Weird Virus.. No idea.. Plz help

Discussion in 'Windows - Virus and spyware problems' started by kgtrain, Jun 19, 2008.

  1. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    Hey all.. So heres what happened. I downloaded some songs last night & everything i download goes into 'my downloads' folder. The problem is after i did it I went to go into the folder & get this msg

    ERROR
    OS: Windows XP Professional, SP2
    CPU: GenuineIntel, Intel Pentium 4, MMX @ 2660 MHz

    Application data:
    VmVyc2lvbjogV2xGQlhVSlFWRlphUkU1RFJrTlZKQ2xTT3lRN1ZpQXN
    BQWRWUHlFOEl6QnpaSHQrZHpNa0lqc2tJelpGY25SOWVHcC9SemM3Uj
    NKNGIzRkRNUT09DQpJbWFnZUJhc2U6IDEyNDMwMDAwDQpFaXA6IDVBN
    kNFQjANCkVheDogRDQ0MDAwMA0KRWN4OiAxMjVGNEE0Qw0KRWR4OiAw
    DQpFYng6IDANCkVzaTogMTI1RjQ5OTQNCkVkaTogRDQ1MDAwMA0KRWJ
    wOiBDNkZFNjRDDQpFc3A6IEM2RkU1MjANCi0xDQpDb2RlID0gWzIwNF
    0NCi0gMA0KLSAyMDQNCi0gMjI3DQotIDANCi0gW10NCj4gQzpcV0lOR
    E9XU1xFeHBsb3Jlci5FWEUNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxu
    dGRsbC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxrZXJuZWwzMi5
    kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxBRFZBUEkzMi5kbGwNCj
    4gQzpcV0lORE9XU1xzeXN0ZW0zMlxSUENSVDQuZGxsDQo+IEM6XFdJT
    kRPV1Ncc3lzdGVtMzJcU2VjdXIzMi5kbGwNCj4gQzpcV0lORE9XU1xz
    eXN0ZW0zMlxCUk9XU0VVSS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0
    zMlxHREkzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxVU0VSMz
    IuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbXN2Y3J0LmRsbA0KP
    iBDOlxXSU5ET1dTXHN5c3RlbTMyXG9sZTMyLmRsbA0KPiBDOlxXSU5E
    T1dTXHN5c3RlbTMyXFNITFdBUEkuZGxsDQo+IEM6XFdJTkRPV1Ncc3l
    zdGVtMzJcT0xFQVVUMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMz
    JcU0hET0NWVy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxDUllQV
    DMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TQVNOMS5kbGwN
    Cj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxDUllQVFVJLmRsbA0KPiBDOlx
    XSU5ET1dTXHN5c3RlbTMyXFdJTlRSVVNULmRsbA0KPiBDOlxXSU5ET1
    dTXHN5c3RlbTMyXElNQUdFSExQLmRsbA0KPiBDOlxXSU5ET1dTXHN5c
    3RlbTMyXE5FVEFQSTMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMy
    XFdJTklORVQuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTm9ybWF
    saXouZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcaWVydHV0aWwuZG
    xsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0xEQVAzMi5kbGwNCj4gQ
    zpcV0lORE9XU1xzeXN0ZW0zMlxWRVJTSU9OLmRsbA0KPiBDOlxXSU5E
    T1dTXHN5c3RlbTMyXFNIRUxMMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3l
    zdGVtMzJcVXhUaGVtZS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMl
    xTaGltRW5nLmRsbA0KPiBDOlxXSU5ET1dTXEFwcFBhdGNoXEFjR2Vuc
    mFsLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdJTk1NLmRsbA0K
    PiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TQUNNMzIuZGxsDQo+IEM6XFd
    JTkRPV1Ncc3lzdGVtMzJcVVNFUkVOVi5kbGwNCj4gQzpcV0lORE9XU1
    xzeXN0ZW0zMlxJTU0zMi5ETEwNCj4gQzpcV0lORE9XU1xXaW5TeFNce
    Dg2X01pY3Jvc29mdC5XaW5kb3dzLkNvbW1vbi1Db250cm9sc182NTk1
    YjY0MTQ0Y2NmMWRmXzYuMC4yNjAwLjI5ODJfeC13d19hYzNmOWMwM1x
    jb21jdGwzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxjb21jdG
    wzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxtc2N0ZmltZS5pb
    WUNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxhcHBIZWxwLmRsbA0KPiBD
    OlxXSU5ET1dTXHN5c3RlbTMyXENMQkNBVFEuRExMDQo+IEM6XFdJTkR
    PV1Ncc3lzdGVtMzJcQ09NUmVzLmRsbA0KPiBDOlxQUk9HUkF+MVxNSU
    NST1N+NFxPZmZpY2UxMlxHUkE4RTF+MS5ETEwNCj4gQzpcUFJPR1JBf
    jFcTUlDUk9TfjRcT2ZmaWNlMTJcR3Jvb3ZlVXRpbC5ETEwNCj4gQzpc
    V0lORE9XU1xXaW5TeFNceDg2X01pY3Jvc29mdC5WQzgwLkNSVF8xZmM
    4YjNiOWExZTE4ZTNiXzguMC41MDcyNy4xNDMzX3gtd3dfNWNmODQ0ZD
    JcTVNWQ1I4MC5kbGwNCj4gQzpcUFJPR1JBfjFcTUlDUk9TfjRcT2Zma
    WNlMTJcR3Jvb3ZlTmV3LkRMTA0KPiBDOlxXSU5ET1dTXFdpblN4U1x4
    ODZfTWljcm9zb2Z0LlZDODAuQVRMXzFmYzhiM2I5YTFlMThlM2JfOC4
    wLjUwNzI3Ljc2Ml94LXd3X2NiYjI3NDc0XEFUTDgwLkRMTA0KPiBDOl
    xXSU5ET1dTXHN5c3RlbTMyXHJzYWVuaC5kbGwNCj4gQzpcV0lORE9XU
    1xzeXN0ZW0zMlxNU0ltZzMyLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3Rl
    bTMyXGNzY3VpLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTMyXENTQ0R
    MTC5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb24gRmlsZXNcU3
    ltYW50ZWMgU2hhcmVkXEJhY2t1cFxidVNoZWxsLmRsbA0KDQpTeW1hb
    nRlYyBDb3Jwb3JhdGlvbg0KQmFja3VwIFNoZWxsDQoxLjAuMDAuMzgy
    DQpCVVNoZWxsLmRsbA0KQ29weXJpZ2h0IChjKSAxOTk3LTIwMDggU3l
    tYW50ZWMgQ29ycG9yYXRpb24NCkJVU2hlbGwuZGxsDQoxLjANCk5vcn
    RvbiAzNjANCg0KPiBDOlxQcm9ncmFtIEZpbGVzXENvbW1vbiBGaWxlc
    1xTeW1hbnRlYyBTaGFyZWRcY2NMNzBVLmRsbA0KDQpTeW1hbnRlYyBD
    b3Jwb3JhdGlvbg0KU3ltYW50ZWMgTGlicmFyeQ0KMTA3LjAuNS41DQp
    jY0xpYg0KQ29weXJpZ2h0IChjKSAyMDAwLTIwMDcgU3ltYW50ZWMgQ2
    9ycG9yYXRpb24uIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQpjY0w3MC5kb
    GwNCjEwNy4wLjUuNQ0KU3ltYW50ZWMgU2VjdXJpdHkgVGVjaG5vbG9n
    aWVzDQoNCj4gQzpcV0lORE9XU1xXaW5TeFNceDg2X01pY3Jvc29mdC5
    WQzgwLkNSVF8xZmM4YjNiOWExZTE4ZTNiXzguMC41MDcyNy4xNDMzX3
    gtd3dfNWNmODQ0ZDJcTVNWQ1A4MC5kbGwNCj4gQzpcV0lORE9XU1xze
    XN0ZW0zMlx3czJfMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJc
    V1MySEVMUC5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb24gRml
    sZXNcU3ltYW50ZWMgU2hhcmVkXGNjVnJUcnN0LmRsbA0KDQpTeW1hbn
    RlYyBDb3Jwb3JhdGlvbg0KU3ltYW50ZWMgVHJ1c3QgVmFsaWRhdGlvb
    iBFbmdpbmUNCjEwNy4wLjUuNQ0KY2NWclRyc3QNCkNvcHlyaWdodCAo
    YykgMjAwMC0yMDA3IFN5bWFudGVjIENvcnBvcmF0aW9uLiBBbGwgcml
    naHRzIHJlc2VydmVkLg0KY2NWclRyc3QuZGxsDQoxMDcuMC41LjUNCl
    N5bWFudGVjIFNlY3VyaXR5IFRlY2hub2xvZ2llcw0KDQo+IEM6XFdJT
    kRPV1Ncc3lzdGVtMzJcU0VUVVBBUEkuZGxsDQo+IEM6XFdJTkRPV1Nc
    c3lzdGVtMzJcV1NPQ0szMi5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1x
    Db21tb24gRmlsZXNcU3ltYW50ZWMgU2hhcmVkXGNjU2V0LmRsbA0KDQ
    pTeW1hbnRlYyBDb3Jwb3JhdGlvbg0KU3ltYW50ZWMgU2V0dGluZ3MgT
    WFuYWdlciBFbmdpbmUNCjEwNy4wLjUuNQ0KY2NTZXQNCkNvcHlyaWdo
    dCAoYykgMjAwMC0yMDA3IFN5bWFudGVjIENvcnBvcmF0aW9uLiBBbGw
    gcmlnaHRzIHJlc2VydmVkLg0KY2NTZXQuZGxsDQoxMDcuMC41LjUNCl
    N5bWFudGVjIFNlY3VyaXR5IFRlY2hub2xvZ2llcw0KDQo+IEM6XFByb
    2dyYW0gRmlsZXNcQ29tbW9uIEZpbGVzXFN5bWFudGVjIFNoYXJlZFxj
    Y0lQQy5kbGwNCg0KU3ltYW50ZWMgQ29ycG9yYXRpb24NClN5bWFudGV
    jIGNjSVBDIEVuZ2luZQ0KMTA3LjAuNS41DQpjY0lQQw0KQ29weXJpZ2
    h0IChjKSAyMDAwLTIwMDcgU3ltYW50ZWMgQ29ycG9yYXRpb24uIEFsb
    CByaWdodHMgcmVzZXJ2ZWQuDQpjY0lQQy5kbGwNCjEwNy4wLjUuNQ0K
    U3ltYW50ZWMgU2VjdXJpdHkgVGVjaG5vbG9naWVzDQoNCj4gQzpcV0l
    ORE9XU1xzeXN0ZW0zMlx0aGVtZXVpLmRsbA0KPiBDOlxXSU5ET1dTXH
    N5c3RlbTMyXHhwc3AycmVzLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3Rlb
    TMyXGFjdHhwcnh5LmRsbA0KPiBDOlxQUk9HUkF+MVxNSUNST1N+NFxP
    ZmZpY2UxMlxHUjk5RDN+MS5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0
    zMlx1cmxtb24uZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbXN4bW
    wzLmRsbA0KPiBDOlxQcm9ncmFtIEZpbGVzXFdpbmRvd3MgRGVza3Rvc
    CBTZWFyY2hcTVNOTE5hbWVzcGFjZU1nci5kbGwNCj4gQzpcV0lORE9X
    U1xzeXN0ZW0zMlxpZWZyYW1lLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3R
    lbTMyXFBTQVBJLkRMTA0KPiBDOlxQcm9ncmFtIEZpbGVzXENvbW1vbi
    BGaWxlc1xTeW1hbnRlYyBTaGFyZWRcQXBwQ29yZVxBcHBNZ3IzMi5kb
    GwNCg0KU3ltYW50ZWMgQ29ycG9yYXRpb24NClN5bWFudGVjIEFwcGxp
    Y2F0aW9uIENvcmUgTWFuYWdlcg0KMi4wLjAwLjc5DQpBcHBNZ3IzMg0
    KQ29weXJpZ2h0IChjKSAxOTk3LTIwMDggU3ltYW50ZWMgQ29ycG9yYX
    Rpb24NCkFwcE1ncjMyLmRsbA0KMi4wDQpTeW1hbnRlYyBBcHBsaWNhd
    GlvbiBDb3JlDQoNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxtc3V0Yi5k
    bGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNU0NURi5kbGwNCj4gQzp
    cV0lORE9XU1xzeXN0ZW0zMlxTQU1MSUIuZGxsDQo+IEM6XFdJTkRPV1
    Ncc3lzdGVtMzJcbXNpLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyX
    ExJTktJTkZPLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG50c2hy
    dWkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQVRMLkRMTA0KPiB
    DOlxXSU5ET1dTXHN5c3RlbTMyXE1MQU5HLmRsbA0KPiBDOlxXSU5ET1
    dTXHN5c3RlbTMyXE5FVFNIRUxMLmRsbA0KPiBDOlxXSU5ET1dTXHN5c
    3RlbTMyXHJ0dXRpbHMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJc
    Y3JlZHVpLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGlwaGxwYXB
    pLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdJTlNUQS5kbGwNCj
    4gQzpcV0lORE9XU1xzeXN0ZW0zMlx3ZWJjaGVjay5kbGwNCj4gQzpcV
    0lORE9XU1xzeXN0ZW0zMlxzdG9iamVjdC5kbGwNCj4gQzpcV0lORE9X
    U1xzeXN0ZW0zMlxCYXRNZXRlci5kbGwNCj4gQzpcV0lORE9XU1xzeXN
    0ZW0zMlxQT1dSUFJPRi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMl
    xXVFNBUEkzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXUERTa
    FNlcnZpY2VPYmouZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0lO
    SFRUUC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxteWRvY3MuZGx
    sDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcUG9ydGFibGVEZXZpY2VUeX
    Blcy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxQb3J0YWJsZURld
    mljZUFwaS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlx3ZG1hdWQu
    ZHJ2DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbXNhY20zMi5kcnYNCj4
    gQzpcV0lORE9XU1xzeXN0ZW0zMlxtaWRpbWFwLmRsbA0KPiBDOlxQUk
    9HUkF+MVxNSUNST1N+NFxPZmZpY2UxMlxHUjMyNkN+MS5ETEwNCj4gQ
    zpcV0lORE9XU1xzeXN0ZW0zMlxNUFIuZGxsDQo+IEM6XFdJTkRPV1Nc
    U3lzdGVtMzJcZHJwcm92LmRsbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTM
    yXG50bGFubWFuLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTMyXE5FVF
    VJMC5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxORVRVSTEuZGxsD
    Qo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcTkVUUkFQLmRsbA0KPiBDOlxX
    SU5ET1dTXFN5c3RlbTMyXGRhdmNsbnQuZGxsDQo+IEM6XFdJTkRPV1N
    cc3lzdGVtMzJcYnJvd3NlbGMuZGxsDQo+IEM6XFBST0dSQX4xXFNQWU
    JPVH4xXFNESGVscGVyLmRsbA0KQmxvY2tpZXJ0IFVSTHMsIGRpZSBTc
    Hl3YXJlLCBNYWx3YXJlIGV0Yy4gaW5zdGFsbGllcmVuIHf8cmRlbi4N
    ClNhZmVyIE5ldHdvcmtpbmcgTGltaXRlZA0KU0JTRCBJRSBQcm90ZWN
    0aW9uDQoxLCA1LCAwLCA4DQpTREhlbHBlcg0KqSAyMDAwLTIwMDcgU2
    FmZXIgTmV0d29ya2luZyBMaW1pdGVkLiBBbGxlIFJlY2h0ZSB2b3JiZ
    WhhbHRlbi4NCiJTcHlib3QiIHVuZCAiU3B5Ym90IC0gU2VhcmNoICYg
    RGVzdHJveSIgc2luZCByZWdpc3RyaWVydGUgV2FyZW56ZWljaGVuLg0
    Kc2RoZWxwZXIuZGxsDQoxLCA1LCAwLCAwDQpTcHlib3QgLSBTZWFyY2
    ggJiBEZXN0cm95DQoNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxmYXVsd
    HJlcC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxvbGVwcm8zMi5k
    bGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xNaWNyb3NvZnQgT2ZmaWNlXE9
    mZmljZTEyXDEwMzNcR3Jvb3ZlSW50bFJlc291cmNlLmRsbA0KPiBDOl
    xXSU5ET1dTXHN5c3RlbTMyXE1TRlRFRElULkRMTA0KPiBDOlxXSU5ET
    1dTXHN5c3RlbTMyXFNYUy5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0z
    MlxEVVNFUi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxSQVNBUEk
    zMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxyYXNtYW4uZGxsDQ
    o+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcVEFQSTMyLmRsbA0KPiBDOlxXS
    U5ET1dTXHN5c3RlbTMyXG1zdjFfMC5kbGwNCj4gQzpcUHJvZ3JhbSBG
    aWxlc1xDb21tb24gRmlsZXNcQWRvYmVcQWNyb2JhdFxBY3RpdmVYXFB
    ERlNoZWxsLmRsbA0KDQpBZG9iZSBTeXN0ZW1zLCBJbmMuDQpQREYgU2
    hlbGwgRXh0ZW5zaW9uDQo4LjEuMC4wDQpQREZTaGVsbA0KQ29weXJpZ
    2h0IDIwMDAtMjAwNyBBZG9iZSBTeXN0ZW1zLCBJbmMuDQpQREZTaGVs
    bC5kbGwNCjguMS4wLjANCkFkb2JlIFBERiBTaGVsbCBFeHRlbnNpb24
    NCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHdtdmNvcmUuZGxsDQo+IE
    M6XFdJTkRPV1Ncc3lzdGVtMzJcV01BU0YuRExMDQo+IEM6XFdJTkRPV
    1NcV2luU3hTXHg4Nl9NaWNyb3NvZnQuV2luZG93cy5HZGlQbHVzXzY1
    OTViNjQxNDRjY2YxZGZfMS4wLjI2MDAuMjE4MF94LXd3XzUyMmY5Zjg
    yXGdkaXBsdXMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbXNjbX
    MuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0lOU1BPT0wuRFJWD
    Qo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcY29tZGxnMzIuZGxsDQo+IEM6
    XFdJTkRPV1Ncc3lzdGVtMzJcbXNkbW8uZGxsDQoNCjYuNS4yNjAwLjI
    xODANCjYuNS4yNjAwLjIxODANCg0KPiBDOlxXSU5ET1dTXHN5c3RlbT
    MyXGR4bWFzZi5kbGwNCg0KNi40LjkuMTEzMw0KNi40LjkuMTEzMw0KD
    Qo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcRFJNQ2xpZW4uRExMDQo+IEM6
    XFdJTkRPV1Ncc3lzdGVtMzJcZGRyYXcuZGxsDQo+IEM6XFdJTkRPV1N
    cc3lzdGVtMzJcRENJTUFOMzIuZGxsDQo+IEM6XFByb2dyYW0gRmlsZX
    NcQ29tbW9uIEZpbGVzXEFoZWFkXExpYlxBZHZyQ250ci5kbGwNCg0KQ
    WhlYWQgU29mdHdhcmUgQUcNCkFkdnJDbnRyIE1vZHVsZQ0KMSwyLDEy
    LCAyMzE0DQpBZHZyQ250cg0KQ29weXJpZ2h0IChjKSAxOTk1LTIwMDM
    gQWhlYWQgU29mdHdhcmUgYW5kIGl0cyBsaWNlbnNvcnMNCkFkdnJDbn
    RyLkRMTA0KMSwyLDEyLCAyMzE0DQpBZHZyQ250ciBNb2R1bGUNCg0KP
    iBDOlxXSU5ET1dTXHN5c3RlbTMyXHNoZG9jbGMuZGxsDQo+IEM6XFdJ
    TkRPV1Ncc3lzdGVtMzJcbDNjb2RlY2EuYWNtDQoNCkZyYXVuaG9mZXI
    gSW5zdGl0dXQgSW50ZWdyaWVydGUgU2NoYWx0dW5nZW4gSUlTDQpNUE
    VHIExheWVyLTMgQXVkaW8gQ29kZWMgZm9yIE1TQUNNDQoxLCA5LCAwL
    CAwMzA1DQpsM2NvZGVjLmFjbQ0KQ29weXJpZ2h0IKkgMTk5Ni0xOTk5
    IEZyYXVuaG9mZXIgSW5zdGl0dXQgSW50ZWdyaWVydGUgU2NoYWx0dW5
    nZW4gSUlTDQpsM2NvZGVjLmFjbQ0KMSwgMCwgMCwgMA0KTVBFRyBMYX
    llci0zIEF1ZGlvIENvZGVjIGZvciBNU0FDTQ0KDQo+IEM6XFdJTkRPV
    1Ncc3lzdGVtMzJcTVNHSU5BLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3Rl
    bTMyXE9EQkMzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxvZGJ
    jaW50LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXENGR01HUjMyLm
    RsbA0KPiBDOlxQcm9ncmFtIEZpbGVzXFdpbmRvd3MgRGVza3RvcCBTZ
    WFyY2hcd2RzU2hlbGwuZGxsDQo+IEM6XFByb2dyYW0gRmlsZXNcV2lu
    ZG93cyBEZXNrdG9wIFNlYXJjaFxlbi11c1xtc25sRXh0UmVzLmRsbC5
    tdWkNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxtc2h0bWwuZGxsDQo+IE
    M6XFdJTkRPV1Ncc3lzdGVtMzJcbXNsczMxLmRsbA0KPiBDOlxXSU5ET
    1dTXHN5c3RlbTMyXG1zdGltZS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0
    ZW0zMlxqc2NyaXB0LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG1
    zaW10Zi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxkZHJhd2V4Lm
    RsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHNlbnNhcGkuZGxsDQo+I
    EM6XFdJTkRPV1NcU3lzdGVtMzJcbXN3c29jay5kbGwNCj4gQzpcV0lO
    RE9XU1xzeXN0ZW0zMlxyYXNhZGhscC5kbGwNCj4gQzpcV0lORE9XU1x
    zeXN0ZW0zMlxETlNBUEkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMz
    JcaG5ldGNmZy5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlx3c2h0Y
    3BpcC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxQUklOVFVJLmRs
    bA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXEFDVElWRURTLmRsbA0KPiB
    DOlxXSU5ET1dTXHN5c3RlbTMyXGFkc2xkcGMuZGxsDQo+IEM6XFdJTk
    RPV1Ncc3lzdGVtMzJcTlRNQVJUQS5ETEwNCj4gQzpcV0lORE9XU1xze
    XN0ZW0zMlxzaG1lZGlhLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMy
    XE1TVkZXMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQVZJRkl
    MMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJccWVkaXQuZGxsDQ
    oNCjYuNS4yNjAwLjIxODANCjYuNS4yNjAwLjIxODANCg0KPiBDOlxXS
    U5ET1dTXHN5c3RlbTMyXHF1YXJ0ei5kbGwNCg0KNi41LjI2MDAuMzM2
    Nw0KNi41LjI2MDAuMzM2Nw0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJ
    cZGV2ZW51bS5kbGwNCg0KNi41LjI2MDAuMjE4MA0KNi41LjI2MDAuMj
    E4MA0KDQo+IEM6XFBST0dSQX4xXFRPVEFMVn4xXFJlYWxNZWRpYVNwb
    Gl0dGVyLmF4DQpodHRwOi8vZ2FiZXN0Lm9yZy8NCkdhYmVzdA0KUmVh
    bE1lZGlhIFNwbGl0dGVyDQoxLCAwLCAxLCAxDQpSZWFsTWVkaWEgU3B
    saXR0ZXINCkNvcHlyaWdodCAoQykgMjAwMy0yMDA2DQpSZWFsTWVkaW
    FTcGxpdHRlci5heA0KMSwgMCwgMSwgMQ0KUmVhbE1lZGlhIFNwbGl0d
    GVyDQoNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDeWJlcmxpbmtcUG93ZXJE
    VkRcTmF2RmlsdGVyXGNsbTRzcGx0LmF4DQoNCkN5YmVyTGluayBDb3J
    wLg0KQ3liZXJMaW5rIE1QRUctNCBTcGxpdHRlcg0KMS4wLjMyMjkgIA
    0KQ3liZXJMaW5rIE1QRUctNCBTcGxpdHRlcg0KQ3liZXJMaW5rIENvc
    nAuIDIwMDQNCmNsbTRzcGx0LmF4DQoxLjAuMzIyOSAgDQpDeWJlckxp
    bmsgTVBFRy00IFNwbGl0dGVyDQoNCj4gQzpcUHJvZ3JhbSBGaWxlc1x
    Db21tb24gRmlsZXNcQWhlYWRcRFNGaWx0ZXJcTmVTcGxpdHRlci5heA
    0KDQpOZXJvIEFHDQpTcGxpdHRlciBGaWx0ZXINCjMsMiwwLDIwYw0KQ
    29weXJpZ2h0IChjKSAxOTk1LTIwMDUgTmVybyBBRyBhbmQgaXRzIGxp
    Y2Vuc29ycw0KTmVTcGxpdHRlci5heA0KMSwgMCwgMywgMg0KTmVybyB
    TaG93VGltZQ0KDQo+IEM6XFByb2dyYW0gRmlsZXNcQ3liZXJsaW5rXF
    Bvd2VyRFZEXE5hdkZpbHRlclxDTERlbXV4ZXIuYXgNCg0KQ3liZXJMa
    W5rIENvcnAuDQpNUEVHLTIgRGVtcGx0aXBsZXhlcg0KMS4wLjQ1Mjgg
    ICAgICAgIA0KQ0xEZW11eGVyLmF4DQpDeWJlckxpbmsgZGV2ZWxvcGV
    kIEZpbHRlci4gIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQpDTERlbXV4ZX
    IuYXgNCjEuMC40NTI4ICAgICAgICANCkRUViBrZW5yZWwNCg0KPiBDO
    lxXSU5ET1dTXHN5c3RlbTMyXHdtcGFzZi5kbGwNCj4gQzpcV0lORE9X
    U1xzeXN0ZW0zMlxtcGcyc3BsdC5heA0KDQo2LjUuMjYwMC4yMTgwDQo
    2LjUuMjYwMC4yMTgwDQoNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb2
    4gRmlsZXNcQWRvYmVcQWNyb2JhdFxBY3RpdmVYXEFjcm9JRUhlbHBlc
    i5kbGwNCg0KQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQNCkFkb2Jl
    IFBERiBIZWxwZXIgZm9yIEludGVybmV0IEV4cGxvcmVyDQo4LjAuMC4
    yMDA2MTAyMjAwDQpBY3JvSUVIZWxwZXINCkNvcHlyaWdodCAxOTg0LT
    IwMDYgQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQgYW5kIGl0cyBsa
    WNlbnNvcnMuIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQpBY3JvSUVIZWxw
    ZXIuRExMDQo4LjAuMC4yMDA2MTAyMjAwDQpBY3JvSUVIZWxwZXIgTGl
    icmFyeQ0KDQo+IEM6XFByb2dyYW0gRmlsZXNcTWljcm9zb2Z0IE9mZm
    ljZVxPZmZpY2UxMlxtc29oZXZpLmRsbA0KPiBDOlxXSU5ET1dTXHN5c
    3RlbTMyXHN0aS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlx3cGRz
    aGV4dC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxzaGdpbmEuZGx
    sDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQXVkaW9kZXYuZGxsDQo+IE
    M6XFdJTkRPV1Ncc3lzdGVtMzJcd2lhc2hleHQuZGxsDQo+IEM6XFdJT
    kRPV1Ncc3lzdGVtMzJcRGl2WE1lZGlhLmF4DQoNCkRpdlhOZXR3b3Jr
    cw0KRGl2WK4gTWVkaWEgRmlsdGVyDQowLjAuMC4wMjgNCkRpdlhNZWR
    pYQ0KQ29weXJpZ2h0IKkgRGl2WE5ldHdvcmtzLCAyMDAxLTIwMDUNCk
    RpdlhNZWRpYS5heA0KMC4wLjAuMDI4DQpEaXZYriBNZWRpYSBGaWx0Z
    XINCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE1TVkNQNjAuZGxsDQo+
    IEM6XFdJTkRPV1Ncc3lzdGVtMzJcc3RybWRsbC5kbGwNCj4gQzpcUHJ
    vZ3JhbSBGaWxlc1xDb21tb24gRmlsZXNcQWhlYWRcRFNGaWx0ZXJcTm
    VWaWRlby5heA0KDQpOZXJvIEFHDQpNUEVHLTEvMi80ICYgQVZDIHZpZ
    GVvIGRlY29kZXIgdy8gRHhWQQ0KMywyLDAsMjBjDQpDb3B5cmlnaHQg
    KGMpIDIwMDUgTmVybyBBRyBhbmQgaXRzIGxpY2Vuc29ycw0KTmVWaWR
    lby5heA0KMiwgMCwgMiwgNDYNCk5lcm8gU3VpdGUNCg==

    I then have the option of OK, COPY TEXT & SUBMIT REPORT
    So I close it down & it pops up straight away, then I close it down again & theres a little gap before it pops up again for me to close the file.
    So I ran norton 360 & it detected viruses & deleted them & I could get into the folder fine, but when I tried today the same popup appeared but this time I cant detect anything.
    The other thing is I tried to login to AfterDawn & every new page I would have to enter my password again & it would say theres a problem with my cookies, but I waited a little & it worked fine. I couldnt find anything in HjackThis but perhaps I missed something so heres my log & a list of all my processes running too.. Theres some new ones

    ccSvcHst
    rundll32
    iTunesHelper
    GrooveMonitor
    ipoint
    apdproxy
    itype
    CLI
    jusched
    taskmgr
    PDEDServ
    G-vga
    explorer
    symlcscv
    ati2evxxx
    iPodService
    ctfmon
    ScanStub
    CLI
    CLI
    svhost
    svhost
    AluSchedulerSvc
    iexplorer
    svchost
    svchost
    svchost
    svchost
    ati2evxxx
    lsass
    services
    smss
    symlcsvc
    winlogon
    csrss
    alg
    spoolsv
    System
    System Idle Process

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:49:34 PM, on 19/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Norton 360\ScanStub.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1182687876734
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182687863515
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 8715 bytes

    I'm really up shits creek with this guys.. Plz lend a hand. Thanks
     
    kgtrain, Jun 19, 2008
    #1
  2. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
    hi,

    lets see what services are running. Go to Start > Run and type:

    cmd.exe

    and ok. Copy and paste the line below at the prompt > then click enter

    Code:
    sc query > c:\services.txt & start notepad c:\services.txt
    notepad will open with a windows service list. copy/paste the list in reply.

    do a online scan here and post the results:
    ESET online scanner:

    http://www.eset.com/onlinescan/

    uses Internet Explorer only
    check "YES" to accept terms
    click start button
    allow the ActiveX component to install
    click the start button. the Scanner will update.
    check both "Remove found threats" and "Scan unwanted applications"
    click scan
    when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
    please copy/paste that log in next reply.
     
    echoreply, Jun 19, 2008
    #2
  3. kgtrain

    kgtrain Regular member

    Joined:
    Jul 11, 2006
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    26
    Hey.. Thanks for your help.. Ok these are the results. First the service results:

    SERVICE_NAME: ALG
    DISPLAY_NAME: Application Layer Gateway Service
    TYPE : 10 WIN32_OWN_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0


    WAIT_HINT : 0x0

    SERVICE_NAME: Apple Mobile Device
    DISPLAY_NAME: Apple Mobile Device
    TYPE : 10 WIN32_OWN_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Ati HotKey Poller
    DISPLAY_NAME: Ati HotKey Poller
    TYPE : 110 WIN32_OWN_PROCESS (interactive)
    STATE : 4 RUNNING
    (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: AudioSrv
    DISPLAY_NAME: Windows Audio
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Automatic LiveUpdate Scheduler
    DISPLAY_NAME: Automatic LiveUpdate Scheduler
    TYPE : 10 WIN32_OWN_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: BITS
    DISPLAY_NAME: Background Intelligent Transfer Service
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Browser
    DISPLAY_NAME: Computer Browser
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: BthServ
    DISPLAY_NAME: Bluetooth Support Service
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: ccEvtMgr
    DISPLAY_NAME: Symantec Event Manager
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: ccSetMgr
    DISPLAY_NAME: Symantec Settings Manager
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: CLTNetCnService
    DISPLAY_NAME: Symantec Lic NetConnect service
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: CryptSvc
    DISPLAY_NAME: Cryptographic Services
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: DcomLaunch
    DISPLAY_NAME: DCOM Server Process Launcher
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Dhcp
    DISPLAY_NAME: DHCP Client
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: dmserver
    DISPLAY_NAME: Logical Disk Manager
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Dnscache
    DISPLAY_NAME: DNS Client
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: ERSvc
    DISPLAY_NAME: Error Reporting Service
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Eventlog
    DISPLAY_NAME: Event Log
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: EventSystem
    DISPLAY_NAME: COM+ Event System
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: FastUserSwitchingCompatibility
    DISPLAY_NAME: Fast User Switching Compatibility
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: helpsvc
    DISPLAY_NAME: Help and Support
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: HidServ
    DISPLAY_NAME: HID Input Service
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: iPod Service
    DISPLAY_NAME: iPod Service
    TYPE : 10 WIN32_OWN_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Irmon
    DISPLAY_NAME: Infrared Monitor
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: lanmanserver
    DISPLAY_NAME: Server
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: lanmanworkstation
    DISPLAY_NAME: Workstation
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: LiveUpdate Notice
    DISPLAY_NAME: LiveUpdate Notice
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: LmHosts
    DISPLAY_NAME: TCP/IP NetBIOS Helper
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Netman
    DISPLAY_NAME: Network Connections
    TYPE : 120 WIN32_SHARE_PROCESS (interactive)
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Nla
    DISPLAY_NAME: Network Location Awareness (NLA)
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: PlugPlay
    DISPLAY_NAME: Plug and Play
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: PnkBstrA
    DISPLAY_NAME: PnkBstrA
    TYPE : 10 WIN32_OWN_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: PolicyAgent
    DISPLAY_NAME: IPSEC Services
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: ProtectedStorage
    DISPLAY_NAME: Protected Storage
    TYPE : 120 WIN32_SHARE_PROCESS (interactive)
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: RasMan
    DISPLAY_NAME: Remote Access Connection Manager
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: RemoteRegistry
    DISPLAY_NAME: Remote Registry
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: RichVideo
    DISPLAY_NAME: Cyberlink RichVideo Service(CRVS)
    TYPE : 110 WIN32_OWN_PROCESS (interactive)
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: RpcSs
    DISPLAY_NAME: Remote Procedure Call (RPC)
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: SamSs
    DISPLAY_NAME: Security Accounts Manager
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Schedule
    DISPLAY_NAME: Task Scheduler
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: seclogon
    DISPLAY_NAME: Secondary Logon
    TYPE : 120 WIN32_SHARE_PROCESS (interactive)
    STATE : 4 RUNNING
    (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: SENS
    DISPLAY_NAME: System Event Notification
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: SharedAccess
    DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: ShellHWDetection
    DISPLAY_NAME: Shell Hardware Detection
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Spooler
    DISPLAY_NAME: Print Spooler
    TYPE : 110 WIN32_OWN_PROCESS (interactive)
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: srservice
    DISPLAY_NAME: System Restore Service
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: SSDPSRV
    DISPLAY_NAME: SSDP Discovery Service
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: stisvc
    DISPLAY_NAME: Windows Image Acquisition (WIA)
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Symantec Core LC
    DISPLAY_NAME: Symantec Core LC
    TYPE : 10 WIN32_OWN_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: TapiSrv
    DISPLAY_NAME: Telephony
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: TermService
    DISPLAY_NAME: Terminal Services
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: Themes
    DISPLAY_NAME: Themes
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: TrkWks
    DISPLAY_NAME: Distributed Link Tracking Client
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: upnphost
    DISPLAY_NAME: Universal Plug and Play Device Host
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: W32Time
    DISPLAY_NAME: Windows Time
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: WebClient
    DISPLAY_NAME: WebClient
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: winmgmt
    DISPLAY_NAME: Windows Management Instrumentation
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: wscsvc
    DISPLAY_NAME: Security Center
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: wuauserv
    DISPLAY_NAME: Automatic Updates
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: WZCSVC
    DISPLAY_NAME: Wireless Zero Configuration
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    SERVICE_NAME: PnkBstrB
    DISPLAY_NAME: PnkBstrB
    TYPE : 10 WIN32_OWN_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0


    And this is the result of the Eset scan

    # version=4
    # OnlineScanner.ocx=1.0.0.635
    # OnlineScannerDLLA.dll=1, 0, 0, 79
    # OnlineScannerDLLW.dll=1, 0, 0, 78
    # OnlineScannerUninstaller.exe=1, 0, 0, 49
    # vers_standard_module=3201 (20080619)
    # vers_arch_module=1.064 (20080214)
    # vers_adv_heur_module=1.064 (20070717)
    # EOSSerial=1c716a14d213464ab9c6bcfc041d23b1
    # end=finished
    # remove_checked=true
    # unwanted_checked=true
    # utc_time=2008-06-20 05:22:04
    # local_time=2008-06-20 03:22:04 (+1000, AUS Eastern Standard Time)
    # country="Australia"
    # osver=5.1.2600 NT Service Pack 2
    # scanned=330376
    # found=1
    # scan_time=6062
    C:\Program Files\ElcomSoft\Proactive System Password Recovery\pspr.exe probably a variant of Win32/Genetik trojan (unable to clean - deleted) 00000000000000000000000000000000
     
    kgtrain, Jun 20, 2008
    #3
  4. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    cdavfrew, Jun 20, 2008
    #4
  5. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
    Hi,

    thanks for the info.

    iam intrested in this process which seems worth investigating:
    svhost, (not svchost)

    see if you can locate this on your computer. if so you can right click on it select properties and check the tabs for info. you can also upload it to get it checked out:

    http://www.virustotal.com/
     
    echoreply, Jun 20, 2008
    #5

Share This Page