# Page fault in non-paged area...Beginning dump of phsyical memory



## tilly122

My computer has started playing up the last couple of days...

It keeps on bringing up a blue screen which says 'page fault in non-paged area" 
"Beginning dump of physical memory"
"physical memory dump complete"
then i cant get the computer back on, and i have to switch it off.

Any ideas what causes this and how to fix it?

At one point i thought it was my usb mass storage device, but i removed that from the computer and unplugged it and its still happening...

When i turn my computer on it says "your hardware might not be working properly" but i dont know what hardware they are talking about...

My boyfriends been messing around on here downloading lost or something, could that be it??

Thanks, if anyone can help me. Im worried its going to go off halfway through my work and il lose it all.


----------



## dragjack

first off, uninstall any applications that would involve illegal p2p sharing (such as emule, bittorrent etc etc)

secondly could we have some more details about your pc
Operating System
Processor
RAM
graphics card
and sound card
maybe make of motherboard?

is your pc overheating perchance??
oh... and ALWAYS backup your work on external media (cds DVDs etc) and possibly don't let people use your pc if you're not sure what they'll be doing on it...


----------



## devil_himself

Hello tilly122

Navigate to c:\windows\minidumps
Zip some of the recent minidumps and attach them here


----------



## tilly122

Hello,

Im not sure how to tell you to all of those details, i have a dell computer if thats any help.
Operating System is Windows XP Home Edition Version 2002
Then i can tell you its Del Dimension DIM 3000
Intel Celeron CPU 3.06 Ghz

512 MB Ram

If you tell me how to find the other information i will do it.

Im not sure if its overheating? How would this happen? by leaving it on too long?


----------



## tilly122

Devil...
Ive got to there and theres 9 files, which ones shall i use?


----------



## devil_himself

Zip all of them and attach them here


----------



## tilly122

How do i zip them?
I used to know but i've forgotten.

Im sorry please bare with me...


----------



## devil_himself

1.Make a folder named minidumps on your desktop 
2.copy and paste all the minidump files from c:\windows\minidumps to the folder you made at your desktop named minidumps
3.now right click the folder >> Send to >> compressed(zipped)Folders
4 Done


----------



## tilly122

Sorry it took so long, it wouldnt let me on here...


----------



## devil_himself

Hello , Please be patient 

I'm having some problem Here with my debugger


----------



## devil_himself

Here is the bugcheck report

The fault maker is--- windev-62b1-a7b.sys

Windev.sys is a trojan downloader according to what Google told me

So i first i would like you to post a hijack this log.. ** A Member With GOLD SHIELD will look at your log

Click here to download HJTsetup.exe:
-------------------------------------------

http://www.thespykiller.co.uk/files/HJTSetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## tilly122

I am off out but i will do that when i get back around 5, and then il let you know.

thankyou


----------



## tilly122

Logfile of HijackThis v1.99.1
Scan saved at 14:22:27, on 21/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Xerox One Touch\OneTouchMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://communities.msn.com
O15 - Trusted Zone: http://groups.msn.com
O15 - Trusted Zone: http://spaces.msn.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tilly-g.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A8080502-0C9E-44BD-AE83-D44698E43992} (DvssViewer Control) - http://80.192.176.121/dvssviewer.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://webgames.d.tmsrv.com/c=0c3ae...ease/popcap/wg_bejeweled2/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83B92D91-EF9D-4B7D-AC28-829BB1CCA63B}: NameServer = 165.131.174.49
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3E5844A-95D3-4404-AD24-602A37A4BAB4}: NameServer = 165.131.174.49
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


----------



## tilly122

It was a lot quicker that i thought


----------



## devil_himself

To the left there is a red triangle with a exclamation mark. 
use it to request moderators to move this thread to the security forum


----------



## tilly122

Ok i've done that...what does that mean?
Its a security problem?


----------



## $teve

Not really.....not at 1st glance anyway......go into Add/Remove Programs and uninstall *Viewpont Manager*
Let me read through your thread and ill get back to you.


----------



## $teve

Lets just run a scan with this.

*Download and scan with* *SUPERAntiSypware* Free for Home Users
Double-click *SUPERAntiSypware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
_Please copy and paste the Scan Log results in your next reply *with a new hijackthis log*._

Click *Close* to exit the program.


----------



## ~Candy~

Also, on the error message, is there any file associated with it?


----------



## tilly122

steve i've uninstalled that, now the other thing is running, taking its time though...

And i dont think there is any file associated with it, or if there is, i havn't noticed.


----------



## tilly122

Error report came up half way through, got to start it all over again now...

However a different error message came up this time, if it helps...something along the lines of

"A problem has been detected and windows has been shut down to prevent damage

Check to be sure you have adequate disc space. 
If a driver is identified in the stop message disable the driver or check with the manufacturers for driver updates.
Try changing video adapters

Check with hardware vendor for BIOS updates. Disable BIOS memory options such as caching or shadowing

Tech Info

***Stop: 0x0000008E (0xC0000005, 0x804FE25F, 0xEE054c98, 0x00000000)

Beginning dump of physical memory
Physical memory dump complete


----------



## ~Candy~

How full is your hard drive?


----------



## tilly122

Its just happened again while performing the scan...

Then when i restarted the computer i had a message saying windows has recovered from a serious error, would you like to send an error report, so i did...

I dont know how full it is...


----------



## tilly122

After i sent that i got a website up with the following message:


Follow these steps to solve the problem with a device driver

You received this message because a device driver installed on your computer caused the Windows operating system to stop unexpectedly. This type of error is referred to as a "stop error." A stop error requires you to restart your computer.

Troubleshooting is available that might help you solve the problem

Troubleshooting

Depending on which situation is applicable to you, do one of the following:

* If this problem occurred after you installed a new hardware device on your computer, the problem might be caused by the device driver. Use the Dell Driver Reset Tool or uninstall the driver.

How do I disable or uninstall a device driver?

Note: This may cause hardware devices to stop functioning.
1. Click Start, and then click Control Panel. If you are using Classic View, click Switch to Category View.
2. Click Performance and Maintenance, and then click System.
3. Click the Hardware tab, and then click Device Manager.
4. Click the plus sign (+) next to the faulting device. You should now see the device listed.
5. Right-click the device, and then click Disable or Uninstall.

Alternate Steps
1. Click Start, and then click Search.
2. Choose All files and folders, and then type the driver name in the All or part of the file name field.
3. Click Search.
4. When the file appears in the results, right-click the file and click Rename.
5. Rename the file (for example, filename.old). Remember the file name so you can enable it later if you need to.
* If this problem occurred after you installed new software, the software might have installed a driver that caused the problem. Try uninstalling the software.

How do I uninstall a program in Windows XP?
1. Click Start, click Control Panel, and then click Add or Remove Programs.
2. Click Change or Remove Programs, and then click the program you want to change or remove.
3. Click the appropriate button:
o To change a program, click Change/Remove or Change.
o To remove a program, click Change/Remove or Remove.

Warning

When you click Change or Remove, some programs may be removed without prompting you further.

Note: Add or Remove Programs will only remove programs that were written for Windows operating systems. For other programs, check the documentation that came with the program to see if other files (such as .ini files) should be removed.
* If you don't know the specific driver or software, try performing a System Restore.
* Go online and check for updated drivers on the Microsoft Update website.
* For information about your support options, go online to the Support.Dell.Com website.


----------



## ~Candy~

Go to my computer, right click on the c: drive, go to properties, it should say how full it is....or rather how much empty space is left.


----------



## tilly122

43.6 GB used
28 GB free...


----------



## ~Candy~

Well, that shouldn't be an issue then.


----------



## tilly122

any ideas??
Shall i try running the test thing in safe mode tonight while im in bed??


----------



## tilly122

this is my anti spyware log, however, i did it in safe mode and thought i was told not to remove anything, just to copy the log into here, so i shut it down, however i have to remove everything so im going to run it again in safe mode while im out this morning, then il run the hijack this and paste it into here for you...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/22/2007 at 04:48 AM

Application Version : 3.8.1002

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 03:52:47

Memory items scanned : 169
Memory threats detected : 0
Registry items scanned : 5932
Registry threats detected : 3
File items scanned : 82643
File threats detected : 164

Trojan.Rootkit-Windev/I
HKLM\System\ControlSet001\Services\windev-62b1-a7b
C:\WINDOWS\SYSTEM32\WINDEV-62B1-A7B.SYS
HKLM\System\ControlSet003\Services\windev-62b1-a7b
HKLM\System\CurrentControlSet\Services\windev-62b1-a7b

Adware.Tracking Cookie
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][3].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][4].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][3].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][4].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][3].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected]www.screensavers[1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected]_4d4t[1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][6].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][7].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][5].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][2].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Local Settings\Temp\Cookies\tilly [email protected][1].txt
C:\Documents and Settings\Tilly 1\Local Settings\Temp\Cookies\tilly [email protected][1].txt

Trojan.Downloader-Gen/Alt
C:\WINDOWS\SYSTEM32\ALT.EXE.EXE


----------



## tilly122

Ok now this is my hijack this...

Logfile of HijackThis v1.99.1
Scan saved at 12:01:41, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Xerox One Touch\OneTouchMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Kodak\Kodak Software Updater\7288971\6.3.2.62-7288971L\Program\sprite6.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://communities.msn.com
O15 - Trusted Zone: http://groups.msn.com
O15 - Trusted Zone: http://spaces.msn.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tilly-g.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A8080502-0C9E-44BD-AE83-D44698E43992} (DvssViewer Control) - http://80.192.176.121/dvssviewer.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://webgames.d.tmsrv.com/c=0c3ae...ease/popcap/wg_bejeweled2/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83B92D91-EF9D-4B7D-AC28-829BB1CCA63B}: NameServer = 165.131.174.49
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3E5844A-95D3-4404-AD24-602A37A4BAB4}: NameServer = 165.131.174.49
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


----------



## ~Candy~

I'm starting to think it's bad ram. If you have more than one stick, try each separately.


----------



## tilly122

What do you mean one stick?? I dont understand... 

Why would it suddenley go bad? I've had this pc for over two years now and not had any trouble...


----------



## ~Candy~

If you have 512 ram installed, and you have 2 sticks (meaning two at 256) --- take one out and test with just one.

Ram, like any other computer part CAN AND DOES go bad. It heats up, cools down.....it's just another normal part........I just had to replace the ram in a computer here in Las Vegas that I hardly ever use  Started giving me lots of blue screens, crashing windows, corrupting files.....replaced the ram, and it's running like a champ again.


----------



## tilly122

I havn;t a clue how to remove it...

Since i did that scan ive had no problem, so far... *touch wood*


----------



## $teve

Lets remove the rootkit.
Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
·	Restart your computer
·	After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
·	Instead of Windows loading as normal, the Advanced Options Menu should appear;
·	Select the first option, to run Windows in Safe Mode, then press Enter.
·	Choose your usual account.
·	Open the extracted SDFix folder and double click RunThis.bat to start the script.
·	Type Y to begin the cleanup process.
·	It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
·	Press any Key and it will restart the PC.
·	When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
·	Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log.


----------



## tilly122

Ok im popping out il do it when ig et back, thanks steve.
Since i did the last thign i've had no problem, but im guessing it isn't fixed then if your telling me to do that.


----------



## $teve

It looks like its a partial leftover from another infection ,no real signs of it actually running.


----------



## tilly122

Can i blame the boyfriend then?


----------



## ~Candy~

Blame anyone you wish


----------



## tilly122

Ok everythings been fine for the last 2 days so it hink thats it...thankyou guys

Any ideas what it actually was caused by?>


----------



## tilly122

Want to quiz you for a minute.

After i kind of fixed this problem, i would get error messages up when it urned on my computer saying "your system has recovered from a serious error, would you like to send an error report" If you clicked no it would just keep popping up and popping up. But i couldnt notice any problems it was causing.

Until yesterday, when i couldnt get onto the internet at all. I rang my service provider (ntl/virgin) and they did some tests and we established i could make connections but only using ip addresses. Apparantly this meant that there was something on my computer blocking the internet, but i dont have a firewall that it could have been.

I disabled the windows firewall and it wasn't that. Could the superanti spyware or hijack this things i downloaded to fix my earlier problems have caused this?

If not has anyone got any ideas.

I've managed to get back on the net today after deleting the anti virus things and then re-installing my cable modem. However yesterday i tried to just delete the anti spyware etc and i still couldnt get on.

Im just a little worried that i've got a major problem with my computer.


----------



## Cookiegal

Please post a new HijackThis log.


----------



## tilly122

Logfile of HijackThis v1.99.1
Scan saved at 16:42:51, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Xerox One Touch\OneTouchMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\CTPdeSrv.exe
C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBPlay.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\imapi.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://communities.msn.com
O15 - Trusted Zone: http://groups.msn.com
O15 - Trusted Zone: http://spaces.msn.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tilly-g.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37240.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A8080502-0C9E-44BD-AE83-D44698E43992} (DvssViewer Control) - http://80.192.176.121/dvssviewer.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://webgames.d.tmsrv.com/c=0c3ae...ease/popcap/wg_bejeweled2/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83B92D91-EF9D-4B7D-AC28-829BB1CCA63B}: NameServer = 165.131.174.49
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3E5844A-95D3-4404-AD24-602A37A4BAB4}: NameServer = 165.131.174.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


----------



## Cookiegal

Download *AVG Anti-Spyware* from *HERE* and save that file to your desktop. Note for AVG Free anti-virus users only: this is not the same program that you already have, this is an anti-spyware program.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "*Update*" then select the "*Update now*" link.
Next select the "*Start Update*" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "*Scanner*" icon at the top of the screen, then select the "*Settings*" tab.
Once in the Settings screen click on "*Recommended actions*" and then select "*Quarantine*".
Under "*Reports*"
Select "*Automatically generate report after every scan*"
Un-Select "*Only if threats were found*"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.

Reboot your computer into *Safe Mode*. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight *Safe Mode* then hit enter.

*IMPORTANT:* Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:


Launch AVG Anti-Spyware by double clicking the icon on your desktop.
Select the "*Scanner*" icon at the top and then the "*Scan*" tab then click on "*Complete System Scan*".
AVG will now begin the scanning process. Please be patient as this may take a little time.
*Once the scan is complete, do the following:*
If you have any infections you will be prompted. Then select "*Apply all actions.*"
Next select the "*Reports*" icon at the top.
Select the "*Save report as*" button in the lower left-hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go *HERE* to run Panda's ActiveScan
You need to use IE to run this scan
Once you are on the Panda site click the *Scan your PC* button
A new window will open...click the *Check Now* button
Enter your *Country*
Enter your *State/Province*
Enter your *e-mail address* and click *send*
Select either *Home User* or *Company*
Click the big *Scan Now* button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on *My Computer* to start the scan
When the scan completes, if anything malicious is detected, click the *See Report* button, *then Save Report* and save it to a convenient location. Post the contents of the ActiveScan report

*Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.*


----------



## Frank4d

Not trying to offer malware assistance against site rules, just an observation. The blue screen errors in post #9 indicate the PC is crashing in a driver "windev-62b1-a7b.sys" however several web searches have never heard of it. Is the OP still getting BSOD errors?
===========================

BugCheck 10000050, {e4a82000, 0, 805034a1, 1}
Could not read faulting driver name
Probably caused by : windev-62b1-a7b.sys ( windev_62b1_a7b+9b3 )


----------



## Cookiegal

That is the rootkit.


----------



## tilly122

No the blank screens are gone frank, only problems i have now are with the internet connection.
Maybe something blocking it? I really dont know but its bugging me...


----------



## Cookiegal

Please carry out my instructions in post no. 44.


----------



## Cookiegal

Also, lets try this to see if it fixes the Internet connection.

Go to *Start *- *Run *- typein *cmd *and click OK.

At the command prompt type in:

*netsh winsock reset catalog*

Press enter.

then type in:

*netsh int ip reset resetlog.txt*

Press enter.

You will need to reboot afterwards.


----------



## tilly122

I will carry out the anti virus things tomorrow afternoon and let you know how i get on, as im a bit pushed for time at the minute.


----------



## Cookiegal

That's fine.


----------

