| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 73306 | 2006-10-15 00:37:00 | Anyway of getting rid of this ? | jimjam (3259) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 491511 | 2006-10-15 00:37:00 | Every time I start up my computer (running XP Home Edition SP2) up comes a splash screen advising me that Windows cannot find the following file C:\WINDOWS\is-K3Fou.exe, have done a Google search on this file with no result, have run a virus scan (Kaspersky) and an anti spyware scan with no result, and a search of my computer with Search companion,still no result, any advice appreciated, tks. | jimjam (3259) | ||
| 491512 | 2006-10-15 00:44:00 | Get hijackthis (www.merijn.org) Unzip it then run it then click on scan and save a log. Post the log here. Or/and get ccleaner (www.ccleaner.com) Download, install, run then click on tools/startup. See if that entry is in here. |
Speedy Gonzales (78) | ||
| 491513 | 2006-10-15 01:08:00 | Nothing in the Tools section of Crap Cleaner but herewith the Hijackthis log, as you can see, C:\WINDOWS\is-K3FOU.exe does appear, is it safe to delete it ?, incidentally, a lot of the Software that appears in the log I thought I had removed,obviously Add/Remove does not clear everything out. | jimjam (3259) | ||
| 491514 | 2006-10-15 01:09:00 | Post ALL of the log here | Speedy Gonzales (78) | ||
| 491515 | 2006-10-15 01:14:00 | Apologies, did the cut but forgot to paste ! ogfile of HijackThis v1.99.1 Scan saved at 2:09:42 p.m., on 15/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\AVG Anti-Spyware 7.5\guard.exe D:\Evidence Destructor\erasrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Winamp\winampa.exe D:\Eraser\eraser.exe C:\Program Files\WinEject\WinEject.exe D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\TorCP\torcp.exe C:\Program Files\Tor\tor.exe C:\Program Files\Vidalia\vidalia.exe D:\SYSTEM\REMINDER.EXE C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Privoxy\privoxy.exe C:\Documents and Settings\JIm\Desktop\Utilities\Nkboard.exe D:\SpyCatcher 2006\Scheduler daemon.exe D:\Program Files\Webshots\webshots.scr D:\AVG Anti-Spyware 7.5\avgas.exe D:\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://news.bbc.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://news.bbc.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftp=127.0.0.1:7212;gopher=127.0.0.1:7212;http=loca lhost:8080;https=127.0.0.1:7212 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [BitPump] "D:\AnalogX\BitPump\bitpump.exe" /VerifySettings O4 - HKLM\..\Run: [KAVPersonal50] "D:\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [GhostSurfDelSatellite] D:\GhostSurf 2005\DeleteSatellite.exe O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [SpywareTerminator] "D:\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [Total Uninstall] D:\Total Uninstall\Tun.exe O4 - HKLM\..\Run: [SystemGuardAlerter] "D:\System Mechanic 6\SystemGuardAlerter.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [WGPAddon] D:\Lock Files and Folders XP\wgpaddon.exe O4 - HKLM\..\Run: [UnlockerAssistant] D:\Unlocker\UnlockerAssistant.exe O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\JIm\Desktop\RemoveWGA.exe -startup O4 - HKLM\..\Run: [Ashampoo AntiSpyWare Guard] D:\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe O4 - HKLM\..\Run: [ScriptSentry] d:\Script Sentry\ScriptSentry.exe /check O4 - HKLM\..\Run: [WinPatrol] D:\WinPatrol.exe O4 - HKLM\..\Run: [00ERSRRRNKY] D:\Evidence Destructor\eraser.exe O4 - HKLM\..\Run: [QuickTime Update Completion 0] "C:\WINDOWS\system32\QuickTime\QuickTimeUpdateHelpe r.exe" -uninstallwithapps -destfullpath "d:\\QuickTimeUpdater.exe" -sourcefullpath "d:\\TempUpdater.exe" -atboottime "QuickTime Update Completion 0" O4 - HKLM\..\Run: [WinBackup Scheduler] C:\Program Files\LIUtilities\WinBackup\wbsched.exe O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-K3FOU.exe" /REG O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecial Action O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\JIm\LOCALS~1\Temp\IXP000.TMP\" O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i O4 - HKLM\..\RunOnce: [fm20.dll] C:\WINDOWS\system32\regsvr32 /s fm20.dll O4 - HKLM\..\RunOnce: [00ERSRRRNKY] D:\Evidence Destructor\eraser.exe remove O4 - HKCU\..\Run: [Eraser] D:\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [WinEjectAutoStart1] C:\Program Files\WinEject\WinEject.exe -instance:1 O4 - HKCU\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKCU\..\Run: [TClockEx] D:\TClockEx\TCLOCKEX.EXE O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [TorCP] "C:\Program Files\TorCP\torcp.exe" O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [Reminder] D:\SYSTEM\REMINDER.EXE O4 - HKCU\..\Run: [TeoSoft.com Online Update] C:\Program Files\TeoSoft.com\update.exe wait4connect O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware.exe O4 - Startup: ERUNT AutoBackup.lnk = D:\ERUNT\AUTOBACK.EXE O4 - Startup: Nkboard.exe.lnk = C:\Documents and Settings\JIm\Desktop\Utilities\Nkboard.exe O4 - Startup: Rainlendar.exe.lnk = D:\Program Files\Rainlendar.exe O4 - Startup: Scheduler.lnk = D:\SpyCatcher 2006\Scheduler daemon.exe O4 - Startup: Webshots.lnk = D:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Open with BitPump - D:\AnalogX\BitPump\ieint.htm O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Companion\Modules\messmod4\v6\yhexbme s.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Companion\Modules\messmod4\v6\yhexbme s.dll O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.pandasoftware.com O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - www.pestpatrol.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = O17 - HKLM\Software\..\Telephony: DomainName = O17 - HKLM\System\CCS\Services\Tcpip\..\{573872F5-F3CF-456E-B0D7-C46883728C5C}: NameServer = 203.96.152.4,203.96.152.12 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - D:\Tracks Eraser Pro\delautocomp.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Eraser Service (EraserThread) - Unknown owner - D:\Evidence Destructor\erasrv.exe O23 - Service: kavsvc - Kaspersky Lab - D:\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
jimjam (3259) | ||
| 491516 | 2006-10-15 01:42:00 | First I would uninstall all of those antispyware programs. You dont need all of them. And just use something like Spybot or Adaware. Are programs actually working on this system? Or are u stopping them why, there's so many entries in startup, which look like theyre not installing or completing the install. |
Speedy Gonzales (78) | ||
| 491517 | 2006-10-15 02:05:00 | Most of them I have, why Pest Patrol et al are still showing up I have no idea, I thought I had removed them some time ago. At the moment I am running Adaware, Spybot S & D, Spyware Blaster and an evaluation version of AVG Anti Spyware which I downloaded in order to find out if it could give me any info on C:\WINDOWS\is-K3FOU.exe (which it didn't), all appear to be running OK. I still have no idea what C:\WINDOWS\is-K3FOU.exe is and would like to delete it, but hesitate to remove it without expert advice. | jimjam (3259) | ||
| 491518 | 2006-10-15 02:28:00 | I would run HJT again tick these entries and tick fix checked O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe - Update is here (java.sun.com) O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [SpywareTerminator] "D:\Spyware Terminator\SpywareTerminatorShield.exe" - uninstall this thru add/remove programs O4 - HKLM\..\Run: [Total Uninstall] D:\Total Uninstall\Tun.exe - uninstall this O4 - HKLM\..\Run: [SystemGuardAlerter] "D:\System Mechanic 6\SystemGuardAlerter.exe" - What do u need this for? O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray - uninstall this O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [Ashampoo AntiSpyWare Guard] D:\Ashampoo AntiSpyWare\AntiSpyWareGuard.exe - uninstall this O4 - HKLM\..\Run: [WinPatrol] D:\WinPatrol.exe - uninstall this O4 - HKLM\..\Run: [00ERSRRRNKY] D:\Evidence Destructor\eraser.exe O4 - HKLM\..\Run: [QuickTime Update Completion 0] "C:\WINDOWS\system32\QuickTime\QuickTimeUpdateHelp er.exe" -uninstallwithapps -destfullpath "d:\\QuickTimeUpdater.exe" -sourcefullpath "d:\\TempUpdater.exe" -atboottime "QuickTime Update Completion 0" - if this isnt installed tick this O 4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-K3FOU.exe" /REG 4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecial Action 4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\JIm\LOCALS~1\Temp\IXP000.TMP\" O 4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps O 4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i 4 - HKLM\..\RunOnce: [fm20.dll] C:\WINDOWS\system32\regsvr32 /s fm20.dll 4 - HKLM\..\RunOnce: [00ERSRRRNKY] D:\Evidence Destructor\eraser.exe remove - HKCU\..\Run: [Eraser] D:\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [WinEjectAutoStart1] C:\Program Files\WinEject\WinEject.exe -instance:1 - whats this for? O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware.exe O4 - Startup: Scheduler.lnk = D:\SpyCatcher 2006\Scheduler daemon.exe It looks like whatever this total uninstall is, its screwing things up. Whats it do that add/remove programs doesnt do? |
Speedy Gonzales (78) | ||
| 491519 | 2006-10-15 02:58:00 | Goddam Speedy, your a machine! | rob_on_guitar (4196) | ||
| 491520 | 2006-10-15 03:11:00 | :D Those entries in startup, look like something is screwing installs up. And they're in startup to resume or something. Or there's something seriously wrong with your system. |
Speedy Gonzales (78) | ||
| 1 2 | |||||