recent trouble- programs slow to start

[sidewaysup]

Hello, I have recently been having some trouble, just the last couple of weeks, programs have been much slower starting than before.

Computer starts up fine, and the programs that are initiating slower seem to be mainly on one drive that I have most of my apps on, not my c drive. I have 5 drives.

Also, the last couple of days I have been getting zonealarm warnings about a couple different programs, that dont even turn up in search engines.
Such as:
"POxi3151.exe trying to communicate with \systemroot\system32\smss.exe"
When I do not allow access, a moment later I get a
"c:\windows\system32\cmd.exe error "windows cannot access the specified device, path, or file. etc."

I've also seen log alerts for "svcipa.exe"

A couple of changes on my system, I added Palm Treo phone software, installed outlook 2003 to go with that.

But the slowness started before those changes.

I have never allowed auto updates, i use avg and adaware/spybot, I do not use Internet explorer, don't use outlook for email and dont generally have security problems. I use zonealarm too.

Going through the steps to post my log, I could not get Panda to do a scan, not sure why, and I could not get windows update to work. I've never used it before, and with most Microsoft apps, I've never known them to work very well.

The error code I got from microsoft is [Error number: 0x80070002]

my log -------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:33 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ATWTUSB.EXE
K:\Program Files\Microsoft ActiveSync\wcescomm.exe
K:\PROGRA~1\MICROS~1\rapimgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
K:\Program Files\Crazy Browser\Crazy Browser.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - k:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [\\RSPROCESS\EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P31 "\\RSPROCESS\EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on RSPROCESS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P37 "Auto EPSON Stylus CX5400 on RSPROCESS" /O20 "\\RSPROCESS\EPSONSty" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Phase One Media Reader] K:\PROGRA~1\PHASEO~1\C1PRO~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "K:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKCU\..\Run: [igndlm.exe] K:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [H/PC Connection Agent] "K:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{20DDFB92-0AF0-1033-1212-030405080001}] "C:\Program Files\Common Files\{20DDFB92-0AF0-1033-1212-030405080001}\Update.exe" mc-110-12-0000103
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: TruStudy.lnk = K:\Program Files\TRU\TruStudy.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186449746046
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186456012562
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6841 bytes

Thank you

[sUBs]

Please follow MicroBell's 5 Step process - http://www.techsupportforum.com/secu...sting-log.html.

You shall have a proper set of logs for us after that

[sidewaysup]

Hello, sorry, I did go through those steps, however the panad scan would not work, and I can not get windows update to work either, as I mentioned earlier.

Any suggestions?

I've tried fixing the googleupdaterservice, but it won't go away.

I installed spyblaster earlier, and I just installed ie-spyad, here is the log from that:

"Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:02 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ATWTUSB.EXE
K:\Program Files\Microsoft ActiveSync\wcescomm.exe
K:\PROGRA~1\MICROS~1\rapimgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
K:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - k:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [\\RSPROCESS\EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P31 "\\RSPROCESS\EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on RSPROCESS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P37 "Auto EPSON Stylus CX5400 on RSPROCESS" /O20 "\\RSPROCESS\EPSONSty" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Phase One Media Reader] K:\PROGRA~1\PHASEO~1\C1PRO~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "K:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKCU\..\Run: [igndlm.exe] K:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [H/PC Connection Agent] "K:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{20DDFB92-0AF0-1033-1212-030405080001}] "C:\Program Files\Common Files\{20DDFB92-0AF0-1033-1212-030405080001}\Update.exe" mc-110-12-0000103
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: TruStudy.lnk = K:\Program Files\TRU\TruStudy.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186449746046
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186456012562
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6769 bytes

[sUBs]

Did you perform the final of the 5 steps. If you had done so, there shall be some logs.

The 5th step produces the log which we require

[sidewaysup]

I'm sorry, I have now attached the 'extra.txt' file

[sUBs]

Lol ...main.txt is the one I want most

[sidewaysup]

I'm sorry, I thought that is what I pasted in my post, I have attached main.txt


Deckard's System Scanner v20070804.61
Run by Owner on 2007-08-06 at 19:17:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2007-08-07 02:17:24 UTC - RP687 - Deckard's System Scanner Restore Point
75: 2007-08-05 23:36:43 UTC - RP686 - Installed EasyCleaner
74: 2007-08-05 23:12:03 UTC - RP685 - Uniblue RegistryBooster
73: 2007-08-05 23:11:12 UTC - RP684 - pre uniblue fix
72: 2007-08-05 07:40:02 UTC - RP683 - Spybot-S&D Spyware removal


-- First Restore Point --
1: 2007-06-14 19:20:18 UTC - RP612 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:53 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ATWTUSB.EXE
C:\WINDOWS\explorer.exe
I:\install apps\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - k:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [\\RSPROCESS\EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P31 "\\RSPROCESS\EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on RSPROCESS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P37 "Auto EPSON Stylus CX5400 on RSPROCESS" /O20 "\\RSPROCESS\EPSONSty" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Phase One Media Reader] K:\PROGRA~1\PHASEO~1\C1PRO~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "K:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [igndlm.exe] K:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [H/PC Connection Agent] "K:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{20DDFB92-0AF0-1033-1212-030405080001}] "C:\Program Files\Common Files\{20DDFB92-0AF0-1033-1212-030405080001}\Update.exe" mc-110-12-0000103
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: TruStudy.lnk = K:\Program Files\TRU\TruStudy.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186449746046
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124166306937
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mpix.com/Customer/Uploadi...eUploader3.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - K:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - K:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7164 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 P1C1394 (Phase One 1394 Camera Driver) - c:\windows\system32\drivers\p1c1394.sys <Not Verified; Phase One A/S; Phase One digital imaging>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 XDva011 - c:\windows\system32\xdva011.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
S3 MSSQL$PINNACLESYS - "k:\program files\pinnacle\mediaserver\microsoft sql server\mssql$pinnaclesys\binn\sqlservr.exe" -spinnaclesys (file missing)
S3 SQLAgent$PINNACLESYS - "k:\program files\pinnacle\mediaserver\microsoft sql server\mssql$pinnaclesys\binn\sqlagent.exe" -i pinnaclesys (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_058F&PID_9360\9206051
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_058F&PID_9360\9206051
Service: USBSTOR


-- Scheduled Tasks -------------------------------------------------------------

2007-08-06 19:02:27 350 --a------ C:\WINDOWS\Tasks\At68.job
2007-08-06 19:00:00 350 --a------ C:\WINDOWS\Tasks\At44.job
2007-08-06 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job
2007-08-06 18:11:16 350 --a------ C:\WINDOWS\Tasks\At67.job
2007-08-06 18:00:00 350 --a------ C:\WINDOWS\Tasks\At43.job
2007-08-06 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job
2007-08-06 17:09:46 350 --a------ C:\WINDOWS\Tasks\At65.job
2007-08-06 17:01:00 350 --a------ C:\WINDOWS\Tasks\At66.job
2007-08-06 17:00:00 350 --a------ C:\WINDOWS\Tasks\At42.job
2007-08-06 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job
2007-08-06 16:00:00 350 --a------ C:\WINDOWS\Tasks\At41.job
2007-08-06 16:00:00 350 --a------ C:\WINDOWS\Tasks\At17.job
2007-08-06 15:01:12 350 --a------ C:\WINDOWS\Tasks\At64.job
2007-08-06 15:00:00 350 --a------ C:\WINDOWS\Tasks\At40.job
2007-08-06 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job
2007-08-06 14:01:17 350 --a------ C:\WINDOWS\Tasks\At63.job
2007-08-06 14:00:00 350 --a------ C:\WINDOWS\Tasks\At39.job
2007-08-06 14:00:00 350 --a------ C:\WINDOWS\Tasks\At15.job
2007-08-06 13:01:12 350 --a------ C:\WINDOWS\Tasks\At62.job
2007-08-06 13:00:00 350 --a------ C:\WINDOWS\Tasks\At38.job
2007-08-06 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job
2007-08-06 12:29:16 350 --a------ C:\WINDOWS\Tasks\At61.job
2007-08-06 12:00:00 350 --a------ C:\WINDOWS\Tasks\At37.job
2007-08-06 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job
2007-08-06 11:01:19 350 --a------ C:\WINDOWS\Tasks\At60.job
2007-08-06 11:00:00 350 --a------ C:\WINDOWS\Tasks\At36.job
2007-08-06 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job
2007-08-06 10:01:38 350 --a------ C:\WINDOWS\Tasks\At59.job
2007-08-06 10:00:00 350 --a------ C:\WINDOWS\Tasks\At35.job
2007-08-06 10:00:00 350 --a------ C:\WINDOWS\Tasks\At11.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At72.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At71.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At70.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At69.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At58.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At57.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At56.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At55.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At54.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At53.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At52.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At51.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At50.job
2007-08-06 09:17:38 350 --a------ C:\WINDOWS\Tasks\At49.job
2007-08-06 09:00:00 350 --a------ C:\WINDOWS\Tasks\At34.job
2007-08-06 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job
2007-08-06 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2007-08-06 08:00:00 350 --a------ C:\WINDOWS\Tasks\At33.job
2007-08-06 02:00:00 350 --a------ C:\WINDOWS\Tasks\At3.job
2007-08-06 02:00:00 350 --a------ C:\WINDOWS\Tasks\At27.job
2007-08-06 01:00:00 350 --a------ C:\WINDOWS\Tasks\At26.job
2007-08-06 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job
2007-08-06 00:00:00 350 --a------ C:\WINDOWS\Tasks\At25.job
2007-08-06 00:00:00 350 --a------ C:\WINDOWS\Tasks\At1.job
2007-08-05 23:00:00 350 --a------ C:\WINDOWS\Tasks\At48.job
2007-08-05 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job
2007-08-05 22:00:01 350 --a------ C:\WINDOWS\Tasks\At47.job
2007-08-05 22:00:01 350 --a------ C:\WINDOWS\Tasks\At23.job
2007-08-05 21:00:00 350 --a------ C:\WINDOWS\Tasks\At46.job
2007-08-05 21:00:00 350 --a------ C:\WINDOWS\Tasks\At22.job
2007-08-05 20:00:00 350 --a------ C:\WINDOWS\Tasks\At45.job
2007-08-05 20:00:00 350 --a------ C:\WINDOWS\Tasks\At21.job
2007-08-05 0943 350 --a------ C:\WINDOWS\Tasks\At28.job
2007-08-05 07:00:30 350 --a------ C:\WINDOWS\Tasks\At32.job
2007-08-05 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2007-08-05 06:00:30 350 --a------ C:\WINDOWS\Tasks\At31.job
2007-08-05 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job
2007-08-05 05:00:30 350 --a------ C:\WINDOWS\Tasks\At30.job
2007-08-05 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job
2007-08-05 04:00:37 350 --a------ C:\WINDOWS\Tasks\At29.job
2007-08-05 04:00:00 350 --a------ C:\WINDOWS\Tasks\At5.job
2007-08-05 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job


-- Files created between 2007-07-06 and 2007-08-06 -----------------------------

2007-08-06 18:34:44 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-06 18:23:40 0 d-------- C:\WINDOWS\LastGood
2007-08-06 09:17:37 25152 --a------ C:\WINDOWS\system32\POxi3151.exe
2007-08-05 16:07:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-08-03 01:44:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Opera
2007-08-01 17:04:13 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-08-01 17:03:52 0 d-------- C:\WINDOWS\SHELLNEW
2007-08-01 17:03:51 0 d-------- C:\Program Files\Microsoft.NET
2007-08-01 14:54:19 0 d-------- C:\Program Files\Palm
2007-07-31 11:14:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Free Download Manager
2007-07-25 23:26:19 0 d-------- C:\Program Files\Google
2007-07-25 22:59:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-07-23 00:00:25 0 d-------- C:\WINDOWS\system32\b02FdUe
2007-07-19 09:55:32 2560 --a------ C:\systceg.exe
2007-07-17 21:17:00 0 d-------- C:\Program Files\Western Digital Technologies
2007-07-16 11:55:42 0 dr-h----- C:\Documents and Settings\Owner\Application Data\SecuROM
2007-07-13 22:24:55 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-09 14:37:42 10 --a------ C:\WINDOWS\727219582


-- Find3M Report ---------------------------------------------------------------

2007-08-06 19:21:40 0 d-------- C:\Program Files\Trend Micro
2007-08-06 07:08:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-08-06 07:05:48 0 d-------- C:\Program Files\Common Files\Express Digital
2007-08-06 01:52:48 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-08-05 16:36:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 02:24:38 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-08-01 17:04:12 0 d-------- C:\Program Files\Common Files
2007-08-01 1454 2508 --a------ C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
2007-07-25 23:26:40 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-19 09:35:11 0 d-------- C:\Program Files\crap
2007-07-16 03:58:18 0 d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM
2007-07-10 16:28:14 0 d--h----- C:\Documents and Settings\Owner\Application Data\Move Networks
2007-07-02 17:14:18 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-13 21:03:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Hermetic Systems
2007-06-13 20:51:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Site Content Analyzer 2
2007-06-12 22:16:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/09/2007 12:02 AM]
"Atwtusb"="FuncKey.DLL" [04/18/2002 02:10 PM C:\WINDOWS\system32\Funckey.dll]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/21/2007 09:09 AM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [06/07/2006 01:35 PM]
"\\RSPROCESS\EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [05/26/2003 01:00 PM]
"Auto EPSON Stylus CX5400 on RSPROCESS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [05/26/2003 01:00 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/09/2007 12:02 AM]
"QuickTime Task"="K:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"Phase One Media Reader"="K:\PROGRA~1\PHASEO~1\C1PRO~1\DCIMImp.exe" [04/24/2007 08:31 PM]
"Adobe Photo Downloader"="K:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [02/06/2007 04:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="K:\Program Files\IGN\Download Manager\DLM.exe" [11/07/2006 06:22 PM]
"H/PC Connection Agent"="K:\Program Files\Microsoft ActiveSync\wcescomm.exe" [06/20/2006 10:36 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"srePostpone"=rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/13/2004 2:22:37 AM]
PowerReg Scheduler V3.exe [11/8/2004 7:03:56 PM]
PowerReg SchedulerV2.exe [5/30/2006 12:45:48 AM]
TruStudy.lnk - K:\Program Files\TRU\TruStudy.exe [4/21/2006 7:30:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/13/2004 2:22:37 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{20DDFB92-0AF0-1033-1212-030405080001}"="C:\Program Files\Common Files\{20DDFB92-0AF0-1033-1212-030405080001}\Update.exe" mc-110-12-0000103

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MsnFixer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MsnFixer.lnk
backup=C:\WINDOWS\pss\MsnFixer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]
C:\hp\bin\AUTOTKIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IcoSet]
c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfcmc32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe




-- End of Deckard's System Scanner: finished at 2007-08-06 at 19:27:38 ---------

[sUBs]

Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:

• Security Toolbar

P

---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg SchedulerV2.exe
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.snipernet.us (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)


---------------


Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/172564-recent-trouble-programs-slow-start.html#post1018474
Collect::
C:\WINDOWS\system32\POxi3151.exe
C:\systceg.exe
c:\windows\system32\xdva011.sys
File::
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At4.job
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
C:\WINDOWS\727219582
Folder::
C:\WINDOWS\system32\b02FdUe
C:\Program Files\Security Toolbar
Driver::
Registry::

Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip
Please submit this file to:

http://www.bleepingcomputer.com/subm....php?channel=4

The file must be uploaded before proceeding to the next step.


---------------


Click here perform an online scan >> Online Scanner


---------------


In your next post, please include fresh logs from:

1. Fresh Hijackthis log taken just before replying
2. Online scan
3. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[sidewaysup]

Hello, thanks for your help so far.

The combofix has been sent in, and I have attached the new hijackthis log.

The online scan took most of the night, I tried to attach it, but I get an invalid file type error, its an html doc, same with the combofix log.

I'm still not able to run the panda online scan, nor the windows update.

It seems my k drive with most of my programs is starting up a bit faster? Its hard to tell. It kind of seems that its the first time a program from that drive is started that they load slowly, then once they've loaded they load quicker the next time, untill the computer is restarted.

I did start a couple of programs from that drive, that I had not started in a while, and they seemed to load normally.

Do you need the "main.txt" log again? Does that come from running the dss file? Because just running hijackthis is not updating that log.

Here is the newest hijackthis log:

"Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:25 AM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ATWTUSB.EXE
K:\Program Files\Microsoft ActiveSync\wcescomm.exe
K:\PROGRA~1\MICROS~1\rapimgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
K:\Program Files\Crazy Browser\Crazy Browser.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - k:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Atwtusb] RUNDLL32 FuncKey.DLL,ExtFuncCall AA
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [\\RSPROCESS\EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P31 "\\RSPROCESS\EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on RSPROCESS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P37 "Auto EPSON Stylus CX5400 on RSPROCESS" /O20 "\\RSPROCESS\EPSONSty" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Phase One Media Reader] K:\PROGRA~1\PHASEO~1\C1PRO~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "K:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKCU\..\Run: [igndlm.exe] K:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [H/PC Connection Agent] "K:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TruStudy.lnk = K:\Program Files\TRU\TruStudy.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186449746046
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186456012562
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6015 bytes"

[sUBs]

Please post ComboFix's log.

Kaspersky's log was supposed to be saved as a text file. Not html.
No matter, please zip it up & attach it.

[sidewaysup]

I couldn't get anything to zip, here it is as a word doc, let me know if that works.


KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 07, 2007 5:55:32 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/08/2007
Kaspersky Anti-Virus database records: 353080
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
I:\
J:\
K:\
L:\
N:\
O:\
P:\
Scan Statistics
Total number of scanned objects 306437
Number of viruses found 11
Number of infected objects 31 / 0
Number of suspicious objects 4
Duration of the scan process 02:37:22
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip/Yazzle1281OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\archive1213.jar-53e56fc7-1d36df45.zip.bac_a00516/BlackBox.class Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\archive1213.jar-53e56fc7-1d36df45.zip.bac_a00516/VB.class Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\archive1213.jar-53e56fc7-1d36df45.zip.bac_a00516/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\archive1213.jar-53e56fc7-1d36df45.zip.bac_a00516 ZIP: infected - 3 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\archive1213.jar-53e56fc7-1d36df45.zip.bac_a00516 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\ie0502b.jar-963ccf0-6d9549de.zip.bac_a00516/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.ae skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\ie0502b.jar-963ccf0-6d9549de.zip.bac_a00516/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ae skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\ie0502b.jar-963ccf0-6d9549de.zip.bac_a00516 ZIP: infected - 2 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\ie0502b.jar-963ccf0-6d9549de.zip.bac_a00516 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-53a63dd5-6f92f45c.zip.bac_a04072/Counter.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-53a63dd5-6f92f45c.zip.bac_a04072/VerifierBug.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-53a63dd5-6f92f45c.zip.bac_a04072/web.exe Infected: Trojan.Win32.Small.ev skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-53a63dd5-6f92f45c.zip.bac_a04072/Worker.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-53a63dd5-6f92f45c.zip.bac_a04072/Xeyond.class Infected: Trojan.Java.Femad skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-53a63dd5-6f92f45c.zip.bac_a04072 ZIP: infected - 5 skipped
C:\Documents and Settings\Owner\.housecall\Quarantine\jar.jar-53a63dd5-6f92f45c.zip.bac_a04072 CryptFF.b: infected - 5 skipped
C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From "BB&T" <refid-num9962424494ib bbt.com>][Date Tue, 3 Apr 2007 00:41:16 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.ra skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From "BB&T" <refid-num9962424494ib bbt.com>][Date Tue, 3 Apr 2007 00:41:16 -0400]/UNNAMED/cider.gif Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From "BB&T" <refid-num9962424494ib bbt.com>][Date Tue, 3 Apr 2007 00:41:16 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Schwartz A. Kirsten" <aw-confirm chase.com>][Date Mon, 02 Apr 2007 03:24:09 +0000]/UNNAMED/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Chasfraud.u skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Schwartz A. Kirsten" <aw-confirm chase.com>][Date Mon, 02 Apr 2007 03:24:09 +0000]/UNNAMED/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Chasfraud.u skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Schwartz A. Kirsten" <aw-confirm chase.com>][Date Mon, 02 Apr 2007 03:24:09 +0000]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Chasfraud.u skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Schwartz A. Kirsten" <aw-confirm chase.com>][Date Mon, 02 Apr 2007 03:24:09 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Chasfraud.u skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Branch Banking and Trust" <investigation-id459372ib bbt.com>][Date Fri, 23 Mar 2007 13:54:53 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.ra skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Branch Banking and Trust" <investigation-id459372ib bbt.com>][Date Fri, 23 Mar 2007 13:54:53 -0400]/UNNAMED/alien.gif Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Branch Banking and Trust" <investigation-id459372ib bbt.com>][Date Fri, 23 Mar 2007 13:54:53 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E38B60C8-F3E6-41BF-A165-7E8BABF840C9}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 10 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007080720070808\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF5904.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\crap\hijackthis\backup-20060816-225750-579 Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\crap\hijackthis\backup-20060816-225752-327 Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\crap\hijackthis\backup-20060816-225920-691 Infected: Exploit.HTML.Mht skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP683\A0136334.exe Object is locked skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP683\A0136359.exe Object is locked skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP688\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\gmfrg.dll Infected: Trojan.Win32.Agent.rw skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\PEZZ.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\MEMORY.DMP Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E23D6D53-95FE-4EB7-AB78-820A8841A954}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FB4932AC-FD6C-4087-A528-76FCE0FB050C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd4861.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_5a8.dat Object is locked skipped
C:\WINDOWS\temp\ZLT02d1d.TMP Object is locked skipped
C:\WINDOWS\temp\ZLT02d30.TMP Object is locked skipped
C:\WINDOWS\vkmpf.dll Infected: Trojan.Win32.Agent.rw skipped
C:\WINDOWS\vub.dll Infected: Trojan.Win32.Agent.rw skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP688\change.log Object is locked skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP688\change.log Object is locked skipped
N:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

[sUBs]

Quote:

C:\WINDOWS\gmfrg.dll
C:\WINDOWS\vkmpf.dll
C:\WINDOWS\vub.dll

Zip/Archive the above files & submit them to this website: http://www.bleepingcomputer.com/subm....php?channel=4

Kindly include a link to this topic in the message.

[sidewaysup]

Hello, files have been sent. I wasn't able to archive them, winace isn't working. I just uploaded the individual files, I hope that works.

[sUBs]

Open notepad and copy/paste the text in the quotebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Documents and Settings\Owner\.housecall\Quarantine"
"C:\Program Files\crap\hijackthis\backup-20060816-225750-579"
"C:\Program Files\crap\hijackthis\backup-20060816-225752-327"
"C:\Program Files\crap\hijackthis\backup-20060816-225920-691"
C:\WINDOWS\gmfrg.dll
C:\WINDOWS\vkmpf.dll
C:\WINDOWS\vub.dll
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)

for %%g in (
"C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery"
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs

(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg

regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says

[sidewaysup]

fix.bat ran, it opens a dos window, and doesn't seem to do/say anything. Just a blinking cursor. I tried it twice- copy & pasted twice, same result.

[sUBs]

Right click on the file & select edit.

Replace this line - @echo off
With - @prompt $

Run it again. This time, you shall see a series of lines. Tell me where it stalls

[sidewaysup]

says:

if exist "C:\DOCUME~1\Owner\LOCALS~1\Temp\log.txt" del "C:\DOCUME~1\Owner\LOCALS
~1\Temp\log.txt"

for %g in ("C:\Documents and Settings\Owner\.housecall\Quarantine" "C:\Program F
iles\crap\hijackthis\backup-20060816-225750-579" "C:\Program Files\crap\hijackth
is\backup-20060816-225752-327" "C:\Program Files\crap\hijackthis\backup-20060816
-225920-691" C:\WINDOWS\gmfrg.dll C:\WINDOWS\vkmpf.dll C:\WINDOWS\vub.dll) do (
del /a/f %g 1>nul 2>&1
if exist %g echo.%g1>>"C:\DOCUME~1\Owner\LOCALS~1\Temp\log.txt"
)

(
del /a/f "C:\Documents and Settings\Owner\.housecall\Quarantine" 1>nul 2>&1
if exist "C:\Documents and Settings\Owner\.housecall\Quarantine" echo."C:\Docum
ents and Settings\Owner\.housecall\Quarantine"1>>"C:\DOCUME~1\Owner\LOCALS~1\Tem
p\log.txt"
)

[sidewaysup]

apparently I have another hijackthis program installed in my crap folder, should i delete that?

[sUBs]

Quote:

(
del /a/f "C:\Documents and Settings\Owner\.housecall\Quarantine" 1>nul 2>&1
if exist "C:\Documents and Settings\Owner\.housecall\Quarantine" echo."C:\Docum
ents and Settings\Owner\.housecall\Quarantine"1>>"C:\DOCUME~1\Owner\LOCALS~1\Tem
p\log.txt"
)

Did it stall at this line? Or is it some other line?

[sidewaysup]

It stopped there, that was all it showed. It didn't really stall, pretty much all came up at once.