Well this is my third attempt to write this post as my system keeps crashing with the BSOD - I followed your requirements to the letter apart from the Kaspersky Scan - I was afraid that it too would bomb out so I "stopped" it after it went on to the H:\ partition, thinking that by then it had scanned C:\, D:\,E:\ F:\ and G:\ - I hope my thinking is correct and I also hope I can finish this post before I get another BSOD - I'm more than frustrated now and totally in your care.
Thank you for replying again - I read your responses when I woke up this afternoon, just after you sent them, I think and have been struggling ever since. However I attach the two logs requested, but can confirm that so far the BSOD is ever present ! I would just add that today I managed to catch 2 crashes - before the 1st of the 2 BSOD's I got an error message which started off "ISACTIVEGUARD" - a web search revealed this may have had something to do with Edwido, so I uninstalled it. The second message just now came on so quickly and followed immediately by the BSOD, that I could not read it - this was a longer message. There is no telling when I get the BSOD's - usually it happens when I'm running either of my 2 file recovery progs or during a system scan. I have disabled Norton Antivirus Auto-Protect throughout and no other realtime scanner is now in operation. I will now answer your 2 posts.
First my systems details:
It was not a typo - I lost 208Gb of files. D:\ 34Gb, E:\ 5Gb, F;\ 45Gb G:\ 136Gb and H:\ 6 Gb all appx.
I run a Asus P4C800-E Deluxe mobo which has two independant RAID setups a Promise and an Intel.
I'm not sure right now which way round they are but think that C:\ and D:\ are in a Promise RAID (0) 2 x Western Digital 10,000 rpm drives of 35Gb each - C:\ being my bootable partition with E:\ (100Gb), F:\ (50Gb) and G:\ (150Gb) being in an Intel RAID(0) setup. I run XP-Pro (not XP 64 bit) and I also have numerous virtual drives and removable ones which all appear fine.
The files lost wer simply due to Cleanup not having the correct configuartion requirement installed - are you suggesting that this was due to a vrus or something? as I'm not sure why you want file extensions - they were wav, Vobs and numerous others - I would add that E:\ holds my MY Documents, nothing deleted and my Outlook express storage folders - again nothing deleted. F:\ however and more importantly holds my paging file and Internet Cache so F:\ is constantly being overwritten and will hinder my file recovery. I run 2 progs namely File Scavenger 2 and R-Studio. As with virus scanners whether progs or online, they abort by themselves prior to completeion or with the BSOD which is more than totally frustrating.
OK now on to your second post of today: -
Ran everything and deleted everything meticulously I recognise most of the stuff you mention under "Services" so I would rather not delete these - most of it relates to my Dreambox or Mercedes Diagnosis programs - not sure about Kontiki though.
I will hede what you say regarding Memtest.
all entries in HiJackThis checked and fixed did what you said from then on. None of the files in C:\Windows\system32\Programs were present. Deleted the cookies and did what you said re regsvr32 all in safemode etc and then in normal mode ran Kaspersky. As I said I aborted this after it started on H:\ I'm assuming it covered C:\ and F;\ but not sure about the latter and certainly not sure about whether it cleaned anything - everything seemed to have been skipped - but it is an online scanner isn't it - not intended to do anything with what it finds isn't it? or did my stopping before completion prevent it from cleaning - please advise.
The two logs are now shown and I would be grateful for what to do next.
Kaspersky Log
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, April 24, 2006 6:04:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 24/04/2006
Kaspersky Anti-Virus database records: 189678
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
L:\
M:\
N:\
O:\
P:\
Q:\
R:\
S:\
Scan Statistics:
Total number of scanned objects: 149270
Number of viruses found: 44
Number of infected objects: 136
Number of suspicious objects: 4
Duration of the scan process: 02:32:01
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer10.zip/install.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer10.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer2.zip/install.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\066150CA.htm Infected: Trojan-Clicker.JS.Linker.p skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24233EEA.dat Infected: Backdoor.Win32.SpyBoter.dv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2579329B.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2579329B.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2579329B.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2579329B.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2579329B.zip ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2579329B.zip CryptFF: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DA57B0F.dll Infected: not-a-virus:AdWare.Win32.WinAD.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FFF2F1D.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FFF2F1D.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FFF2F1D.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FFF2F1D.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FFF2F1D.zip ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FFF2F1D.zip CryptFF: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56502EDE.dat Infected: P2P-Worm.Win32.Apsiv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A075984.zip/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A075984.zip/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A075984.zip/web.exe Infected: Trojan.Win32.LowZones.cp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A075984.zip/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A075984.zip/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A075984.zip ZIP: infected - 5 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A075984.zip CryptFF: infected - 5 skipped
C:\Documents and Settings\Paul\Desktop\Spyware stuff\Norton 2006 Cracks\norton antivirus 2006 keygen (2) (1).exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\Documents and Settings\Paul\Desktop\Spyware stuff\Norton 2006 Cracks\norton antivirus 2006 keygen (2) (1).exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\Documents and Settings\Paul\Desktop\Spyware stuff\Norton 2006 Cracks\norton antivirus 2006 keygen (2) (1).exe NSIS: infected - 2 skipped
C:\Documents and Settings\Paul\Desktop\Spyware stuff\OiUninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.MediaTickets.y skipped
C:\Documents and Settings\Paul\Desktop\Spyware stuff\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Documents and Settings\Paul\Desktop\Spyware stuff\OiUninstaller.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Paul\Desktop\YouSendIt Downloads\YSIGet 0.99c.exe/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Paul\Desktop\YouSendIt Downloads\YSIGet 0.99c.exe NSIS: infected - 1 skipped
C:\Program Files\DreamTSman\DreamTSman.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\GIANT Company Software\Spam Inspector\siMailClientAccounts.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\GIANT Company Software\Spam Inspector\siMain.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\Internet Explorer\iexplore.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\Microsoft ActiveSync\CeAppMgr.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\Outlook Express\msimn.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\SMSC\SetIcon.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\Windows Media Components\Encoder\wmenc.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\Windows NT\Pinball\pinball.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\Program Files\YSIGet\uninstall.exe/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\YSIGet\uninstall.exe NSIS: infected - 1 skipped
C:\RECYCLER\S-1-5-21-602162358-2049760794-682003330-500\Dc16.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP1\A0000142.EXE/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP1\A0000142.EXE NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP1\A0000163.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP1\A0000164.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP1\A0000165.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP1\A0000166.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP1\A0000167.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000169.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000171.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000172.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.z skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000173.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000174.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000175.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000176.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000177.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.v skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000178.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000179.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000180.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000181.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000182.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000183.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000185.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.p skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP2\A0000186.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ab skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP3\A0000187.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP5\A0000378.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP5\A0000495.exe Infected: Backdoor.Win32.Prorat.db skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP5\A0000496.exe Infected: Backdoor.Win32.Prorat.db skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP5\A0000497.exe Infected: not-a-virus:NetTool.Win32.AccessDiver.4140 skipped
C:\System Volume Information\_restore{F69CB265-1087-4B91-B35C-6A940FD4FEBE}\RP5\A0000672.exe Infected: Virus.DOS.Vit.a skipped
C:\WINDOWS\inf\unregmp2.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\notepad.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\regedit.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\setup.exe/data0013 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\WINDOWS\setup.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\accwiz.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\dxdiag.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\logon.scr Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\logonui.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\mshearts.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\mspaint.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\notepad.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\Restore\rstrui.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\taskmgr.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\telnet.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\tourstart.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\wbem\wmiadap.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\wbem\wmiapsrv.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\system32\wiaacmgr.exe Infected: P2P-Worm.Win32.Polip.a skipped
C:\WINDOWS\_.EXE/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\WINDOWS\_.EXE/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\WINDOWS\_.EXE NSIS: infected - 2 skipped
E:\Kazza Lite Downloads\AutoRoute_2004_Keygen.exe/data.rar/AutoRoute_2004_Keygen/admdll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
E:\Kazza Lite Downloads\AutoRoute_2004_Keygen.exe/data.rar/AutoRoute_2004_Keygen/video.dat Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
E:\Kazza Lite Downloads\AutoRoute_2004_Keygen.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
E:\Kazza Lite Downloads\AutoRoute_2004_Keygen.exe RarSFX: infected - 3 skipped
E:\Kazza Lite Downloads\Spybot-spyware-search-and-destroy.zip/setup-freewire-file-sharing-app-no-ads-or-banners.exe/data0002 Infected: not-a-virus:AdWare.Win32.IPInsight.a skipped
E:\Kazza Lite Downloads\Spybot-spyware-search-and-destroy.zip/setup-freewire-file-sharing-app-no-ads-or-banners.exe/data0004 Infected: not-a-virus:AdWare.Win32.IGetNet skipped
E:\Kazza Lite Downloads\Spybot-spyware-search-and-destroy.zip/setup-freewire-file-sharing-app-no-ads-or-banners.exe/data0005 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Kazza Lite Downloads\Spybot-spyware-search-and-destroy.zip/setup-freewire-file-sharing-app-no-ads-or-banners.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Kazza Lite Downloads\Spybot-spyware-search-and-destroy.zip ZIP: infected - 4 skipped
E:\Kazza Lite Downloads\xoftspy registration code.rar/loader.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
E:\Kazza Lite Downloads\xoftspy registration code.rar/loader.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
E:\Kazza Lite Downloads\xoftspy registration code.rar/loader.exe Infected: Trojan-Downloader.Win32.IstBar.nn skipped
E:\Kazza Lite Downloads\xoftspy registration code.rar RAR: infected - 3 skipped
E:\My Documents\Miscellaneous Outstanding\Army Complaint and Expenses 1.doc Infected: Trojan-Dropper.MSWord.Lafool.h skipped
E:\Our PC's\George\Memory Installation - George.doc Infected: Trojan-Dropper.MSWord.Lafool.h skipped
E:\Our PC's\Raid Recovery\UBCD4WinV25.exe/data.rar/plugin/passwordspro/files/PasswordsPro.exe Infected: not-a-virus:PSWTool.Win32.SAMInside.b skipped
E:\Our PC's\Raid Recovery\UBCD4WinV25.exe/data.rar/plugin/VNCServer/vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
E:\Our PC's\Raid Recovery\UBCD4WinV25.exe/data.rar/plugin/VNCServer/winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
E:\Our PC's\Raid Recovery\UBCD4WinV25.exe/data.rar/plugin/VNCServer/wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
E:\Our PC's\Raid Recovery\UBCD4WinV25.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
E:\Our PC's\Raid Recovery\UBCD4WinV25.exe RarSFX: infected - 5 skipped
E:\Outlook Express Mail and News Data Storage\Emmas Wedding.dbx/[From "Paul" <rozel@dsl.pipex.com>][Date Thu, 11 Aug 2005 17:49:39 +0100]/UNNAMED/Army Infected: Trojan-Dropper.MSWord.Lafool.h skipped
E:\Outlook Express Mail and News Data Storage\Emmas Wedding.dbx/[From "Paul" <rozel@dsl.pipex.com>][Date Thu, 11 Aug 2005 17:49:39 +0100]/UNNAMED Infected: Trojan-Dropper.MSWord.Lafool.h skipped
E:\Outlook Express Mail and News Data Storage\Emmas Wedding.dbx Mail MS Outlook 5: infected - 2 skipped
E:\Outlook Express Mail and News Data Storage\Inbox (5).dbx/[From "Peter and Jean" <peterandjean@chellow.free-online.co.uk>][Date Sun, 2 Jul 2000 14:27:01 +0100]/UNNAMED/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\Outlook Express Mail and News Data Storage\Inbox (5).dbx/[From "Peter and Jean" <peterandjean@chellow.free-online.co.uk>][Date Sun, 2 Jul 2000 14:27:01 +0100]/UNNAMED/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\Outlook Express Mail and News Data Storage\Inbox (5).dbx/[From "Peter and Jean" <peterandjean@chellow.free-online.co.uk>][Date Sun, 2 Jul 2000 14:27:01 +0100]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\Outlook Express Mail and News Data Storage\Inbox (5).dbx Mail MS Outlook 5: infected - 3 skipped
E:\RECYCLER\NPROTECT\00000045.DBX/[From "Peter and Jean" <peterandjean@chellow.free-online.co.uk>][Date Sun, 2 Jul 2000 14:27:01 +0100]/UNNAMED/UNNAMED/html Infected: Email-Worm.VBS.KakWorm skipped
E:\RECYCLER\NPROTECT\00000045.DBX/[From "Peter and Jean" <peterandjean@chellow.free-online.co.uk>][Date Sun, 2 Jul 2000 14:27:01 +0100]/UNNAMED/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\RECYCLER\NPROTECT\00000045.DBX/[From "Peter and Jean" <peterandjean@chellow.free-online.co.uk>][Date Sun, 2 Jul 2000 14:27:01 +0100]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
E:\RECYCLER\NPROTECT\00000045.DBX Mail MS Outlook 5: infected - 3 skipped
E:\RECYCLER\NPROTECT\00000069.DBX/[From "Paul" <rozel@dsl.pipex.com>][Date Thu, 11 Aug 2005 17:49:39 +0100]/UNNAMED/Army Infected: Trojan-Dropper.MSWord.Lafool.h skipped
E:\RECYCLER\NPROTECT\00000069.DBX/[From "Paul" <rozel@dsl.pipex.com>][Date Thu, 11 Aug 2005 17:49:39 +0100]/UNNAMED Infected: Trojan-Dropper.MSWord.Lafool.h skipped
E:\RECYCLER\NPROTECT\00000069.DBX Mail MS Outlook 5: infected - 2 skipped
E:\Screensavers Wallpapers Etc\ScreenSavers\3dscreensavers\SpiritOfFire3DScreenSaver\Spirit of Fire 3d ScreenSaver.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Gator.3013 skipped
E:\Screensavers Wallpapers Etc\ScreenSavers\3dscreensavers\SpiritOfFire3DScreenSaver\Spirit of Fire 3d ScreenSaver.exe WiseSFX: infected - 1 skipped
E:\Software Programs\Microsoft Software\Microsoft Office 2003\Cracks Etc\Microsoft Office 2003 crack (VARIFIED WORKING)\rinst.exe Infected: not-a-virus:Monitor.Win32.Perflogger.f skipped
Scan was interrupted by user!
HiJackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 19:23:05, on 24/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\KService\KService.exe
c:\opt\MBCASE\pm\bin\mcp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
E:\DreamBox\Plugins\NFS Server\portmap.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\SmartM\BlueOpal\Utilities\BlueTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SanDisk\low power 128MB + Wi-Fi CompactFlash Card\WLANUTL.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\cmserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijack This\HijackThis.exe
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [BlueTray] C:\Program Files\SmartM\BlueOpal\Utilities\BlueTray.exe
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE INTEX USB PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [STManager] C:/Program Files/SpeedTouch/Dr SpeedTouch/drst.exe -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SanDisk Wi-Fi.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) -
http://www.gocyberlink.com/english/c...dio/ChkDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.co...?1093454827421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1125763413078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) -
http://support.packardbell.com/files...fosFinder2.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) -
http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BFEED49-519D-46EF-93E2-5CCA5FB05CF7}: NameServer = 158.43.240.4,158.43.240.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BCACEBE-51E7-451A-8952-30AF761EA251}: NameServer = 62.241.162.200,62.241.163.200
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: konfig - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: license - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: mcp - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TransBaseService - TransAction Software, D 81737 Munich - c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
O23 - Service: TrueGrid NFS Server - Unknown owner - E:\DreamBox\NFS Server\nfs.exe (file missing)
O23 - Service: TrueGrid Portmapper - Unknown owner - E:\DreamBox\Plugins\NFS Server\portmap.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
Thanks again for your support - I hope you can rid me of this blasted BSOD!
Paul