mallware beyond my power, requesting backup

 CastleCops -> Trend Micro HijackThis Logs
Author: BobboauLocation: USA PostPosted: Sat Jun 28, 2008 6:28 pm    Post subject: mallware beyond my power, requesting backup
ok, I have been out of the loop for a year or two due to me not getting infected with anything since forever. but recently a friend of mine got something really nasty that wiped out his restore points and started throughing popups at him like mad. I managed to kill off a few of the nasties, but there are at least a few that are still causing me problems. namely there is at least one popup generator attached to IE, and I suspect a root kit I can't do anything about and a trojan or two. he has counterspy installed but due to either malicious interference or simply the crappiness of this PC it locks up when ever I have it run a scan (except in safe mode, but after the scan when I go to view results none of the stuff it found is there)

I hope this is the correct forum for posting this request if not please move (my apologies to the moderator).


Quote:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-28 12:43:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2008-06-28 17:45:34 UTC - RP34 - Deckard's System Scanner Restore Point
16: 2008-06-28 07:01:59 UTC - RP33 - Software Distribution Service 3.0
15: 2008-06-28 04:58:06 UTC - RP32 - Software Distribution Service 3.0
14: 2008-06-04 04:53:20 UTC - RP31 - System Checkpoint
13: 2008-06-02 04:30:56 UTC - RP30 - CounterSpy - 6/1/2008 11:30:24 PM


-- First Restore Point --
1: 2008-05-24 17:04:47 UTC - RP18 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:07 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Motorola Wireless\WU830G USB Adapter\OdHost.exe
C:\Program Files\Motorola Wireless\WU830G USB Adapter\WLUSBCfg.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Motorola Wireless USB Adapter.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1209436136_804474e1c850080fde4d548c896a7f01&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

--
End of file - 3401 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Owner\Desktop\backups\) ---------------

backup-20080627-202725-303 O2 - BHO: mysidesearch browser optimizer - {bd1e4d74-cf04-febf-3da7-397bcf8fbec3} - C:\WINNT\system32\{46c64063-2b28-eabf-e6dc-451a7e1b88cb}.dll
backup-20080627-202725-524 O2 - BHO: (no name) - {4A25B8B9-B518-4E50-90B8-E50ED6670936} - C:\WINNT\system32\wvUmmJAQ.dll (file missing)
backup-20080627-202725-669 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
backup-20080627-202726-367 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
backup-20080627-202726-553 O2 - BHO: (no name) - {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - C:\WINNT\system32\awtsQGxy.dll (file missing)
backup-20080627-202800-794 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080627-203026-128 O4 - HKLM\..\Run: [{66-62-29-9A-DW}] C:\WINNT\system32\jswnw64k.exe DWram
backup-20080627-203026-322 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080627-203026-328 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\mcntnkdm.exe DWram
backup-20080627-203026-398 O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
backup-20080627-203026-813 O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
backup-20080627-203150-427 O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
backup-20080627-204120-166 O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
backup-20080627-204120-199 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080627-204120-376 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
backup-20080627-204120-387 O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
backup-20080627-204120-562 O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINNT\System32\oobe\msoobe.exe
backup-20080627-204120-938 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw==
backup-20080627-204121-151 O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
backup-20080627-204121-172 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
backup-20080627-204121-230 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080627-204121-691 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
backup-20080627-204121-805 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080627-204121-970 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
backup-20080627-204122-130 O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
backup-20080627-204122-194 O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
backup-20080627-204122-270 O20 - Winlogon Notify: awtsQGxy - awtsQGxy.dll (file missing)
backup-20080627-204122-434 O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
backup-20080627-204122-465 O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
backup-20080627-204759-951 O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
backup-20080627-204930-832 O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
backup-20080627-204930-990 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
backup-20080627-204947-612 O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
backup-20080628-011644-596 O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
backup-20080628-011644-761 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
backup-20080628-011645-311 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
backup-20080628-011645-677 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 slipp - c:\winnt\system32\drivers\slipp.sys
R2 MASPINT - c:\winnt\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 RioPNP - c:\winnt\system32\drivers\riopnp.sys <Not Verified; RioPort.com; >
R3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\winnt\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 PCDRDRV (Pcdr Helper Driver) - c:\atf\qctest\pcdoc\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\winnt\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 SBAPIFS - c:\winnt\system32\drivers\sbapifs.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\winnt\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 PictureTaker - c:\fixit\pt\pctkrnt.sys (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-27 18:06:27 418 --ah----- C:\WINNT\Tasks\User_Feed_Synchronization-{99A54D75-34FD-4E11-91FE-09D093AD2723}.job
2002-12-23 15:35:33 412 --a------ C:\WINNT\Tasks\Symantec NetDetect.job


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 01:43:47 0 d-------- C:\Program Files\Lavasoft
2008-06-28 01:43:46 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-28 01:42:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 21:45:12 0 --a------ C:\WINNT\system32\SBRC.dat
2008-06-27 20:09:53 0 d------c- C:\VundoFix Backups
2008-06-05 19:32:44 756 --a------ C:\WINNT\system32\wshiv6o.dat
2008-06-05 19:32:44 756 --a------ C:\WINNT\system32\WMADMDD.dat
2008-06-05 19:32:44 813 --a------ C:\WINNT\system32\authzpn.dat
2008-06-05 19:32:44 0 --a------ C:\WINNT\system32\ati3dvag.dat
2008-06-03 23:41:32 88961 --a------ C:\WINNT\system32\mysidesearch_sidebar_uninstall.exe
2008-06-03 18:24:54 3398 --a------ C:\WINNT\system32\usrvoich.dat
2008-06-03 18:24:54 0 --a------ C:\WINNT\system32\usrsdnia.dat
2008-06-03 18:24:54 281 --a------ C:\WINNT\system32\spoozss.dat
2008-06-03 18:24:54 6693 --a------ C:\WINNT\system32\qmgrprxw.dat
2008-06-03 18:24:54 7955 --a------ C:\WINNT\system32\msafn.dat
2008-06-02 04:28:16 10753087 --a------ C:\WINNT\system32\SBSP.dat
2008-06-02 04:27:59 153 --a------ C:\WINNT\system32\SBFC.dat
2008-06-02 04:25:53 200768 --a------ C:\WINNT\system32\tcnttkdm.exe
2008-06-02 04:25:50 401972 --a------ C:\WINNT\system32\g59.exe
2008-06-01 21:55:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Sunbelt Software
2008-06-01 21:55:42 0 d------c- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-06-01 21:54:47 0 d-------- C:\Program Files\Sunbelt Software
2008-06-01 21:40:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Sammsoft
2008-06-01 21:40:02 0 d-------- C:\Program Files\Advanced Registry Optimizer


-- Find3M Report ---------------------------------------------------------------

2008-06-27 18:06:04 861 --a------ C:\WINNT\system32\winpfz33.sys
2008-06-27 18:03:01 354 ---hs---- C:\WINNT\system32\ecoctyaf.ini2
2008-06-01 23:32:38 0 d-------- C:\Program Files\Common Files
2008-06-01 20:04:59 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-20 22:23:43 0 d-------- C:\Program Files\Trend Micro
2008-05-20 22:05:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-20 21:55:44 0 d-------- C:\Program Files\Symantec
2008-05-19 23:01:54 1014927 --ahs---- C:\WINNT\system32\QAJmmUvw.ini2
2008-05-19 15:20:33 2624 --a------ C:\WINNT\system32\kvyfkyqk.exe
2008-05-18 13:35:12 2112 --a------ C:\WINNT\system32\eaujunvs.exe
2008-05-18 13:34:40 3648 --a------ C:\WINNT\system32\siycecll.dll
2008-05-17 07:21:07 2112 --a------ C:\WINNT\system32\vgvayuvi.exe
2008-05-17 07:12:33 3648 --a------ C:\WINNT\system32\etwrytlo.dll
2008-05-15 18:34:43 2112 --a------ C:\WINNT\system32\gjwwjmvu.exe
2008-05-15 18:26:26 3648 --a------ C:\WINNT\system32\cjaseoid.dll
2008-05-14 18:29:48 2112 --a------ C:\WINNT\system32\bvcnyldf.exe
2008-05-14 18:26:17 3648 --a------ C:\WINNT\system32\wowwlcft.dll
2008-05-13 18:16:20 2112 --a------ C:\WINNT\system32\ubpmofla.exe
2008-05-13 18:08:31 3648 --a------ C:\WINNT\system32\wccjasgv.dll
2008-05-12 06:01:35 2112 --a------ C:\WINNT\system32\lnwsjdxu.exe
2008-05-11 06:00:03 2112 --a------ C:\WINNT\system32\bdxapdve.exe
2008-05-09 20:32:18 2112 --a------ C:\WINNT\system32\ytxdwsda.exe
2008-05-08 20:32:30 2112 --a------ C:\WINNT\system32\syselxya.exe
2008-05-07 20:29:10 2112 --a------ C:\WINNT\system32\bilrxusg.exe
2008-05-06 19:12:33 2112 --a------ C:\WINNT\system32\jelxiqgo.exe
2008-04-28 22:18:36 89070 --a------ C:\WINNT\system32\myss_sb_uninstall.exe
2008-04-28 22:15:41 298311 --a------ C:\WINNT\system32\gside.exe
2008-04-28 21:32:49 0 d-------- C:\Program Files\Java
2008-04-26 10:10:43 0 --a------ C:\WINNT\system32\taskkill.exe
2008-04-26 10:09:35 399926 --a------ C:\WINNT\system32\g80.exe
2008-04-26 10:08:44 49160 --a------ C:\WINNT\system32\rwwnw64d.exe <Not Verified; ; Browser Driver>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/01/2007 07:47 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/2007 05:24 AM]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Motorola Wireless USB Adapter.lnk - C:\Program Files\Motorola Wireless\WU830G USB Adapter\Startup.EXE [6/6/2005 11:34:50 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\wvUmmJAQ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINNT\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINNT\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Homeland Network]
"C:\Program Files\HomelandNetwork\HomelandNetwork.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1130100499\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot Key Kbd 9910 Daemon]
SK9910DM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keyboard Preload Check]
C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"C:\Program Files\DownloadWare\dw.exe" /H

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"C:\Program Files\Microsoft Money\System\Activation.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
C:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~3.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromulGate]
"C:\Program Files\DelFin\PromulGate\PgMonitr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaveNow]
C:\Program Files\SaveNow\SaveNow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
"C:\Program Files\se\v11\se.EXE" /H

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - SYMTDI



-- End of Deckard's System Scanner: finished at 2008-06-28 12:50:18 ------------



Quote:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 254.98 MiB / 81.41 MiB
Pagefile Memory (total/avail): 625.63 MiB / 297.92 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.66 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 9.72 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST340016A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINNT\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINNT\\system32\\P2P Networking\\P2P Networking.exe:*:Disabled:P2P Networking"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealOne Player"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINNT\\system32\\java.exe"="C:\\WINNT\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BOOMER
ComSpec=C:\WINNT\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
KBUQUAGEZRGWQYE=KXWFSYG
LOGONSERVER=\\BOOMER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=BOOMER
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINNT
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINNT\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Advanced Registry Optimizer --> "C:\Program Files\Advanced Registry Optimizer\unins000.exe" /silent
Backyard Basketball --> C:\WINNT\IsUninst.exe -fC:\HEGames\Basketball\Uninst.isu -c"C:\HEGames\Basketball\Uninst.dll
Backyard Basketball 2004 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B2AB8AF6-AE06-438F-A3D5-C9FBFBDB0AC0}
Backyard Football 2004 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{211C4AB9-E3FD-44CE-A495-75B8F545886A}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Do More 5.0 --> MsiExec.exe /I{75C023EC-64A0-44F7-9D99-C6F6E21EB6F0}
Drive Manager --> "C:\Program Files\InstallShield Installation Information\{B90E85EB-B7C9-44F7-8CAA-935BC628F6ED}\setup.exe" -runfromtemp -l0x0409 -removeonly
Drive Manager --> MsiExec.exe /I{B90E85EB-B7C9-44F7-8CAA-935BC628F6ED}
FinePixViewer Ver.4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTW V.92 Voicemodem --> C:\WINNT\GWMDMU.exe verbose
HelpSpot --> MsiExec.exe /I{F1FBF021-B965-42D3-BF63-D7A121B5490D}
HijackThis 2.0.2 --> "C:\Documents and Settings\Owner\Desktop\HijackThis.exe" /uninstall
Homeland Network --> "C:\Program Files\HomelandNetwork\HomelandNetwork.exe" /Uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
ImageMixer VCD2 for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"
Intel(R) PRO Ethernet Adapter and Software --> Prounstl.exe
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\tv_enua.inf, Uninstall
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2002 --> MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Money 2002 --> MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Money 2002 System Pack --> MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe d:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Motorola Wireless USB Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57BFC2F4-2A2E-4DC3-A0C0-E53A147631E2}\setup.exe" -l0x9
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySidesearch Search Assistant Adzgalore --> C:\WINNT\system32\{46c64063-2b28-eabf-e6dc-451a7e1b88cb}.dll-uninst.exe
Need For Speed III --> C:\WINNT\UNINST.EXE -f"C:\Program Files\Electronic Arts\Need For Speed III\DeIsL2.isu" -c"C:\Program Files\Electronic Arts\Need For Speed III\eauninst.dll"
Network Play System (Patching) --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINNT\System32\nvinstnt.dll,NvUninstallNT4 nvgw.inf
Odyssey Client --> MsiExec.exe /X{99D42EC7-652B-4819-B3E6-6450C815E03F}
PC-Doctor Consumer UI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
PC-Doctor Diagnostics --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PC-Doctor Services --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
PS/2 Millennium Keyboard --> skuninst.exe SK_PS2MillenniumKeyboard
Quicken 2002 New User Edition --> C:\WINNT\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINNT\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\System32\Macromed\SHOCKW~1\Install.log
USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}\Setup.exe" -l0x9
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Format 11 runtime --> "C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type5911 / Error
Event Submitted/Written: 06/28/2008 00:46:35 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application counterspy.exe, version 2.5.0.1043, faulting module oleaut32.dll, version 5.1.2600.3266, fault address 0x000380d5.
Processing media-specific event for [counterspy.exe!ws!]

Event Record #/Type5898 / Error
Event Submitted/Written: 06/27/2008 06:17:16 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type5897 / Error
Event Submitted/Written: 06/27/2008 06:17:16 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type5894 / Error
Event Submitted/Written: 06/27/2008 05:51:49 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type5893 / Error
Event Submitted/Written: 06/27/2008 05:51:49 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type39000 / Warning
Event Submitted/Written: 06/28/2008 08:22:51 AM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type38998 / Error
Event Submitted/Written: 06/28/2008 02:35:21 AM
Event ID/Source: 20106 / RemoteAccess
Event Description:
Unable to add the interface {E3C7CE58-AE47-4E78-BD58-AE7D02916A1D} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Event Record #/Type38967 / Error
Event Submitted/Written: 06/28/2008 01:59:19 AM
Event ID/Source: 20106 / RemoteAccess
Event Description:
Unable to add the interface {E3C7CE58-AE47-4E78-BD58-AE7D02916A1D} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Event Record #/Type38933 / Error
Event Submitted/Written: 06/28/2008 00:42:44 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Sunbelt CounterSpy Antispyware service terminated unexpectedly. It has done this 4 time(s).

Event Record #/Type38929 / Error
Event Submitted/Written: 06/28/2008 00:42:22 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Sunbelt CounterSpy Antispyware service terminated unexpectedly. It has done this 3 time(s).



-- End of Deckard's System Scanner: finished at 2008-06-28 12:50:18 ------------

[/quote]
Author: tetak PostPosted: Sat Jun 28, 2008 6:52 pm    Post subject:
Hi Bobboau, welcome to CastleCops.

I've moved your post to the HijackThis Logs forum.
Author: BobboauLocation: USA PostPosted: Mon Jun 30, 2008 5:45 am    Post subject:
so, what are the chances at least part of my problem is in c:\winnt\system32\drivers\slipp.sys?
Author: Prince_Serendip PostPosted: Mon Jun 30, 2008 2:36 pm    Post subject:
It's not enough to disable LimeWire. It must be removed entirely.

Please remove LimeWire with Add/Remove Programs. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Please refer to this topic:
CastleCops Link/t204179-P2P_programs_we_ask_that_you_remove_first.html
(Don't put it back until after your cleaning is completed.)


P2P apps must be completely removed before we will help you.


After you've done that, please post a fresh (HijackThis only) log below. Thanks.
CastleCops -> Trend Micro HijackThis Logs

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group