Login 
 Search | |
28-Mar-2008, 12:23 PM
#1 | |||||
| awtqp.dll problem Hi  I'm new to this, i have a virus problem on my latop, my Mcafee antivirus has detected awtqp.dll in my system32 directory but cannot clean or remove it. I have tried booting in safe mode and tried to delete it, but get the messasge that the file is in use by another application. My laptop now takes an age to boot up and shows unwanted popups. I have run Hijackthis, with the following results: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:22:27, on 28/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe C:\WINDOWS\Intellution\iLicenseSvc.exe C:\WINDOWS\ICSVRNT.EXE C:\Program Files\iPass\iPassConnect Converteam\iPCAgent.exe C:\Program Files\GE Fanuc\Proficy Machine Edition\Proficy Event Logger\LoggingService.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alspa Pilot\plantconserv.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tgbstarter.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\Alspa Pilot\tmfserv.exe C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SYSTEM32\DWRCST.exe C:\Program Files\iPass\iPassConnect Converteam\downloader\ipccheck.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\MK Net Work\ZipMail LN\zmailLN.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Netasq\VPN Client\VpnConf.exe C:\Program Files\Netasq\VPN Client\tgbike.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe C:\Program Files\WinBatch\System\popmenu.exe C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Notes\NLNOTES.EXE C:\Notes\NCDaemon.exe C:\Program Files\MK Net Work\ZipMail LN\zmnotesm.exe C:\Notes\naldaemn.EXE C:\Notes\nWEB.EXE C:\Notes\nwrdaemn.EXE C:\Notes\nupdate.EXE C:\Notes\nhldaemn.EXE C:\Program Files\Microsoft Office\Office10\EXCEL.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {14BF65FE-E7A8-4DBF-8703-691040D7B3B1} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll (file missing) O2 - BHO: (no name) - {71F1E90B-26C8-48F3-8F97-6424EB2916AA} - C:\WINDOWS\system32\awtqp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\system32\xxywwwx.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [ZipMail LN System Tray add-on] "C:\Program Files\MK Net Work\ZipMail LN\zmailLN.exe" 001 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [TgbVpn] C:\Program Files\Netasq\VPN Client\VpnConf.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ? O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ? O4 - Global Startup: PopMenu exe.lnk = C:\Program Files\WinBatch\System\popmenu.exe O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE O4 - Global Startup: Vision Services.lnk = C:\Program Files\Common Files\Vision\vservice.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159016102640 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rugbr.uk.powerconv.alstom.com O17 - HKLM\Software\..\Telephony: DomainName = rugbr.uk.powerconv.alstom.com O17 - HKLM\System\CCS\Services\Tcpip\..\{683E0A73-E6D9-49C4-AB94-C353333D96B7}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\..\{68EDFDE2-75AD-4C32-BB91-1F5BCD9E0494}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\..\{70286A27-B90B-4A17-88FB-6D49028F7919}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\..\{72282AA0-A06D-4326-8224-F6010827C06D}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\..\{756C3E7E-66E5-4E9A-A90E-434E9D034054}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\..\{85F9C6A0-123C-4440-8791-AA5ECECC9836}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\..\{865053B2-327E-4678-92C5-2F308D9B7490}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\..\{8E23807D-ECE5-447C-833A-52CD09F7B96E}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\..\{9183157D-668D-4828-8675-B3009183CD29}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\..\{C9A986C4-FA3E-419F-B871-523EE2F051E0}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\..\{DDBCD82C-2623-4039-900A-1B6C34403200}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\..\{E1BDCAFD-AE5E-474A-B9C8-305BB13A01D0}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\..\{F72F5346-D0E1-4206-8762-C71DEDEF7483}: NameServer = 85.255.116.45,85.255.112.232 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rugbr.uk.powerconv.alstom.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.45 85.255.112.232 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rugbr.uk.powerconv.alstom.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.45 85.255.112.232 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.45 85.255.112.232 O20 - Winlogon Notify: xxywwwx - C:\WINDOWS\SYSTEM32\xxywwwx.dll O22 - SharedTaskScheduler: inoperable - {1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0} - (no file) O23 - Service: AEClientHostService - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe O23 - Service: Proficy Licensing (CCFLIC0) - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FxControl Runtime (FxControlRuntime) - GE Fanuc Automation Canada Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: M1 Licensing Helper (iLicenseSvc) - GE Fanuc Automation Americas, Inc. - C:\WINDOWS\Intellution\iLicenseSvc.exe O23 - Service: InterCom Server (InterCom) - CNS International - C:\WINDOWS\ICSVRNT.EXE O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect Converteam\iPassConnectEngine.exe O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect Converteam\iPCAgent.exe O23 - Service: Proficy Log Server (LoggingService) - Unknown owner - C:\Program Files\GE Fanuc\Proficy Machine Edition\Proficy Event Logger\LoggingService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: OVERLAND Plant Connection (PLANTCONSERV) - Converteam Ltd - C:\Program Files\Alspa Pilot\plantconserv.exe O23 - Service: Proficy Driver Runtime - Total Control Products (Canada) Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\fxView\Runtime\ProficyDrivers\Win32\GefPdfOpc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TgbIke Starter (TgbIKE Starter) - Sistech - C:\WINDOWS\system32\tgbstarter.exe O23 - Service: Alspa Pilot Server (TMFSERV) - Converteam Ltd - C:\Program Files\Alspa Pilot\tmfserv.exe O23 - Service: Trapi File Server (TrapiServer) - GE Fanuc Automation Canada Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -- End of file - 16890 bytes Can you help please |
 |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 09:50 AM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile