[Kona1984hawaii]

I was recently trying to download some free video converter software and it didn't work out. Just after I removed all the software I started getting a ms windows message my programs (anything with music or video associated with it) would shut down.

This is the message (you know in one of those little boxes you hate to get):

Microsoft Windows
Miscrosoft Windows
To help protect your computer Windows has closed this program.

Name: Windows Explorer
Publisher: Microsoft Corporation

Data Exection protection helps protect against damage from viruses and other security threats.


The above is what is says in that message 'box' and then I have to click close to get out and then programs close and I'm on my desktop. But, It doesn't boot me out of the internet (this program for instance).

Can anyone help me or do I take this computer to my retailer - again..........?

I want to add here - after I removed the conversion software (didn't like it) I clicked on some .mov files (2 of them) and just changed the extension to .avi to try and watch them on Windows Media Player - of course it didn't work. THAT'S WHEN I STARTED TO HAVE THE PROBLEM and getting that error message.

[evilfantasy]

• Download HijackThis to your desktop.
• Double-click on HJTInstall.
• Click on the "Install" button to install.
• Upon install, HijackThis should open for you.
• Next click on the "Do a system scan and save a log file" button.
• HijackThis will scan and then a log will open in notepad.
• Copy and then paste the log in your post.

* Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

[Kona1984hawaii]

Originally Posted by evilfantasy Download HijackThis to your desktop. Double-click on HJTInstall. Click on the "Install" button to install. Upon install, HijackThis should open for you. Next click on the "Do a system scan and save a log file" button. HijackThis will scan and then a log will open in notepad. Copy and then paste the log in your post. * Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

I installed Hijack This
Ran the program and copied the NOTEPAD results here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:21 AM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobio...ne/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7955 bytes

[evilfantasy]

Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
2. When finished, it will produce a log for you.
3. Attach that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause your computer to stall


Next post please add
combofix.txt log and a New HijackThis log.

Use two posts, one for each log.

[Kona1984hawaii]

Originally Posted by evilfantasy Please download Combofix by sUBs from either here or here Save Combofix.exe to your your Desktop. 1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter) 2. When finished, it will produce a log for you. 3. Attach that log in your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause your computer to stall Next post please add combofix.txt log and a New HijackThis log. Use two posts, one for each log.

DOWNLOADED COMBOFIX - RAN IT - AND POSTED HERE:


ComboFix 07-12-12.3 - MSI 2007-12-13 1:47:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.440 [GMT -8:00]
Running from: C:\Documents and Settings\MSI\Local Settings\Temporary Internet Files\Content.IE5\YZJLDZEJ\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.
2007-12-27 19:29 . 2007-12-09 11:55 48 --a------ C:\WINDOWS\cdplayer.ini
2007-12-27 18:11 . 2007-12-27 18:11 <DIR> d-------- C:\Documents and Settings\MSI\Application Data\dvdcss
2007-12-13 01:07 . 2007-12-13 01:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-12 23:55 . 2002-05-28 00:39 716,800 --------- C:\WINDOWS\NuNInst.exe
2007-12-12 23:55 . 2002-03-10 23:57 74,640 --------- C:\WINDOWS\NuNInst.cfg
2007-12-12 23:54 . 2002-05-22 13:36 336,896 --------- C:\WINDOWS\system32\drivers\bsudf.sys
2007-12-12 23:54 . 2002-05-01 02:05 9,088 --------- C:\WINDOWS\system32\drivers\bsstor.sys
2007-12-12 15:20 . 2007-12-12 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-12-12 14:43 . 2002-08-29 21:00 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-12-11 15:47 . 2002-03-12 23:13 610,304 --------- C:\WINDOWS\UNNMP.exe
2007-12-11 15:47 . 2002-03-12 23:44 39,936 --------- C:\WINDOWS\UNNMP.cfg
2007-12-11 15:43 . 2007-12-12 23:54 <DIR> d-------- C:\Program Files\ahead
2007-12-09 15:53 . 2007-12-10 01:24 <DIR> d-------- C:\Program Files\Steam
2007-12-09 15:34 . 2007-12-09 16:07 <DIR> d-------- C:\Documents and Settings\MSI\Application Data\Sierra Entertainment
2007-12-09 15:34 . 2007-12-09 15:34 <DIR> dr-h----- C:\Documents and Settings\MSI\Application Data\SecuROM
2007-12-09 15:34 . 2007-12-09 15:34 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-01 10:24 . 2007-12-01 10:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-24 13:44 . 2007-11-26 20:26 <DIR> d-------- C:\Documents and Settings\MSI\Application Data\gtk-2.0
2007-11-24 13:44 . 2007-11-24 13:44 <DIR> d-------- C:\Documents and Settings\MSI\.thumbnails
2007-11-24 13:41 . 2007-11-24 13:41 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-11-24 13:41 . 2007-11-26 20:28 <DIR> d-------- C:\Documents and Settings\MSI\.gimp-2.4
2007-11-14 19:37 . 2007-12-12 19:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-14 19:37 . 2007-11-14 19:37 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-14 19:26 . 2007-11-14 19:26 158,456 --------- C:\WINDOWS\system32\pxwma.dll
2007-11-13 00:50 . 2007-11-13 00:53 <DIR> d-------- C:\Program Files\Windows Live
2007-11-13 00:50 . 2007-11-13 00:53 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-13 00:50 . 2007-11-13 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-11 23:35 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-10 00:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 06:45 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2007-12-08 06:19 --------- d-----w C:\Program Files\Logitech
2007-12-04 15:41 --------- d-----w C:\Documents and Settings\MSI\Application Data\U3
2007-11-24 03:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-14 06:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 08:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 07:24 --------- d-----w C:\Program Files\WinFast
2007-11-04 02:44 --------- d-----w C:\Program Files\Nsasoft
2007-11-02 02:42 --------- d-----w C:\Program Files\CyberLink
2007-10-31 21:24 --------- d-----w C:\Documents and Settings\MSI\Application Data\Ulead Systems
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 03:07 --------- d-----w C:\Program Files\Google
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 04:57 --------- d-----w C:\Program Files\Real
2007-10-23 04:57 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-23 04:56 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-23 04:56 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-23 04:56 --------- d-----w C:\Program Files\Common Files\Real
2007-10-18 19:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2004-10-01 22:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 04:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-08-11 05:43 C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 16:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16:21 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 C:\WINDOWS\SkyTel.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-04 04:00 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-08-08 12:00]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-08-08 12:00]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 12:00]
"F-Secure Manager"="C:\Program Files\Shaw Secure\Common\FSM32.exe" [2007-04-26 03:43]
"F-Secure TNB"="C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" [2007-04-26 03:41]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-04-07 01:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-22 20:56]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2006-01-26 15:22]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe " [2001-07-08 18:50]
"InCD"="C:\Program Files\ahead\InCD\InCD.exe" [2002-05-21 16:56]
C:\Documents and Settings\MSI\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-08-08 12:00:00]
R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R1 F-Secure HIPS;F-Secure HIPS;\??\C:\Program Files\Shaw Secure\HIPS\fshs.sys
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys
R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys
R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys
R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys
R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
S3 HwIOctl;HwIOctl;\??\C:\Program Files\Setup Files\MS-7250 v1.70\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Program Files\Setup Files\MS-7250 v1.70\Memctl.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys
S3 SunkFilt62;Alcor Micro Corp - 6362;\??\C:\WINDOWS\System32\Drivers\sunkfilt62.sy s
S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe
*Newly Created Service* - BSUDF
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-13 07:37:13 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\SHAWSE~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SHAWSE~1\ANTI-V~1\report.txt
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 01:48:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-12-13 1:49:04
.
2007-12-12 08:58:08 --- E O F ---

[evilfantasy]

If you don't have CCleaner then please download, Install and run CCleaner

The next two scans will take some time for each one. But I will need to see the logs.

Download SUPERAntispyware Free Edition (SAS)

• Double-click the icon on your desktop to run the installer.
• When asked to Update the program definitions, click Yes.
• Next click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure only the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
• Click the Close button to leave the control center screen.
• On the main screen click Scan your computer.
• On the left check C:\Fixed Drive.
• On the right choose Perform Complete Scan.
• Click Next to start the scan. Please be patient while it scans your computer.
• After the scan is complete a summary box will appear. Click OK.
• Make sure everything in the white box has a check next to it, then click Next.
• It will quarantine what it found and if it asks if you want to reboot, click Yes.
• To retrieve the removal information please do the following:
  • After reboot, double-click the SUPERAntiSpyware icon on your desktop.
  • Click Preferences. Click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • It will open in your default text editor (such as Notepad/Wordpad).
  • Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
• Save the log somewhere you can easily find it. (normally the desktop)
• Click close and close again to exit the program.
• Please copy and then paste the log in your post.

Next:

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Copy and then paste the EsetOnlineScanner log log into your post.