1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help computer constantly getting mal/???? alerts.

Discussion in 'Virus & Other Malware Removal' started by spike9, Apr 13, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. spike9

    spike9 Thread Starter

    Joined:
    Apr 13, 2008
    Messages:
    22
    I think I'm infected with something. My computer seems to be running slower then usual and spysweeper keeps blocking stuff as soon as computer is turned on. When I check the quarentine there is usually some kind of mal/???? in there that I promptly delete. I've got Spysweeper, Avast and SuperAntispysweeper running they usually come up with somethingwhen I run a sweep, but I don't seem to be able to get rid of whatever is infecting my computer. I've tried the latest version of vundufix and it doesn't pick up anything.

    Thanks in advance.

    Peter

    Highjackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:24:07 PM, on 13/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\CH Products\Control Manager\CMCtlCtr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Documents and Settings\Peter Rowntree\Desktop\Anti-virus\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [SystemBoosterXP] "C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [bend logo clock film] "C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Move Soft.exe"
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\DLM.exe" /windowsstart /startifwork
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.exe"
    O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKCU\..\Run: [DaleWindow] C:\DOCUME~1\PETERR~1\APPLIC~1\EQINTE~1\Storedead.exe
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: CM Control Center.lnk = C:\Program Files\CH Products\Control Manager\CMCtlCtr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://remote.tsb.gc.ca/CACHE/webvpn/stc/1/binaries/stcweb.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
    O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 11416 bytes
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,299
    Hi and welcome to TSG,

    Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.

    Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

    Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
     
  3. spike9

    spike9 Thread Starter

    Joined:
    Apr 13, 2008
    Messages:
    22
    Thanks,

    Here are the logs and one question, should I disconnect from the interent and turn off my anti virus and spyware detectors? That is what I did before running combofix.

    Peter

    Part 1: Combofix log

    ComboFix 08-04-24.1 - Peter Rowntree 2008-04-26 13:05:46.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1307 [GMT -4:00]
    Running from: D:\My Documents\Downloads\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\Peter Rowntree\Favorites\Online Security Guide.lnk
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Fonts\'
    C:\WINDOWS\system32\_003696_.tmp.dll
    C:\WINDOWS\system32\_003848_.tmp.dll
    C:\WINDOWS\system32\_003849_.tmp.dll
    C:\WINDOWS\system32\_003850_.tmp.dll
    C:\WINDOWS\system32\_003851_.tmp.dll
    C:\WINDOWS\system32\_003858_.tmp.dll
    C:\WINDOWS\system32\_003859_.tmp.dll
    C:\WINDOWS\system32\_003860_.tmp.dll
    C:\WINDOWS\system32\_003861_.tmp.dll
    C:\WINDOWS\system32\_003863_.tmp.dll
    C:\WINDOWS\system32\_003864_.tmp.dll
    C:\WINDOWS\system32\_003867_.tmp.dll
    C:\WINDOWS\system32\_003868_.tmp.dll
    C:\WINDOWS\system32\_003871_.tmp.dll
    C:\WINDOWS\system32\_003872_.tmp.dll
    C:\WINDOWS\system32\_003874_.tmp.dll
    C:\WINDOWS\system32\_003875_.tmp.dll
    C:\WINDOWS\system32\_003877_.tmp.dll
    C:\WINDOWS\system32\_003882_.tmp.dll
    C:\WINDOWS\system32\_003884_.tmp.dll
    C:\WINDOWS\system32\_003887_.tmp.dll
    C:\WINDOWS\system32\_003889_.tmp.dll
    C:\WINDOWS\system32\_003890_.tmp.dll
    C:\WINDOWS\system32\_003891_.tmp.dll
    C:\WINDOWS\system32\_003892_.tmp.dll
    C:\WINDOWS\system32\_003893_.tmp.dll
    C:\WINDOWS\system32\_003896_.tmp.dll
    C:\WINDOWS\system32\_003898_.tmp.dll
    C:\WINDOWS\system32\_003899_.tmp.dll
    C:\WINDOWS\system32\_003900_.tmp.dll
    C:\WINDOWS\system32\_003904_.tmp.dll
    C:\WINDOWS\system32\pskill.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4
    -------\Service_6to4


    ((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
    .

    2008-04-22 21:19 . 2008-04-22 21:20 <DIR> d-------- C:\Program Files\Windows Live Toolbar
    2008-04-22 21:19 . 2008-04-22 21:19 <DIR> d-------- C:\Program Files\Windows Live Favorites
    2008-04-22 21:17 . 2008-04-22 21:17 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-04-22 21:17 . 2008-04-23 18:48 <DIR> d-------- C:\Documents and Settings\Peter Rowntree\Contacts
    2008-04-22 21:13 . 2008-04-22 21:15 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-04-22 21:03 . 2008-04-23 20:53 <DIR> d-------- C:\Program Files\Windows Live
    2008-04-22 21:03 . 2008-04-22 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-18 10:58 . 2008-04-26 13:10 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000004-20021102}.BAK
    2008-04-17 19:34 . 2008-04-17 19:34 <DIR> d-------- C:\Program Files\CCleaner
    2008-04-13 13:03 . 2008-04-13 13:03 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-12 19:10 . 2008-04-12 19:10 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-04-12 12:54 . 2008-04-12 12:55 <DIR> d-------- C:\Program Files\Microsoft Silverlight

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-18 00:00 --------- d-----w C:\Documents and Settings\Peter Rowntree\Application Data\Eq Inter Rect
    2008-04-17 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Frag great bend logo
    2008-04-06 23:22 --------- d-----w C:\Program Files\Java
    2008-03-23 03:25 --------- d-----w C:\Documents and Settings\Peter Rowntree\Application Data\LimeWire
    2008-03-21 01:08 --------- d-----w C:\Program Files\Eq Inter Rect
    2008-03-19 02:01 --------- d-----w C:\Program Files\LimeWire
    2008-03-16 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-03-12 23:52 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-03-04 02:14 --------- d-----w C:\Program Files\Logitech
    2008-03-04 02:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2008-02-28 01:50 --------- d-----w C:\Program Files\iTunes
    2008-02-28 01:50 --------- d-----w C:\Program Files\iPod
    2008-02-28 01:46 --------- d-----w C:\Program Files\QuickTime
    2008-02-26 18:38 --------- d-----w C:\Program Files\GoFlight
    2008-02-26 17:58 --------- d-----w C:\Program Files\Your Company Name
    2008-02-26 17:58 --------- d-----w C:\Program Files\FS2004SDK
    2008-02-26 00:39 --------- d-----w C:\Program Files\Google
    2007-12-08 04:39 22,328 ----a-w C:\Documents and Settings\Peter Rowntree\Application Data\PnkBstrK.sys
    2007-10-17 00:03 267,592 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll
    2007-01-01 15:03 90 --sh--w C:\WINDOWS\cnerolf.bin
    2006-02-11 03:18 90 --sh--w C:\WINDOWS\cnerolf.dat
    2006-05-25 00:16 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 20:38 1957888]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
    "igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57 1103480]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-13 22:13 67128]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
    "AtiTrayTools"="C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.exe" [2007-10-21 16:06 566784]
    "RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [2004-08-17 16:07 143360]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 21:57 1481968]
    "DaleWindow"="C:\DOCUME~1\PETERR~1\APPLIC~1\EQINTE~1\Storedead.exe" [2008-03-20 21:07 402944]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
    "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06 45056]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
    "CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
    "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "SystemBoosterXP"="C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe" [2006-11-30 18:16 637440]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
    "AtiPTA"="atiptaxx.exe" [2006-02-21 21:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 16:49 69632]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
    "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 21:56 5367664]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 03:56 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
    CM Control Center.lnk - C:\Program Files\CH Products\Control Manager\CMCtlCtr.exe [2006-02-09 20:20:32 539136]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-13 22:13:49 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-18 21:51:25 784912]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
    PCANotify.dll 2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli scecli

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "E:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "K:\\Program Files\\Lead Pursuit\\Battlefield Operations\\FalconAF.exe"=
    "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
    "C:\\Program Files\\FSFDT\\FSCopilot\\FSInnUI.exe"=
    "C:\\Program Files\\FSFDT\\FSInn\\FSInnFW.exe"=
    "K:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient.exe"=
    "C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
    "K:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\DiskTrix\\SystemBooster2\\SystemBooster.exe"=
    "K:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
    "K:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
    "C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
    "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "K:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\KAV\\kis\\setup.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
    R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys [2007-10-16 04:42]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
    R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 01:53]
    R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2006-08-11 15:56]
    R2 WUSB300NSvc;WUSB300NSvc;"C:\Program Files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe" []
    R3 chdrvr01;CH Control Manager Driver 1;C:\WINDOWS\system32\DRIVERS\chdrvr01.sys [2005-07-30 05:19]
    R3 chdrvr02;CH Control Manager Driver 2;C:\WINDOWS\system32\DRIVERS\chdrvr02.sys [2005-05-17 02:07]
    R3 chdrvr03;CH Control Manager Driver 3;C:\WINDOWS\system32\DRIVERS\chdrvr03.sys [2005-05-17 02:06]
    R3 gfvknt;GoFlight Virtual HID Keyboard;C:\WINDOWS\system32\DRIVERS\gfvknt.sys [2003-07-27 22:49]
    R3 NPUSB;NPUSB;C:\WINDOWS\system32\DRIVERS\npusb.sys [2006-12-06 18:20]
    S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2002-09-01 08:19]
    S3 CSVirtA;Cisco Systems SSL VPN Adapter;C:\WINDOWS\system32\DRIVERS\CSVirtA.sys [2007-11-02 10:40]
    S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-09-01 08:19]
    S3 PciCon;PciCon;F:\PciCon.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\setup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-26 17:00:00 C:\WINDOWS\Tasks\AA0AA8CE91B12466.job"
    - c:\docume~1\peterr~1\applic~1\eqinte~1\Lite Balm More.exe
    "2008-04-09 11:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-26 16:49:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2007-01-17 12:13:00 C:\WINDOWS\Tasks\Defrag Job #00.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2007-01-17 14:30:00 C:\WINDOWS\Tasks\Defrag Job #01.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2007-01-17 15:00:00 C:\WINDOWS\Tasks\Defrag Job #02.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2007-01-17 16:30:00 C:\WINDOWS\Tasks\Defrag Job #03.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2007-01-17 18:00:00 C:\WINDOWS\Tasks\Defrag Job #04.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2008-03-23 04:11:00 C:\WINDOWS\Tasks\Defrag Job #1.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2008-03-23 06:00:00 C:\WINDOWS\Tasks\Defrag Job #2.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2008-03-23 07:00:00 C:\WINDOWS\Tasks\Defrag Job #3.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2008-03-23 09:00:00 C:\WINDOWS\Tasks\Defrag Job #4.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2008-03-23 10:00:00 C:\WINDOWS\Tasks\Defrag Job #5.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2008-04-22 02:00:03 C:\WINDOWS\Tasks\wrSpySweeper_0EB3D6B9D3B84E7EA69BA154770B25C1.job"
    - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe=/ScheduleSweep=wrSpySweeper_0EB3D6B9D3B84E7EA69BA154770B25C1
    - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
    - A:\
    .
    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\raphook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.exe
    C:\Program Files\Webroot\Spy Sweeper\ssu.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-26 13:19:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-26 17:18:40

    Pre-Run: 39,325,597,696 bytes free
    Post-Run: 39,520,198,656 bytes free

    278 --- E O F --- 2008-04-24 00:55:05
     
  4. spike9

    spike9 Thread Starter

    Joined:
    Apr 13, 2008
    Messages:
    22
    PS I forgot to install the recovery console before I ran Combofix, I have now installed it.

    Part 2: Hijackthis log



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:42:37 PM, on 26/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CH Products\Control Manager\CMCtlCtr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\Crusty.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [SystemBoosterXP] "C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\DLM.exe" /windowsstart /startifwork
    O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.exe"
    O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKCU\..\Run: [DaleWindow] C:\DOCUME~1\PETERR~1\APPLIC~1\EQINTE~1\Storedead.exe
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: CM Control Center.lnk = C:\Program Files\CH Products\Control Manager\CMCtlCtr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://remote.tsb.gc.ca/CACHE/webvpn/stc/1/binaries/stcweb.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
    O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 12872 bytes
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,299
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    C:\Program Files\Uninstall Ask Toolbar.dll
    C:\WINDOWS\Tasks\AA0AA8CE91B12466.job
    
    Folder::
    C:\Documents and Settings\Peter Rowntree\Application Data\Eq Inter Rect
    C:\Documents and Settings\All Users\Application Data\Frag great bend logo
    C:\Program Files\Eq Inter Rect
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DaleWindow"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "C:\\WINDOWS\\system32\\rundll32.exe"=-
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=-
     
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  6. spike9

    spike9 Thread Starter

    Joined:
    Apr 13, 2008
    Messages:
    22
    Combofix log:

    ComboFix 08-04-24.1 - Peter Rowntree 2008-04-27 11:35:44.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1302 [GMT -4:00]
    Running from: C:\Documents and Settings\Peter Rowntree\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Peter Rowntree\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    C:\Program Files\Uninstall Ask Toolbar.dll
    C:\WINDOWS\Tasks\AA0AA8CE91B12466.job
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Frag great bend logo
    C:\Documents and Settings\Peter Rowntree\Application Data\Eq Inter Rect
    C:\Documents and Settings\Peter Rowntree\Application Data\Eq Inter Rect\0
    C:\Documents and Settings\Peter Rowntree\Application Data\Eq Inter Rect\Storedead.exe
    C:\Documents and Settings\Peter Rowntree\Application Data\Eq Inter Rect\zvmxsotr.exe
    C:\Program Files\Eq Inter Rect
    C:\Program Files\Uninstall Ask Toolbar.dll
    C:\WINDOWS\Tasks\AA0AA8CE91B12466.job

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
    .

    2008-04-22 21:19 . 2008-04-22 21:20 <DIR> d-------- C:\Program Files\Windows Live Toolbar
    2008-04-22 21:19 . 2008-04-22 21:19 <DIR> d-------- C:\Program Files\Windows Live Favorites
    2008-04-22 21:17 . 2008-04-22 21:17 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-04-22 21:17 . 2008-04-23 18:48 <DIR> d-------- C:\Documents and Settings\Peter Rowntree\Contacts
    2008-04-22 21:13 . 2008-04-22 21:15 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-04-22 21:03 . 2008-04-23 20:53 <DIR> d-------- C:\Program Files\Windows Live
    2008-04-22 21:03 . 2008-04-22 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-18 10:58 . 2008-04-27 11:39 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000004-20021102}.BAK
    2008-04-17 19:34 . 2008-04-17 19:34 <DIR> d-------- C:\Program Files\CCleaner
    2008-04-13 13:03 . 2008-04-13 13:03 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-12 19:10 . 2008-04-12 19:10 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-04-12 12:54 . 2008-04-12 12:55 <DIR> d-------- C:\Program Files\Microsoft Silverlight

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-06 23:22 --------- d-----w C:\Program Files\Java
    2008-03-23 03:25 --------- d-----w C:\Documents and Settings\Peter Rowntree\Application Data\LimeWire
    2008-03-19 02:01 --------- d-----w C:\Program Files\LimeWire
    2008-03-16 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-03-12 23:52 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-03-04 02:14 --------- d-----w C:\Program Files\Logitech
    2008-03-04 02:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
    2008-02-28 01:50 --------- d-----w C:\Program Files\iTunes
    2008-02-28 01:50 --------- d-----w C:\Program Files\iPod
    2008-02-28 01:46 --------- d-----w C:\Program Files\QuickTime
    2007-12-08 04:39 22,328 ----a-w C:\Documents and Settings\Peter Rowntree\Application Data\PnkBstrK.sys
    2007-01-01 15:03 90 --sh--w C:\WINDOWS\cnerolf.bin
    2006-02-11 03:18 90 --sh--w C:\WINDOWS\cnerolf.dat
    2006-05-25 00:16 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 20:38 1957888]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
    "igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57 1103480]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-13 22:13 67128]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
    "AtiTrayTools"="C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.exe" [2007-10-21 16:06 566784]
    "RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [2004-08-17 16:07 143360]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 21:57 1481968]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
    "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06 45056]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
    "CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
    "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
    "SystemBoosterXP"="C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe" [2006-11-30 18:16 637440]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
    "AtiPTA"="atiptaxx.exe" [2006-02-21 21:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 16:49 69632]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
    "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
    "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 21:56 5367664]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 03:56 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
    CM Control Center.lnk - C:\Program Files\CH Products\Control Manager\CMCtlCtr.exe [2006-02-09 20:20:32 539136]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-13 22:13:49 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-18 21:51:25 784912]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
    PCANotify.dll 2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli scecli

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "E:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "K:\\Program Files\\Lead Pursuit\\Battlefield Operations\\FalconAF.exe"=
    "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
    "C:\\Program Files\\FSFDT\\FSCopilot\\FSInnUI.exe"=
    "C:\\Program Files\\FSFDT\\FSInn\\FSInnFW.exe"=
    "K:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient.exe"=
    "C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
    "K:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\DiskTrix\\SystemBooster2\\SystemBooster.exe"=
    "K:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
    "K:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Symantec\\pcAnywhere\\Winaw32.exe"=
    "C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
    "C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "K:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\KAV\\kis\\setup.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
    R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys [2007-10-16 04:42]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
    R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 01:53]
    R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2006-08-11 15:56]
    R2 WUSB300NSvc;WUSB300NSvc;"C:\Program Files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe" []
    R3 chdrvr01;CH Control Manager Driver 1;C:\WINDOWS\system32\DRIVERS\chdrvr01.sys [2005-07-30 05:19]
    R3 chdrvr02;CH Control Manager Driver 2;C:\WINDOWS\system32\DRIVERS\chdrvr02.sys [2005-05-17 02:07]
    R3 chdrvr03;CH Control Manager Driver 3;C:\WINDOWS\system32\DRIVERS\chdrvr03.sys [2005-05-17 02:06]
    R3 gfvknt;GoFlight Virtual HID Keyboard;C:\WINDOWS\system32\DRIVERS\gfvknt.sys [2003-07-27 22:49]
    R3 NPUSB;NPUSB;C:\WINDOWS\system32\DRIVERS\npusb.sys [2006-12-06 18:20]
    S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2002-09-01 08:19]
    S3 CSVirtA;Cisco Systems SSL VPN Adapter;C:\WINDOWS\system32\DRIVERS\CSVirtA.sys [2007-11-02 10:40]
    S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-09-01 08:19]
    S3 PciCon;PciCon;F:\PciCon.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \Shell\AutoRun\command - F:\setup.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-09 11:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-27 01:49:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2007-01-17 12:13:00 C:\WINDOWS\Tasks\Defrag Job #00.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2007-01-17 14:30:00 C:\WINDOWS\Tasks\Defrag Job #01.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2007-01-17 15:00:00 C:\WINDOWS\Tasks\Defrag Job #02.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2007-01-17 16:30:00 C:\WINDOWS\Tasks\Defrag Job #03.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2007-01-17 18:00:00 C:\WINDOWS\Tasks\Defrag Job #04.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2008-03-23 04:11:00 C:\WINDOWS\Tasks\Defrag Job #1.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2008-03-23 06:00:00 C:\WINDOWS\Tasks\Defrag Job #2.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2008-03-23 07:00:00 C:\WINDOWS\Tasks\Defrag Job #3.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2008-03-23 09:00:00 C:\WINDOWS\Tasks\Defrag Job #4.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2008-03-23 10:00:00 C:\WINDOWS\Tasks\Defrag Job #5.job"
    - C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe
    "2008-04-22 02:00:03 C:\WINDOWS\Tasks\wrSpySweeper_0EB3D6B9D3B84E7EA69BA154770B25C1.job"
    - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe=/ScheduleSweep=wrSpySweeper_0EB3D6B9D3B84E7EA69BA154770B25C1
    - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
    - A:\
    .
    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\raphook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.exe
    C:\Program Files\Webroot\Spy Sweeper\ssu.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-27 11:49:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-27 15:48:23
    ComboFix2.txt 2008-04-26 17:19:49

    Pre-Run: 39,476,637,696 bytes free
    Post-Run: 39,450,914,816 bytes free

    236 --- E O F --- 2008-04-24 00:55:05
     
  7. spike9

    spike9 Thread Starter

    Joined:
    Apr 13, 2008
    Messages:
    22
    Hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:01:42 PM, on 27/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Linksys\WUSB300N\WLService.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\CH Products\Control Manager\CMCtlCtr.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\Crusty.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [SystemBoosterXP] "C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\DLM.exe" /windowsstart /startifwork
    O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.exe"
    O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: CM Control Center.lnk = C:\Program Files\CH Products\Control Manager\CMCtlCtr.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://remote.tsb.gc.ca/CACHE/webvpn/stc/1/binaries/stcweb.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
    O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 12591 bytes
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,299
    Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.

    To disable SpySweeper:

    Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
    Over to the left click "shields" and uncheck all there.
    Uncheck "home page shield".
    Uncheck "automatically restore default without notification".


    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "C:\\WINDOWS\\system32\\rundll32.exe"=-
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=-
     
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  9. spike9

    spike9 Thread Starter

    Joined:
    Apr 13, 2008
    Messages:
    22
    Cookiegal,

    I turned off everything in spysweeper as you instructed and tried running combofixwith the new CFScript file. Combofix only made it to stage four, at which point the computer rebooted and indicated that Windows had recovered from a serious error. There was no log file created.

    Spike
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,299
    Please go to Start - Run - type in eventvwr.msc to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

    Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.
     
  11. spike9

    spike9 Thread Starter

    Joined:
    Apr 13, 2008
    Messages:
    22
    Here you go alot of the stuff just keeps repeating:

    Event Type: Error
    Event Source: STCAgent
    Event Category: None
    Event ID: 2
    Date: 2008-04-28
    Time: 20:44
    User: N/A
    Computer: SPIKE
    Description:
    Termination reason code 10 [FAST_USER_SWITCH]


    Event Type: Error
    Event Source: STCAgent
    Event Category: None
    Event ID: 2
    Date: 2008-04-27
    Time: 19:16
    User: N/A
    Computer: SPIKE
    Description:
    Termination reason code 10 [FAST_USER_SWITCH]

    Event Type: Error
    Event Source: STCAgent
    Event Category: None
    Event ID: 2
    Date: 2008-04-27
    Time: 19:04
    User: N/A
    Computer: SPIKE
    Description:
    Termination reason code 10 [FAST_USER_SWITCH]

    Event Type: Error
    Event Source: STCAgent
    Event Category: None
    Event ID: 2
    Date: 2008-04-27
    Time: 18:53
    User: N/A
    Computer: SPIKE
    Description:
    Termination reason code 10 [FAST_USER_SWITCH]

    Event Type: Error
    Event Source: STCAgent
    Event Category: None
    Event ID: 2
    Date: 2008-04-27
    Time: 11:44
    User: N/A
    Computer: SPIKE
    Description:
    Termination reason code 10 [FAST_USER_SWITCH]

    Event Type: Error
    Event Source: STCAgent
    Event Category: None
    Event ID: 2
    Date: 2008-04-27
    Time: 11:10
    User: N/A
    Computer: SPIKE
    Description:
    Termination reason code 10 [FAST_USER_SWITCH]

    Event Type: Error
    Event Source: Windows Live Messenger
    Event Category: None
    Event ID: 1000
    Date: 2008-04-26
    Time: 18:33
    User: N/A
    Computer: SPIKE
    Description:
    The description for Event ID ( 1000 ) in Source ( Windows Live Messenger ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: msnmsgr.exe, 8.5.1302.1018, 4717a53b, sockspy.dll, 0.0.0.0, 43d904b9, 0, 0000104a.
    Data:
    0000: 41 00 70 00 70 00 6c 00 A.p.p.l.
    0008: 69 00 63 00 61 00 74 00 i.c.a.t.
    0010: 69 00 6f 00 6e 00 20 00 i.o.n. .
    0018: 46 00 61 00 69 00 6c 00 F.a.i.l.
    0020: 75 00 72 00 65 00 20 00 u.r.e. .
    0028: 20 00 6d 00 73 00 6e 00 .m.s.n.
    0030: 6d 00 73 00 67 00 72 00 m.s.g.r.
    0038: 2e 00 65 00 78 00 65 00 ..e.x.e.
    0040: 20 00 38 00 2e 00 35 00 .8...5.
    0048: 2e 00 31 00 33 00 30 00 ..1.3.0.
    0050: 32 00 2e 00 31 00 30 00 2...1.0.
    0058: 31 00 38 00 20 00 34 00 1.8. .4.
    0060: 37 00 31 00 37 00 61 00 7.1.7.a.
    0068: 35 00 33 00 62 00 20 00 5.3.b. .
    0070: 69 00 6e 00 20 00 73 00 i.n. .s.
    0078: 6f 00 63 00 6b 00 73 00 o.c.k.s.
    0080: 70 00 79 00 2e 00 64 00 p.y...d.
    0088: 6c 00 6c 00 20 00 30 00 l.l. .0.
    0090: 2e 00 30 00 2e 00 30 00 ..0...0.
    0098: 2e 00 30 00 20 00 34 00 ..0. .4.
    00a0: 33 00 64 00 39 00 30 00 3.d.9.0.
    00a8: 34 00 62 00 39 00 20 00 4.b.9. .
    00b0: 66 00 44 00 65 00 62 00 f.D.e.b.
    00b8: 75 00 67 00 20 00 30 00 u.g. .0.
    00c0: 20 00 61 00 74 00 20 00 .a.t. .
    00c8: 6f 00 66 00 66 00 73 00 o.f.f.s.
    00d0: 65 00 74 00 20 00 30 00 e.t. .0.
    00d8: 30 00 30 00 30 00 31 00 0.0.0.1.
    00e0: 30 00 34 00 61 00 0d 00 0.4.a...
    00e8: 0a 00 ..

    Event Type: Error
    Event Source: STCAgent
    Event Category: None
    Event ID: 2
    Date: 2008-04-26
    Time: 18:31
    User: N/A
    Computer: SPIKE
    Description:
    Termination reason code 10 [FAST_USER_SWITCH]

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7034
    Date: 2008-04-28
    Time: 20:45
    User: N/A
    Computer: SPIKE
    Description:
    The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7001
    Date: 2008-04-28
    Time: 20:45
    User: N/A
    Computer: SPIKE
    Description:
    The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
    %%0

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2008-04-28
    Time: 20:44
    User: N/A
    Computer: SPIKE
    Description:
    The BDRsDrv service failed to start due to the following error:
    The system cannot find the file specified.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2008-04-28
    Time: 20:44
    User: N/A
    Computer: SPIKE
    Description:
    The BDFsDrv service failed to start due to the following error:
    The system cannot find the file specified.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7026
    Date: 2008-04-28
    Time: 20:44
    User: N/A
    Computer: SPIKE
    Description:
    The following boot-start or system-start driver(s) failed to load:
    fasttx2k

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: fasttx2k
    Event Category: None
    Event ID: 4
    Date: 2008-04-28
    Time: 20:43
    User: N/A
    Computer: SPIKE
    Description:
    Driver detected an internal error in its data structures for .

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 00 00 00 00 01 00 5a 00 ......Z.
    0008: 00 00 00 00 04 00 04 c0 .......À
    0010: 02 00 00 00 c0 00 00 c0 ....À..À
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7001
    Date: 2008-04-28
    Time: 20:44
    User: N/A
    Computer: SPIKE
    Description:
    The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
    %%0

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2008-04-28
    Time: 20:44
    User: N/A
    Computer: SPIKE
    Description:
    The NEC PCI to USB Enhanced Host Controller service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2008-04-27
    Time: 20:33
    User: N/A
    Computer: SPIKE
    Description:
    The BDRsDrv service failed to start due to the following error:
    The system cannot find the file specified.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2008-04-27
    Time: 20:33
    User: N/A
    Computer: SPIKE
    Description:
    The BDFsDrv service failed to start due to the following error:
    The system cannot find the file specified.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2008-04-27
    Time: 19:32
    User: N/A
    Computer: SPIKE
    Description:
    The BDRsDrv service failed to start due to the following error:
    The system cannot find the file specified.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2008-04-27
    Time: 19:32
    User: N/A
    Computer: SPIKE
    Description:
    The BDFsDrv service failed to start due to the following error:
    The system cannot find the file specified.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2008-04-27
    Time: 19:17
    User: N/A
    Computer: SPIKE
    Description:
    The BDRsDrv service failed to start due to the following error:
    The system cannot find the file specified.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2008-04-27
    Time: 19:17
    User: N/A
    Computer: SPIKE
    Description:
    The BDFsDrv service failed to start due to the following error:
    The system cannot find the file specified.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7001
    Date: 2008-04-27
    Time: 19:17
    User: N/A
    Computer: SPIKE
    Description:
    The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
    %%0

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7034
    Date: 2008-04-27
    Time: 19:17
    User: N/A
    Computer: SPIKE
    Description:
    The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7026
    Date: 2008-04-27
    Time: 19:17
    User: N/A
    Computer: SPIKE
    Description:
    The following boot-start or system-start driver(s) failed to load:
    fasttx2k

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7001
    Date: 2008-04-27
    Time: 19:17
    User: N/A
    Computer: SPIKE
    Description:
    The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
    %%0

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2008-04-27
    Time: 19:17
    User: N/A
    Computer: SPIKE
    Description:
    The NEC PCI to USB Enhanced Host Controller service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: fasttx2k
    Event Category: None
    Event ID: 4
    Date: 2008-04-27
    Time: 19:16
    User: N/A
    Computer: SPIKE
    Description:
    Driver detected an internal error in its data structures for .

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 00 00 00 00 01 00 5a 00 ......Z.
    0008: 00 00 00 00 04 00 04 c0 .......À
    0010: 02 00 00 00 c0 00 00 c0 ....À..À
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........

    Event Type: Error
    Event Source: System Error
    Event Category: (102)
    Event ID: 1003
    Date: 2008-04-27
    Time: 19:05
    User: N/A
    Computer: SPIKE
    Description:
    Error code 1000008e, parameter1 c0000005, parameter2 8056b506, parameter3 aa226c44, parameter4 00000000.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 53 79 73 74 65 6d 20 45 System E
    0008: 72 72 6f 72 20 20 45 72 rror Er
    0010: 72 6f 72 20 63 6f 64 65 ror code
    0018: 20 31 30 30 30 30 30 38 1000008
    0020: 65 20 20 50 61 72 61 6d e Param
    0028: 65 74 65 72 73 20 63 30 eters c0
    0030: 30 30 30 30 30 35 2c 20 000005,
    0038: 38 30 35 36 62 35 30 36 8056b506
    0040: 2c 20 61 61 32 32 36 63 , aa226c
    0048: 34 34 2c 20 30 30 30 30 44, 0000
    0050: 30 30 30 30 0000

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7034
    Date: 2008-04-27
    Time: 19:04
    User: N/A
    Computer: SPIKE
    Description:
    The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7034
    Date: 2008-04-27
    Time: 19:04
    User: N/A
    Computer: SPIKE
    Description:
    The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2008-04-27
    Time: 19:03
    User: N/A
    Computer: SPIKE
    Description:
    The BDRsDrv service failed to start due to the following error:
    The system cannot find the file specified.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 2008-04-27
    Time: 19:03
    User: N/A
    Computer: SPIKE
    Description:
    The BDFsDrv service failed to start due to the following error:
    The system cannot find the file specified.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7026
    Date: 2008-04-27
    Time: 19:03
    User: N/A
    Computer: SPIKE
    Description:
    The following boot-start or system-start driver(s) failed to load:
    fasttx2k

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Event Type: Error
    Event Source: fasttx2k
    Event Category: None
    Event ID: 4
    Date: 2008-04-27
    Time: 19:02
    User: N/A
    Computer: SPIKE
    Description:
    Driver detected an internal error in its data structures for .

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 00 00 00 00 01 00 5a 00 ......Z.
    0008: 00 00 00 00 04 00 04 c0 .......À
    0010: 02 00 00 00 c0 00 00 c0 ....À..À
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,299
    Looks like some possible hardware issues there so I'm going to ask someone else to take a look.
     
  13. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    1 >> STCAgent >> related to Cisco VPN -- "error" eccurs when user logs 0ff using Fast User Switching.

    --- I don't believe this is a true error.


    2 >> The BDRsDrv service failed to start due to the following error:
    The system cannot find the file specified.

    -- relates to BitDefender; I would assume there is a damaged install or a residual startup entry that was not removed if it was uninstalled

    3 >> The following boot-start or system-start driver(s) failed to load:
    fasttx2k

    -- not sure what to make of this one, the driver is for a Promise Raid Architecture I believe; if it is consistently repeating you would need to reinstall those Promise drivers for your RAID controller; http://www.promise.com/product/product_detail_eng.asp?segment=RAID 0/1 HBAs&product_id=128 You would need to verify the hardware model on their site for the correct drivers.

    4 >> Event Type: Error
    Event Source: System Error
    Event Category: (102)
    Event ID: 1003
    Date: 2008-04-27
    Time: 19:05
    User: N/A
    Computer: SPIKE
    Description:
    Error code 1000008e, parameter1 c0000005, parameter2 8056b506, parameter3 aa226c44, parameter4 00000000.

    This is a BSOD. No doubt the one you mention in post 9

    --- Need more info:

    I can run a debugging utility on the dump files if you do this:

    1 > create a new folder on the desktop and call it "dumpcheck" or whatever you like
    2 > navigate to %systemroot%\minidump and copy the last few minidump files to that folder.%systemroot% is normally c:\windows. They are numbered by date. You can paste that address in address bar to get there.
    3 > close the folder and right click on it and select Send to Compressed (zipped) Folder.
    4 > use the "manage attachments" in the "advanced" reply window to upload that zip file here as an attachment.

    This might point us to a non-system driver causing the error, if one exists for it.
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,299
    Thanks Rog. :)
     
  15. spike9

    spike9 Thread Starter

    Joined:
    Apr 13, 2008
    Messages:
    22
    I have uninstalled the fast track raid controller as not running a raid array, also unistalled the cisco vpn client driver that showed a few errors I can reinstall the next time need it which isn't to often.

    I have attached the mini dump files there were only two in the file.

    Thanks for all the help both of you, hopefully we can resolve whatever problems are lurking in my machine.

    Peter
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/703288

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice