There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot browser bsod computer crash css dell desktop driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware help please hijackthis hjt hjt log install internet internet explorer itunes javascript keyboard laptop log malware monitor network networking openoffice outlook outlook 2003 outlook express password popups problem router seo slow sound sp3 spyware startup trojan usb video virtumonde virus vista vundo windows windows xp winxp wireless youtube
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Help computer constantly getting mal/???? alerts.


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Page 2 of 3 < 1 2 3 >
 
Thread Tools
Rollin' Rog's Avatar
Computer Specs
Moderator with 42,579 posts.
  
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
30-Apr-2008, 11:33 PM #16
In both those cases the faulting "module" was Avast >> "Probably caused by : aswSP.SYS"

But the operative process belonged to Combofix >> vfind.cfexe, sed.cfexe

So it just looks like some incompatibility there.

Let me know what the exact nature of any continuing issues are, and check the eventviewer periodically for any new repeating events, particularly any that seem to occur after startup has completed.
__________________
What The Dormouse Said

Donate

"Politicians, ugly buildings and whores all get respectable if they last long enough."
spike9's Avatar
Junior Member with 22 posts.
  
Join Date: Apr 2008
01-May-2008, 08:33 PM #17
So, should I reinstall Avast and see if that resolves the event viewer problem, and is that it for now? As near as you can tell is my machine clean?

Thanks

Peter
Rollin' Rog's Avatar
Computer Specs
Moderator with 42,579 posts.
  
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
01-May-2008, 10:32 PM #18
No I don't really know if the problem is with Avast or just the fact that it was having a problem when you ran combofix.

If you are getting more BSOD's when NOT running combofix -- post those minidumps.

If there is no further need for malware cleaning, Cookiegal will tell you how to remove/cleanup any remnants of combofix.

Cookiegal, and your own experience will tell you if there is any further indications of malware.

If combofix needs to be run and cannot complete without error -- either disable Avast or remove it temporarily, or Cookiegal might have another alternative for you.
__________________
What The Dormouse Said

Donate

"Politicians, ugly buildings and whores all get respectable if they last long enough."
Cookiegal's Avatar
Administrator with 51,861 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
02-May-2008, 11:03 AM #19
OK, thanks Rog.

Please post a new HijackThis log.
spike9's Avatar
Junior Member with 22 posts.
  
Join Date: Apr 2008
02-May-2008, 07:32 PM #20
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29, on 2008-05-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CH Products\Control Manager\CMCtlCtr.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\Crusty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SystemBoosterXP] "C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\DLM.exe" /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CM Control Center.lnk = C:\Program Files\CH Products\Control Manager\CMCtlCtr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.3.1.99.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12279 bytes
Cookiegal's Avatar
Administrator with 51,861 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
04-May-2008, 11:02 AM #21
copy the part in bold below into notepad and save it as direxie.bat
Set File type to "All files"


cd\
cd C:\Documents and Settings\%UserName%\Application Data
dir /x > C:\directory.txt
cd C:\Documents and Settings\All Users\Application Data
dir /x >> C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt


Start the file by double clicking direxie.bat
That will open a file called directory.txt. Post the content of that file.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
spike9's Avatar
Junior Member with 22 posts.
  
Join Date: Apr 2008
04-May-2008, 03:16 PM #22
FYI:

I had a quick look at this list and I'm not sure what two entries are, sz8080 and steinberg


Volume in drive C is Operating
Volume Serial Number is BB31-FF20

Directory of C:\Documents and Settings\Peter Rowntree\Application Data

2008-02-13 22:01 <DIR> Adobe
2007-07-15 10:06 <DIR> AdobeUM
2007-08-20 19:50 <DIR> Ahead
2006-02-10 20:06 <DIR> APPLEC~1 Apple Computer
2007-10-16 20:36 <DIR> ATI
2006-02-18 23:44 <DIR> atitray
2007-11-18 18:00 <DIR> BITDEF~1 Bitdefender
2006-05-24 20:15 <DIR> Corel
2006-03-23 20:19 <DIR> Creative
2006-12-13 01:03 <DIR> DivX
2006-05-24 20:17 <DIR> DOWNLO~1 Download Manager
2007-09-03 00:28 <DIR> Google
2006-03-16 00:10 <DIR> Help
2006-02-09 10:31 <DIR> IDENTI~1 Identities
2007-11-15 00:12 <DIR> IGN_DLM
2007-01-18 16:27 <DIR> INSTAL~1 InstallShield
2008-05-03 13:35 <DIR> LimeWire
2007-01-05 20:02 <DIR> Logitech
2006-12-22 23:43 <DIR> MACROM~1 Macromedia
2006-02-09 15:30 <DIR> MICROS~2 Microsoft Web Folders
2006-08-15 21:43 <DIR> Mozilla
2007-12-08 00:39 22,328 PnkBstrK.sys
2006-03-15 11:08 <DIR> SCHOOL~1 School Zone Preferences
2006-04-27 23:57 <DIR> STEINB~1 Steinberg
2006-11-08 00:49 <DIR> Sun
2007-11-13 22:17 <DIR> SUNBEL~1 Sunbelt Software
2008-01-20 13:08 <DIR> SUPERA~1.COM SUPERAntiSpyware.com
2007-11-02 10:31 <DIR> Symantec
2006-09-09 19:36 <DIR> TEAMSP~1 teamspeak2
2006-02-09 11:02 <DIR> Webroot
1 File(s) 22,328 bytes
29 Dir(s) 38,976,139,264 bytes free
Volume in drive C is Operating
Volume Serial Number is BB31-FF20

Directory of C:\Documents and Settings\All Users\Application Data

2007-01-10 23:20 <DIR> Adobe
2006-03-11 20:13 <DIR> Ahead
2007-09-17 18:05 <DIR> Apple
2007-08-02 14:04 <DIR> APPLEC~1 Apple Computer
2007-11-18 17:25 <DIR> BITDEF~1 BitDefender
2008-03-16 16:20 <DIR> DVDSHR~1 DVD Shrink
2008-02-24 19:36 <DIR> Google
2007-11-13 23:52 <DIR> Grisoft
2006-05-24 20:15 <DIR> INSTAL~1 InstallShield
2007-04-05 10:56 <DIR> Intuit
2007-12-18 22:02 <DIR> LogiShrd
2008-03-03 22:14 <DIR> Logitech
2007-03-07 22:21 <DIR> MATROX~1 Matrox Graphics Inc
2006-05-03 20:53 <DIR> Napster
2007-01-19 22:55 <DIR> nHancer
2006-11-29 21:52 <DIR> NVIDIA
2007-02-09 22:19 <DIR> NVIEW_~1 nView_Profiles
2008-02-24 17:20 2,388 QTSBAN~1 QTSBandwidthCache
2007-09-30 13:33 <DIR> SlySoft
2007-11-13 23:55 <DIR> SUPERA~1.COM SUPERAntiSpyware.com
2007-11-18 15:39 15,436 Svclog.log
2007-11-02 10:30 <DIR> Symantec
2006-06-13 20:49 <DIR> Trymedia
2006-07-14 23:51 <DIR> Webroot
2006-11-26 23:33 <DIR> WHITEC~1 WhiteCap (Holiday Edition)
2006-02-09 13:02 <DIR> WINDOW~1 Windows Genuine Advantage
2007-01-06 23:20 <DIR> WinZip
2008-04-22 21:13 <DIR> WLINST~1 WLInstaller
2 File(s) 17,824 bytes
26 Dir(s) 38,976,139,264 bytes free
Volume in drive C is Operating
Volume Serial Number is BB31-FF20

Directory of C:\Program Files

2008-05-02 19:28 <DIR> .
2008-05-02 19:28 <DIR> ..
2008-02-24 19:47 <DIR> Abacus
2006-02-16 21:41 <DIR> Adobe
2006-02-18 18:07 <DIR> Ahead
2007-04-01 13:43 <DIR> AIFLIG~1 AI Flight Creator
2007-03-25 12:07 <DIR> AIFLIG~2 AI FlightPlan Utilities
2007-11-19 21:24 <DIR> ALWILS~1 Alwil Software
2007-09-17 18:05 <DIR> APPLES~1 Apple Software Update
2006-02-09 15:11 <DIR> ASUS
2006-02-09 14:36 <DIR> AvRack
2006-07-15 11:28 <DIR> BLACKW~1 Blackwave
2008-04-17 19:34 <DIR> CCleaner
2006-02-09 20:20 <DIR> CHPROD~1 CH Products
2008-04-22 21:13 <DIR> COMMON~1 Common Files
2006-05-24 20:13 <DIR> Corel
2007-11-12 15:52 <DIR> Creative
2006-10-22 22:07 <DIR> DAEMON~1 DAEMON Tools
2007-08-20 19:35 <DIR> DIFX
2006-12-22 23:50 <DIR> DiskTrix
2007-08-14 06:58 <DIR> DivX
2007-02-14 00:18 <DIR> DRIVER~1 Driver Cleaner Pro
2007-01-23 21:51 <DIR> DVDDEC~1 DVD Decrypter
2006-02-19 23:32 <DIR> DVDSHR~1 DVD Shrink
2008-04-12 19:10 <DIR> ENIGMA~1 Enigma Software Group
2008-02-26 13:58 <DIR> FS2004~1 FS2004SDK
2006-03-20 21:43 <DIR> FSFDT
2007-02-17 08:47 <DIR> FUTURE~1 Futuremark
2006-09-02 22:06 <DIR> GE2006
2008-02-26 14:38 <DIR> GoFlight
2008-02-25 20:39 <DIR> Google
2006-02-09 13:16 <DIR> HIGHMA~1 HighMAT CD Writing Wizard
2006-09-02 00:09 <DIR> IGN
2006-02-09 10:34 <DIR> Intel
2007-11-12 22:43 <DIR> INTERA~1 InterActual
2008-04-12 12:47 <DIR> INTERN~1 Internet Explorer
2008-02-27 21:50 <DIR> iPod
2008-02-27 21:50 <DIR> iTunes
2008-04-06 19:22 <DIR> Java
2007-03-20 18:19 <DIR> KENSAL~1 Ken Salter
2008-03-18 22:01 <DIR> LimeWire
2007-10-27 13:00 <DIR> Linksys
2008-03-03 22:14 <DIR> Logitech
2006-02-09 11:30 <DIR> Marvell
2006-02-09 14:21 <DIR> MESSEN~1 Messenger
2007-11-15 19:26 <DIR> MICROS~1.2 Microsoft CAPICOM 2.1.0.2
2006-02-09 15:30 <DIR> MICROS~1 microsoft frontpage
2006-09-02 10:50 <DIR> MICROS~4 Microsoft Games
2006-02-09 15:33 <DIR> MICROS~2 Microsoft Office
2008-04-12 12:55 <DIR> MI2020~1 Microsoft Silverlight
2008-04-22 21:17 <DIR> MI29AE~1 Microsoft SQL Server Compact Edition
2006-02-09 15:33 <DIR> MICROS~3 Microsoft Visual Studio
2006-02-09 13:50 <DIR> MOVIEM~1 Movie Maker
2007-12-03 12:20 <DIR> MSBuild
2006-02-09 10:22 <DIR> MSN
2006-02-09 10:22 <DIR> MSNGAM~1 MSN Gaming Zone
2006-08-10 19:01 <DIR> MSXML4~1.0 MSXML 4.0
2007-12-03 12:13 <DIR> MSXML6~1.0 MSXML 6.0
2008-02-02 15:13 <DIR> MultiRes
2006-05-03 20:53 <DIR> Napster
2006-02-09 20:25 <DIR> NATURA~1 NaturalPoint
2006-02-09 13:48 <DIR> NETMEE~1 NetMeeting
2006-06-13 20:49 <DIR> OCEAND~1 OceanDive
2006-02-09 16:28 <DIR> OFFICE~1 OfficeUpdate11
2006-02-09 10:22 <DIR> ONLINE~1 Online Services
2006-02-15 23:46 <DIR> OOSOFT~1 OO Software
2007-06-12 21:55 <DIR> OUTLOO~1 Outlook Express
2006-06-11 11:41 <DIR> PROLIF~1 Prolific Publishing, Inc
2006-06-11 21:25 <DIR> Quicken
2008-02-27 21:46 <DIR> QUICKT~1 QuickTime
2008-02-02 15:11 <DIR> RADEON~1 Radeon Omega Drivers
2006-02-20 00:07 <DIR> RANAIN~1 RanaInside
2007-10-25 21:56 <DIR> RAYADA~1 Ray Adams
2007-01-27 18:40 <DIR> Real
2006-02-09 10:40 <DIR> REALTE~1 Realtek Sound Manager
2007-12-03 12:14 <DIR> REFERE~1 Reference Assemblies
2006-02-22 15:41 <DIR> RWY12O~1 Rwy12 Object Placer
2006-02-09 16:48 <DIR> SEC
2007-03-25 11:10 <DIR> SIMPLE~1 Simple AI
2006-02-09 16:29 <DIR> SNAPSH~1 Snapshot Viewer
2007-11-18 17:25 <DIR> Softwin
2006-06-15 23:19 <DIR> STEINB~1 Steinberg
2008-03-12 19:52 <DIR> SUPERA~1 SUPERAntiSpyware
2007-08-19 16:35 <DIR> Suunto
2007-11-02 10:31 <DIR> Symantec
2006-06-15 23:19 <DIR> sz8080
2006-09-09 21:50 <DIR> TEAMSP~1 Teamspeak2_RC2
2006-08-29 21:03 <DIR> TRANSC~1 Transcendental Technologies
2008-04-13 13:03 <DIR> TRENDM~1 Trend Micro
2006-02-09 11:02 <DIR> Webroot
2006-02-09 10:45 <DIR> Winbond
2008-04-23 20:53 <DIR> WI1F86~1 Windows Live
2008-04-22 21:19 <DIR> WI48FA~1 Windows Live Favorites
2008-04-22 21:20 <DIR> WI81E8~1 Windows Live Toolbar
2006-12-15 00:16 <DIR> WINDOW~4 Windows Media Connect 2
2006-12-15 00:18 <DIR> WINDOW~3 Windows Media Player
2006-02-09 13:48 <DIR> WINDOW~1 Windows NT
2006-02-14 01:12 <DIR> WINGSO~1 Wings of Power Heavy Bombers and Jets
2006-02-19 23:37 <DIR> WinRAR
2006-11-26 23:29 <DIR> WINTER~1 Winter Fun Pack 2004 for Windows XP
2007-01-06 23:21 <DIR> WinZip
2007-01-17 00:43 <DIR> WPIclose
2006-02-09 10:25 <DIR> xerox
2006-03-15 00:26 <DIR> XviD
2008-02-26 13:58 <DIR> YOURCO~1 Your Company Name
0 File(s) 0 bytes
105 Dir(s) 38,976,126,976 bytes free
Cookiegal's Avatar
Administrator with 51,861 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
04-May-2008, 07:46 PM #23
The both look to be legit.

Steinberg:
http://en.wikipedia.org/wiki/Steinberg_Cubase


sz8080 belongs to:
School Zone Preferences


Please run Kaspersky online virus scan Kaspersky Online Scanner.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
spike9's Avatar
Junior Member with 22 posts.
  
Join Date: Apr 2008
05-May-2008, 06:31 AM #24
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 05, 2008 6:28:16 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 740088
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 337738
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:53:05

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter Rowntree\Application Data\Microsoft\Outlook\outcmd.dat Object is locked skipped
C:\Documents and Settings\Peter Rowntree\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-3-2008( 16-33-44 ).LOG Object is locked skipped
C:\Documents and Settings\Peter Rowntree\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Peter Rowntree\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped
C:\Documents and Settings\Peter Rowntree\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Peter Rowntree\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Peter Rowntree\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter Rowntree\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Peter Rowntree\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Peter Rowntree\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Peter Rowntree\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\L0000004.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Peter Rowntree\Data\storydb.idx Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{DC981EFC-8D38-492F-BBAB-44E5BDE1562E}\RP8\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{86035531-81B0-44A5-8708-891D6D6CC0D7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bdss.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd8333.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6e4.dat Object is locked skipped
C:\WINDOWS\Temp\tmp000043fa\tmp00000000 Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000004-20021102}.CDF Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{DC981EFC-8D38-492F-BBAB-44E5BDE1562E}\RP8\change.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{DC981EFC-8D38-492F-BBAB-44E5BDE1562E}\RP8\change.log Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\_restore{DC981EFC-8D38-492F-BBAB-44E5BDE1562E}\RP8\change.log Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{DC981EFC-8D38-492F-BBAB-44E5BDE1562E}\RP8\change.log Object is locked skipped

Scan process completed.
Cookiegal's Avatar
Administrator with 51,861 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
05-May-2008, 01:10 PM #25
Please post a new HijackThis log and let me know how things are with the system now.
spike9's Avatar
Junior Member with 22 posts.
  
Join Date: Apr 2008
05-May-2008, 09:42 PM #26
Hello Cookiegal,

My computer seems to be running pretty good, a little slow on startup, but I've got superantispyware and avast running boot up scans. Once the scans are done the computer seems to be running normally with no more warnings. Mind you we still have spysweeper pretty much tuned off if we are done I will re-enable everything you had me turn off. One other thing, the task bar icon and gui interface aren't starting for avast unlees I do it manually, but a reinstall of avast will probably fix that and may cure those event viewer warnings at the same time.

So any recommendations on more programs I should be running or do I have? As you know I'm running licenced versions of Spyware with anti-virus and super antispyware, as well as free versions of avast and bit defennder. I thouhgt I was pretty well protected, but I guess there is no be all end all protection. I there any better way for me to run them and what should I have running all the time and what can be started just for a regular sweep.

Thanks for all your help.

Peter

Highjackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26, on 2008-05-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CH Products\Control Manager\CMCtlCtr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\Crusty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SystemBoosterXP] "C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\DLM.exe" /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CM Control Center.lnk = C:\Program Files\CH Products\Control Manager\CMCtlCtr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.3.1.99.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12325 bytes
Cookiegal's Avatar
Administrator with 51,861 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
06-May-2008, 01:12 PM #27
Are you sure the icon is not just hidden?
spike9's Avatar
Junior Member with 22 posts.
  
Join Date: Apr 2008
06-May-2008, 03:04 PM #28
No, I've checked the settings and it's turned and I don't hide un-used Icons so there is a problem. If I go into the alwil directory in program files and run the gui exe file (forget the actual file name, I'm work now and not home), then the Icon shows up and everything seems fine.

Peter
Cookiegal's Avatar
Administrator with 51,861 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
06-May-2008, 07:48 PM #29
Does the icon stay now?
spike9's Avatar
Junior Member with 22 posts.
  
Join Date: Apr 2008
06-May-2008, 08:48 PM #30
The icon comes on if I turn it on manually. If I shutdown and restart I need to restart the icon and it will only start if I double click on "C:\Program Files\Alwil Software\Avast4\ashdisp.exe"
Should I go ahead and reistall Avast4?
Reply
Page 2 of 3 < 1 2 3 >

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off

Related Sites: Support.com | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 02:25 AM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0