# Please Help!!!!



## bkevinb (Apr 10, 2008)

Hello, i need some help with this. I have some spyware or a virus, but every scan i do comes up nothing. Whatever i did find, i deleted but my computer is running so slow and keeps rebooting. The computer restarts itself every 20 mins or so, and takes 12 mins to reboot. I had popups at start up and even when idle asking me to download Ultimate Defender. Ive been trying to remove Ultimate defender for a while now using the steps listed in forums. When it starts up now, it gives me an error message "The system has recovered from a serious error." When i am searching for things on google, and click the link provided, it redirects me to a diffrent site. I can now only access the net through pages in my favorites. Can someone PLEASE help me? I am running Xp sp2 Is there any other information than can be helpful in solving this Problem? Here are some of the scans i have tryed, Ad-Aware SE Professional, Spybot - Search & Destroy, AVG 7.5, AVG Anti-Spyware, Spyware Doctor, CCleaner, avast! Antivirus, Malwarebytes' Anti-Malware, SmitfraudFix.exe, SUPERAntiSpyware Free Edition.


----------



## bkevinb (Apr 10, 2008)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:34 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7804 bytes


----------



## bkevinb (Apr 10, 2008)

Something added a file to my desktop, the name of the file is:
New Microsoft Office Access Application.mdb
I did not open this file, i do not know what or where it came from.


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.

*Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.*


----------



## bkevinb (Apr 10, 2008)

ComboFix 08-04-13.3 - New User 2008-04-14 20:40:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.182 [GMT -4:00]
Running from: C:\Documents and Settings\New User\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\wsystmp_wvk.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE

((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-13 10:34 . 2008-04-13 10:38 d--------	C:\Program Files\Panda Security
2008-04-10 21:43 . 2007-09-05 23:22	289,144	--a------	C:\WINDOWS\system32\VCCLSID.exe
2008-04-10 21:43 . 2006-04-27 16:49	288,417	--a------	C:\WINDOWS\system32\SrchSTS.exe
2008-04-10 21:43 . 2008-03-28 23:19	86,528	--a------	C:\WINDOWS\system32\VACFix.exe
2008-04-10 21:43 . 2008-03-26 08:50	82,432	--a------	C:\WINDOWS\system32\IEDFix.exe
2008-04-10 21:43 . 2003-06-05 20:13	53,248	--a------	C:\WINDOWS\system32\Process.exe
2008-04-10 21:43 . 2004-07-31 17:50	51,200	--a------	C:\WINDOWS\system32\dumphive.exe
2008-04-10 21:43 . 2007-10-03 23:36	25,600	--a------	C:\WINDOWS\system32\WS2Fix.exe
2008-04-10 19:10 . 2008-04-10 19:10 d--------	C:\Program Files\SUPERAntiSpyware
2008-04-10 19:10 . 2008-04-10 19:10 d--------	C:\Documents and Settings\New User\Application Data\SUPERAntiSpyware.com
2008-04-10 19:10 . 2008-04-10 19:10 d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-09 22:33 . 2008-04-09 22:33 d--------	C:\Documents and Settings\New User\Application Data\Uniblue
2008-04-09 21:04 . 2008-02-22 02:33	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-04-09 20:50 . 2008-04-09 20:50 d--------	C:\Program Files\CCleaner
2008-04-08 20:53 . 2008-03-29 14:23	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2008-04-08 20:53 . 2008-03-29 14:35	94,544	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-08 20:53 . 2008-01-17 11:34	93,264	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-08 20:53 . 2008-03-29 14:31	75,856	--a------	C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-08 20:53 . 2008-03-29 14:27	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-08 20:53 . 2008-03-29 14:26	26,944	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-08 20:53 . 2008-03-29 14:29	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-08 20:53 . 2008-03-29 14:35	20,560	--a------	C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-08 20:52 . 2008-04-08 20:52 d--------	C:\Program Files\Alwil Software
2008-04-08 20:52 . 2008-03-29 14:45	1,146,232	--a------	C:\WINDOWS\system32\aswBoot.exe
2008-04-08 20:52 . 2004-01-09 04:13	380,928	--a------	C:\WINDOWS\system32\actskin4.ocx
2008-04-08 06:58 . 2008-04-08 06:58 d--------	C:\Deckard
2008-04-07 23:36 . 2008-04-07 23:36 d--------	C:\Documents and Settings\New User\Application Data\Apple Computer
2008-04-07 22:38 . 2008-04-07 22:52 d--------	C:\fixwareout
2008-04-07 22:10 . 2008-04-10 22:42	1,600	--a------	C:\WINDOWS\system32\tmp.reg
2008-04-07 22:02 . 2008-04-07 22:02 d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 22:02 . 2008-04-07 22:02 d--------	C:\Documents and Settings\New User\Application Data\Malwarebytes
2008-04-07 22:02 . 2008-04-07 22:02 d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 22:00 . 2008-04-07 22:00 d--------	C:\_OTMoveIt
2008-04-07 21:35 . 2008-04-07 21:36 d--------	C:\WINDOWS\ERUNT
2008-04-07 21:21 . 2008-04-07 21:21 d--------	C:\Documents and Settings\Administrator.NEW
2008-04-07 20:37 . 2008-04-07 20:37 d--------	C:\Program Files\Trend Micro
2008-04-05 21:14 . 2008-04-11 23:32 d--------	C:\Program Files\Spyware Doctor
2008-04-05 21:14 . 2008-04-05 21:14 d--------	C:\Documents and Settings\New User\Application Data\PC Tools
2008-04-05 21:14 . 2007-12-10 14:53	81,288	--a------	C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-05 21:14 . 2007-12-10 14:53	66,952	--a------	C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-05 21:14 . 2008-02-01 12:55	42,376	--a------	C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-05 21:14 . 2007-12-10 14:53	29,576	--a------	C:\WINDOWS\system32\drivers\kcom.sys
2008-04-02 22:33 . 2005-10-20 21:47	30,592	---------	C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-02 22:33 . 2005-10-20 21:47	12,800	---------	C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-02 22:31 . 2008-04-02 22:31 d--------	C:\Program Files\MS Extra links
2008-03-30 20:07 . 2007-01-18 08:00	3,968	--a------	C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-03-30 20:01 . 2008-03-30 20:01 d--------	C:\Documents and Settings\New User\Application Data\Grisoft
2008-03-30 20:01 . 2007-05-30 08:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-30 19:45 . 2008-04-07 19:50 d--------	C:\Documents and Settings\New User\Application Data\AVG7
2008-03-30 19:44 . 2008-03-30 19:44 d--------	C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-30 19:44 . 2008-03-30 20:00 d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 19:44 . 2008-03-30 19:53 d--------	C:\Documents and Settings\All Users\Application Data\avg7
2008-03-30 17:10 . 2008-04-13 10:14	4,212	---h-----	C:\WINDOWS\system32\zllictbl.dat
2008-03-30 17:09 . 2008-03-30 17:09 d--------	C:\Program Files\Zone Labs
2008-03-30 17:08 . 2008-04-14 20:37 d--------	C:\WINDOWS\Internet Logs
2008-03-23 19:42 . 2008-03-23 19:42 d--------	C:\Documents and Settings\Administrator
2008-03-21 21:38 . 2008-03-21 21:58 d--------	C:\kav
2008-03-21 19:14 . 2008-03-30 15:33 d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-19 20:10 . 2008-03-19 19:33	691,545	--a------	C:\WINDOWS\unins000.exe
2008-03-19 20:10 . 2008-03-19 20:10	2,541	--a------	C:\WINDOWS\unins000.dat
2008-03-17 22:42 . 2008-03-17 22:42 d--------	C:\Documents and Settings\All Users\Application Data\SlySoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 15:00	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 01:21	1,899,520	----a-w	C:\WINDOWS\Internet Logs\xDB5.tmp
2008-04-12 03:33	1,899,008	----a-w	C:\WINDOWS\Internet Logs\xDB4.tmp
2008-04-12 03:33	1,864,192	----a-w	C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-12 02:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 03:01	---------	d-----w	C:\Program Files\PokerStars
2008-04-10 23:09	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 01:04	---------	d-----w	C:\Program Files\Java
2008-04-07 03:53	---------	d-----w	C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-07 03:50	---------	d-----w	C:\Documents and Settings\New User\Application Data\RipIt4Me
2008-04-03 02:33	---------	d-----w	C:\Program Files\Microsoft ActiveSync
2008-04-01 00:03	1,557,504	----a-w	C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-30 22:47	174,592	----a-w	C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-30 22:39	502,272	----a-w	C:\WINDOWS\system32\winlogon.exe
2008-03-28 00:24	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-03-26 01:04	---------	d-----w	C:\Program Files\PCPitstop
2008-03-24 20:44	---------	d-----w	C:\Documents and Settings\New User\Application Data\Canon
2008-03-22 01:40	---------	d-----w	C:\Program Files\Symantec
2008-03-22 01:40	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-03-20 00:43	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-03-07 13:24	97,216	----a-w	C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-03-06 00:03	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-03-05 23:30	---------	d-----w	C:\Program Files\SlySoft
2007-12-03 02:10	24,328	----a-w	C:\Documents and Settings\New User\Application Data\info.dat
2007-12-02 22:50	2,619	----a-w	C:\Documents and Settings\New User\Application Data\39315.exe
2004-10-01 19:00	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 13:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 13:33 892928]
"Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [2003-01-27 06:15 396800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-30 19:44 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\kav\\kis\\setup.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 FPMSNT;FPMSNT;C:\WINDOWS\system32\drivers\FPMSNT.sys [2000-06-06 16:47]
R2 Sdselect;Sdselect;C:\WINDOWS\system32\drivers\Sdselect.sys [2000-11-14 11:54]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:00]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-09-27 00:32]
S3 EPUSBDSK;EPSON USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\EPUSBDSK.sys [2000-02-15 20:00]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 18:13]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 22:28:25 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 20:55:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
--

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
.
**************************************************************************
.
Completion time: 2008-04-14 20:58:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 00:58:11

Pre-Run: 33,632,915,456 bytes free
Post-Run: 33,543,266,304 bytes free
.
2007-12-01 01:43:24	--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:24 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7728 bytes


----------



## Cookiegal (Aug 27, 2003)

Please go to the following link and upload the following file(s) for analysis and let me know what the results are please:

http://virusscan.jotti.org/

C:\Documents and Settings\New User\Application Data\*39315.exe*

Open Notepad and copy and paste the text in the code box below into it:


```
DirLook::
C:\Documents and Settings\Administrator.NEW
C:\Documents and Settings\Administrator
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## Cookiegal (Aug 27, 2003)

Also, I see you're running both Avast and AVG and also an entry for Norton. It's not good to have more than one anti-virus program installed as they will conflict and cause problems. Please decided which one you want to keep and completely uninstall the others.


----------



## bkevinb (Apr 10, 2008)

Here are the 2 logs, and the virus scan too.
The virus scan of C:\Documents and Settings\New User\Application Data\39315.exe
at http://virusscan.jotti.org/

Service load: 0% 100%

File: 39315.exe 
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) 
MD5: 2f501741705321418d8692e9ed9f75ac 
Packers detected: - 
Bit9 reports: File not found

Scanner results 
Scan taken on 16 Apr 2008 22:40:20 (GMT) 
A-Squared Found nothing 
AntiVir Found nothing 
ArcaVir Found nothing 
Avast Found nothing 
AVG Antivirus Found nothing 
BitDefender Found nothing 
ClamAV Found nothing 
CPsecure Found nothing 
Dr.Web Found nothing 
F-Prot Antivirus Found nothing 
F-Secure Anti-Virus Found nothing 
Fortinet Found nothing 
Ikarus Found nothing 
Kaspersky Anti-Virus Found nothing 
NOD32 Found nothing 
Norman Virus Control Found nothing 
Panda Antivirus Found nothing 
Sophos Antivirus Found nothing 
VirusBuster Found nothing 
VBA32 Found nothing

The Combofix Log:

ComboFix 08-04-13.3 - New User 2008-04-16 18:48:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.274 [GMT -4:00]
Running from: C:\Documents and Settings\New User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\New User\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-15 18:50 . 2007-04-26 08:55	528,797	--a------	C:\WINDOWS\_detmp.1
2008-04-15 18:50 . 2002-08-29 04:00	128,000	--a------	C:\WINDOWS\_detmp.2
2008-04-15 18:36 . 2008-04-15 18:36 d--------	C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-13 10:34 . 2008-04-13 10:38 d--------	C:\Program Files\Panda Security
2008-04-10 21:43 . 2007-09-05 23:22	289,144	--a------	C:\WINDOWS\system32\VCCLSID.exe
2008-04-10 21:43 . 2006-04-27 16:49	288,417	--a------	C:\WINDOWS\system32\SrchSTS.exe
2008-04-10 21:43 . 2008-03-28 23:19	86,528	--a------	C:\WINDOWS\system32\VACFix.exe
2008-04-10 21:43 . 2008-03-26 08:50	82,432	--a------	C:\WINDOWS\system32\IEDFix.exe
2008-04-10 21:43 . 2003-06-05 20:13	53,248	--a------	C:\WINDOWS\system32\Process.exe
2008-04-10 21:43 . 2004-07-31 17:50	51,200	--a------	C:\WINDOWS\system32\dumphive.exe
2008-04-10 21:43 . 2007-10-03 23:36	25,600	--a------	C:\WINDOWS\system32\WS2Fix.exe
2008-04-10 19:10 . 2008-04-10 19:10 d--------	C:\Program Files\SUPERAntiSpyware
2008-04-10 19:10 . 2008-04-10 19:10 d--------	C:\Documents and Settings\New User\Application Data\SUPERAntiSpyware.com
2008-04-10 19:10 . 2008-04-10 19:10 d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-09 22:33 . 2008-04-09 22:33 d--------	C:\Documents and Settings\New User\Application Data\Uniblue
2008-04-09 21:04 . 2008-02-22 02:33	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-04-09 20:50 . 2008-04-09 20:50 d--------	C:\Program Files\CCleaner
2008-04-08 20:53 . 2008-03-29 14:23	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2008-04-08 20:53 . 2008-03-29 14:35	94,544	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-08 20:53 . 2008-01-17 11:34	93,264	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-08 20:53 . 2008-03-29 14:31	75,856	--a------	C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-08 20:53 . 2008-03-29 14:27	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-08 20:53 . 2008-03-29 14:26	26,944	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-08 20:53 . 2008-03-29 14:29	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-08 20:53 . 2008-03-29 14:35	20,560	--a------	C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-08 20:52 . 2008-04-08 20:52 d--------	C:\Program Files\Alwil Software
2008-04-08 20:52 . 2008-03-29 14:45	1,146,232	--a------	C:\WINDOWS\system32\aswBoot.exe
2008-04-08 20:52 . 2004-01-09 04:13	380,928	--a------	C:\WINDOWS\system32\actskin4.ocx
2008-04-08 06:58 . 2008-04-08 06:58 d--------	C:\Deckard
2008-04-07 23:36 . 2008-04-07 23:36 d--------	C:\Documents and Settings\New User\Application Data\Apple Computer
2008-04-07 22:38 . 2008-04-07 22:52 d--------	C:\fixwareout
2008-04-07 22:10 . 2008-04-10 22:42	1,600	--a------	C:\WINDOWS\system32\tmp.reg
2008-04-07 22:02 . 2008-04-07 22:02 d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 22:02 . 2008-04-07 22:02 d--------	C:\Documents and Settings\New User\Application Data\Malwarebytes
2008-04-07 22:02 . 2008-04-07 22:02 d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 22:00 . 2008-04-07 22:00 d--------	C:\_OTMoveIt
2008-04-07 21:35 . 2008-04-07 21:36 d--------	C:\WINDOWS\ERUNT
2008-04-07 21:21 . 2008-04-07 21:21 d--------	C:\Documents and Settings\Administrator.NEW
2008-04-07 20:37 . 2008-04-07 20:37 d--------	C:\Program Files\Trend Micro
2008-04-05 21:14 . 2008-04-11 23:32 d--------	C:\Program Files\Spyware Doctor
2008-04-05 21:14 . 2008-04-05 21:14 d--------	C:\Documents and Settings\New User\Application Data\PC Tools
2008-04-05 21:14 . 2007-12-10 14:53	81,288	--a------	C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-05 21:14 . 2007-12-10 14:53	66,952	--a------	C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-05 21:14 . 2008-02-01 12:55	42,376	--a------	C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-05 21:14 . 2007-12-10 14:53	29,576	--a------	C:\WINDOWS\system32\drivers\kcom.sys
2008-04-02 22:33 . 2005-10-20 21:47	30,592	---------	C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-02 22:33 . 2005-10-20 21:47	12,800	---------	C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-02 22:31 . 2008-04-02 22:31 d--------	C:\Program Files\MS Extra links
2008-03-30 19:44 . 2008-04-15 18:35 d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 17:10 . 2008-04-16 18:33	4,212	---h-----	C:\WINDOWS\system32\zllictbl.dat
2008-03-30 17:09 . 2008-03-30 17:09 d--------	C:\Program Files\Zone Labs
2008-03-30 17:08 . 2008-04-16 18:39 d--------	C:\WINDOWS\Internet Logs
2008-03-23 19:42 . 2008-03-23 19:42 d--------	C:\Documents and Settings\Administrator
2008-03-21 21:38 . 2008-03-21 21:58 d--------	C:\kav
2008-03-21 19:14 . 2008-03-30 15:33 d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-19 20:10 . 2008-03-19 19:33	691,545	--a------	C:\WINDOWS\unins000.exe
2008-03-19 20:10 . 2008-03-19 20:10	2,541	--a------	C:\WINDOWS\unins000.dat
2008-03-17 22:42 . 2008-03-17 22:42 d--------	C:\Documents and Settings\All Users\Application Data\SlySoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 00:31	---------	d-----w	C:\Program Files\WinFax
2008-04-13 15:00	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 01:21	1,899,520	----a-w	C:\WINDOWS\Internet Logs\xDB5.tmp
2008-04-12 03:33	1,899,008	----a-w	C:\WINDOWS\Internet Logs\xDB4.tmp
2008-04-12 03:33	1,864,192	----a-w	C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-12 02:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 03:01	---------	d-----w	C:\Program Files\PokerStars
2008-04-10 23:09	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 01:04	---------	d-----w	C:\Program Files\Java
2008-04-07 03:53	---------	d-----w	C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-07 03:50	---------	d-----w	C:\Documents and Settings\New User\Application Data\RipIt4Me
2008-04-03 02:33	---------	d-----w	C:\Program Files\Microsoft ActiveSync
2008-04-01 00:03	1,557,504	----a-w	C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-30 22:47	174,592	----a-w	C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-30 22:39	502,272	----a-w	C:\WINDOWS\system32\winlogon.exe
2008-03-28 00:24	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-03-26 01:04	---------	d-----w	C:\Program Files\PCPitstop
2008-03-24 20:44	---------	d-----w	C:\Documents and Settings\New User\Application Data\Canon
2008-03-22 01:40	---------	d-----w	C:\Program Files\Symantec
2008-03-22 01:40	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-03-20 00:43	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-03-07 13:24	97,216	----a-w	C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-03-06 00:03	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-03-05 23:30	---------	d-----w	C:\Program Files\SlySoft
2007-12-03 02:10	24,328	----a-w	C:\Documents and Settings\New User\Application Data\info.dat
2007-12-02 22:50	2,619	----a-w	C:\Documents and Settings\New User\Application Data\39315.exe
2004-10-01 19:00	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Administrator ----

2008-04-14 20:33	1024	--ah-----	C:\Documents and Settings\Administrator\NtUser.dat.LOG 
2008-04-05 18:39	1572864	--ah-----	C:\Documents and Settings\Administrator\NTUSER.DAT 
2008-03-23 19:44	16384	--a------	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat 
2008-03-23 19:42	8192	--ah-----	C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 
2008-03-23 19:42	62	--ahs----	C:\Documents and Settings\Administrator\Local Settings\desktop.ini 
2008-03-23 19:42	262144	---h-----	C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 
2008-03-23 19:42	20	--ahs----	C:\Documents and Settings\Administrator\ntuser.ini 
2007-01-07 23:30	67	--ahs----	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini 
2007-01-07 23:30	113	--ahs----	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini 
2007-01-07 23:30	113	--ahs----	C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini 
2007-01-07 23:25	84	--ahs----	C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini 
2007-01-07 23:25	84	--ahs----	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini 
2007-01-07 23:25	804	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk 
2007-01-07 23:25	792	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk 
2007-01-07 23:25	720896	--a------	C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb 
2007-01-07 23:25	498	--a------	C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD 
2007-01-07 23:25	482	--ahs----	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini 
2007-01-07 23:25	386	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk 
2007-01-07 23:25	348	--ahs----	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini 
2007-01-07 23:25	1599	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk 
2007-01-07 23:25	1555	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk 
2007-01-07 23:25	1539	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 
2007-01-07 23:25	1532	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 
2007-01-07 23:25	1527	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk 
2007-01-07 23:25	1525	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 
2007-01-07 23:25	1519	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk 
2007-01-07 23:25	1519	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk 
2007-01-07 23:25	1501	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk 
2007-01-07 23:25	148	--ahs----	C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini 
2007-01-07 23:25	141	--a------	C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt 
2007-01-07 23:25	12784	--a------	C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML 
2007-01-07 23:25	113	--a------	C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak 
2007-01-07 23:24	181	--ahs----	C:\Documents and Settings\Administrator\SendTo\desktop.ini 
2007-01-07 23:24	0	--a------	C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail 
2007-01-07 23:24	0	--a------	C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink 
2007-01-07 23:24	0	--a------	C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget 
2007-01-07 23:23	1487	--a------	C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk 
2007-01-07 15:05	62	--ahs----	C:\Documents and Settings\Administrator\Start Menu\desktop.ini 
2007-01-07 15:05	62	--ahs----	C:\Documents and Settings\Administrator\Application Data\desktop.ini 
2004-08-04 08:00	58	--a------	C:\Documents and Settings\Administrator\Templates\sndrec.wav 
2004-08-04 08:00	57	-ra------	C:\Documents and Settings\Administrator\Templates\wordpfct.wpg 
2004-08-04 08:00	5632	--a------	C:\Documents and Settings\Administrator\Templates\excel.xls 
2004-08-04 08:00	461	--a------	C:\Documents and Settings\Administrator\Templates\presenta.shw 
2004-08-04 08:00	4608	--a------	C:\Documents and Settings\Administrator\Templates\winword.doc 
2004-08-04 08:00	4570	--a------	C:\Documents and Settings\Administrator\Templates\amipro.sam 
2004-08-04 08:00	4017	--a------	C:\Documents and Settings\Administrator\Templates\quattro.wb2 
2004-08-04 08:00	30	-ra------	C:\Documents and Settings\Administrator\Templates\wordpfct.wpd 
2004-08-04 08:00	2448	--a------	C:\Documents and Settings\Administrator\Templates\lotus.wk4 
2004-08-04 08:00	1769	--a------	C:\Documents and Settings\Administrator\Templates\winword2.doc 
2004-08-04 08:00	1518	--a------	C:\Documents and Settings\Administrator\Templates\excel4.xls 
2004-08-04 08:00	12288	--a------	C:\Documents and Settings\Administrator\Templates\powerpnt.ppt

---- Directory of C:\Documents and Settings\Administrator.NEW ----

2008-04-15 18:36	1024	--ah-----	C:\Documents and Settings\Administrator.NEW\NtUser.dat.LOG 
2008-04-07 21:42	786432	--ah-----	C:\Documents and Settings\Administrator.NEW\NTUSER.DAT 
2008-04-07 21:42	1024	--ah-----	C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 
2008-04-07 21:35	26	--ah-----	C:\Documents and Settings\Administrator.NEW\My Documents\My Logitech Pictures\Pictures and Videos\folder.dat 
2008-04-07 21:34	62	--ahs----	C:\Documents and Settings\Administrator.NEW\Local Settings\desktop.ini 
2008-04-07 21:34	2528	--a------	C:\Documents and Settings\Administrator.NEW\Application Data\$_hpcst$.hpc 
2008-04-07 21:34	16384	--a------	C:\Documents and Settings\Administrator.NEW\Local Settings\History\History.IE5\index.dat 
2008-04-07 21:34	1488	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Windows Explorer.lnk 
2008-04-07 21:23	4240656	--ah-----	C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\IconCache.db 
2008-04-07 21:23	262144	--ah-----	C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 
2008-04-07 21:23	178	---hs----	C:\Documents and Settings\Administrator.NEW\ntuser.ini 
2007-01-07 23:30	67	--ahs----	C:\Documents and Settings\Administrator.NEW\Local Settings\Temporary Internet Files\desktop.ini 
2007-01-07 23:30	113	--ahs----	C:\Documents and Settings\Administrator.NEW\Local Settings\History\History.IE5\desktop.ini 
2007-01-07 23:30	113	--ahs----	C:\Documents and Settings\Administrator.NEW\Local Settings\History\desktop.ini 
2007-01-07 23:25	84	--ahs----	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Startup\desktop.ini 
2007-01-07 23:25	84	--ahs----	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Entertainment\desktop.ini 
2007-01-07 23:25	804	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk 
2007-01-07 23:25	792	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Windows Media Player.lnk 
2007-01-07 23:25	720896	--a------	C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb 
2007-01-07 23:25	498	--a------	C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD 
2007-01-07 23:25	482	--ahs----	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\desktop.ini 
2007-01-07 23:25	386	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk 
2007-01-07 23:25	348	--ahs----	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\desktop.ini 
2007-01-07 23:25	1599	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Remote Assistance.lnk 
2007-01-07 23:25	1555	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Command Prompt.lnk 
2007-01-07 23:25	1539	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 
2007-01-07 23:25	1532	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 
2007-01-07 23:25	1527	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Tour Windows XP.lnk 
2007-01-07 23:25	1525	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 
2007-01-07 23:25	1519	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Synchronize.lnk 
2007-01-07 23:25	1519	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Notepad.lnk 
2007-01-07 23:25	1501	--a------	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk 
2007-01-07 23:25	148	--ahs----	C:\Documents and Settings\Administrator.NEW\Start Menu\Programs\desktop.ini 
2007-01-07 23:25	141	--a------	C:\Documents and Settings\Administrator.NEW\Application Data\Microsoft\Internet Explorer\brndlog.txt 
2007-01-07 23:25	12784	--a------	C:\Documents and Settings\Administrator.NEW\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML 
2007-01-07 23:25	113	--a------	C:\Documents and Settings\Administrator.NEW\Application Data\Microsoft\Internet Explorer\brndlog.bak 
2007-01-07 23:24	181	--ahs----	C:\Documents and Settings\Administrator.NEW\SendTo\desktop.ini 
2007-01-07 23:24	0	--a------	C:\Documents and Settings\Administrator.NEW\SendTo\Mail Recipient.MAPIMail 
2007-01-07 23:24	0	--a------	C:\Documents and Settings\Administrator.NEW\SendTo\Desktop (create shortcut).DeskLink 
2007-01-07 23:24	0	--a------	C:\Documents and Settings\Administrator.NEW\SendTo\Compressed (zipped) Folder.ZFSendToTarget 
2007-01-07 15:05	62	--ahs----	C:\Documents and Settings\Administrator.NEW\Start Menu\desktop.ini 
2007-01-07 15:05	62	--ahs----	C:\Documents and Settings\Administrator.NEW\Application Data\desktop.ini 
2004-08-04 08:00	58	--a------	C:\Documents and Settings\Administrator.NEW\Templates\sndrec.wav 
2004-08-04 08:00	57	-ra------	C:\Documents and Settings\Administrator.NEW\Templates\wordpfct.wpg 
2004-08-04 08:00	5632	--a------	C:\Documents and Settings\Administrator.NEW\Templates\excel.xls 
2004-08-04 08:00	461	--a------	C:\Documents and Settings\Administrator.NEW\Templates\presenta.shw 
2004-08-04 08:00	4608	--a------	C:\Documents and Settings\Administrator.NEW\Templates\winword.doc 
2004-08-04 08:00	4570	--a------	C:\Documents and Settings\Administrator.NEW\Templates\amipro.sam 
2004-08-04 08:00	4017	--a------	C:\Documents and Settings\Administrator.NEW\Templates\quattro.wb2 
2004-08-04 08:00	30	-ra------	C:\Documents and Settings\Administrator.NEW\Templates\wordpfct.wpd 
2004-08-04 08:00	2448	--a------	C:\Documents and Settings\Administrator.NEW\Templates\lotus.wk4 
2004-08-04 08:00	1769	--a------	C:\Documents and Settings\Administrator.NEW\Templates\winword2.doc 
2004-08-04 08:00	1518	--a------	C:\Documents and Settings\Administrator.NEW\Templates\excel4.xls 
2004-08-04 08:00	12288	--a------	C:\Documents and Settings\Administrator.NEW\Templates\powerpnt.ppt

((((((((((((((((((((((((((((( [email protected]_20.57.05.88 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 00:51:02	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-04-16 22:33:42	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-04-16 22:34:02	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 13:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 13:33 892928]
"Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [2003-01-27 06:15 396800]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\kav\\kis\\setup.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 FPMSNT;FPMSNT;C:\WINDOWS\system32\drivers\FPMSNT.sys [2000-06-06 16:47]
R2 Sdselect;Sdselect;C:\WINDOWS\system32\drivers\Sdselect.sys [2000-11-14 11:54]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:00]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-09-27 00:32]
S3 EPUSBDSK;EPSON USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\EPUSBDSK.sys [2000-02-15 20:00]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-01 18:13]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 22:28:25 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 18:52:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
--

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Fdc]
"ImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\fdc.sys\00"
"SDImagePath"=multi:"system32\DRIVERS\fdc.sys\00"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Flpydisk]
"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
"KeepImagePath"=multi:"system32\DRIVERS\flpydisk.sys\00"
"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"
.
Completion time: 2008-04-16 18:53:52
ComboFix-quarantined-files.txt 2008-04-15 00:58:11

Pre-Run: 33,556,713,472 bytes free
Post-Run: 33,533,169,664 bytes free
.
2007-12-01 01:43:24	--- E O F ---


----------



## bkevinb (Apr 10, 2008)

And the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:36 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6610 bytes


----------



## Cookiegal (Aug 27, 2003)

Did you just create this new account?

*Administrator.NEW*


----------



## bkevinb (Apr 10, 2008)

No i didn't, was i supposed to?


----------



## Cookiegal (Aug 27, 2003)

No. The following line in ComboFix indicates this folder was created on April 7, 2008 yet it looks like a valid account by the contents:

2008-04-07 21:21 . 2008-04-07 21:21 d-------- C:\Documents and Settings\*Administrator.NEW*

Do you see that account when you log in? Can you log into it?


----------



## bkevinb (Apr 10, 2008)

If you mean by going to >start, >Log Off New User, >Switch User, there are no other names to log in as. I also looked into the Administrator.NEW folders, and they are empty.


----------



## Cookiegal (Aug 27, 2003)

They shouldn't all be empty but it looks like a legitimate account.

Please run Kaspersky online virus scan *Kaspersky Online Scanner*.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the *"Extended database" *for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

*Note:* You have to use Internet Explorer to do the online scan.

*Post a new HiJackThis log along with the results from the Kaspersky scan.*


----------



## bkevinb (Apr 10, 2008)

Friday, April 18, 2008 10:20:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/04/2008
Kaspersky Anti-Virus database records: 714799

Scan Settings 
Scan using the following antivirus database extended 
Scan Archives true 
Scan Mail Bases true

Scan Target My Computer 
A:\
C:\
D:\
E:\
K:\

Scan Statistics 
Total number of scanned objects 42348 
Number of viruses found 2 
Number of infected objects 7 
Number of suspicious objects 0 
Duration of the scan process 02:15:09

Infected Object Name Virus Name Last Action 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40000.VBN Infected: Trojan-Dropper.Win32.Agent.qfy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40001.VBN Infected: Trojan-Dropper.Win32.Agent.qfy skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BD40002.VBN Infected: Trojan-Dropper.Win32.Agent.qfy skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\New User\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\New User\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\New User\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\New User\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\New User\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped

C:\Documents and Settings\New User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\New User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\New User\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\New User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\New User\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\New User\ntuser.dat.LOG Object is locked skipped

C:\itouch_crash_info.txt Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{174E6BA6-FCA9-490B-80ED-432F2F59CB73}\RP11\change.log Object is locked skipped

C:\System Volume Information\_restore{174E6BA6-FCA9-490B-80ED-432F2F59CB73}\RP4\A0011367.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\NEW.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\S1AFC92D6.tmp Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{174E6BA6-FCA9-490B-80ED-432F2F59CB73}\RP11\change.log Object is locked skipped

Scan process completed.

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:33 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6852 bytes


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run * type in *cmd *then click OK. The MSDOS window will be displayed. At the prompt type the following:

*SC Delete SDService*

Then press Enter.

Type:

*Exit*

Then press Enter.

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click *fix checked*.

*O21 - SSODL: SetupComponent - {15dacb26-d8cd-4a7d-b710-f290d7fe81de} - (no file)
O21 - SSODL: DrvVolume - {9c382772-49be-445f-b33a-1aab4f32b5f4} - (no file)*

Delete this folder:

C:\Program Files\*SpywareDetector*

Reboot and post a new HijackThis log please.


----------



## bkevinb (Apr 10, 2008)

I deleted the 2 entries, looked for the forlder: C:\Program Files\SpywareDetector
but didn't find it. here is the new HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:56 PM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6537 bytes


----------



## Cookiegal (Aug 27, 2003)

How are things now?


----------



## bkevinb (Apr 10, 2008)

Still slow as ever, I still cannot open Internet Exploere by the "E", i can only access the net by clicking on a favorite. Which means none of my programs that take internet access work.


----------



## bkevinb (Apr 10, 2008)

It still takes me over 5 mins to start my computer, it freezes when i try to open Exploere for about a minute. I don't have internet access for any program like Msn, Pokerstars, none of my updates can download either. Everything thing else on my computer is running slower too, like burning a cd, it takes Aprox. 40 mins to complete, when before it used to take 4 - 8 mins. I don't know what else is running slow, i'm not using it much since it runs so slow.


----------



## Cookiegal (Aug 27, 2003)

Download GMER from: http://gmer.net/index.php

Save it somewhere on your hard drive and unzip it to desktop.

Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click *Copy*. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.


----------



## bkevinb (Apr 10, 2008)

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-20 16:14:35
Windows 5.1.2600 Service Pack 2

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.14 ----


----------



## bkevinb (Apr 10, 2008)

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-20 16:45:49
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xED416D98]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xED554BB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xED551520]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xED416CB8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xED554F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xED55B750]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xED55B980]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xED55EF40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xED555020]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xED551C30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xED55D920]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xED41712A]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xED55AF30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xED55DC50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwMapViewOfSection [0xED55F1A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xED551A80]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xED416D2E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xED55AC80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xED55AAA0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xED416E42]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xED55DF40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xED554850]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xED416E02]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xED554D60]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xED551DA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetSystemInformation [0xED54F1D0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xED416F84]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xED55BBB0]

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + B0 804E270C 1 Byte [ 98 ]
.text ntoskrnl.exe!_abnormal_termination + B2 804E270E 2 Bytes [ 41, ED ]
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 40, 4F, 55, ED, 50, B7, 55, ... ]
? srescan.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [ED5596C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [ED559BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [ED559D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [ED559830] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [ED559830] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [ED5596C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [ED559BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [ED559D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [ED5596C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [ED559D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [ED559BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [ED559830] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [ED559D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [ED559BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [ED5596C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [ED567220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [ED559830] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [ED5596C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [ED559BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [ED559D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [ED5596C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [ED559830] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [ED559D40] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [ED559BE0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [ED552300] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [ED552250] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [ED552400] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [ED551F60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.14 ----


----------



## bkevinb (Apr 10, 2008)

While i was scanning the computer with GMER, it shut down in the middle and reboot itself.
It gave me the error "The system has recovered from a serious error." after it reboot.


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## bkevinb (Apr 10, 2008)

Event Type:	Error
Event Source:	System Error
Event Category:	(102)
Event ID:	1003
Date: 4/20/2008
Time: 4:26:43 PM
User: N/A
Computer:	NEW
Description:
Error code 10000050, parameter1 f9482000, parameter2 00000000, parameter3 ec42bbf5, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 35 1000005
0020: 30 20 20 50 61 72 61 6d 0 Param
0028: 65 74 65 72 73 20 66 39 eters f9
0030: 34 38 32 30 30 30 2c 20 482000, 
0038: 30 30 30 30 30 30 30 30 00000000
0040: 2c 20 65 63 34 32 62 62 , ec42bb
0048: 66 35 2c 20 30 30 30 30 f5, 0000
0050: 30 30 30 30 0000

#2

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 4/20/2008
Time: 4:25:21 PM
User: N/A
Computer:	NEW
Description:
The following boot-start or system-start driver(s) failed to load: 
TermDD

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

#3

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/20/2008
Time: 4:25:21 PM
User: N/A
Computer:	NEW
Description:
The NAVAPEL service failed to start due to the following error: 
The system cannot find the path specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

#4

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/20/2008
Time: 4:25:21 PM
User: N/A
Computer:	NEW
Description:
The DynoIO service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

#5

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 4/20/2008
Time: 11:31:57 AM
User: N/A
Computer:	NEW
Description:
The following boot-start or system-start driver(s) failed to load: 
TermDD

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

#6

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/20/2008
Time: 11:31:57 AM
User: N/A
Computer:	NEW
Description:
The NAVAPEL service failed to start due to the following error: 
The system cannot find the path specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

#7

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/20/2008
Time: 11:31:56 AM
User: N/A
Computer:	NEW
Description:
The DynoIO service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

#8

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 4/20/2008
Time: 8:29:11 AM
User: N/A
Computer:	NEW
Description:
The following boot-start or system-start driver(s) failed to load: 
TermDD

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

#9

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/20/2008
Time: 8:29:10 AM
User: N/A
Computer:	NEW
Description:
The NAVAPEL service failed to start due to the following error: 
The system cannot find the path specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

#10

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/20/2008
Time: 8:29:10 AM
User: N/A
Computer:	NEW
Description:
The DynoIO service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

################################
################################
################################
And i see a couple of Warnings: They look like this:

Event Type:	Warning
Event Source:	USER32
Event Category:	None
Event ID:	1073
Date: 4/20/2008
Time: 11:28:06 AM
User: NT AUTHORITY\SYSTEM
Computer:	NEW
Description:
The attempt to power off NEW failed

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....


----------



## bkevinb (Apr 10, 2008)

There was 1 more message that was in the last 48 hours. It seems these messages come up everytime i start up, and the warning message was when i shut down. The other message, we deleted.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/17/2008
Time: 6:56:31 PM
User: N/A
Computer:	NEW
Description:
The SDService service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


----------



## bkevinb (Apr 10, 2008)

Ad-aware 6 Professional
Ad-Aware SE Professional
Adobe Flash Player ActiveX
Adobe Photoshop 5.5
Adobe Reader 8.1.2
Adobe Shockwave Player
AnyDVD
ATI Display Driver
avast! Antivirus
Azureus
Belarc Advisor 7.2
BitTorrent 5.0.7
BPS MP3-WAV Converter version 5.0.0.0
CCleaner (remove only)
Creative PCI Audio Drivers
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EPSON PhotoStarter
EPSON Printer Software
EPSON USB RW Switcher
Fax Machine 4.22
Google Earth
HijackThis 2.0.2
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Image Expert 1.8
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 5
Kaspersky Online Scanner
LimeWire PRO 4.8.1
Logitech QuickCam
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Microsoft ActiveSync
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Windows Media Video 9 VCM
MS Extra links
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero Suite
Norton AntiVirus SYMLT MSI
Panda ActiveScan 2.0
PC Pitstop Disk MD 2.0
PokerStars
PowerQuest PartitionMagic 8.0
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
SnagIt 6
Sound Blaster PCI128
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Spyware Doctor 5.5
SUPERAntiSpyware Free Edition
Symantec
TuneUp Utilities 2007
TuneUp Utilities 2007
TuneUp Utilities 2007 6.0.1255.239
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Winamp
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip
Yahoo! Messenger
ZoneAlarm Anti-Spyware


----------



## Cookiegal (Aug 27, 2003)

Go to Control Panel - Add/Remove programs and remove:

*Norton AntiVirus SYMLT MSI
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Norton AntiVirus SYMLT MSI
Symantec (unless you have other Symantec programs that are not anti-virus).*


----------



## bkevinb (Apr 10, 2008)

All done, Then what?


----------



## Cookiegal (Aug 27, 2003)

Did you once have a program from SPOT Technology Inc. called DynoTak-6P or something similar?


----------



## bkevinb (Apr 10, 2008)

Not that i know of, doesn't sound familiar. If it's something that sounds suspicious, we'll delete it.


----------



## Cookiegal (Aug 27, 2003)

Could it be a scanner? Does that ring a bell?

I don't think it's malicious but the driver is trying to load but the file is missing. This is one of the errors in your error log.


----------



## bkevinb (Apr 10, 2008)

It's called Belarc Advisor, it does an analysis of your system, and it tells you what you have installed. Here are the results:

System Security Status CIS Benchmark Score

1.25 of 10

Virus Protection

Up-to-date

Microsoft Security Updates

8 missing 
(or more)†

† Advisor security definitions are out of date. Click here for the latest definitions.

--------------------------------------------------------------------------------

Computer Profile Summary 
Computer Name: New (in WORKGROUP) 
Profile Date: Tuesday, April 22, 2008 8:30:46 PM 
Advisor Version: 7.2h 
Windows Logon: New User

Click here for Belarc's System Management products, for large and small companies.

Operating System System Model 
Windows XP Professional Service Pack 2 (build 2600) Intel Corporation 
Processor a Main Circuit Board b 
1.30 gigahertz Intel Pentium 4
8 kilobyte primary memory cache
256 kilobyte secondary memory cache Board: Intel Corporation D850GB AAA48535-903
Serial Number: IMGB11722342
Bus Clock: 100 megahertz
BIOS: Intel Corp. GB85010A.86A.0058.P12.0104021715 04/02/2001 
Drives Memory Modules c,d 
200.02 Gigabytes Usable Hard Drive Capacity
92.25 Gigabytes Hard Drive Free Space

HL-DT-ST DVD-RAM GSA-H22N [CD-ROM drive]
3.5" format removeable media [Floppy drive]

WDC WD2000JB-00FUA0 [Hard drive] (200.05 GB) -- drive 0, s/n WD-WMAEP1331252, rev 15.05R15, SMART Status: Healthy 512 Megabytes Installed Memory

Slot 'J7J1' has 128 MB
Slot 'J7J2' has 128 MB
Slot 'J8J1' has 128 MB
Slot 'J8J2' has 128 MB 
Local Drive Volumes

c: (NTFS on drive 0) 48.23 GB 33.29 GB free 
d: (NTFS on drive 0) 60.55 GB 47.88 GB free 
e: (FAT32 on drive 0) 91.25 GB 11.09 GB free

Network Drives 
None detected 
Users (mouse over user name for details) Printers 
local user accounts last logon 
Administrator 4/7/2008 9:34:16 PM (admin) 
New User 4/21/2008 10:14:09 PM (admin) 
local system accounts 
Guest never 
HelpAssistant never 
SUPPORT_388945a0 never

Marks a disabled account; Marks a locked account EPSON Stylus Photo 875DC on USB001 
FaxMan3 on FaxMach 
Microsoft Office Document Image Writer Driver on Microsoft Document Imaging Writer Port:

Controllers Display 
Standard floppy disk controller
Intel(R) 82801BA Ultra ATA Storage Controller - 244B
Primary IDE Channel [Controller]
Secondary IDE Channel [Controller] All-In-Wonder 128 Pro AGP [Display adapter]
Default Monitor
ViewSonic A90-2 [Monitor] (18.0"vis, s/n 320003808830, September 2000) 
Bus Adapters Multimedia 
Intel(R) 82801BA/BAM USB Universal Host Controller - 2442
Intel(R) 82801BA/BAM USB Universal Host Controller - 2444
NEC PCI to USB Enhanced Host Controller (B1)
NEC PCI to USB Open Host Controller (2x) ATI WDM Rage Theater Video
ATI WDM Specialized MVD Codec
ATI WDM Specialized PCD Codec
ATI WDM TV Audio Crossbar
ATI WDM TV Tuner
Creative Sound Blaster AudioPCI 128D (WDM)
Game Port for Creative
Logitech Mic (Communicate)
Unimodem Half-Duplex Audio Device 
Communications Other Devices 
Lucent Win Modem

D-Link DFE-530TX PCI Fast Ethernet Adapter (rev.A) 
primary Auto IP Address: 66.130.120.7 / 24 
Gateway: 66.130.120.1 
Dhcp Server: 24.200.242.19 
Physical Address: 00:50:BA:E8:47:8D

Networking Dns Servers: 24.200.241.37
24.201.245.77
24.200.243.189 
CanoScan LiDE 80 #2
Logitech QuickCam Communicate
Easy Internet Keyboard
HID-compliant Wheel Mouse
Logitech-compatible Mouse PS/2
Generic USB Hub (2x)
Logitech USB Camera (Communicate)
USB Root Hub (5x) 
Virus Protection [Back to Top] 
avast! antivirus 4.8.1169 [VPS 080329-0] Version 4.8.1169 
Realtime File Scanning On

Missing Microsoft Security Hotfixes [Back to Top] 
These required security hotfixes (using the 01/09/2007 Microsoft Security Bulletin Summary) were not found installed. Note: CIS benchmarks require that Critical and Important severity security hotfixes must be installed. 
KB923689 - Critical (details...)  
KB923689 - Critical (details...) 
KB920213 - Critical (details...) 
KB925454 - Critical (details...) 
Q923091 - Important (details...) 
Q923094 - Important (details...) 
Q923272 - Important (details...) 
Q925257 - Important (details...)

Installed Microsoft Hotfixes [Back to Top] 
Internet Explorer 
SP2 (SP2) 
MSXML4SP2 
Q927978 on 4/15/2007 (details...) 
Q936181 on 8/14/2007 (details...) 
Office Professional Edition 2003 
KB887616[SP] on 2/18/2007 (details...) 
KB894542 on 2/18/2007 (details...) 
KB907417 on 2/18/2007 (details...) 
KB914455 on 2/18/2007 (details...) 
KB919029 on 2/18/2007 (details...) 
KB920103 on 2/18/2007 (details...) 
KB920813 on 2/18/2007 (details...) 
KB923097 on 2/18/2007 (details...) 
KB924085 on 2/18/2007 (details...) 
KB925251 on 2/18/2007 (details...) 
KB933669 on 5/9/2007 (details...) 
KB934180 on 5/9/2007 (details...) 
KB934181 on 5/9/2007 (details...) 
KB936048 on 8/14/2007 (details...) 
KB940602 on 8/14/2007 (details...) 
KB943552 on 11/13/2007 (details...) 
Windows Media Player 6.4 
KB925398_WMP64 (details...) 
SP0 
KB925398_WMP64 on 1/8/2007 (details...) 
Windows Media Player 9 
KB917734_WMP9 (details...) 
KB936782_WMP9 (details...) 
SP0 
KB917734_WMP9 on 1/8/2007 (details...) 
SP2 
KB936782_WMP9 on 8/14/2007 (details...) 
Windows Media Player 
SP0 
KB911564 on 1/8/2007 (details...) 
Windows XP 
KB923689 (details...) 
SP0 
KB923689 on 1/8/2007 (details...) 
SP3 
KB873339 on 1/8/2007 (details...) 
KB885835 on 1/8/2007 (details...) 
KB885836 on 1/8/2007 (details...) 
KB886185 on 1/8/2007 (details...) 
KB887472 on 1/8/2007 (details...) 
KB888302 on 1/8/2007 (details...) 
KB890859 on 1/8/2007 (details...) 
KB891781 on 1/8/2007 (details...) 
KB893756 on 1/8/2007 (details...) 
KB893803V2 on 1/8/2007 (details...) 
KB894391 on 1/8/2007 (details...) 
KB896358 on 1/8/2007 (details...) 
KB896423 on 1/8/2007 (details...) 
KB896424 on 1/8/2007 (details...) 
KB896428 on 1/8/2007 (details...) 
KB898461 on 1/8/2007 (details...) 
KB899587 on 1/8/2007 (details...) 
KB899591 on 1/8/2007 (details...) 
KB900485 on 1/8/2007 (details...) 
KB900725 on 1/8/2007 (details...) 
KB901017 on 1/8/2007 (details...) 
KB901214 on 1/8/2007 (details...) 
KB902400 on 1/8/2007 (details...) 
KB904706 on 1/8/2007 (details...) 
KB904942 on 11/30/2007 (details...) 
KB905414 on 1/8/2007 (details...) 
KB905749 on 1/8/2007 (details...) 
KB908519 on 1/8/2007 (details...) 
KB908531 on 1/8/2007 (details...) 
KB909394 on 4/3/2008 (details...) 
KB910437 on 1/8/2007 (details...) 
KB911280 on 1/8/2007 (details...) 
KB911562 on 1/8/2007 (details...) 
KB911927 on 1/8/2007 (details...) 
KB912919 on 1/8/2007 (details...) 
Windows XP 
SP3 (continued) 
KB913580 on 1/8/2007 (details...) 
KB914388 on 1/8/2007 (details...) 
KB914389 on 1/8/2007 (details...) 
KB914440 on 11/30/2007 (details...) 
KB915865 on 11/30/2007 (details...) 
KB916595 on 1/8/2007 (details...) 
KB917344 on 1/8/2007 (details...) 
KB917422 on 1/8/2007 (details...) 
KB917953 on 1/8/2007 (details...) 
KB918118 on 2/23/2007 (details...) 
KB918439 on 1/8/2007 (details...) 
KB919007 on 1/8/2007 (details...) 
KB920213 on 1/8/2007 (details...) 
KB920670 on 1/8/2007 (details...) 
KB920683 on 1/8/2007 (details...) 
KB920685 on 1/8/2007 (details...) 
KB920872 on 1/8/2007 (details...) 
KB921398 on 1/8/2007 (details...) 
KB921503 on 8/14/2007 (details...) 
KB922582 on 1/8/2007 (details...) 
KB922616 on 1/8/2007 (details...) 
KB922819 on 1/8/2007 (details...) 
KB923191 on 1/8/2007 (details...) 
KB923414 on 1/8/2007 (details...) 
KB923694 on 1/8/2007 (details...) 
KB923980 on 1/8/2007 (details...) 
KB924191 on 1/8/2007 (details...) 
KB924270 on 1/8/2007 (details...) 
KB924496 on 1/8/2007 (details...) 
KB924667 on 2/23/2007 (details...) 
KB925454 on 1/8/2007 (details...) 
KB925486 on 1/8/2007 (details...) 
KB925902 on 4/4/2007 (details...) 
KB926255 on 1/8/2007 (details...) 
KB926436 on 2/23/2007 (details...) 
KB927779 on 2/23/2007 (details...) 
KB927802 on 2/23/2007 (details...) 
KB927891 on 5/23/2007 (details...) 
KB928090 on 2/23/2007 (details...) 
KB928255 on 2/23/2007 (details...) 
KB928843 on 2/23/2007 (details...) 
KB929123 on 6/13/2007 (details...) 
KB929338 on 3/15/2007 (details...) 
KB929969 on 1/10/2007 (details...) 
KB930178 on 4/11/2007 (details...) 
KB930916 on 5/10/2007 (details...) 
KB931261 on 4/11/2007 (details...) 
KB931768 on 5/10/2007 (details...) 
KB931784 on 4/11/2007 (details...) 
KB931836 on 2/23/2007 (details...) 
KB932168 on 4/11/2007 (details...) 
KB933360 on 8/30/2007 (details...) 
KB933566 on 6/13/2007 (details...) 
KB933729 on 10/10/2007 (details...) 
KB935839 on 6/13/2007 (details...) 
KB935840 on 6/13/2007 (details...) 
KB936021 on 8/14/2007 (details...) 
KB936357 on 7/11/2007 (details...) 
KB937143 on 8/14/2007 (details...) 
KB938127 on 8/14/2007 (details...) 
KB938828 on 8/14/2007 (details...) 
KB938829 on 8/14/2007 (details...) 
KB939653 on 10/10/2007 (details...) 
KB941202 on 10/10/2007 (details...) 
KB943460 on 11/30/2007 (details...) 
Windows 
SP1 
IDNMITIGATIONAPIS on 11/30/2007 (Microsoft Internationalized Domain Names Mitigation APIs) 
NLSDOWNLEVELMAPPING on 11/30/2007 (Microsoft National Language Support Downlevel APIs)

Click here to see all available Microsoft security hotfixes for this computer.

Marks a security hotfix (using the 01/09/2007 Microsoft Security Bulletin Summary) 
Marks a hotfix that verifies correctly 
Marks a hotfix that fails verification (note that failing hotfixes need to be reinstalled) 
Unmarked hotfixes lack the data to allow verification

Click here for Belarc's System Management products, for large and small companies.

Software Licenses [Back to Top]

Adobe Systems - Adobe Photoshop 5.5 
Ahead - Nero - Burning Rom 
Ahead - Nero MediaHome 
Ahead - NeroMediaPlayer 
Ahead - Nero ShowTime 
\Ahead - NeroVision 
Belarc - Advisor deea0d02 
Logitech - iTouch 55_25 
Microsoft - ActiveSync 
Microsoft - Internet Explorer 
Microsoft - Office Professional Edition 2003 
Microsoft - WebFldrs XP 
Microsoft - Windows XP Professional ) 
Symantec - Symantec 1

Software Versions (mouse over * for details, click * for location) [Back to Top] 
Adobe Acrobat Version 8.0.0.0 * 
Adobe ImageReady (tm) 2.0 Version 2.0 * 
Adobe Photoshop Version 5.5 * 
Adobe Reader Version 8.1.0.2007051100 * 
Aelitis - Azureus Version 1.0.0.0 * 
Ahead software - NeroMediaPlayer Version 1, 4, 0, 23 * 
Ahead Software AG - Nero BackItUp Restore Version 1, 2, 0, 61 * 
Ahead Software AG - Nero BackItUp Scheduler Version 1, 2, 0, 61 * 
Ahead Software AG - Nero BackItUp Version 1, 2, 0, 61 * 
Ahead Software AG - Nero Burning ROM Version 6, 6, 1, 4 * 
Ahead Software AG - Nero ImageDrive Version 2, 27, 0, 7 * 
Ahead Software AG - Nero MediaHome Version 1, 3, 0, 4 * 
Ahead Software AG - Nero Photosnap image editor Version 1, 1, 0, 6 * 
Ahead Software AG - Nero Photosnap Viewer Version 1, 1, 0, 6 * 
Ahead Software AG - Nero Recode 2 Version 2, 2, 6, 17b * 
Ahead Software AG - Nero StartSmart Version 2, 1, 0, 5 * 
Ahead Software Gmbh NeroCheck Version 1, 0, 0, 2 * 
ALWIL Software - avast! Antivirus Version 4, 8, 0, 0 * 
Apple Computer, Inc. - QuickTime QuickTime 7.0.3 * 
ATI External Event Utility for WindowsNT and Windows9X Version 4.12.4011 * 
Belarc, Inc. - Advisor Version 7.2h * 
BitTorrent * 
BL - LG Firmware Autoupdate Version 1.00 * 
BulleProofSoft.com - BPS Mp3-Wav Converter Version 5.00 * 
CANON INC. - CanoScan Toolbox Application Version 4.1.3.1 * 
Choose Language * 
Cinematronics - 3D Pinball Version 5.1.2600.2180 * 
Copies digital audio from cd's. Full version Version 1.1.0.0 * 
Creative On-line Registration System Version 1.0.0.1 * 
Creative Technology Ltd. - Mixer Application Version 5.00.00.21 * 
DVD Shrink Version 3.2.0.15 * 
Elaborate Bytes AG - CloneDVD Version 5, 1, 0, 0 * 
EPSON Stylus Photo 875DC Installer * 
fmtrans Application Version 1, 0, 0, 1 * 
Google Earth Version 4.1.7087.5048 * 
Lavasoft Ad-aware Professional Version 6.0.0.0 * 
Lavasoft Ad-Aware SE SE 106 * 
Lavasoft Sweden - Ad-aware 6 Version 3.0 * 
Lavasoft Sweden - Ad-Aware SE Version 3.2 * 
LIGHTNING UK! - DVD Decrypter Version 3.5.4.0 * 
LimeWire Version 1, 0, 0, 2 * 
Logitech Inc. - iTouch Version 2.22.289 * 
Logitech QuickCam Version 8.3.0.1098 * 
Macromedia, Inc. - Shockwave Flash Version 6,0,21,0 * 
Macrovision Corporation - InstallShield (R) Version 11.00 * 
Make Torrent * 
Malwarebytes' Anti-Malware Version 1.10 * 
Microsoft (r) Windows Script Host Version 5.6.0.8820 * 
Microsoft ActiveSync Version 4.5.5096 * 
Microsoft Application Error Reporting Version 11.0.6560 * 
Microsoft Clip Organizer Version 11.0.6551 * 
Microsoft Corporation - Internet Explorer Version 6.00.2900.2180 * 
Microsoft Corporation - Messenger Version 8.1.0178 * 
Microsoft Corporation - Office Source Engine Version 11.0.5525 * 
Microsoft Corporation - Windows Installer - Unicode Version 3.1.4000.1823 * 
Microsoft Corporation - Windows Movie Maker Version 2.1.4026.0 * Microsoft Corporation - Windows® NetMeeting® Version 3.01 * 
Microsoft Corporation - Zone.com Version 1.2.626.1 * 
Microsoft Data Access Components Version 3.525.1117.0 * 
Microsoft Office 2003 Version 11.0.8146 * 
Microsoft Office Document Imaging Version 11.0.1897.0 * 
Microsoft Office InfoPath Version 11.0.8034 * 
Microsoft Office Outlook Version 11.0.8118 * 
Microsoft Office Picture Manager Version 11.0.6550 * 
Microsoft Office Save My Settings/Profile Wizard Version 11.0.5510 * 
Microsoft(R) Windows Media Player Version 9.00.00.3250 * 
MS Extra links * 
Nero AG - Cover Designer Version 2, 3, 1, 3 * 
Nero AG - InfoTool Application Version 3, 0, 7, 0 * 
Nero CD - DVD Speed Version 4, 1, 1, 0 * 
Nero DriveSpeed Version 3, 0, 6, 0 * 
Nero ShowTime Version 2, 0, 1, 9 * 
Nero SoundTrax Version 1, 0, 0, 56 * 
Nero Wave Editor Version 2, 0, 0, 61 * 
NeroVision Version 3,1,0,25 * 
Nico Cuppen Software - Fax Machine Version 0, 4, 0, 22 * 
Nullsoft - Winamp Version 5.5.2.1800 * 
PC Tools Auxiliary Service Version 5.5 * 
PC Tools GUI Application Version 5.5 * 
PC Tools Security Service Version 5.5 * 
Piriform Ltd - CCleaner Version 2, 6, 0, 567 * 
PokerStars Version 1, 0, 0, 0 * 
PokerStars Version 1.0 * 
PowerQuest Corporation - DriveMapper 5.0 for Windows Version 5.0.0.0 * 
PowerQuest Corporation - PQBoot32 Version 8.0.0.0 * 
PowerQuest Corporation - PQBootWin Version 8.0 * 
PowerQuest Program Launcher Version 8.0.0.0 * 
Safer Networking Limited - Secure Shredder Version 1.9.0.0 * 
Safer Networking Limited - Spybot - Search & Destroy Version 1, 5, 2, 0 * 
Safer Networking Limited - SpyBot-S&D Version 1, 5, 2, 0 * 
SEIKO EPSON CORPORATION - EPSON USB RW Switcher Version 1.00E * 
Shortcut to pgcedit.exe Version 8.4.2.11 * 
Sierra Imaging - Camio Viewer Version 1.8.3 (261) * 
Sierra Imaging - Image Expert Version 1.8.3 (261) * 
SlySoft, Inc. - AnyDVD Version 6, 0, 1, 0 * 
SlySoft, Inc. - AnyDVD Version 6.3.1.7 * 
Sony Corporation & SmartDisk Corporation - fpmsfw32 Application Version 1, 50, 1, 6 * 
Sun Microsystems, Inc. - Java(TM) Platform SE 6 U5 Version 6.0.50.13 * 
SuperAdBlocker.com - BootSafe Application Version 2, 0, 0, 1000 * 
SUPERAntiSpyware Version 4, 0, 0, 1154 * 
Symantec Core Component Version 1.9.1.762 * 
TechSmith Corporation - SnagIt Version 6.1.0 * 
Trend Micro Inc. - HijackThis Version 2.00.0002 * 
TuneUp Utilities Version 6.0.0.0 * 
WinRAR * 
WinZip Version 8.1 (4331) * 
Yahoo! Messenger Version 8,1,0,239 * 
Zone Labs Client Version 6.5.700.000 * 
Zone Labs Uninstaller Version 6.5.700.0 * 
Zone Labs, LLC - Internet Access Monitor Version 6.5.700.000 * 
Zone Labs, LLC - TrueVector Service Version 6.5.700.000 *


----------



## Cookiegal (Aug 27, 2003)

You think this belongs to Belarc? 

The DynoIO service failed to start due to the following error: 
The system cannot find the file specified.


----------



## bkevinb (Apr 10, 2008)

No, i was showing you Belarc, so you could see what was installed in my computer. I thought maybe you might see something that you thought shouldn't be, or maybe you'd see something suspicious.


----------



## Cookiegal (Aug 27, 2003)

I'm familiar with Belarc but it looked like you were saying it was linked to that driver. For future reference, you should never post a Belarc log without removing the product keys. I've edited your post to remove them.

The Belar log shows that you have not downloaded all the critical MS updates so you should definitely be sure to do that.

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## bkevinb (Apr 10, 2008)

StartupList report, 4/24/2008, 8:13:39 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\New User\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Logitech Utility = Logi_MwX.Exe
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
Ad-watch = C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[optionalcomponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1 %*)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Klick-Wartung.job

--------------------------------------------------

Enumerating Download Program Files:

[{0E5F0222-96B9-11D3-8997-00104BD12D94}]
CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[{20A60F0D-9AFA-4515-A0FD-83BD84642501}]
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

[ActiveScan 2.0 Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\as2stubie.dll
CODEBASE = http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

[{5D6F45B3-9043-443D-A792-115447494D24}]
CODEBASE = http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662

[{7B297BFD-85E4-4092-B2AF-16A91B2EA103}]
CODEBASE = http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

[{A90A5822-F108-45AD-8482-9BC8B12DD539}]
CODEBASE = http://www.crucial.com/controls/cpcScanner.cab

[MSN Games - Installer]
CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

[{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------


----------



## bkevinb (Apr 10, 2008)

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AnyDVD: System32\Drivers\AnyDVD.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
aswFsBlk: system32\DRIVERS\aswFsBlk.sys (autostart)
avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtaa: system32\DRIVERS\ati2mtaa.sys (manual start)
ATI WDM Rage Theater Video: system32\DRIVERS\atinrvxx.sys (manual start)
ATI WDM TV Tuner: system32\DRIVERS\atintuxx.sys (autostart)
ATI WDM TV Audio Crossbar: system32\DRIVERS\atinxsxx.sys (autostart)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)
avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
Belarc SMBios Access: \SystemRoot\System32\Drivers\BANTExt.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\NEWUSE~1\LOCALS~1\Temp\catchme.sys (manual start)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (system)
EPSON USB Mass Storage Driver: system32\DRIVERS\EPUSBDSK.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Creative AudioPCI (ES1371,ES1373) (WDM): system32\drivers\es1371mp.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: system32\DRIVERS\fetnd5.sys (manual start)
Floppy Disk Driver: System32\Drivers\Sdfloppy.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: system32\DRIVERS\gameenum.sys (manual start)
gmer: System32\DRIVERS\gmer.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
File Security Driver: \SystemRoot\system32\drivers\ikfilesec.sys (manual start)
System Filter Driver: system32\drivers\iksysflt.sys (manual start)
System Security Driver: system32\drivers\iksyssec.sys (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
iTouch Keyboard Filter: system32\DRIVERS\itchfltr.sys (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Logitech PS/2 Mouse Filter Driver: system32\DRIVERS\L8042pr2.Sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Logitech HID/USB Mouse Filter Driver: system32\DRIVERS\LHidFlt2.Sys (manual start)
Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Logitech Mouse Class Filter Driver: system32\DRIVERS\LMouFlt2.Sys (manual start)
LT Modem Driver: system32\DRIVERS\ltmdmnt.sys (manual start)
Logitech USB Monitor Filter: system32\drivers\lvusbsta.sys (manual start)
MBAMCatchMe: \??\C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys (manual start)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
ATI WDM Specialized MVD Codec: system32\DRIVERS\atinmdxx.sys (autostart)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
NAVAP: \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys (manual start)
NAVAPEL: \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080321.004\NAVENG.sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080321.004\NAVEX15.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
ATI WDM Specialized PCD Codec: system32\DRIVERS\atinpdxx.sys (autostart)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: system32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Logitech QuickCam Communicate: system32\DRIVERS\LVCM.sys (manual start)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
Sound Blaster AudioPCI 128D Driver (WDM): system32\drivers\sbpci.sys (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
PC Tools Auxiliary Service: C:\Program Files\Spyware Doctor\pctsAuxs.exe (manual start)
PC Tools Security Service: C:\Program Files\Spyware Doctor\pctsSvc.exe (manual start)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Software Synthesizer (WDM): system32\drivers\swmidi.sys (system)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{4D3BED86-D761-4A5B-9946-2445E8FF793D} (manual start)
Symantec Core LC: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
USB RNDIS Adapter: system32\DRIVERS\usb8023x.sys (manual start)
Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
TuneUp Theme Extension: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WDM Virtual Wave Driver (WDM): system32\drivers\wdmaud.sys (system)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = SDEarlyDelete \??\C:\Program Files\SpywareDetector

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\New\mdiui.dll|C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll|C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\New\mdiui.dll|C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll|||

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: *Registry key not found*
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 36,724 bytes
Report generated in 0.261 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Cookiegal (Aug 27, 2003)

*Click here* to download Silent Runners.
Save (do not choose open) it to the desktop.
Run SilentRunners by double clicking the "SilentRunners" icon on your desktop.
You will see a text file appear on the desktop - *it's not done, let it run (it won't appear to be doing anything!)*
Once you receive the prompt *All Done!*, open the text file on the desktop, copy that entire log, and paste it here.
**NOTE* If you receive any warning message about scripts, please choose to allow the script to run.*


----------



## bkevinb (Apr 10, 2008)

"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."]
"Ad-watch" = "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" ["Lavasoft Sweden"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub"
\StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~2\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Mobile Device"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Wcesview.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "SDEarlyDelete \??\C:\Program Files\SpywareDetector" [null data]|"autocheck autochk *"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~2\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~2\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_05"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_05"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS]

{3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF}\
"ButtonText" = "PokerStars"
"Exec" = "C:\Program Files\PokerStars\PokerStarsUpdate.exe" ["PokerStars"]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [file not found]

Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
DataTech Fax Port\Driver = "dtmon.dll" ["Data Techniques, Inc."]
EPSON STM3 2KMonitor44\Driver = "E_SL2044.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

---------- (launch time: 2008-04-25 17:34:36)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 98 seconds.
---------- (total run time: 246 seconds)


----------



## Cookiegal (Aug 27, 2003)

Do you have a scanner and if so, what brand is it?


----------



## bkevinb (Apr 10, 2008)

Yes i have a scanner, it's a Canon, its CanoScan LiDE 80.


----------



## Cookiegal (Aug 27, 2003)

Download *OTScanIt.exe *to your Desktop and double-click on it to extract the files. It will create a folder named *OTScanIt* on your desktop.

Leave the default settings and only change those that are specifically mentioned below.


Close any open browsers.
Disconnect from the Internet.
Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of OTScanIt.
Open the *OTScanit* folder and double-click on *OTScanit.exe* to start the program.
In the *Drivers* group click *Non-Microsoft*. 
In the *Registry * group click *ALL*.
In the *File String Search* group select *ALL*.
In the *Rootkit Search* group select *YES*.
In the *Files Created Within* group click *30 days*. 
In the *Files Modified Within* group select *30 days*.
In the *Additional Scans section* please press *Select ALL*. 
On the toolbar at the top select "Scan All User Accounts" then click the *Run Scan* button.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file and then upload it here as an attachment (do not copy and paste the report).


----------



## bkevinb (Apr 10, 2008)

The file is too big to upload. It's 1.41 MB.


----------



## bkevinb (Apr 10, 2008)

OTScanIt


----------



## Cookiegal (Aug 27, 2003)

Start *OTScanIt*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. *Post that information back here along with a new HijackThis log please.




[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
NY -> (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe
[Driver Services - Non-Microsoft Only]
YY -> (NAVAP) NAVAP [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys
YY -> (NAVAPEL) NAVAPEL [Kernel | Auto | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS
YY -> (NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080321.004\NAVENG.sys
YY -> (NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080321.004\NAVEX15.sys
NY -> (SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS
YY -> (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys
[Registry - All]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 32 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 34 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 33 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 33 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 33 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 33 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1060284298-688789844-1202660629-1003\] > -> HKEY_USERS\S-1-5-21-1060284298-688789844-1202660629-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 34 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1060284298-688789844-1202660629-1003\] > -> HKEY_USERS\S-1-5-21-1060284298-688789844-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
YN -> install.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.]
YY -> IraLrShl.exe -> %CommonProgramFiles%\Symantec Shared\LiveReg\IraLrShl.exe [Reg Error: Value Path does not exist or could not be read.]
YY -> VcCleanUp.exe -> %CommonProgramFiles%\Symantec Shared\LiveReg\VcCleanUp.exe [Reg Error: Value Path does not exist or could not be read.]
YY -> VcSetup.exe -> %CommonProgramFiles%\Symantec Shared\LiveReg\VcSetup.exe [Reg Error: Value Path does not exist or could not be read.]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabledxpsp2res.dll,-22019]
< Security Settings > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabledxpsp2res.dll,-22019]
[Files/Folders - Created Within 30 days]
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 11 C:\Documents and Settings\New User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\New User\Local Settings\Temp\*.tmp
NY -> 11 C:\Documents and Settings\New User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\New User\Local Settings\Temp\*.tmp
NY -> 16 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 223 bytes -> %AllUsersProfile%\Application Data\TEMP:0CE7F3C9
NY -> @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:6DFF1A8A
NY -> @Alternate Data Stream - 121 bytes -> %AllUsersProfile%\Application Data\TEMPFC5A2B2
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 223 bytes -> %AllUsersProfile%\Application Data\TEMP:0CE7F3C9
NY -> @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:6DFF1A8A
NY -> @Alternate Data Stream - 121 bytes -> %AllUsersProfile%\Application Data\TEMPFC5A2B2
NY -> Symantec -> C:\Documents and Settings\New User\Application Data\Symantec
NY -> Shared -> C:\Documents and Settings\New User\Application Data\Symantec\Shared
[CatchMe Rootkit Scan by GMER]
NY -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 223 bytes -> 
NY -> C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A 104 bytes -> 
NY -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 121 bytes -> 
[Empty Temp Folders]
[Start Explorer]
[Reboot]

Click to expand...

*


----------



## bkevinb (Apr 10, 2008)

Explorer killed successfully
[Win32 Services - Non-Microsoft Only]
Service Symantec Core LC stopped successfully.
Service Symantec Core LC deleted successfully.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe moved successfully.
[Driver Services - Non-Microsoft Only]
Service NAVAP stopped successfully.
Service NAVAP deleted successfully.
File C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys not found.
Service NAVAPEL stopped successfully.
Service NAVAPEL deleted successfully.
File C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS not found.
Service NAVENG stopped successfully.
Service NAVENG deleted successfully.
File C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080321.004\NAVENG.sys not found.
Service NAVEX15 stopped successfully.
Service NAVEX15 deleted successfully.
File C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080321.004\NAVEX15.sys not found.
Service SymEvent stopped successfully.
Service SymEvent deleted successfully.
C:\Program Files\Symantec\SYMEVENT.SYS moved successfully.
Service symlcbrd stopped successfully.
Service symlcbrd deleted successfully.
C:\WINDOWS\system32\drivers\symlcbrd.sys moved successfully.
[Registry - All]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2CF5485-4E02-4F68-819C-B92DE9277049}\ not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-688789844-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-688789844-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-688789844-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2CF5485-4E02-4F68-819C-B92DE9277049}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\install.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IraLrShl.exe\ deleted successfully.
C:\Program Files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VcCleanUp.exe\ deleted successfully.
C:\Program Files\Common Files\Symantec Shared\LiveReg\VcCleanUp.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VcSetup.exe\ deleted successfully.
C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe not found.
[Files/Folders - Created Within 30 days]
File delete failed. C:\WINDOWS\S1AFC92D6.tmp scheduled to be deleted on reboot.
[Files/Folders - Modified Within 30 days]
File delete failed. C:\WINDOWS\S1AFC92D6.tmp scheduled to be deleted on reboot.
C:\Documents and Settings\New User\Local Settings\Temp\IXP01F38.tmp folder deleted successfully.
File delete failed. C:\WINDOWS\Temp\ZLT01528.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Temp\ZLT0356d.TMP scheduled to be deleted on reboot.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 deleted successfully.
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
C:\Documents and Settings\New User\Application Data\Symantec\Shared folder moved successfully.
C:\Documents and Settings\New User\Application Data\Symantec folder moved successfully.
File C:\Documents and Settings\New User\Application Data\Symantec\Shared not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_688.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT01528.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0356d.TMP scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.11.5 fix logfile created on 04282008_164958

Files moved on Reboot...
File move failed. C:\WINDOWS\S1AFC92D6.tmp scheduled to be moved on reboot.
File C:\WINDOWS\Temp\ZLT01528.TMP not found!
File C:\WINDOWS\Temp\ZLT0356d.TMP not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_688.dat not found!


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log as requested.


----------



## bkevinb (Apr 10, 2008)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:45 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1209324913967
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168238282679
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168239578662
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6956 bytes


----------



## Cookiegal (Aug 27, 2003)

How are things now?


----------



## bkevinb (Apr 10, 2008)

Wow, last night i still couldn't do anything, but today it all seems to work. Thank You so much for helping me, there are 2 little things that i would like to know. When i start my computer, it has me choose New User as who i want to log in as. When i go to "User Accounts" in control panel, it says there is another account by the name of:
ASP.NET Machine A... It says Limited account, password protected. Is this a valid Account, or should i delete this Account. And also, when i shut down, it takes a few minutes for the computer to shut off. I remember seeing something in the error messages that said something wasn't found while shutting down in the registry. Do you know what that is or how to fix it?


----------



## Cookiegal (Aug 27, 2003)

Can you run it for a day or so and then check the Event Viewer and post any new errors that have occurred un "application" and "system" over the last 24 hours only so we can see what is repeating. Some should have been eliminated by deleting the remnants of Norton.


----------



## Cookiegal (Aug 27, 2003)

The ASP.NET Machine account is created when .Net Framework is installed so it's not malicious and can be left.


----------



## bkevinb (Apr 10, 2008)

Thank You, i will post a message tomorrow evening.


----------



## bkevinb (Apr 10, 2008)

Hi, I'm having problems with programs that connect directly to the internet,
IE: Antivirus updates, (i haven't been able to do a virus update since i started
this thread. Programs such as Internet Explorer seem to pause when i click 
on them, the icons remain depressed for a few seconds after i've moved the 
mouse away. Also, when the computer boots, i get the "Welcome screen" 
and i have to choose the "User". Then, some things work, like Msn, but 
others don't, like Pokerstars. It can't connect to their network and i know it 
isn't their network, i connect threw other computers. I ran eventvwr.msc 
to see what errors are still coming up, and it is always the same 3. The first 
2 are not affecting the start up,(i don't think) but if you know how to remove 
them i'll try it. The 3rd one is the one that causes my system to take minutes 
to reboot or shutdown. I hope these can be fixed. I don't know if it is or was 
caused by Malware,but i'm hoping you know how to fix it, or refer me to 
someone who will. 
Thanks Again

1
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 4/28/2008
Time: 7:16:32 PM
User: N/A
Computer:	NEW
Description:
The following boot-start or system-start driver(s) failed to load: 
TermDD

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
2
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 4/28/2008
Time: 7:16:28 PM
User: N/A
Computer:	NEW
Description:
The DynoIO service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
3
Event Type:	Warning
Event Source:	USER32
Event Category:	None
Event ID:	1073
Date: 4/27/2008
Time: 11:14:07 PM
User: NT AUTHORITY\SYSTEM
Computer:	NEW
Description:
The attempt to power off NEW failed

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....

It also did a reboot in the middle of nowhere, here is the only report i could find that suits it

Event Type:	Information
Event Source:	Save Dump
Event Category:	None
Event ID:	1001
Date: 4/29/2008
Time: 10:01:22 PM
User: N/A
Computer:	NEW
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0xf4f29d3a, 
0xf1df1c90, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini042908-01.dmp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

First, lets disable that dynoIO service.

Click Start - Run - and type in:

*services.msc*

Click OK.

In the services window find *DynoIO*.
Right click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Start-up Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.

Try disabling the Zone Alarm firewall (start the XP one while doing this) and let me know if you still have the same issues.


----------



## bkevinb (Apr 10, 2008)

Hi, as soon as i disabled Zone Alarm it seems to have worked. As for the "DynoIO" i couldn't find it.


----------



## Cookiegal (Aug 27, 2003)

OK, that's good.

Please let me know if you have this file:

C:\WINDOWS\system32\drivers\*DynoIO.sys*


----------



## bkevinb (Apr 10, 2008)

Nope, nothing. I searched all my computer for DynoIO.sys and found nothing.


----------



## Cookiegal (Aug 27, 2003)

Since the file is missing and the service can't start because of that, we can stop the service from trying to start up. If you like, we can delete it outright.

To stop it:

Go to *Start *- *Run * type in *cmd *then click OK. The MSDOS window will be displayed. At the prompt type the following:

*SC Stop DynoIO *

Then press Enter.

If you want to delete it completely, then enter this command at the prompt:

Type:

*SC Delete DynoIO *

Then press Enter.

Let me know how things stand after doing that and what problems remain please.


----------



## bkevinb (Apr 10, 2008)

Ok, i want to thank you again for your great help. I deleted the DynoIO from the computer, but as far as i know it hasn't changed anything, i don't think that was causing any problems. Anyways, it was an error, now it's gone. The computer seems to be running fine, aside from a few little things. The first is when it boots up, i never know when it's going to do it, but it does a disk check, "one of your disks needs to be checked for consistency". I don't know why it keeps coming up, it's not everytime, but it's often. Then, i get the welcome screen, "To begin, check your user name". That comes up everytime i start the computer. I don't want that there, and it wasn't there before. I have to wait now at the computer as it boots to click. Then when i shut down, the computer hangs for about 2-3 minutes before it shuts off, and the same thing goes for when i restart. The computer is not doing anything while it waits.


----------



## Cookiegal (Aug 27, 2003)

Have you run chkdsk or have you always cancelled it?


----------



## bkevinb (Apr 10, 2008)

No, i let it run thru. i've cancelled it a few times if i have to restart fast, but 90% of the time, i let it run.


----------



## Cookiegal (Aug 27, 2003)

I suggest you start a new thread in the XP or hardware forum as it sounds like a problem with the hard drive.


----------

