TVkZXMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQVZJRkl
MMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJccWVkaXQuZGxsDQ
oNCjYuNS4yNjAwLjIxODANCjYuNS4yNjAwLjIxODANCg0KPiBDOlxXS
U5ET1dTXHN5c3RlbTMyXHF1YXJ0ei5kbGwNCg0KNi41LjI2MDAuMzM2
Nw0KNi41LjI2MDAuMzM2Nw0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJ
cZGV2ZW51bS5kbGwNCg0KNi41LjI2MDAuMjE4MA0KNi41LjI2MDAuMj
E4MA0KDQo+IEM6XFBST0dSQX4xXFRPVEFMVn4xXFJlYWxNZWRpYVNwb
Gl0dGVyLmF4DQpodHRwOi8vZ2FiZXN0Lm9yZy8NCkdhYmVzdA0KUmVh
bE1lZGlhIFNwbGl0dGVyDQoxLCAwLCAxLCAxDQpSZWFsTWVkaWEgU3B
saXR0ZXINCkNvcHlyaWdodCAoQykgMjAwMy0yMDA2DQpSZWFsTWVkaW
FTcGxpdHRlci5heA0KMSwgMCwgMSwgMQ0KUmVhbE1lZGlhIFNwbGl0d
GVyDQoNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDeWJlcmxpbmtcUG93ZXJE
VkRcTmF2RmlsdGVyXGNsbTRzcGx0LmF4DQoNCkN5YmVyTGluayBDb3J
wLg0KQ3liZXJMaW5rIE1QRUctNCBTcGxpdHRlcg0KMS4wLjMyMjkgIA
0KQ3liZXJMaW5rIE1QRUctNCBTcGxpdHRlcg0KQ3liZXJMaW5rIENvc
nAuIDIwMDQNCmNsbTRzcGx0LmF4DQoxLjAuMzIyOSAgDQpDeWJlckxp
bmsgTVBFRy00IFNwbGl0dGVyDQoNCj4gQzpcUHJvZ3JhbSBGaWxlc1x
Db21tb24gRmlsZXNcQWhlYWRcRFNGaWx0ZXJcTmVTcGxpdHRlci5heA
0KDQpOZXJvIEFHDQpTcGxpdHRlciBGaWx0ZXINCjMsMiwwLDIwYw0KQ
29weXJpZ2h0IChjKSAxOTk1LTIwMDUgTmVybyBBRyBhbmQgaXRzIGxp
Y2Vuc29ycw0KTmVTcGxpdHRlci5heA0KMSwgMCwgMywgMg0KTmVybyB
TaG93VGltZQ0KDQo+IEM6XFByb2dyYW0gRmlsZXNcQ3liZXJsaW5rXF
Bvd2VyRFZEXE5hdkZpbHRlclxDTERlbXV4ZXIuYXgNCg0KQ3liZXJMa
W5rIENvcnAuDQpNUEVHLTIgRGVtcGx0aXBsZXhlcg0KMS4wLjQ1Mjgg
ICAgICAgIA0KQ0xEZW11eGVyLmF4DQpDeWJlckxpbmsgZGV2ZWxvcGV
kIEZpbHRlci4gIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQpDTERlbXV4ZX
IuYXgNCjEuMC40NTI4ICAgICAgICANCkRUViBrZW5yZWwNCg0KPiBDO
lxXSU5ET1dTXHN5c3RlbTMyXHdtcGFzZi5kbGwNCj4gQzpcV0lORE9X
U1xzeXN0ZW0zMlxtcGcyc3BsdC5heA0KDQo2LjUuMjYwMC4yMTgwDQo
2LjUuMjYwMC4yMTgwDQoNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb2
4gRmlsZXNcQWRvYmVcQWNyb2JhdFxBY3RpdmVYXEFjcm9JRUhlbHBlc
i5kbGwNCg0KQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQNCkFkb2Jl
IFBERiBIZWxwZXIgZm9yIEludGVybmV0IEV4cGxvcmVyDQo4LjAuMC4
yMDA2MTAyMjAwDQpBY3JvSUVIZWxwZXINCkNvcHlyaWdodCAxOTg0LT
IwMDYgQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQgYW5kIGl0cyBsa
WNlbnNvcnMuIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQpBY3JvSUVIZWxw
ZXIuRExMDQo4LjAuMC4yMDA2MTAyMjAwDQpBY3JvSUVIZWxwZXIgTGl
icmFyeQ0KDQo+IEM6XFByb2dyYW0gRmlsZXNcTWljcm9zb2Z0IE9mZm
ljZVxPZmZpY2UxMlxtc29oZXZpLmRsbA0KPiBDOlxXSU5ET1dTXHN5c
3RlbTMyXHN0aS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlx3cGRz
aGV4dC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxzaGdpbmEuZGx
sDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQXVkaW9kZXYuZGxsDQo+IE
M6XFdJTkRPV1Ncc3lzdGVtMzJcd2lhc2hleHQuZGxsDQo+IEM6XFdJT
kRPV1Ncc3lzdGVtMzJcRGl2WE1lZGlhLmF4DQoNCkRpdlhOZXR3b3Jr
cw0KRGl2WK4gTWVkaWEgRmlsdGVyDQowLjAuMC4wMjgNCkRpdlhNZWR
pYQ0KQ29weXJpZ2h0IKkgRGl2WE5ldHdvcmtzLCAyMDAxLTIwMDUNCk
RpdlhNZWRpYS5heA0KMC4wLjAuMDI4DQpEaXZYriBNZWRpYSBGaWx0Z
XINCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TVkNQNjAuZGxsDQo+
IEM6XFdJTkRPV1Ncc3lzdGVtMzJcc3RybWRsbC5kbGwNCj4gQzpcUHJ
vZ3JhbSBGaWxlc1xDb21tb24gRmlsZXNcQWhlYWRcRFNGaWx0ZXJcTm
VWaWRlby5heA0KDQpOZXJvIEFHDQpNUEVHLTEvMi80ICYgQVZDIHZpZ
GVvIGRlY29kZXIgdy8gRHhWQQ0KMywyLDAsMjBjDQpDb3B5cmlnaHQg
KGMpIDIwMDUgTmVybyBBRyBhbmQgaXRzIGxpY2Vuc29ycw0KTmVWaWR
lby5heA0KMiwgMCwgMiwgNDYNCk5lcm8gU3VpdGUNCg==

I then have the option of OK, COPY TEXT & SUBMIT REPORT
So I close it down & it pops up straight away, then I close it down again & theres a little gap before it pops up again for me to close the file.
So I ran norton 360 & it detected viruses & deleted them & I could get into the folder fine, but when I tried today the same popup appeared but this time I cant detect anything.
The other thing is I tried to login to AfterDawn & every new page I would have to enter my password again & it would say theres a problem with my cookies, but I waited a little & it worked fine. I couldnt find anything in HjackThis but perhaps I missed something so heres my log & a list of all my processes running too.. Theres some new ones

ccSvcHst
rundll32
iTunesHelper
GrooveMonitor
ipoint
apdproxy
itype
CLI
jusched
taskmgr
PDEDServ
G-vga
explorer
symlcscv
ati2evxxx
iPodService
ctfmon
ScanStub
CLI
CLI
svhost
svhost
AluSchedulerSvc
iexplorer
svchost
svchost
svchost
svchost
ati2evxxx
lsass
services
smss
symlcsvc
winlogon
csrss
alg
spoolsv
System
System Idle Process

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:34 PM, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Norton 360\ScanStub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1182687876734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1182687863515
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/j...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8715 bytes

I'm really up shits creek with this guys.. Plz lend a hand. Thanks

[ + quote]

echoreply

Member

19. June 2008 @ 22:24

Link to this message

hi,

lets see what services are running. Go to Start > Run and type:

cmd.exe

and ok. Copy and paste the line below at the prompt > then click enter

sc query > c:\services.txt & start notepad c:\services.txt

notepad will open with a windows service list. copy/paste the list in reply.

do a online scan here and post the results:
ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

[ + quote]

http://www.virusvault.us/

kgtrain

Member

20. June 2008 @ 01:52

Link to this message

Hey.. Thanks for your help.. Ok these are the results. First the service results:

SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Apple Mobile Device
DISPLAY_NAME: Apple Mobile Device
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Ati HotKey Poller
DISPLAY_NAME: Ati HotKey Poller
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: AudioSrv
DISPLAY_NAME: Windows Audio
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Automatic LiveUpdate Scheduler
DISPLAY_NAME: Automatic LiveUpdate Scheduler
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: BITS
DISPLAY_NAME: Background Intelligent Transfer Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Browser
DISPLAY_NAME: Computer Browser
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: BthServ
DISPLAY_NAME: Bluetooth Support Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ccEvtMgr
DISPLAY_NAME: Symantec Event Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ccSetMgr
DISPLAY_NAME: Symantec Settings Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: CLTNetCnService
DISPLAY_NAME: Symantec Lic NetConnect service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: CryptSvc
DISPLAY_NAME: Cryptographic Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Dhcp
DISPLAY_NAME: DHCP Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: dmserver
DISPLAY_NAME: Logical Disk Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ERSvc
DISPLAY_NAME: Error Reporting Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Eventlog
DISPLAY_NAME: Event Log
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: EventSystem
DISPLAY_NAME: COM+ Event System
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: FastUserSwitchingCompatibility
DISPLAY_NAME: Fast User Switching Compatibility
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: helpsvc
DISPLAY_NAME: Help and Support
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: HidServ
DISPLAY_NAME: HID Input Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: iPod Service
DISPLAY_NAME: iPod Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Irmon
DISPLAY_NAME: Infrared Monitor
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: lanmanserver
DISPLAY_NAME: Server
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: lanmanworkstation
DISPLAY_NAME: Workstation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: LiveUpdate Notice
DISPLAY_NAME: LiveUpdate Notice
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: LmHosts
DISPLAY_NAME: TCP/IP NetBIOS Helper
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Netman
DISPLAY_NAME: Network Connections
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Nla
DISPLAY_NAME: Network Location Awareness (NLA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PnkBstrA
DISPLAY_NAME: PnkBstrA
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PolicyAgent
DISPLAY_NAME: IPSEC Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ProtectedStorage
DISPLAY_NAME: Protected Storage
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RasMan
DISPLAY_NAME: Remote Access Connection Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RemoteRegistry
DISPLAY_NAME: Remote Registry
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RichVideo
DISPLAY_NAME: Cyberlink RichVideo Service(CRVS)
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SamSs
DISPLAY_NAME: Security Accounts Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Schedule
DISPLAY_NAME: Task Scheduler
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: seclogon
DISPLAY_NAME: Secondary Logon
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SENS
DISPLAY_NAME: System Event Notification
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SharedAccess
DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ShellHWDetection
DISPLAY_NAME: Shell Hardware Detection
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Spooler
DISPLAY_NAME: Print Spooler
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: srservice
DISPLAY_NAME: System Restore Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SSDPSRV
DISPLAY_NAME: SSDP Discovery Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: stisvc
DISPLAY_NAME: Windows Image Acquisition (WIA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Symantec Core LC
DISPLAY_NAME: Symantec Core LC
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TapiSrv
DISPLAY_NAME: Telephony
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TermService
DISPLAY_NAME: Terminal Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Themes
DISPLAY_NAME: Themes
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TrkWks
DISPLAY_NAME: Distributed Link Tracking Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: upnphost
DISPLAY_NAME: Universal Plug and Play Device Host
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: W32Time
DISPLAY_NAME: Windows Time
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WebClient
DISPLAY_NAME: WebClient
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: winmgmt
DISPLAY_NAME: Windows Management Instrumentation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: wscsvc
DISPLAY_NAME: Security Center
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: wuauserv
DISPLAY_NAME: Automatic Updates
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WZCSVC
DISPLAY_NAME: Wireless Zero Configuration
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PnkBstrB
DISPLAY_NAME: PnkBstrB
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

And this is the result of the Eset scan

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3201 (20080619)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=1c716a14d213464ab9c6bcfc041d23b1
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-06-20 05:22:04
# local_time=2008-06-20 03:22:04 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=5.1.2600 NT Service Pack 2
# scanned=330376
# found=1
# scan_time=6062
C:\Program Files\ElcomSoft\Proactive System Password Recovery\pspr.exe probably a variant of Win32/Genetik trojan (unable to clean - deleted) 00000000000000000000000000000000

[ + quote]

cdavfrew

Senior Member

20. June 2008 @ 03:39

Link to this message

Hi kgtrain.

I do not think that you are infected.

I searched in google for your problem, and most forums showed that NeroVisionExpress was the culprit. The following patch was recommended to be installed, and solved the problem for those victims:

ftp://ftp4.Nero.com/patches/SMCPatch.exe

Here are some examples.

http://forums.afterdawn.com/thread_view.cfm/193777
http://forums.afterdawn.com/thread_view.cfm/191458

Best Regards :D

[ + quote]

echoreply

Member

20. June 2008 @ 06:14

Link to this message

Hi,

thanks for the info.

iam intrested in this process which seems worth investigating:
svhost, (not svchost)

see if you can locate this on your computer. if so you can right click on it select properties and check the tabs for info. you can also upload it to get it checked out:

http://www.virustotal.com/

[ + quote]

http://www.virusvault.us/

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > weird virus.. no idea.. plz help


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.