Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unreadable Binary Files + Agobot-ow, Sdbotavx,etc


  • Please log in to reply
5 replies to this topic

#1 Busy Bee

Busy Bee

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Sydney, OZ
  • Local time:09:37 PM

Posted 27 October 2007 - 01:29 PM

Hello everyone,

I would appreciate any help I can get for the above problems and others that are hiding in my PC. I have limited knowledge but I have been trying to clean my PC with the help of the advice in BC - (what to do before posting a HJT log, and (is your computer slow, it might not be malware +-). I have scanned several times with ad-Aware but today something happened that it will not update and shows a red cross saying something to the efect that it can not verify in the overview screen.

I have also done several scans with Spybot S&D, Superantispyware, Windows defender, Panda Online scan, avast!4.7 and used the aavast cleaner tool as well.
I have scanned with McAfee Stinger and a few other online scanners. Each time there is something new and this or that program stops working.

I believe my PC has got a lot of things hiding that I can not fix because I haven't got enough know how to find them or to fix them.

The last scans I did with Spyware Terminator and a_Squared produced similar results which are also new to me - unreadable binary files with quite a long list of files of the c:drive. I am happy to send you the reports if you require them.

The BOT names I have described above in the topic title are just a couple from the many I found in the a-Sqared HijackFree online analysis.

I have have used CCleaner, Uniblue RegistryBooster2, and God know how many more things I have tried to try and clean and speed up my PC. My Internet explorer is quite faster then before I ran all the scans but it stops respnding very often and the PC itself is still pretty slow.

I started looking at my startup list but found it to be too complicated for me as well at least for now.
I have a few files quarantined in the avast!4.7 chest. I have emailed avast last week seeking help for some of my scan results but am yet to receive a reply ( using the free versin so I have low priority).

I have done cleanmgr, I have deleted the old sytem restore points and I did so many other things that I can not remember as I have been trying everything I found in BC that I thought could help me, I have been at it for about 3 months now.

So I hope I am not posting this HJT log prematurely but I just don't think I can get out of this mess on my own.

I hope one of the HJT team members will have the patience to bare with me and help me with these problems. Please let me know if you need more information. I shall do my best to produce it, I am not sure what else I should inform you of for now because this PC is so sick from top to toe I just had to start somewhere.

Oh, I have two hard disc drives: c: the original and d: was put in later and I also have an external hard disc drive connected at the moment. I usualy boot from d: but I have also got access to c: at startup I just have to choose which one I want.

I thank you in advance for any help and advice you might give on my PC problems or please direct me to where I can look for more help. The HJT log follows:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:31 AM, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\PROGRA~1\SPYWAR~1\sp_rsser.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\System32\alg.exe
D:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
D:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
D:\Program Files\a-squared Anti-Malware\a2guard.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
D:\Program Files\Spyware Terminator\SpywareTerminator.exe
D:\Program Files\a-squared Anti-Malware\a2HiJackFree.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O1 - Hosts file is located at: D:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: BhoMisc Class - {E3578B37-6346-4EC1-A82B-38273A100DCF} - D:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - D:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Smapp] D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WD Spindown Utility] "D:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [a-squared] "D:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/...lscbase2474.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187662496707
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187662457316
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - D:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - D:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceSB4 - Axaware - D:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 12178 bytes


Thank you again. Hope to hear from you soon.

Busy Bee
Busy Bee
Always greatful for any advice but especially greatful for step by step advice. I am a computer dummy.

BC AdBot (Login to Remove)

 


m

#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 09 November 2007 - 09:22 AM

Hi Busy Bee,

Our apologies for the delay. If you still require help, please post a new fresh log so I can see if anything has changed.

If you have not done so already, please do the initial cleanup steps in the following instructions before posting your new log: Preparation Guide For Use Before Posting A Hijackthis Log

Then instead of just posting an HijackThis log, please only do the following that will include one:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#3 Busy Bee

Busy Bee
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Sydney, OZ
  • Local time:09:37 PM

Posted 10 November 2007 - 04:11 AM

Hi Papakid,

Thank you for taking my HJT log

I was in the process of following the advice on the link " Please read this file before posting a log". I downloaded some of the recommended antispyware Programs and scanned with ad-Aware, A-Squared, Superantispyware, Windows Defender, Spyware Terminator, Panda Online Scan, Uniblu Spyware Eraser, HouseCall, I could not download BitDefender, tried about 5 times.

My PC is quite slow so I have tried to uninstall PC-cillin internet security 2007 but it did not uninstall correctly. I have ddownloaded and scanned with Avast4.7 home (Free edition) to see if the speed would improve, but it is still the same. I am not confident to fix my start up list/programs and whatever processes are running in the background. I did not want to make matters worse.

Anyway that is how I got a report from a-squared that showed the Unreadable Binary files. so I posted the fist HJT log, but in the mean time I installed ZoneAlarm firewall and started having problems accessing the internet with my Iternet Explorer7. I had to uninstall it. Right now I am using IE6 but cannot access certain links and pages. So at the moment I have stoped Zone Alarm but I think it is still running in the background. Also because of this I have turned off my external hard drive and have changed my user name and password in the boot drive D:\ to see if I would be able to reinstall IE7 and make it work but after 5 to 6 attemps it still did not work.

Because I am so desperate I contacted my local microsoft support to try to fix IE which I desperatly need to access work related study websites, and repaired winsock files because I had a few different warnings about Missing disk, missing winsock stack and low on virtual memory and others which I do not recall promptly. The last one was Generic host Process for Win32 Services error and got redirected to security updated 873333.

I also tried to do a SFC but currently I do not have a disk with SP2. I only have my Windows XP home edition with SP1a which is what came with my PC. The SFC does not like my windows CD, I also saved SP2 to disk and tried with SFC but it did not work either. I checked my Hard drives with the manufacturers check disc tools and they showed ok.

I am at a loss, tried so many things, but I just know I can not fix the problems on my own as I have pretty basic knowledge and am just following the advice in BC forums at the moment.

Anyway, I managed to download DSS. Here are the results of its scan:


Deckard's System Scanner v20071014.68
Run by User on 2007-11-10 18:59:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
46: 2007-11-10 08:00:16 UTC - RP46 - Deckard's System Scanner Restore Point
45: 2007-11-10 06:52:41 UTC - RP45 - Software Distribution Service 3.0
44: 2007-11-10 04:24:31 UTC - RP44 - Software Distribution Service 3.0
43: 2007-11-09 15:54:11 UTC - RP43 - Installed Windows Internet Explorer 7.
42: 2007-11-09 15:51:55 UTC - RP42 - Installed Windows IDNMitigationAPIs.


-- First Restore Point --
1: 2007-10-23 23:36:14 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:17 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\User\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: BhoMisc Class - {E3578B37-6346-4EC1-A82B-38273A100DCF} - D:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - D:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Smapp] D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WD Spindown Utility] "D:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [a-squared] "D:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue SpyEraser] "D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/...lscbase2474.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187662496707
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187662457316
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03E7C512-26A0-483E-9D2B-9A63415121FD}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{03E7C512-26A0-483E-9D2B-9A63415121FD}: NameServer = 10.0.0.138
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\..\{03E7C512-26A0-483E-9D2B-9A63415121FD}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O18 - Protocol: tbr - (no CLSID) - (no file)
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - D:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - D:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceSB4 - Axaware - D:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10561 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - d:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - d:\program files\superantispyware\saskutil.sys
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - d:\windows\system32\drivers\sp_rsdrv2.sys
R2 MASPINT - d:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 SASENUM - d:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 SABProcEnum - d:\program files\internet explorer\sabprocenum.sys (file missing)
S3 TVICHW32 - d:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "d:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ServiceSB4 - d:\program files\axaware\spambully 4 for outlook express\sb4service.exe
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "d:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Trend Micro Common Firewall Miniport
Device ID: ROOT\TM_CFWMP\0000
Manufacturer: Trend Micro
Name: WAN Miniport (IP) - Trend Micro Common Firewall Miniport
PNP Device ID: ROOT\TM_CFWMP\0000
Service: tmcfw


-- Scheduled Tasks -------------------------------------------------------------

2007-11-10 18:24:00 252 --a------ D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-11-10 18:02:36 330 --ah----- D:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-11-10 14:03:11 268 --a------ D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-11-08 12:03:16 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-06 02:06:01 262 --a------ D:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2007-11-05 16:50:57 336 --a------ D:\WINDOWS\Tasks\Uniblue SpyEraser.job
2007-11-05 15:09:00 434 --a------ D:\WINDOWS\Tasks\EasyShare Registration Task.job
2007-10-04 12:04:17 238 --a------ D:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2007-10-02 04:21:07 390 --a------ D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-10-10 and 2007-11-10 -----------------------------

2007-11-09 17:39:44 3986 --a------ D:\WINDOWS\system32\tmp.reg
2007-11-09 17:38:56 25600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2007-11-09 17:38:56 289144 --a------ D:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-09 17:38:56 288417 --a------ D:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-09 17:38:56 53248 --a------ D:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-09 17:38:56 51200 --a------ D:\WINDOWS\system32\dumphive.exe
2007-11-09 17:38:52 0 d-------- D:\Documents and Settings\User\SmitfraudFix
2007-11-09 17:22:02 0 d-------- D:\WINDOWS\SoftwareDistribution
2007-11-09 17:19:08 0 d-------- D:\WINDOWS\system32\CatRoot2
2007-11-09 17:18:52 0 d---s---- D:\WINDOWS\Downloaded Program Files
2007-11-09 17:18:02 0 d-------- D:\wutemp
2007-11-09 01:04:51 0 d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-09 00:54:06 0 d-------- D:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2007-11-08 17:47:45 0 d--h----- D:\Documents and Settings\Administrator\Templates
2007-11-08 17:47:45 0 dr------- D:\Documents and Settings\Administrator\Start Menu
2007-11-08 17:47:45 0 dr-h----- D:\Documents and Settings\Administrator\SendTo
2007-11-08 17:47:45 0 d--h----- D:\Documents and Settings\Administrator\Recent
2007-11-08 17:47:45 0 d--h----- D:\Documents and Settings\Administrator\PrintHood
2007-11-08 17:47:45 0 d--h----- D:\Documents and Settings\Administrator\NetHood
2007-11-08 17:47:45 0 d-------- D:\Documents and Settings\Administrator\My Documents
2007-11-08 17:47:45 0 d--h----- D:\Documents and Settings\Administrator\Local Settings
2007-11-08 17:47:45 0 d-------- D:\Documents and Settings\Administrator\Favorites
2007-11-08 17:47:45 0 d-------- D:\Documents and Settings\Administrator\Desktop
2007-11-08 17:47:45 0 d---s---- D:\Documents and Settings\Administrator\Cookies
2007-11-08 17:47:45 0 dr-h----- D:\Documents and Settings\Administrator\Application Data
2007-11-08 17:47:45 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-08 17:47:44 786432 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-07 12:43:13 0 dr-h----- D:\Documents and Settings\User\Recent
2007-11-05 01:48:00 2091040 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2007-11-05 01:36:30 0 d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-05 01:36:14 4212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2007-11-05 01:35:17 11264 --a------ D:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2007-11-05 01:32:53 0 d-------- D:\WINDOWS\system32\ZoneLabs
2007-11-04 10:57:37 0 d-------- D:\Documents and Settings\User\Application Data\HouseCall 6.6
2007-10-28 01:33:11 0 d-------- D:\Documents and Settings\User\Application Data\TeraCopy
2007-10-28 01:32:54 0 d-------- D:\Program Files\TeraCopy
2007-10-21 02:00:11 0 d-------- D:\WINDOWS\nview
2007-10-21 01:32:55 0 d-------- D:\Program Files\SystemRequirementsLab
2007-10-20 01:54:11 23600 --a------ D:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2007-10-18 02:37:36 0 drahs---- D:\autorun.inf
2007-10-17 03:12:41 0 d-------- D:\Documents and Settings\All Users\Application Data\Uniblue
2007-10-16 12:27:29 0 d-------- D:\Program Files\Axaware
2007-10-16 12:15:13 0 d-------- D:\Program Files\a-squared Anti-Malware
2007-10-13 23:39:08 0 d-------- D:\Program Files\DATA Lifeguard Diagnostic for Windows
2007-10-13 23:29:32 0 d-------- D:\Program Files\Western Digital Technologies
2007-10-13 02:02:48 0 d-------- D:\Documents and Settings\User\Application Data\OfficeUpdate12
2007-10-13 02:01:58 0 d-------- D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-11 13:28:51 0 d-------- D:\Program Files\iPod
2007-10-11 13:27:15 0 d-------- D:\Program Files\iTunes
2007-10-10 04:57:35 138752 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-10-10 04:49:44 0 d-------- D:\Program Files\Crawler
2007-10-10 04:48:54 0 d-------- D:\Documents and Settings\User\Application Data\Spyware Terminator
2007-10-10 04:48:53 0 d-------- D:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-10-10 04:48:38 0 d-------- D:\Program Files\Spyware Terminator
2007-10-10 01:00:58 0 d-------- D:\Program Files\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2007-11-05 16:44:45 0 d-------- D:\Documents and Settings\User\Application Data\Uniblue
2007-11-05 16:44:18 0 d-------- D:\Program Files\Uniblue
2007-11-04 15:24:48 0 d-------- D:\Program Files\SUPERAntiSpyware
2007-10-24 17:14:26 0 d-------- D:\Program Files\CCleaner
2007-10-15 09:16:03 0 d-------- D:\Program Files\Windows Defender
2007-10-15 09:14:20 0 d-------- D:\Program Files\MSN Messenger
2007-10-15 09:12:28 0 d-------- D:\Program Files\Windows Live Toolbar
2007-10-15 09:12:25 0 d-------- D:\Program Files\Windows Live Favorites
2007-10-11 18:31:13 0 d-------- D:\Program Files\Windows Media Connect 2
2007-10-11 18:31:13 0 d-------- D:\Program Files\Messenger
2007-10-09 18:22:48 0 d-------- D:\Program Files\Bug Doctor
2007-10-07 05:03:47 0 d-------- D:\Documents and Settings\User\Application Data\System Tweaker
2007-10-04 13:06:34 0 d-------- D:\Program Files\Yahoo!
2007-10-04 02:46:58 0 d-------- D:\Program Files\Belarc
2007-10-02 03:43:06 0 d-------- D:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2007-10-02 01:48:13 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-10-01 04:03:27 0 d-------- D:\Program Files\Alwil Software
2007-09-30 21:53:09 0 d-------- D:\Program Files\Windows Live Safety Center
2007-09-27 13:46:38 0 d-------- D:\Program Files\FileNet
2007-09-26 22:58:57 0 d-------- D:\Program Files\Seagate
2007-09-26 22:54:32 0 d-------- D:\Program Files\Common Files
2007-09-26 17:42:08 0 d-------- D:\Program Files\Apple Software Update
2007-09-26 13:01:21 0 d-------- D:\Program Files\Hewlett-Packard
2007-09-26 12:51:42 0 d-------- D:\Program Files\Sony
2007-09-25 19:06:08 0 d-------- D:\Program Files\Windows NT
2007-09-25 19:05:15 0 d-------- D:\Program Files\Online Services
2007-09-25 19:03:22 0 d-------- D:\Documents and Settings\User\Application Data\Ahead
2007-09-25 19:02:53 0 d-------- D:\Documents and Settings\User\Application Data\NCH Swift Sound
2007-09-25 18:59:12 0 d-------- D:\Program Files\ArcSoft
2007-09-25 18:59:11 0 d--h----- D:\Program Files\InstallShield Installation Information
2007-09-25 18:58:53 0 d-------- D:\Program Files\Canon
2007-09-25 18:51:42 0 d-------- D:\Program Files\3DGroove
2007-09-25 18:48:35 0 d-------- D:\Program Files\Virtools
2007-09-25 18:48:15 0 d-------- D:\Program Files\NCH Software
2007-09-25 18:48:06 0 d-------- D:\Program Files\TWC
2007-09-25 18:47:57 0 d-------- D:\Program Files\NCH Swift Sound
2007-09-18 23:05:35 0 d-------- D:\Documents and Settings\User\Application Data\Apple Computer
2007-09-18 22:14:35 0 d-------- D:\Documents and Settings\User\Application Data\FileNet
2007-09-17 18:40:56 524288 --a------ D:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>
2007-09-17 02:07:00 1626112 --a------ D:\WINDOWS\system32\nwiz.exe
2007-09-17 02:07:00 1019904 --a------ D:\WINDOWS\system32\nvwimg.dll
2007-09-17 02:07:00 1703936 --a------ D:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 02:07:00 466944 --a------ D:\WINDOWS\system32\nvshell.dll
2007-09-17 02:07:00 1478656 --a------ D:\WINDOWS\system32\nview.dll
2007-09-17 02:07:00 1339392 --a------ D:\WINDOWS\system32\nvdspsch.exe
2007-09-17 02:07:00 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
2007-09-17 02:07:00 425984 --a------ D:\WINDOWS\system32\keystone.exe
2007-09-13 17:30:52 0 d-------- D:\Program Files\QuickTime
2007-09-11 00:44:55 0 d-------- D:\Program Files\SigmaTel


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="D:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [11/10/2002 06:26 PM]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
"HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 01:12 AM]
"HP Software Update"="D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [12/02/2004 02:38 PM]
"HP Component Manager"="D:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/05/2004 04:18 PM]
"@"="" []
"KernelFaultCheck"="D:\WINDOWS\system32\dumprep 0 -k" []
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06 AM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 05:00 AM]
"Windows Defender"="D:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 08:20 PM]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [26/10/2007 01:20 AM]
"WD Spindown Utility"="D:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe" [09/08/2004 04:15 PM]
"a-squared"="D:\Program Files\a-squared Anti-Malware\a2guard.exe" [31/08/2007 09:24 PM]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [17/09/2007 02:07 AM]
"nwiz"="nwiz.exe" [17/09/2007 02:07 AM D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [17/09/2007 02:07 AM]
"SpywareTerminator"="D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [10/10/2007 04:55 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [04/08/2004 11:00 PM]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 03:06 PM]
"Uniblue SpeedUpMyPC"="D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [22/10/2007 10:13 AM]
"Uniblue SpyEraser"="D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [16/10/2007 09:26 AM]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [24/10/2006 04:10 PM]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [28/05/2004 11:31:38 PM]
HP Image Zone Fast Start.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [29/05/2004 12:06:36 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"=0 (0x0)
"DisableChangePassword"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMFUprogramsList"=1 (0x1)
"NoTrayContextMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 02:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 02:41 PM 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c07e5fe2-749c-11dc-9ff9-000c6e8e1703}]
Auto\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE




-- End of Deckard's System Scanner: finished at 2007-11-10 19:05:15 ------------

======================================== AND=====================


Deckard's System Scanner v20071014.68
Run by User on 2007-11-10 18:59:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
46: 2007-11-10 08:00:16 UTC - RP46 - Deckard's System Scanner Restore Point
45: 2007-11-10 06:52:41 UTC - RP45 - Software Distribution Service 3.0
44: 2007-11-10 04:24:31 UTC - RP44 - Software Distribution Service 3.0
43: 2007-11-09 15:54:11 UTC - RP43 - Installed Windows Internet Explorer 7.
42: 2007-11-09 15:51:55 UTC - RP42 - Installed Windows IDNMitigationAPIs.


-- First Restore Point --
1: 2007-10-23 23:36:14 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:17 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\User\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: BhoMisc Class - {E3578B37-6346-4EC1-A82B-38273A100DCF} - D:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - D:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Smapp] D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WD Spindown Utility] "D:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [a-squared] "D:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue SpyEraser] "D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/...lscbase2474.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187662496707
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187662457316
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03E7C512-26A0-483E-9D2B-9A63415121FD}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{03E7C512-26A0-483E-9D2B-9A63415121FD}: NameServer = 10.0.0.138
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\..\{03E7C512-26A0-483E-9D2B-9A63415121FD}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nsw.bigpond.net.au
O18 - Protocol: tbr - (no CLSID) - (no file)
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - D:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - D:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceSB4 - Axaware - D:\Program Files\Axaware\SpamBully 4 for Outlook Express\sb4service.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10561 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - d:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - d:\program files\superantispyware\saskutil.sys
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - d:\windows\system32\drivers\sp_rsdrv2.sys
R2 MASPINT - d:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 SASENUM - d:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 SABProcEnum - d:\program files\internet explorer\sabprocenum.sys (file missing)
S3 TVICHW32 - d:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "d:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ServiceSB4 - d:\program files\axaware\spambully 4 for outlook express\sb4service.exe
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "d:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Trend Micro Common Firewall Miniport
Device ID: ROOT\TM_CFWMP\0000
Manufacturer: Trend Micro
Name: WAN Miniport (IP) - Trend Micro Common Firewall Miniport
PNP Device ID: ROOT\TM_CFWMP\0000
Service: tmcfw


-- Scheduled Tasks -------------------------------------------------------------

2007-11-10 18:24:00 252 --a------ D:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-11-10 18:02:36 330 --ah----- D:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-11-10 14:03:11 268 --a------ D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-11-08 12:03:16 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-06 02:06:01 262 --a------ D:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2007-11-05 16:50:57 336 --a------ D:\WINDOWS\Tasks\Uniblue SpyEraser.job
2007-11-05 15:09:00 434 --a------ D:\WINDOWS\Tasks\EasyShare Registration Task.job
2007-10-04 12:04:17 238 --a------ D:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2007-10-02 04:21:07 390 --a------ D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-10-10 and 2007-11-10 -----------------------------

2007-11-09 17:39:44 3986 --a------ D:\WINDOWS\system32\tmp.reg
2007-11-09 17:38:56 25600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2007-11-09 17:38:56 289144 --a------ D:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-09 17:38:56 288417 --a------ D:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-09 17:38:56 53248 --a------ D:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-09 17:38:56 51200 --a------ D:\WINDOWS\system32\dumphive.exe
2007-11-09 17:38:52 0 d-------- D:\Documents and Settings\User\SmitfraudFix
2007-11-09 17:22:02 0 d-------- D:\WINDOWS\SoftwareDistribution
2007-11-09 17:19:08 0 d-------- D:\WINDOWS\system32\CatRoot2
2007-11-09 17:18:52 0 d---s---- D:\WINDOWS\Downloaded Program Files
2007-11-09 17:18:02 0 d-------- D:\wutemp
2007-11-09 01:04:51 0 d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-09 00:54:06 0 d-------- D:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2007-11-08 17:47:45 0 d--h----- D:\Documents and Settings\Administrator\Templates
2007-11-08 17:47:45 0 dr------- D:\Documents and Settings\Administrator\Start Menu
2007-11-08 17:47:45 0 dr-h----- D:\Documents and Settings\Administrator\SendTo
2007-11-08 17:47:45 0 d--h----- D:\Documents and Settings\Administrator\Recent
2007-11-08 17:47:45 0 d--h----- D:\Documents and Settings\Administrator\PrintHood
2007-11-08 17:47:45 0 d--h----- D:\Documents and Settings\Administrator\NetHood
2007-11-08 17:47:45 0 d-------- D:\Documents and Settings\Administrator\My Documents
2007-11-08 17:47:45 0 d--h----- D:\Documents and Settings\Administrator\Local Settings
2007-11-08 17:47:45 0 d-------- D:\Documents and Settings\Administrator\Favorites
2007-11-08 17:47:45 0 d-------- D:\Documents and Settings\Administrator\Desktop
2007-11-08 17:47:45 0 d---s---- D:\Documents and Settings\Administrator\Cookies
2007-11-08 17:47:45 0 dr-h----- D:\Documents and Settings\Administrator\Application Data
2007-11-08 17:47:45 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-08 17:47:44 786432 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-07 12:43:13 0 dr-h----- D:\Documents and Settings\User\Recent
2007-11-05 01:48:00 2091040 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2007-11-05 01:36:30 0 d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-05 01:36:14 4212 ---h----- D:\WINDOWS\system32\zllictbl.dat
2007-11-05 01:35:17 11264 --a------ D:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2007-11-05 01:32:53 0 d-------- D:\WINDOWS\system32\ZoneLabs
2007-11-04 10:57:37 0 d-------- D:\Documents and Settings\User\Application Data\HouseCall 6.6
2007-10-28 01:33:11 0 d-------- D:\Documents and Settings\User\Application Data\TeraCopy
2007-10-28 01:32:54 0 d-------- D:\Program Files\TeraCopy
2007-10-21 02:00:11 0 d-------- D:\WINDOWS\nview
2007-10-21 01:32:55 0 d-------- D:\Program Files\SystemRequirementsLab
2007-10-20 01:54:11 23600 --a------ D:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2007-10-18 02:37:36 0 drahs---- D:\autorun.inf
2007-10-17 03:12:41 0 d-------- D:\Documents and Settings\All Users\Application Data\Uniblue
2007-10-16 12:27:29 0 d-------- D:\Program Files\Axaware
2007-10-16 12:15:13 0 d-------- D:\Program Files\a-squared Anti-Malware
2007-10-13 23:39:08 0 d-------- D:\Program Files\DATA Lifeguard Diagnostic for Windows
2007-10-13 23:29:32 0 d-------- D:\Program Files\Western Digital Technologies
2007-10-13 02:02:48 0 d-------- D:\Documents and Settings\User\Application Data\OfficeUpdate12
2007-10-13 02:01:58 0 d-------- D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-11 13:28:51 0 d-------- D:\Program Files\iPod
2007-10-11 13:27:15 0 d-------- D:\Program Files\iTunes
2007-10-10 04:57:35 138752 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-10-10 04:49:44 0 d-------- D:\Program Files\Crawler
2007-10-10 04:48:54 0 d-------- D:\Documents and Settings\User\Application Data\Spyware Terminator
2007-10-10 04:48:53 0 d-------- D:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-10-10 04:48:38 0 d-------- D:\Program Files\Spyware Terminator
2007-10-10 01:00:58 0 d-------- D:\Program Files\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2007-11-05 16:44:45 0 d-------- D:\Documents and Settings\User\Application Data\Uniblue
2007-11-05 16:44:18 0 d-------- D:\Program Files\Uniblue
2007-11-04 15:24:48 0 d-------- D:\Program Files\SUPERAntiSpyware
2007-10-24 17:14:26 0 d-------- D:\Program Files\CCleaner
2007-10-15 09:16:03 0 d-------- D:\Program Files\Windows Defender
2007-10-15 09:14:20 0 d-------- D:\Program Files\MSN Messenger
2007-10-15 09:12:28 0 d-------- D:\Program Files\Windows Live Toolbar
2007-10-15 09:12:25 0 d-------- D:\Program Files\Windows Live Favorites
2007-10-11 18:31:13 0 d-------- D:\Program Files\Windows Media Connect 2
2007-10-11 18:31:13 0 d-------- D:\Program Files\Messenger
2007-10-09 18:22:48 0 d-------- D:\Program Files\Bug Doctor
2007-10-07 05:03:47 0 d-------- D:\Documents and Settings\User\Application Data\System Tweaker
2007-10-04 13:06:34 0 d-------- D:\Program Files\Yahoo!
2007-10-04 02:46:58 0 d-------- D:\Program Files\Belarc
2007-10-02 03:43:06 0 d-------- D:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2007-10-02 01:48:13 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-10-01 04:03:27 0 d-------- D:\Program Files\Alwil Software
2007-09-30 21:53:09 0 d-------- D:\Program Files\Windows Live Safety Center
2007-09-27 13:46:38 0 d-------- D:\Program Files\FileNet
2007-09-26 22:58:57 0 d-------- D:\Program Files\Seagate
2007-09-26 22:54:32 0 d-------- D:\Program Files\Common Files
2007-09-26 17:42:08 0 d-------- D:\Program Files\Apple Software Update
2007-09-26 13:01:21 0 d-------- D:\Program Files\Hewlett-Packard
2007-09-26 12:51:42 0 d-------- D:\Program Files\Sony
2007-09-25 19:06:08 0 d-------- D:\Program Files\Windows NT
2007-09-25 19:05:15 0 d-------- D:\Program Files\Online Services
2007-09-25 19:03:22 0 d-------- D:\Documents and Settings\User\Application Data\Ahead
2007-09-25 19:02:53 0 d-------- D:\Documents and Settings\User\Application Data\NCH Swift Sound
2007-09-25 18:59:12 0 d-------- D:\Program Files\ArcSoft
2007-09-25 18:59:11 0 d--h----- D:\Program Files\InstallShield Installation Information
2007-09-25 18:58:53 0 d-------- D:\Program Files\Canon
2007-09-25 18:51:42 0 d-------- D:\Program Files\3DGroove
2007-09-25 18:48:35 0 d-------- D:\Program Files\Virtools
2007-09-25 18:48:15 0 d-------- D:\Program Files\NCH Software
2007-09-25 18:48:06 0 d-------- D:\Program Files\TWC
2007-09-25 18:47:57 0 d-------- D:\Program Files\NCH Swift Sound
2007-09-18 23:05:35 0 d-------- D:\Documents and Settings\User\Application Data\Apple Computer
2007-09-18 22:14:35 0 d-------- D:\Documents and Settings\User\Application Data\FileNet
2007-09-17 18:40:56 524288 --a------ D:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>
2007-09-17 02:07:00 1626112 --a------ D:\WINDOWS\system32\nwiz.exe
2007-09-17 02:07:00 1019904 --a------ D:\WINDOWS\system32\nvwimg.dll
2007-09-17 02:07:00 1703936 --a------ D:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 02:07:00 466944 --a------ D:\WINDOWS\system32\nvshell.dll
2007-09-17 02:07:00 1478656 --a------ D:\WINDOWS\system32\nview.dll
2007-09-17 02:07:00 1339392 --a------ D:\WINDOWS\system32\nvdspsch.exe
2007-09-17 02:07:00 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
2007-09-17 02:07:00 425984 --a------ D:\WINDOWS\system32\keystone.exe
2007-09-13 17:30:52 0 d-------- D:\Program Files\QuickTime
2007-09-11 00:44:55 0 d-------- D:\Program Files\SigmaTel


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="D:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [11/10/2002 06:26 PM]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
"HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [22/06/2004 01:12 AM]
"HP Software Update"="D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [12/02/2004 02:38 PM]
"HP Component Manager"="D:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/05/2004 04:18 PM]
"@"="" []
"KernelFaultCheck"="D:\WINDOWS\system32\dumprep 0 -k" []
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06 AM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 05:00 AM]
"Windows Defender"="D:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 08:20 PM]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [26/10/2007 01:20 AM]
"WD Spindown Utility"="D:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe" [09/08/2004 04:15 PM]
"a-squared"="D:\Program Files\a-squared Anti-Malware\a2guard.exe" [31/08/2007 09:24 PM]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [17/09/2007 02:07 AM]
"nwiz"="nwiz.exe" [17/09/2007 02:07 AM D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [17/09/2007 02:07 AM]
"SpywareTerminator"="D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [10/10/2007 04:55 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [04/08/2004 11:00 PM]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 03:06 PM]
"Uniblue SpeedUpMyPC"="D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [22/10/2007 10:13 AM]
"Uniblue SpyEraser"="D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [16/10/2007 09:26 AM]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [24/10/2006 04:10 PM]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [28/05/2004 11:31:38 PM]
HP Image Zone Fast Start.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [29/05/2004 12:06:36 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"=0 (0x0)
"DisableChangePassword"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMFUprogramsList"=1 (0x1)
"NoTrayContextMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 02:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 02:41 PM 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c07e5fe2-749c-11dc-9ff9-000c6e8e1703}]
Auto\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE




-- End of Deckard's System Scanner: finished at 2007-11-10 19:05:15 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 511.5 MiB / 149.04 MiB
Pagefile Memory (total/avail): 2016.77 MiB / 1602.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.94 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 111.79 GiB total, 64.61 GiB free.
D: is Fixed (NTFS) - 74.52 GiB total, 59.24 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)

\\.\PHYSICALDRIVE1 - ST3120022A - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:

\\.\PHYSICALDRIVE0 - WDC WD800BB-00JHC0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - D:

\\.\PHYSICALDRIVE2 - HP PSC 2355 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
FirewallOverride is set.

FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)
AV: avast! antivirus 4.7.1074 [VPS 071109-0] v4.7.1074 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Program Files\\NetMeeting\\conf.exe"="D:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"D:\\Program Files\\TeVeo\\TeVeo VIDiO Suite\\Live\\TeVeoLive.exe"="D:\\Program Files\\TeVeo\\TeVeo VIDiO Suite\\Live\\TeVeoLive.exe:*:Enabled:TeVeoLive"
"D:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="D:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\User\Application Data
CLASSPATH=.;D:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=NELA2
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\NELA2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\Program Files\QuickTime\QTSystem\;D:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=D:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\User\LOCALS~1\Temp
TMP=D:\DOCUME~1\User\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=NELA2
USERNAME=User
USERPROFILE=D:\Documents and Settings\User
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

User (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> D:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> D:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
a-squared Anti-Malware 3.0 --> "D:\Program Files\a-squared Anti-Malware\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> D:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> D:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoBase 3 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x9 -uninst
ArcSoft PhotoStudio 5 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x9 -uninst
avast! Antivirus --> rundll32 D:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Belarc Advisor 7.2 --> D:\PROGRA~1\Belarc\Advisor\Uninstall.exe D:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Bug Doctor 3.0.3.8 --> "D:\Program Files\Bug Doctor\unins000.exe"
Camera Plus 1.0 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9A7F4FB5-C0D5-4FF0-AE29-30BBE847251D}\Setup.exe" -l0x9
Canon CanoScan Toolbox 4.1 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9 anything
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
Clear Cache feature for Internet Explorer --> MsiExec.exe /I{4E901875-0F15-44BA-89DE-94AA41A7F507}
Crawler Toolbar with Web Security Guard --> D:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
e-Record 5 --> C:\Informed\EREC2\unwise.exe C:\Informed\erec2\install.log
Express Burn --> D:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip --> D:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
FileNet Desktop eForms --> MsiExec.exe /I{42CFD768-94A5-4C0D-A49A-88B536BAC551}
Golden Records --> D:\Program Files\NCH Swift Sound\Golden\uninst.exe
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "D:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "D:\Documents and Settings\User\Application Data\HouseCall 6.6\uninstaller.exe"
HP Image Zone 4.2 --> D:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP PSC & OfficeJet 4.2 --> "D:\Program Files\Hewlett-Packard\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP PSC 2350 series --> rundll32 hpzcon10.dll,VendorJettison HP PSC 2350 series
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
ImageMixer for Sony DVD Handycam --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FD350FC2-A972-427D-800B-A2D200ACFF41}\setup.exe" UNINSTALL
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kodak EasyShare software --> MsiExec.exe /I{11DB853A-6966-4724-BEAD-793C48AC8C54}
Manual CanoScan 3000,3000F --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E088AC54-7379-4C8F-A8B6-D2381E5A1172}\setup.exe" -l0x9
Microsoft Base Smart Card Cryptographic Service Provider Package --> "D:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MicroStaff WINASPI --> D:\MWASPI\uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> D:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia PC Suite 6.0 --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E9886CC0-4E5D-43B7-B47A-92E33001803F}
NVIDIA Drivers --> D:\WINDOWS\system32\nvudisp.exe UninstallGUI
OmniPage SE --> MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
Panda ActiveScan Pro --> D:\WINDOWS\system32\ASProUni.exe Panda ActiveScan Pro
PC Camera (6025 VGA) --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{0EB60281-1F3E-4B01-96C4-AC1C1D1B4D2B}\setup.exe" -l0x9
PCI SoftV92 Modem --> D:\Program Files\CONEXANT\CNXT_MODEM_PCI_HSF\UIU32m.exe -U -IPSCRCSR5K.inf
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
PowerDVD --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
SeaTools for Windows --> MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Sony DVD Handycam USB Driver --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6F845B05-8B76-4302-A808-7FB21E2BC5E6}\Setup.exe" UNINSTALL
Sony Media Manager 2.2 --> MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}
SoundMAX --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SpamBully 4 for Outlook 4.1.0.3 --> D:\Program Files\Axaware\SpamBully 4 for Outlook\uninst.exe
SpamBully 4 for Outlook Express 4.1.0.3 --> D:\Program Files\Axaware\SpamBully 4 for Outlook Express\uninst.exe
Spybot - Search & Destroy --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator --> "D:\Program Files\Spyware Terminator\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch --> D:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab --> D:\Program Files\SystemRequirementsLab\Uninstall.exe
TeraCopy 1.22 --> "D:\Program Files\TeraCopy\unins000.exe"
TeVeo VIDiO Suite --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{79922699-7614-4033-884B-B40E3807B3B3}\setup.exe"
Trend Micro Anti-Spyware --> D:\Program Files\Trend Micro\Tmasy\tmasy.exe -uninstall
Trend Micro PC-cillin Internet Security 2007 --> D:\PROGRA~1\TRENDM~1\INTERN~2\remove.exe
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Trend Micro TrendProtect for Internet Explorer --> MsiExec.exe /X{D5462C8A-D08C-4163-8293-82F2E11A2760}
Uniblue RegistryBooster 2 --> "D:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "D:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser --> "D:\Program Files\Uniblue\SpyEraser\unins000.exe"
Uniblue System Tweaker --> "D:\Program Files\Uniblue\System Tweaker\unins000.exe"
Virtools 3D Life Player --> D:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
WavePad Uninstall --> D:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Spindown or Stop Utility for External Drive, v1.00 --> MsiExec.exe /I{BE6F412F-C276-4FD8-B3E1-F996CC172776}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "D:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "D:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "D:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Media Format 11 runtime --> "D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "D:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Creativity Fun Packs - Windows Movie Maker 2 --> MsiExec.exe /X{DA2D4D11-1811-4A24-B719-BF9F048C6106}
Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio --> MsiExec.exe /X{A6264FF6-C49D-4533-AF42-4875C38BB24C}
Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Titles --> MsiExec.exe /X{3C26E039-BE18-4B5E-A723-45390C451819}
Windows XP Winter Fun Pack for Windows Movie Maker 2 --> MsiExec.exe /I{FFC5C6DA-6BC0-47C1-9EC0-8E1A1294E4F7}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> D:\WINDOWS\system32\regsvr32 /u D:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> D:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm --> D:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3748 / Error
Event Submitted/Written: 11/10/2007 07:03:21 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type3746 / Error
Event Submitted/Written: 11/10/2007 06:02:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application PcScnSrv.exe, version 15.30.0.1128, faulting module PccSpy.dll, version 15.30.0.1128, fault address 0x0001d60d.
Processing media-specific event for [PcScnSrv.exe!ws!]

Event Record #/Type3743 / Error
Event Submitted/Written: 11/10/2007 05:20:39 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 24097034.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type3742 / Error
Event Submitted/Written: 11/10/2007 05:17:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Event Record #/Type3740 / Error
Event Submitted/Written: 11/10/2007 04:37:37 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 377797564.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type76095 / Error
Event Submitted/Written: 11/10/2007 06:05:07 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Trend Micro Protection Against Spyware service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type76086 / Error
Event Submitted/Written: 11/10/2007 06:04:56 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Event Record #/Type76077 / Error
Event Submitted/Written: 11/10/2007 06:04:05 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The avast! Mail Scanner service failed to start due to the following error:
%%1053

Event Record #/Type76076 / Error
Event Submitted/Written: 11/10/2007 06:04:05 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.

Event Record #/Type76075 / Error
Event Submitted/Written: 11/10/2007 06:02:59 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Trend Micro Protection Against Spyware service hung on starting.



-- End of Deckard's System Scanner: finished at 2007-11-10 19:05:15 ------------


===========
OK, please let me know if you would like me to run dss with my external Hard drive and C:\ drives on as well. I am just petrified to loose my internet connection again as I urgently need to submitt some study assignments and IE is all I CAN use to access the websites where I have to do them.


I hope this is not a great big head ache for you, good luck with finding my problems and thank you so much in advance for your kind advice and help.

anxioulsy awaiting your reply,

Busy Bee :thumbsup:
Busy Bee
Always greatful for any advice but especially greatful for step by step advice. I am a computer dummy.

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 13 November 2007 - 01:07 PM

Hi Busy Bee,

My apologies for not getting back with you sooner. Things are busy in real life and frankly your log is not an easy one to analyze. I completely understand that you are desperate, but I have to ask you to quit being such a busy bee. When a person gets desperate they often do things that make the situation worse and I believe this is true in your case--a resolution is going to be much more complicated than it needs to be.

The more actions you take to try to fix when you are guessing at what needs to be done, the more you knot the computer up to where it becomes Gordian and the only thing to do is cut it--in the computer world that would be analogous to a reformat. We may already be to that point, but I'll try my best to get this untangled, it will just take some time.

It has taken some time sorting thru your logs and info, researching and trying to get a handle on what all needs to be done. There are still a few thing I need to check out, but just one obvious infection sign that you have already dealt with by running Flash Disinfector. Did you have your external hard drive turned on when you ran it? If so you may just have a couple of leftover reg entries that need to be cleaned up instead of an active infection and your other problems could be from damage it caused, inadvisable actions you have taken to fix the problem, among which is adding too many programs to fix the problem.

At this point, running sfc is premature. Please do no system wide changes such as that without my guidance, I'm here to help you with the correct decisions and regret that your decision to uninstall IE7 when you installed Zone Alarm as you should have uninstalled Zone Alarm. This is a major complicating factor.

Please avoid installing and running any other programs in an attempt to fix this problem unless I recommend them. Especially anything that claims to clean up the registry. They often cause more problems than they resolve as they make educated guesses and rarely fix malware that is active--we will fix only specific reg entries that we have a reasonable degree of certainty is a problem. You have one program installed that has terrible reviews and may be an outright scam, Bug Doctor, and I hope you haven't paid for it. Please immediately go to Add/Remove Programs via Control Panel and uninstall Bug Doctor.

I also would like for you to lean up your system while we work on it. You have installed several security programs that are designed to scan and remove malware, which is fine if that scanning and removing is all they do. The problem nowdays is that most come with protection/guards that run in the background and sometimes those guards do not get along with one another (software conflict) and some of them interfere with malware removal and repairs we want to make to the system. It is better to remove malware first while running basic protections--Anitvirus and firewall--then add the extra protection afterward. Then only one or two. A squared I also think is putting out false positives lately or technical information that is easy to misunderstand. So the first step I want you to do is collect all the logs from these programs that you think is relevant and store them somewhere--I'll want to see the log with Unreadable Binary Files in it a bit later on. Then disable all the programs and uninstall them--later we may need to uninstall even more when we attempt to reinstall IE7:

a-squared Anti-Malware 3.0
Ad-Aware 2007
Bug Doctor 3.0.3.8
Crawler Toolbar with Web Security Guard
Spyware Terminator
SUPERAntiSpyware Free Edition
Trend Micro Anti-Spyware
Trend Micro PC-cillin Internet Security 2007
Trend Micro PC-cillin Internet Security 2007
Trend Micro TrendProtect for Internet Explorer
Uniblue RegistryBooster 2
Uniblue SpyEraser

The following are at your option--most of what these programs do can be accomplished by other means and for free and are little more than snake oil, IMO. Reverse any of the tweaks they have done before uninstalling.

Uniblue SpeedUpMyPC 3
Uniblue System Tweaker

This will leave you with Windows Defender protection still running and Spybot S&D for a second malware scanner. However WD is known to interfere with registry changes, so the next step is to disable it before we fix what malware signs are left (that we can see). Scroll down to to post #3 of the following link for instructions:
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

BTW, look over that entire thread. Before running DSS and/or ComboFix again, disable any of the protections that you have installed that are listed in that thread.

Now download this attached file-->Attached File  BBFix.reg   292bytes   16 downloads You may need to right click and "Save Target As" or "Save link as" or similar, but be sure to save the file to your desktop.

Double-click BBFix.reg and allow it to merge with your registry and reboot.

Next step, run ComboFix. Be sure to have your external drive turned on then follow these instructions:

Please download Combofix to your desktop.

Doubleclick ComboFix.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt. Note that some cleaning may require a reboot, so it won't be finished until that is done.

Post this log in your next reply.


Now with the external drive still turned on, run DSS again, but according to these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following into the Run box & click OK.

"%userprofile%\desktop\dss.exe" /config

Put checks by these options and uncheck the others:

System Restore
HijackThis
:blink: Ignored
:thumbsup: Fixed
Drivers
Services
Scheduled Tasks
Registry Dump
System Information
Security Center
Add/Remove Programs
Device Manager


Click Scan!

When finished, it shall produce a log for you. Post that log in your next reply along with the ComboFix log.

Next priority is to get your firewall situation straightened out. DSS log shows you have ZoneAlarm as your active firewall, but also as having the Windows firewall enabled, along with Trend's Miniport still present in Device Manager, even tho it is disabled. Never run more than one firewall at a time. I'm surprised that the Windows firewall is still enabled--usually a thrid party firewall will disable that automatically when it is installed. But I believe this is what was causing most of the problems with accessing the internet.

The first step here is to disconnect form the internet then go to Control Panel, Security Center and click on the firewall link and disable the Windows firewall.

I'm not sure what you did when you say you turned off ZoneAlarm firewall, but now you should re-enable it. Reboot, reconnect and see if you get access problems again. If so reverse the procedure so that you have access and Windows firewall protection before going back online and let me know how it goes. You may have a corrupted installation of ZA, probably because Trend Micro failed to uninstall properly. But I won't know exactly what to do for you til next post. If you have a problem still when you attempt to uninstall Trend, per my previous instructions, skip that step and let me know.

One other thing I need to know from you is what is the purpose of having two bootable hard drives. Is XP Home installed on both? If not what operating system is installed on C? Please give me some details on what you use your C drive for.

Lastly, post the A squared or any of the logs that are warning of unreadable binary files. Most likely these are nothing to be worried about, just some information that something might be bad, but I need to see the logs to be sure.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#5 Busy Bee

Busy Bee
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Sydney, OZ
  • Local time:09:37 PM

Posted 13 November 2007 - 05:53 PM

Hi Papakid,

Thank you immensely for you reply and instructions. I understand the delay, I KNOW this is not an easy set of problems to fix and I am very greatful for your help and being a busy bee I know that everyone else is just as busy. I have great admiration for you and everyone at BC who has such dedication to helping those of us who need your help.

IT HURTS that you are sooo right in everything you said. My biggest sorrow is that I did not find this forum a lot sooner because I would have saved myself a lot of trouble and would have created less problems for people like yourself who are helping me solve this mess.

I have a deadline to meet by tomorrow of a work related study assignment and have to put my effort on that to get it done but as soon as I finish it I will carry on all your advice and post back the things you have requested, hopefully in the next day or so.

Thanks again.

Cheers,
BB
Busy Bee
Always greatful for any advice but especially greatful for step by step advice. I am a computer dummy.

#6 Busy Bee

Busy Bee
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Sydney, OZ
  • Local time:09:37 PM

Posted 17 November 2007 - 12:06 PM

Attached File  log.txt   12.25KB   5 downloadsAttached File  main.txt3.txt   16.82KB   6 downloadsAttached File  main.txtaftercombofix.txt   45.38KB   16 downloadsAttached File  extra.txtaftercombofix.txt   24.83KB   35 downloadsAttached File  Server_Error_in.doc   29.5KB   6 downloads


Hello Papakid,

Sorry about the delay, it just took me longer than I wanted to. Hope you are doing well.

I tried to follow your instructions as best as I could. I will answer all the questions on your last post first:

1- I ran Flash Desinfector at the advice of Quiteman7 as my antivirus warned me of a few different viruses and adware, etc and my external drive became an "unknown USB device" so I did have it on when I ran FD.

2- I uninstalled IE7 at the advice of one of Microsoft's support Techies who was helping me with the IE7 problem. We tried to uninstall TrendMicro in a few different ways which I had already tried on the advice of TrendMicro support people, and nothing would work. Could not open websites, then could not open homepage, then could not open secure websites, then could not open links in the sites but in the end he suggested to uninstall IE7 to see if the problem was just IE7 but IE6 did just a little better. I really needed to access my Colledge website to download and submitt my assignments by the deadline and ended up installing Firefox and also uninstalled Zone Alarm because the fixes just weren't working. Even the automatic updates did not work.
After uninstalling ZA, IE6 is working nicely but I still have Auto Updates turned off so I can monitor the downloads and installations.

I will turn them back on when you think it is ok.

3-BUG DOCTOR - the mistery program. I did not request it. I was updating another program and it just installed itself and then when I uninstalled the other program it disappeared on its own as well. Sorry, I have been stressing out so much that I do not remember what the program was. No, I did not pay for it, I read some bad reports on it.

4- I have disabled and uninstalled all the programs on the list but TM PC-cillin I/S 2007 and Antispyware are proving quite hard to remove. Even with the tools from Trend Micro Support.
They told me to also delete the files in the Windows Prefetch folder but I did NOT do that step because I thought I would be better off waiting for your advice on that.

I think I managed to uninstall the Trend Micro Firewall.
But not sure how I went with Trend Protect.
Also, I was not sure if I should uninstall Highjack this, so I did not touch it.

I have a folder with a Trend Micro Internet Security that I downloaded to my desktop as a backup and which I never Installed. I was just going to copy it to disc because my 2007 edition was an upgrade and I did not have a disc. I was not counting on having to uninstall it. Please let me know if that folder can just be deleted normally.


5- Uniblue Registry Booster and System Tweaker I disabled them without uninstalling because I could not find good Info on how to reverse the changes they make unless by using System Restore which I thought was not a good idea right now, so I have only changed their settings not to run and left them there for now.

6- I did disable all the protections as best I could after reading the thread, hope I did it properly.
Then I downloaded and ran BBFIX.reg and Combofix with the external drive turned on. And then also ran the DSS from the Start Button as per your explaination.

7- Since I unsinstalled ZA and TM firewall I left the Windows Firewall active after I ran the scans you suggested.

8- OK, now, the purpose of having two bootable hard drives is absolutely none, just a big pain in the backside, excuse the language.

I do not really do much with C: now because I started working in the D: and just refer to the files that are there which I used to work with before the D: was installed, i.e., accounting, photos and other documents. Only recently I found out that I could actually log in normaly like I used to do before the D: got put in.

My PC was going so slow and every key stroke was a warning from my Anti virus which made it impossible to work with.

So I took it to the local Computer Repair shop about a year and a half ago to ask them if they could back up my data and format the hard drive because I did not know what I needed to back up and also could not do it myself - cd burner was not working, did not know much about backing up. They did not want to do that in case they lost my data but instead suggested that I leave the hard drive as it was and put in another hard drive and the System would then work smoothly.
That was not the case, in fact it became the bumpiest road I have ever been on.
It still stayed slow, and I have been trying to fix the problems myself because I can't find anyone who can do it properly around here who can be trusted.

I went to the Microsoft forum and they suggested I visit BC and check out some of the advice on it on how to clean up the PC and so on. So I have been reading a lot In BC and Microsoft to learn about things. BUT still:

Here I am with the biggest mess. My mess is not just the slowness and the infections, but a big mess I created in an effort to make back ups. Not knowing about the best ways to back up and not knowing how to do it regularly I had NO BACK UPS.
so I tried the Windows back up utility, the files transfer wizard which failed to do it, and still I had no good back up.

Got the external hard drive and COPIED the C: and the D: drives to it. Obviously it did not go that well either and now I have copies of the WIndows folders, or at least parts of it in my external drive and in folders I created on the desktop to copy to the external hard drive to delete after I had everything on the External H/drive. Only I got scared to delete those folders In case I damage whatever is left of the OS instalations on C;&D: that are still letting me access my files and the net, a miracle.

But then when I installed Avast!4.7 most of the files in the external drive ended up in the virus chest and are still there.
So as you know much better than me the mess runs pretty deep on this PC.

My ultimate goal is to get a GOOD back up of my data into my external drive and I also need some advice on the best way to run this computer now.
I would like to have my c: drive as my bootable drive with the operating system and have the d; as storage only, and the external drive for backups. but I think I have still a lot of stuff to do before I can get there.

If you would like to suggest the best way for me to run the PC I welcome your suggestions.

Anyway, I am going to try to attach the logs, If it fails I will paste them here.

I have included a couple of things for you to look at, it might help. I could not find the a-squared log with the unreadable binary files but I am attaching the one from Spyware Terminator also with unreadable binary files.

Hope it is nothing to worry about... but like you said, it might be time to reformat...

Once again thank you for your help. I look forward to your next instructions.

Keep well,
BB
Here is part of the file, it was too large to attach:

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = localhost
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} - File not found
02 - BHO: BhoMisc Class - {E3578B37-6346-4EC1-A82B-38273A100DCF} - [Trend Micro Inc.] : D:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
02 - BHO: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - File not found
02 - BHO: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found
02 - BHO: - {9B9B075F-22FF-48e7-A688-1719BE8873CC} - File not found
02 - BHO: - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found
02 - BHO: - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found
02 - BHO: Messenger Class - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - [Yahoo! Inc.] : D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
02 - BHO: - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

Toolbars
03 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - [Trend Micro Inc.] : D:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Yahoo! Pager : [Yahoo! Inc.] : D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Uniblue RegistryBooster 2 : [Uniblue Software] : D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SUPERAntiSpyware : [SUPERAntiSpyware.com] : D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Uniblue SpeedUpMyPC : [Uniblue Software] : D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Uniblue SpyEraser : [Uniblue Software] : D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HPDJ Taskbar Utility : [HP] : D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Adobe Reader Speed Launcher : [Adobe Systems Incorporated] : D:\Program Files\ADOBE\READER 8.0\READER\READER_SL.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, DataLayer : [Nokia Mobile Phones Ltd.] : D:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, PCSuiteTrayApplication : : D:\Program Files\Nokia\Nokia PC Suite 6\TrayApplication.exe
04 - Startup: : D:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini
04 - Startup: : D:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
04 - Startup: : D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
04 - Startup: %START_PROGRAMSALL%\Startup\HP Digital Imaging Monitor.lnk [Hewlett-Packard Co.] : D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
04 - Startup: : D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
04 - Startup: %START_PROGRAMSALL%\Startup\HP Image Zone Fast Start.lnk [Hewlett-Packard Co.] : D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
04 - Startup: : D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
04 - Startup: %START_PROGRAMSALL%\Startup\Kodak EasyShare software.lnk [Eastman Kodak Company] : D:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
04 - Startup: : D:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
04 - Startup: %START_PROGRAMSALL%\Startup\KODAK Software Updater.lnk : D:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

Shell Extensions
- {42071714-76d4-11d1-8b24-00a0c9068ff3} - File not found
- {764BF0E1-F219-11ce-972D-00AA00A14F56} - File not found
- {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - File not found
Taskbar and Start Menu - {0DF44EAA-FF21-4412-828E-260A8728E7F1} - File not found
User Accounts - {7A9D77BD-5403-11d2-8785-2E0420524153} - File not found
- {e57ce731-33e8-4c51-8354-bb4de9d215d1} - File not found
Microsoft Office Outlook - {00020D75-0000-0000-C000-000000000046} - [Microsoft Corporation] : D:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL
Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : D:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL
- {42042206-2D85-11D3-8CFF-005004838597} - [Microsoft Corporation] : D:\Program Files\Microsoft Office\OFFICE11\msohev.dll
My Sharing Folders - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} - [Microsoft Corporation] : D:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
KodakShellExtension - {acb4a560-3606-11d3-aef4-00104bd0f92d} - [Eastman Kodak Company] : D:\Program Files\Common Files\Kodak\IFScore\shellext.dll
Nokia Phone Browser - {40950107-FEA6-4d53-A65F-B2DCBA57DD58} - [Nokia] : D:\Program Files\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\NokiaPhoneBrowser.dll
Contact View - {FBFE7864-D495-41f0-B7DC-4BB601CC295E} - [Nokia] : D:\Program Files\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\ContactView.dll
iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - [Apple Inc.] : D:\Program Files\iTunes\iTunesMiniPlayer.dll

Protocol Filters
- {807553E5-5146-11D5-A672-00B0D022E945} - [Microsoft Corporation] : D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

Protocol Handler
VoilaXctl Class - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - [Belarc, Inc.] : D:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
CZipHandler Object - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - [Hewlett-Packard Company] : D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : D:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : D:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
Data Page Plugable Protocal mso-offdap11 Handler - {32505114-5902-49B2-880A-1F7738E5A384} - [Microsoft Corporation] : D:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
LocalImage Class - {BC3A5F6F-12A0-4B14-A184-32939F413823} - [Trend Micro Inc.] : D:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

Services
23 - [Lavasoft AB] : D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
23 - [Andrea Electronics Corporation] : D:\WINDOWS\system32\drivers\aeaudio.sys
23 - [Apple, Inc.] : D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23 - [GEAR Software Inc.] : D:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
23 - [HP] : D:\WINDOWS\system32\DRIVERS\HPZid412.sys
23 - [HP] : D:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23 - [HP] : D:\WINDOWS\system32\DRIVERS\HPZius12.sys
23 - [Conexant Systems, Inc.] : D:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
23 - [Conexant Systems, Inc.] : D:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23 - [Apple Inc.] : D:\Program Files\iPod\bin\iPodService.exe
23 - [Animation Technologies Inc.] : D:\WINDOWS\system32\DRIVERS\LVHybrid.sys
23 - [HP] : D:\WINDOWS\system32\HPZipm12.exe
23 - : D:\Program Files\SUPERANTISPYWARE\SASDIFSV.SYS
23 - [SuperAdBlocker, Inc.] : D:\Program Files\SUPERANTISPYWARE\SASENUM.SYS
23 - : D:\Program Files\SUPERANTISPYWARE\SASKUTIL.SYS
23 - [SiS Corporation] : D:\WINDOWS\system32\DRIVERS\sisnic.sys
23 - [Analog Devices, Inc.] : D:\WINDOWS\system32\drivers\smwdm.sys
23 - [Analog Devices, Inc.] : D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
23 - [Trend Micro Inc.] : D:\WINDOWS\system32\DRIVERS\TMCOMM.SYS
23 - [Trend Micro Inc.] : D:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys
23 - [Conexant Systems, Inc.] : D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23 - [Microsoft Corporation] : D:\Program Files\Windows Defender\MsMpEng.exe

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon, DLLName : [SUPERAntiSpyware.com] : D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

Threat Files
<Unreadable Binary Files> : c:\06c45445ded4f5b920ac94631d7693\nlsdl.dll
<Unreadable Binary Files> : c:\06c45445ded4f5b920ac94631d7693\spmsg.dll
<Unreadable Binary Files> : c:\06c45445ded4f5b920ac94631d7693\spuninst.exe
<Unreadable Binary Files> : c:\06c45445ded4f5b920ac94631d7693\spupdsvc.exe
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\admparse.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\advpack.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\browseui.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\corpol.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\custsat.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\dxtmsft.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\dxtrans.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\extmgr.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\hmmapi.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\icardie.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\ie4uinit.exe
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\ieakeng.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\ieaksie.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\ieakui.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\ieapfltr.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\iedkcs32.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\iedw.exe
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\ieencode.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\ieframe.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\iepeers.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\ieproxy.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\iernonce.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\iertutil.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\iesetup.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\ieudinit.exe
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\ieui.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\iexplore.exe
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\imgutil.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\inetcpl.cpl
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\inseng.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\jscript.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\jsproxy.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\licmgr10.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\msfeeds.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\msfeedsbs.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\msfeedssync.exe
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\mshta.exe
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\mshtml.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\mshtmled.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\mshtmler.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\msls31.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\msrating.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\mstime.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\occache.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\pngfilt.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\shdocvw.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\shlwapi.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\spmsg.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\spuninst.exe
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\spupdsvc.exe
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\tdc.ocx
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\url.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\urlmon.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\vbscript.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\vgx.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\webcheck.dll
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\winfxdocobj.exe
<Unreadable Binary Files> : c:\201c87b13a7e82bb52\wininet.dll
<Unreadable Binary Files> : c:\2ca2189ee352a3e4652f6d1ae2\nlsdl.dll
<Unreadable Binary Files> : c:\2ca2189ee352a3e4652f6d1ae2\spmsg.dll
<Unreadable Binary Files> : c:\2ca2189ee352a3e4652f6d1ae2\spuninst.exe
<Unreadable Binary Files> : c:\2ca2189ee352a3e4652f6d1ae2\spupdsvc.exe
<Unreadable Binary Files> : c:\322e368a00112a06c65839\nlsdl.dll
<Unreadable Binary Files> : c:\322e368a00112a06c65839\spmsg.dll
<Unreadable Binary Files> : c:\322e368a00112a06c65839\spuninst.exe
<Unreadable Binary Files> : c:\322e368a00112a06c65839\spupdsvc.exe
<Unreadable Binary Files> : c:\37669e03e1710baeabcd92216bf53497\nlsdl.dll
<Unreadable Binary Files> : c:\37669e03e1710baeabcd92216bf53497\spmsg.dll
<Unreadable Binary Files> : c:\37669e03e1710baeabcd92216bf53497\spuninst.exe
<Unreadable Binary Files> : c:\37669e03e1710baeabcd92216bf53497\spupdsvc.exe
<Unreadable Binary Files> : c:\6821b8d02809e18bb4\nlsdl.dll
<Unreadable Binary Files> : c:\6821b8d02809e18bb4\spmsg.dll
<Unreadable Binary Files> : c:\6821b8d02809e18bb4\spuninst.exe
<Unreadable Binary Files> : c:\6821b8d02809e18bb4\spupdsvc.exe
<Unreadable Binary Files> : c:\920f5bdeb161636cab202e\nlsdl.dll
<Unreadable Binary Files> : c:\920f5bdeb161636cab202e\spmsg.dll
<Unreadable Binary Files> : c:\920f5bdeb161636cab202e\spuninst.exe
<Unreadable Binary Files> : c:\920f5bdeb161636cab202e\spupdsvc.exe
<Unreadable Binary Files> : c:\927251695f12b5607b634d\spmsg.dll
<Unreadable Binary Files> : c:\927251695f12b5607b634d\spuninst.exe
<Unreadable Binary Files> : c:\9beb837577b7cdee01c04ca4\nlsdl.dll
<Unreadable Binary Files> : c:\9beb837577b7cdee01c04ca4\spmsg.dll
<Unreadable Binary Files> : c:\9beb837577b7cdee01c04ca4\spuninst.exe
<Unreadable Binary Files> : c:\9beb837577b7cdee01c04ca4\spupdsvc.exe
<Unreadable Binary Files> : c:\ab02f71d3edbefd3cc33435c\nlsdl.dll
<Unreadable Binary Files> : c:\ab02f71d3edbefd3cc33435c\spmsg.dll
<Unreadable Binary Files> : c:\ab02f71d3edbefd3cc33435c\spuninst.exe
<Unreadable Binary Files> : c:\ab02f71d3edbefd3cc33435c\spupdsvc.exe
<Unreadable Binary Files> : c:\b6eada9215c7c3140e8661e6e79742\nlsdl.dll
<Unreadable Binary Files> : c:\b6eada9215c7c3140e8661e6e79742\spmsg.dll
<Unreadable Binary Files> : c:\b6eada9215c7c3140e8661e6e79742\spuninst.exe
<Unreadable Binary Files> : c:\b6eada9215c7c3140e8661e6e79742\spupdsvc.exe
<Unreadable Binary Files> : c:\bfdbb115bb29efc3efb80cee8d207bef\nlsdl.dll
<Unreadable Binary Files> : c:\bfdbb115bb29efc3efb80cee8d207bef\spmsg.dll
<Unreadable Binary Files> : c:\bfdbb115bb29efc3efb80cee8d207bef\spuninst.exe
<Unreadable Binary Files> : c:\bfdbb115bb29efc3efb80cee8d207bef\spupdsvc.exe
<Unreadable Binary Files> : c:\d83356fb6426dd6201\nlsdl.dll
<Unreadable Binary Files> : c:\d83356fb6426dd6201\spmsg.dll
<Unreadable Binary Files> : c:\d83356fb6426dd6201\spuninst.exe
<Unreadable Binary Files> : c:\d83356fb6426dd6201\spupdsvc.exe
<Unreadable Binary Files> : c:\fe27896ccef314b4c28d668d232e64\nlsdl.dll
<Unreadable Binary Files> : c:\fe27896ccef314b4c28d668d232e64\spmsg.dll
<Unreadable Binary Files> : c:\fe27896ccef314b4c28d668d232e64\spuninst.exe
<Unreadable Binary Files> : c:\fe27896ccef314b4c28d668d232e64\spupdsvc.exe
<Unreadable Binary Files> : c:\Program Files\Viewpoint\Viewpoint Media Player\Components\VETsdk.dll
<Unreadable Binary Files> : c:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\VETsdk.dll
<Unreadable Binary Files> : c:\Program Files\Yahoo! Status Manager\UnInstall_31502.exe
<Unreadable Binary Files> : c:\Program Files\Yahoo! Status Manager\YCustomMessages.exe
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\colbact.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\comuid.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\es.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\ole32.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\rpcss.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB828741$\txflog.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB835732$\callcont.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB835732$\msgina.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB835732$\mst120.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
<Unreadable Binary Files> : c:\WINDOWS\$NtUninstallKB835732$\schannel.dll
<Unreadable Binary Files> : c:\WINDOWS\system32\Macromed\Shockwave 8\$Control.dll
<Unreadable Binary Files> : c:\WINDOWS\system32\Macromed\Shockwave 8\$PluginPing.dll
<Unreadable Binary Files> : c:\WINDOWS\system32\Macromed\Shockwave 8\dirapi.dll
<Unreadable Binary Files> : c:\WINDOWS\system32\Macromed\Shockwave 8\iml32.dll
<Unreadable Binary Files> : c:\WINDOWS\system32\Macromed\Shockwave 8\Plugin.dll
<Unreadable Binary Files> : c:\WINDOWS\system32\Macromed\Shockwave 8\SwMenu.dll

Advanced Files Report
%SYSDIR%\SYNCOR11.DLL [SoundMAX] [Staccato Systems SynthCore R2.0 Synthesizer] MD5=BD9B4450D00D4AC891407B8C0E08DE9C SIZE=40820
%PROGRAMFILES%\SUPERAntiSpyware\SASWINLO.dll [SUPERAntiSpyware.com] [SUPERAntiSpyware WinLogon Processor] MD5=3B2F85D8C913CE452ADE4A0D24299FEA SIZE=294912
%PROGRAMFILES%\Windows Defender\MsMpEng.exe [Microsoft Corporation] [Windows Defender] MD5=F45DD1E1365D857DD08BC23563370D0E SIZE=13592
%SYSDIR%\hpzlnt10.dll [HP] [HP DeskJet] MD5=2030AF1F7504A82E31C892D14BE55D6F SIZE=135249
%COMMONFILES%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [Apple, Inc.] [Apple Mobile Device Service] MD5=3A4982DF893F198A2DFBCCD4CE10F93A SIZE=110592
%PROGRAMFILES%\Analog Devices\SoundMAX\SMAgent.exe [Analog Devices, Inc.] [SoundMAX service agent] MD5=3978F082274F723AD5A0A8058C2417DD SIZE=45056
%SYSDIR%\hpgwiamd.dll [Hewlett-Packard] [hpgwiamd.dll] MD5=34A74994FDA1AEADAD6F324F61CFEC58 SIZE=278528
%SYSDIR%\hpotscl.dll [Hewlett-Packard Co.] [hp digital imaging - hp



Hope it helps. I can post other bits if you need, the full file is nearly 800kb .

Thank you again.
BB
Busy Bee
Always greatful for any advice but especially greatful for step by step advice. I am a computer dummy.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users