Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Vundo Nightmare!


  • Please log in to reply
19 replies to this topic

#1 hattrick17

hattrick17

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 08 September 2007 - 07:27 AM

Please help. I am running windows xp and have been infected with the WinAntiVirus/Vundo/Virtumondo virus. I have tried AdAware, Spybot, and SpyHunter but none will remove it. When I try to download HijackThis!, I get the message "Adobe reader could not open HJT install because it is either not a supported File type or because the file has been damaged (for example, it was sent as an email attachment and wasn't correctly decoded)" Please help!! I am ready to throw this thing in the trash!

    Advertisements

Register to Remove


#2 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 08 September 2007 - 02:14 PM

Copy and paste the following into Notepad (Start > All Programs > Accessories > Notepad):

regedit /e peek1.txt "HKEY_CLASSES_ROOT\.exe"
regedit /e peek2.txt "HKEY_CLASSES_ROOT\exefile"
type peek1.txt >> look.txt
type peek2.txt >> look.txt
del peek*.txt
start notepad look.txt


Save it to your Desktop with the following filename, including quotation marks: "regfind.bat"

Double click regfind.bat and a Notepad window will open with some text in it - copy and paste this into your next reply.
* A copy of the file will also be saved to the Desktop as look.txt.
Death to the salad eaters!

#3 hattrick17

hattrick17

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 08 September 2007 - 03:53 PM

Here you go. Thank you so much for replying so quickly. Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.exe] @="exefile" "Content Type"="application/x-msdownload" [HKEY_CLASSES_ROOT\.exe\PersistentHandler] @="{098f2470-bae0-11cd-b579-08002b30bfeb}" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\exefile] @="Application" "EditFlags"=hex:38,07,00,00 "TileInfo"="prop:FileDescription;Company;FileVersion" "InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size" [HKEY_CLASSES_ROOT\exefile\DefaultIcon] @="%1" [HKEY_CLASSES_ROOT\exefile\shell] [HKEY_CLASSES_ROOT\exefile\shell\open] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\runas] [HKEY_CLASSES_ROOT\exefile\shell\runas\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shellex] [HKEY_CLASSES_ROOT\exefile\shellex\DropHandler] @="{86C86720-42A0-1069-A2E8-08002B30309D}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers] [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps] @="{86F19A00-42A0-1069-A2E9-08002B30309D}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page] @="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}] @=""

#4 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 08 September 2007 - 04:20 PM

Can you save the HJT executable from here and just double click it to run it?
Death to the salad eaters!

#5 hattrick17

hattrick17

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 09 September 2007 - 12:16 AM

I don't know if I did this right, but here is what I got when I followed your previous instructions.

Thanks again for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:11:15 AM, on 2007-09-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\nd\Tomcat4.1\bin\tomcat.exe
C:\nd\apache2\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\nd\apache2\Apache2\bin\Apache.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\nd\apache2\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Greg Fife\Application Data\tmpFA.tmp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Documents and Settings\Greg Fife\Local Settings\Temporary Internet Files\Content.IE5\WDE7SHQZ\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53818bbc-8e1b-4e27-908a-7ec83bf19964} - C:\WINDOWS\system32\lnk3d8.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DellNSCST_GRNCH] "C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\nd\apache2\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\lnk3d8.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\lnk3d8.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\lnk3d8.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://netdimension...bex/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\awvtssq.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: lnk3d8 - C:\WINDOWS\SYSTEM32\lnk3d8.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\nd\Tomcat4.1\bin\tomcat.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\nd\apache2\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Greg Fife\Application Data\tmpFA.tmp.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: MalwareBot Scanning Engine (MalwareBotSrv) - Unknown owner - C:\Program Files\MalwareBot\MalwareBotSrv.srv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

--
End of file - 13184 bytes

#6 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 09 September 2007 - 01:40 PM

The first thing we need to do is to move hijackthis.exe. It needs to be in a folder of it's own, somewhere safe - C:\Program Files is a good location for it, but any permanent folder is fine. At the moment it is running from the Temporary Internet Files folder which isn't recommended. You can either move your copy or download a fresh one using the same link as last time.
Once you've done that, I need you to rename the file from hijackthis.exe to seek.exe and then let me have a fresh log. Sometimes malware interferes with the normal working of HJT and this is an easy way to get round this.

Also, run HJT and click on Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

Death to the salad eaters!

#7 hattrick17

hattrick17

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 09 September 2007 - 02:05 PM

How do I move HJT.exe? All I have right now are two icons on my desktop, one is "HJT Install", the other is "HJT Setup" Whenever I try to open either of them, I get the message, "choose the program you want to use to open this file", and there is a list of all of my programs. When I try to select any of them, (Adobe, Word, Excel, etc.), I get the message "Adobe reader cannot open HJT Install because it is either not a supported file type or because the file has been damaged."

#8 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 09 September 2007 - 03:18 PM

Download a fresh copy of the file from the link that I provided earlier and save it to your Desktop - don't run it directly from the link. Then you can create a folder in Program Files and move the file into that.
Forget "HJT Install" and "HJT Setup - something is affecting your PC's ability to deal with those files, but we'll worry about that later.
Death to the salad eaters!

#9 hattrick17

hattrick17

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 09 September 2007 - 04:06 PM

O.K., here's the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:01:34 PM, on 2007-09-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MalwareBot\MalwareBotSrv.srv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\nd\Tomcat4.1\bin\tomcat.exe
C:\nd\apache2\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\nd\apache2\Apache2\bin\Apache.exe
C:\Documents and Settings\Greg Fife\Application Data\tmpFA.tmp.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\nd\apache2\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\seek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53818bbc-8e1b-4e27-908a-7ec83bf19964} - C:\WINDOWS\system32\lnk3d8.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DellNSCST_GRNCH] "C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\nd\apache2\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\lnk3d8.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\lnk3d8.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\lnk3d8.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://netdimension...bex/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\awvtssq.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: lnk3d8 - C:\WINDOWS\SYSTEM32\lnk3d8.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\nd\Tomcat4.1\bin\tomcat.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\nd\apache2\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Greg Fife\Application Data\tmpFA.tmp.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: MalwareBot Scanning Engine (MalwareBotSrv) - Unknown owner - C:\Program Files\MalwareBot\MalwareBotSrv.srv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

--
End of file - 12893 bytes

#10 hattrick17

hattrick17

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 09 September 2007 - 04:10 PM

And here's the "Miscellanious Tools" Log you also asked for. Access Help Ad-Aware 2007 Adobe Captivate 2 Adobe Flash Player ActiveX Adobe Reader 7.0.9 Apache HTTP Server 2.0.43 Apache Tomcat 4.1 (remove only) Apple Mobile Device Support Apple Software Update ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver ATI HYDRAVISION Brother MFL-Pro Suite Dell Laser MFP 1815 Software Uninstall Diskeeper Lite Enterprise Knowledge Platform (EKP) v4.6 Google Earth Help Center HijackThis 2.0.2 IBM 32-bit Runtime Environment for Java 2, v1.4.2 Intel® PRO Network Connections Drivers Intel® PROSet/Wireless Software InterVideo WinDVD iTunes Java 2 Runtime Environment, SE v1.4.2 Java 2 SDK, SE v1.4.2 LiveReg (Symantec Corporation) LiveUpdate 2.6 (Symantec Corporation) MalwareBot mCore mDriver Message Center Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft SQL Server Desktop Engine mMHouse mPfMgr mProSafe MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) mWlsSafe mXML PaperPort PC-Doctor 5 for Windows Productivity Center Supplement for ThinkPad QuickTime Remove Multimedia Center Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Skype™ 3.2 Software Installer Sonic DLA Sonic Express Labeler Sonic Update Manager SoundMAX Spybot - Search & Destroy 1.4 Spyware Doctor 5.0 Symantec Client Security System Migration Assistant ThinkPad Configuration ThinkPad EasyEject Utility ThinkPad FullScreen Magnifier ThinkPad Keyboard Customizer Utility ThinkPad Modem ThinkPad PC Card Power Policy ThinkPad Power Management Driver ThinkPad Power Manager ThinkPad Presentation Director ThinkPad UltraNav Driver ThinkPad UltraNav Wizard ThinkVantage Access Connections ThinkVantage Active Protection System ThinkVantage Away Manager ThinkVantage Productivity Center ThinkVantage System Update ThinkVantage Technologies Welcome Message TrackPoint Accessibility Features Uninstall Dell PC Fax Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Wallpapers WebEx Windows Installer 3.1 (KB893803) Windows Media Connect Windows Media Connect Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB887472 WinRAR archiver XP Themes

    Advertisements

Register to Remove


#11 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 09 September 2007 - 04:42 PM

Download Combofix by sUBs from here and save it to your Desktop.
  • Double click combo.exe to run it and follow the prompts.
  • Please Note: This may require the PC to be rebooted so close any programs you have open before you start.
  • When the tool has finished, it will produce a log C:\ComboFix.txt - copy and paste it into your next reply.
  • Post a fresh HJT log as well.
  • Let me know how the PC is behaving.
Please Note:
  • Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash.
  • Disable Script Blocking if you have NAV installed as it will interfere with the normal working of this tool.
  • Should any security program warnings appear, ignore them as they are false-positives - this tool isn't malicious.

Death to the salad eaters!

#12 hattrick17

hattrick17

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 09 September 2007 - 06:02 PM

O.K., here is the Combo fix log. The computer seems to be running o.k. I haven't received any pop-ups. It was also making these weird noises, like it was playing back a series of audio clips. That seems to have stopped now. do you think we can get it back to normal? Thanks again.

ComboFix 07-09-10.2 - "Greg Fife" 2007-09-09 19:34:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.127 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp10D8.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp10E4.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp149.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp14A.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp151.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp168.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp18.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp193.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp1AB.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp1B4.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp1B8.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp1D2.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp1E4.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp1F2.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp25A.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp26D.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp31.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp3EA.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp3F.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp44.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp4A.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp55.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp613.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp6C4.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp8A.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp9.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmp9CF.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmpA7.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmpA8.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmpA9.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmpAD.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmpAF.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmpB.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmpBC.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmpC.tmp.exe
C:\DOCUME~1\GREGFI~1\APPLIC~1\tmpD4B.tmp.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\kjkknn.ini2
C:\WINDOWS\kjkknn.tmp
C:\WINDOWS\nnkkjk.dll
C:\WINDOWS\nnqpru.ini
C:\WINDOWS\system32\_000045_.tmp.dll
C:\WINDOWS\system32\awvtr.exe
C:\WINDOWS\system32\awvtssq.dll
C:\WINDOWS\system32\awvvv.exe
C:\WINDOWS\system32\ddccd.exe
C:\WINDOWS\system32\lnk3d8.dll
C:\WINDOWS\system32\ssttr.exe
C:\WINDOWS\urpqnn.dll


((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.

2007-09-09 17:58 401,720 --a------ C:\Program Files\seek.exe
2007-09-07 16:07 <DIR> d-------- C:\WINDOWS\system32\Vundo
2007-09-07 11:44 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-06 16:44 <DIR> d-------- C:\DOCUME~1\GREGFI~1\APPLIC~1\MalwareBot
2007-09-06 16:42 18,672 --a------ C:\WINDOWS\system32\drivers\antispyfilter.sys
2007-09-06 16:42 <DIR> d-------- C:\Program Files\MalwareBot
2007-09-06 12:43 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-06 12:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-06 12:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-21 16:55 92,813 --a------ C:\WINDOWS\system32\disodm.dll.vir
2007-08-21 12:29 92,813 --a------ C:\WINDOWS\system32\dfreP6.dll.vir
2007-08-21 11:43 92,813 --a------ C:\WINDOWS\system32\loguag.dll.vir
2007-08-21 11:25 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 14:24 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-11 09:35 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-08-11 09:35 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-08-11 09:35 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-08-10 16:05 2,182,144 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-08-10 16:05 2,137,600 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-08-10 16:05 2,017,280 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 18:51 --------- d-------- C:\DOCUME~1\GREGFI~1\APPLIC~1\Skype
2007-09-09 18:01 12895 --a------ C:\Program Files\hijackthis.log
2007-09-07 22:25 --------- d-------- C:\Program Files\Google
2007-09-07 20:27 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-09-07 10:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-09-06 15:16 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-27 21:59 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-22 15:31 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-09 15:26 --------- d-------- C:\DOCUME~1\GREGFI~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-09 15:25 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-08-09 14:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-09 13:20 --------- d-------- C:\DOCUME~1\GREGFI~1\APPLIC~1\Webroot
2007-08-08 12:49 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
2007-08-08 12:04 --------- d-------- C:\DOCUME~1\GREGFI~1\APPLIC~1\PC Tools
2007-08-08 11:33 --------- d-------- C:\Program Files\NoAdware5.0
2007-08-08 09:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-07 13:33 --------- d-------- C:\Program Files\Alwil Software
2007-08-04 22:44 25664 --a------ C:\WINDOWS\system32\6IY7GdIj.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-24 15:21 --------- d-------- C:\DOCUME~1\GREGFI~1\APPLIC~1\webex
2007-07-19 14:41 51304 --a------ C:\WINDOWS\system32\drivers\atnt40k.sys
2007-07-19 14:39 202314 --a------ C:\WINDOWS\system32\atasnt40.dll
2007-07-19 14:31 --------- d-------- C:\Program Files\WebEx
2007-07-18 20:31 --------- d-------- C:\DOCUME~1\GREGFI~1\APPLIC~1\Apple Computer
2007-07-16 13:05 56912 --a------ C:\DOCUME~1\GREGFI~1\g2mdlhlpx.exe
2007-07-16 13:05 --------- d-------- C:\Program Files\Citrix
2007-07-13 20:05 --------- d-------- C:\Program Files\iTunes
2007-07-13 20:05 --------- d-------- C:\Program Files\iPod
2007-07-13 20:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-13 20:04 --------- d-------- C:\Program Files\QuickTime
2007-07-13 20:03 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-13 20:03 --------- d-------- C:\Program Files\Apple Software Update
2007-07-13 20:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-11 14:22 --------- d-------- C:\DOCUME~1\GREGFI~1\APPLIC~1\InterVideo
2007-06-26 11:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:35 665600 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 04:12 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 04:12 616960 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 04:12 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 04:12 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 04:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 04:12 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 04:12 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 04:12 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 04:12 3064320 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 04:12 251904 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 04:12 205824 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 04:12 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 04:12 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 04:12 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 04:12 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 04:12 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 04:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 06:32 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 22:04]
"TpShocks"="TpShocks.exe" [2005-11-07 14:14 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 04:11 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 05:22]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-12-15 17:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 16:57]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 16:57]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-12-15 17:19]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 17:06]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 17:43]
"suScheduler"="C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 20:32]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2005-11-24 04:02]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 18:23]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 12:21]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-08-18 20:22]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-29 13:55]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-02-01 01:19]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-02-01 01:12]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-07 04:12]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-07 04:12]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 09:10]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 20:50]
"ISUSScheduler"="c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 20:50]
"DellNSCST_GRNCH"="C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" [2006-08-28 23:17]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 13:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 17:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 17:45]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 10:46]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 21:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 09:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 12:18]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 13:19]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 16:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 20:10]
"MalwareBot"="C:\Program Files\MalwareBot\MalwareBot.exe" []

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-31 14:24:28]
Monitor Apache Servers.lnk - C:\nd\apache2\Apache2\bin\ApacheMonitor.exe [2002-10-03 08:58:34]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 20:23:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-06 02:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 23:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 AntiSpyFilter;AntiSpyFilter;C:\WINDOWS\system32\DRIVERS\antispyfilter.sys
R1 IBMTPCHK;IBMTPCHK;\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
R2 Apache Tomcat 4.1;Apache Tomcat 4.1;C:\nd\Tomcat4.1\bin\tomcat.exe
R2 MalwareBotSrv;MalwareBot Scanning Engine;"C:\Program Files\MalwareBot\MalwareBotSrv.srv.exe"
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 atmeltpm;atmeltpm;C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-04 22:49:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-08 13:00:09 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-09-06 14:00:00 C:\WINDOWS\Tasks\At11.job"
"2007-09-07 15:00:01 C:\WINDOWS\Tasks\At12.job"
"2007-09-07 16:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-09-07 17:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-09-05 18:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-09-07 19:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-09-09 20:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-09-07 21:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-09-09 22:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-09-09 23:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-09-02 00:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-09-08 01:00:01 C:\WINDOWS\Tasks\At22.job"
"2007-09-02 02:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-09-08 03:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-08-26 06:00:05 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-08-29 07:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-08-05 02:45:28 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-08-05 02:45:28 C:\WINDOWS\Tasks\At6.job"
"2007-08-05 02:45:28 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-08-05 02:45:28 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-08-24 12:01:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\6IY7GdIj.exe
"2007-09-06 20:44:19 C:\WINDOWS\Tasks\MalwareBot Scheduled Scan.job"
- C:\Program Files\MalwareBot\MalwareBot.exe
"2007-09-10 23:49:03 C:\WINDOWS\Tasks\PMTask.job"
"2006-05-31 20:29:28 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 19:45:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-10 19:52:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 19:52
.
--- E O F ---

And here is the new HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:20 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MalwareBot\MalwareBotSrv.srv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\nd\Tomcat4.1\bin\tomcat.exe
C:\nd\apache2\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\nd\apache2\Apache2\bin\Apache.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\nd\apache2\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\seek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DellNSCST_GRNCH] "C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\nd\apache2\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://netdimension...bex/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\nd\Tomcat4.1\bin\tomcat.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\nd\apache2\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: MalwareBot Scanning Engine (MalwareBotSrv) - Unknown owner - C:\Program Files\MalwareBot\MalwareBotSrv.srv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

--
End of file - 12481 bytes

#13 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 10 September 2007 - 01:08 PM

Download Findlop.zip by Metallica from here and save it to your Desktop.
You will need to extract the file(s).
To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


You should now see the contents of the findlop folder.
Double click findlop.bat to run it. A Notepad window entitled findlop.txt will open - copy and paste this into your next reply.
Death to the salad eaters!

#14 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 10 September 2007 - 01:10 PM

Download Findlop.zip by Metallica from here and save it to your Desktop.
You will need to extract the file(s).
To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


You should now see the contents of the findlop folder.
Double click findlop.bat to run it. A Notepad window entitled findlop.txt will open - copy and paste this into your next reply.
Death to the salad eaters!

#15 hattrick17

hattrick17

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 10 September 2007 - 01:37 PM

O.K., here it is. The PC seems to be acting alright now. Do you think we fixed it? [TRACE] Enumerating jobs and queues [TRACE] Activating job 'AppleSoftwareUpdate.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe' Parameters: '-task' WorkingDirectory: '' Comment: '' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 07/17/2007 18:49:00 NextRun: 09/11/2007 18:49:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: ..T.... StartDate: 07/13/2007 EndDate: 00/00/0000 StartTime: 18:49 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At10.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/21/2007 9:00:00 NextRun: 09/12/2007 9:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 09:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At11.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/24/2007 10:00:00 NextRun: 09/12/2007 10:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 10:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At12.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/25/2007 11:00:00 NextRun: 09/12/2007 11:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 11:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At13.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/22/2007 12:00:00 NextRun: 09/12/2007 12:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 12:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At14.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/22/2007 13:00:00 NextRun: 09/12/2007 13:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 13:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At15.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/23/2007 14:00:00 NextRun: 09/12/2007 14:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 14:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At16.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/24/2007 15:00:00 NextRun: 09/12/2007 15:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 15:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At17.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/25/2007 16:00:00 NextRun: 09/11/2007 16:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 16:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At18.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/25/2007 17:00:00 NextRun: 09/11/2007 17:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 17:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At19.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/25/2007 18:00:00 NextRun: 09/11/2007 18:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 18:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At20.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/25/2007 19:00:00 NextRun: 09/11/2007 19:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 19:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At21.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/25/2007 20:00:00 NextRun: 09/11/2007 20:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 20:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At22.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/25/2007 21:00:00 NextRun: 09/11/2007 21:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 21:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At23.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/20/2007 22:00:00 NextRun: 09/11/2007 22:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 22:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At24.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/24/2007 23:00:00 NextRun: 09/11/2007 23:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 23:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At3.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 09/12/2007 2:00:00 StartError: 0x80070005 ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 02:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At4.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/08/2007 3:00:00 NextRun: 09/12/2007 3:00:00 StartError: 0x80070005 ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 03:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At5.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 09/12/2007 4:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 04:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At6.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 09/12/2007 5:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 05:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At7.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 09/12/2007 6:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 06:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At8.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 09/12/2007 7:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 07:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'At9.job' [TRACE] Printing all job properties ApplicationName: 'C:\WINDOWS\system32\6IY7GdIj.exe' Parameters: '' WorkingDirectory: '' Comment: 'Created by NetScheduleJobAdd.' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/24/2007 8:00:00 NextRun: 09/12/2007 8:00:00 StartError: S_OK ExitCode: 0x1 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 1 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 [WARN ] Unrecognized bits = 200000 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: UMTWRFA StartDate: 08/04/2007 EndDate: 00/00/0000 StartTime: 08:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'MalwareBot Scheduled Scan.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\MalwareBot\MalwareBot.exe' Parameters: 'scheduled' WorkingDirectory: 'C:\Program Files\MalwareBot' Comment: 'Runs MalwareBot to scan your computer for malicious and potenially unwanted programs.' Creator: 'Greg Fife' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 09/12/2007 3:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 09/06/2007 EndDate: 00/00/0000 StartTime: 03:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'PMTask.job' [TRACE] Printing all job properties ApplicationName: 'C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE' Parameters: '' WorkingDirectory: 'C:\PROGRA~1\ThinkPad\UTILIT~1' Comment: '' Creator: 'Administrator' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 0 IdleDeadline: 990 MostRecentRun: 00/00/0000 0:00:00 NextRun: 00/00/0000 0:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_DISABLED ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 1 StartOnlyIfIdle = 1 KillOnIdleEnd = 1 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: OnIdle StartDate: 01/01/1999 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Symantec NetDetect.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE' Parameters: '' WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate' Comment: 'Symantec NetDetect' Creator: 'SYSTEM' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 00/00/0000 0:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_DISABLED ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 1 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 05/31/2006 EndDate: 00/00/0000 StartTime: 13:34 MinutesDuration: 1440 MinutesInterval: 5 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users