Avast WEBforum
Other => Viruses and worms => Topic started by: ratchetclan4 on March 24, 2009, 05:34:08 PM
-
****virus total scan of ispiqq.dll****
http://www.virustotal.com/analisis/d068e3d6cb4420db08ed55b5d2bb7c47
Two Days Ago I Went on msn and messenger discovery loaded a popup page like it normally does... which is normally blank
but about 2month ago when it did that i got a virus called ascbalon.dll
so i uninstalled messenger discovery...now when i went on it downloaded oembios.exe which is a polycrypt-AMK[trj]
i deleted it using avast and its registry change popped up which i set as denied using spybot and click remember *but it spammed my pc on the right saying registry changed denied...
but now its causing Function setifaceupdatepackages() has failed return code is 0xc0000005, DWres is c0000005
so anyway i just ignored this thinking it might have been a network issue..until i was playing a game on my Pc and end tasked it too shut my pc down when this popped up
ispiqq.dll Trojan-gen {other} was detected in d:\windows\system32
heres my hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:07 PM, on 24/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Kontiki\KService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Kontiki\KHost.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\program files\steam\steam.exe
D:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Electronic Arts\EADM\Core.exe
D:\Program Files\Paltalk Messenger\paltalk.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\RALINK\Common\RaUI.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Xfire\Xfire.exe
D:\Program Files\Opera\opera.exe
D:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Documents and Settings\Ryan\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\oembios.exe,
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kdx] D:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "D:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O4 - Global Startup: PalTalk.lnk = D:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199300685734
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - D:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8241 bytes
-
just to add i just noticed this
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\oembios.exe,
-
What does SAS say when you run a scan? Does it find anything?
-
Two things:
1. SP3 for XP has been out for about nine months and that allows IE6 to be updated to IE6 SP3 also.
2. Your JAVA is way out of date and as such vulnerable to exploit.
Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here http://java.sun.com/javase/downloads/index.jsp (http://java.sun.com/javase/downloads/index.jsp)
Or JRE version 6 update 12 http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html)
Showing this form for having out of date applications ;D
I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/ (http://secunia.com/software_inspector/).
####
That F2 HJT entry is suspect and a google search shows it to be so, http://www.google.com/search?q=oembios.exe (http://www.google.com/search?q=oembios.exe). Also see, http://www.threatexpert.com/files/oembios.exe.html (http://www.threatexpert.com/files/oembios.exe.html).
Check the suspect file/s at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here in the topic, the URL in the Address bar of the VT results page.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a reference to this topic (give URL) and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
-
how do i scan the ispiqq.dll using virus total if its in my Infected files part of the chest
also i deleted oembios.exe using avasts delete option..before i posted this hi-jack this log
yet superantispywares Tea Timer still gives me the option to deny/allow its registry change to userinit
inside my system32 i noticed oemdspif.dll which is an ati driver interface dll
wondering if its related to
oembios.bin oembios.dat and oembios.sig
-
If avast was already detecting them n(you didn't mention that) then there is little point in uploading them.
Follow these instructions:
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder.
You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Open the avast chest Infected Files section, right click on the file, select export (not restore) and navigate to the Suspect folder you created and select that.
These associated oembios files would obviously need to be removed oembios.bin oembios.dat and oembios.sig, but the oemdspif.dll doesn't appear to be associated.
-
is extract what you mean by export? just dont wanna be clicking the wrong thing here
as mine only has the option to restore delete or extract
-
Yes, extract is what he meant.
-
ok done... under it it says its an lsp dynamic link library version 1.0.0.1... which means it Executes a Process
ill post its virustotal under here when its done
ok... seems somethings up with it
http://www.virustotal.com/analisis/d068e3d6cb4420db08ed55b5d2bb7c47
-
Did you upload it to virustotal.com as DavidR has suggested?
-
yep its just above your post
-
Well the results are pretty conclusive it is infected with 22 of 40 scanners finding it infected.
-
And avast should remove it, because it identifies it as a virus as well.
-
so ill just delete it out the chest then?
-
Yes, normally I would suggest you leave any infected file in the chest foe a few weeks before scanning it again within the chest and if still detected then delete, but this one is pretty conclusive.
-
ok there we go..deleted out of chest and then deleted the one in suspect to the recycle bin then its virus alert came up and i deleted it out of the recycle bin... so all is well :P
Thanks For The Help...knowing me i would have just clicked restore...
also how can i go about removing this registry entry i mentioned
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\oembios.exe,
i deleted oembios.exe with avast.. but that entry still is in my hi-jack this
i think thats what downloaded ispiqq.dll... as a result of me deleteing it
-
You fix it in HJT
If the file is gone the registry entry (which is what HJT shows) is redundant so couldn't download anything, but you should still remove it using HJT.
Run HJT again (close any other windows except HJT), tick the box to the left of the suspect entry you wish to fix, click the Fix Selected Button.
-
thanks that did it :)
guess my pc is totally clean now
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Kontiki\KService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Kontiki\KHost.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\program files\steam\steam.exe
D:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Electronic Arts\EADM\Core.exe
D:\Program Files\Paltalk Messenger\paltalk.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\RALINK\Common\RaUI.exe
D:\Program Files\Xfire\xfire.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Opera\opera.exe
D:\Documents and Settings\Ryan\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kdx] D:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "D:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O4 - Global Startup: PalTalk.lnk = D:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199300685734
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - D:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8259 bytes
-
i just looking fast at it i think its look good ask another guy i just looked fast like that :)
-
That looks much better nothing obvious.
-
thats good :D
also the last thing ill add so i dont have to start a new thread elsewhere :p is i have a file on my desktop called p16 thats been there for a good 5months+ that i cant find out how to get rid of
the type of file is file and its 0 bytes
now this file is a pain... it cant be shredded... if i delete it it says cannot read from source or disk.. it just will not go and i have no idea what it is or how it got there also it cant be moved..
its just a real real pain i was wondering if you know how to get rid of files like that?
-
now this file is a pain... it cant be shredded... if i delete it it says cannot read from source or disk.. it just will not go and i have no idea what it is or how it got there also it cant be moved..
its just a real real pain i was wondering if you know how to get rid of files like that?
Try this file called "Unlocker" - http://majorgeeks.com/download.php?det=4660
-
ah fianlly it got rid of it so glad that ugly sight is gone...
anyway i wont ask anymore questions :P already a 20 post thread
Thanks For the help
-
No problem. ;D
-
Well 0 bytes in theory shouldn't be an issue, but you can hide huge amounts of data in the files Alternative Data Stream if your hard disks format is NTFS.
It is strange that is can't be shredded, what errors are displayed ?
If you right click on it and select Properties what information is there ?
Anything like what might own it, if it is actually a file (e.g. file type) or a shortcut to a file, etc.
If a shortcut what is it a shortcut too, file name and location, etc. ?
You really have to be a little more circumspect about deletion, you should 'never' delete anything until you have fully investigated what it is and if it is required, etc. and then if there is no negative side remove it.
-
oh well i kind of just deleted it there.. well remembering back there was no errors it just basically would remain there normally i would just drag it so far off my desktop only a little bit could be seen...
*shredded with tuneup utilities*
properties contains nothing except its file type... and size of 0 bytes..
ive read somewhere that its from a printer or something but thats impossible as i have no printer...
is there anyway i can recover that file scythe? i clicked the delete option using unlocker
-
It's possible, although unlikely. Try this utility called, "Restoration" located here: http://www.snapfiles.com/get/restoration.HTML
You might be able to salvage it.
I doubt it was useful though.
-
That looks much better nothing obvious.
Have they updated to SP3?
I can't see it from the HijackThis header.
-
I don't know (but in the time frame I doubt it), I pointed it out on my first reply in Reply #3 of this topic, now it is down to them.
You could ask them.
-
nope sp3 isn't installed i have sp2...
when i got this pc it came with the dodgey pirated windows used to test it with
it has loads of programs,auto updates turned off ect...so when i got them it bluescreened the pc
so i had to install windows off this disk with the serial on the back i found lying about that i got off someone who bought it from a guy at work who sells dvds and loads of cds...
but ive kept automatic updates off right from when i installed windows xp pro just in case it happens again..