svchost.exe Error at 0x00000000 [RESOLVED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

2 Pages

1 2 >

svchost.exe Error at 0x00000000 [RESOLVED], Taskbar is missing, IE won't start

Options

pyroman1 View Member Profile	Sep 23 2008, 10:36 AM Post #1
Member Posts: 17 OS: Windows XP, Vista	Hello, Normally this, http://www.geekstogo.com/forum/Must-Read-B...-Log-t2852.html, helps remove all my infections but this time I am not so lucky. I'm working on a family member's PC and it is hosed pretty badly. The taskbar is gone, IE closes immediately upon opening, the RPC server is unavailable, I can't see any of the services, I can't get an IP address, I can't even install some programs because the Windows Installer Service isn't running, I get an svchost.exe error message as well. I cannot install malwarebytes as I get the following error: CODE Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid.ocx. Your version of vbalsgrid.ocx may be outdated. Make sure you are using the version of the control that was provided with you application. I followed this post on another forum as an alternative: http://www.bleepingcomputer.com/forums/ind...st&p=934959 I removed several infections by using the guide above, but I'm still having problems. Here is the HiJack This log: CODE Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:24:24 PM, on 9/23/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Verizon\McciTrayApp.exe C:\WINDOWS\System\CmFlywav.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe C:\PROGRA~1\Webshots\webshots.scr C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - Default URLSearchHook is missing O2 - BHO: (no name) - rsion - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware337\bin\Starware337.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Starware Recipe Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware337\bin\Starware337.dll (file missing) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe O4 - HKLM\..\Run: [Linksys WMB54G Utility] C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe -R O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-2940483051-2440339291-2269828823-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2940483051-2440339291-2269828823-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?') O4 - S-1-5-21-2940483051-2440339291-2269828823-1006 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User '?') O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: moffice.lnk = C:\WINDOWS\system\sgcxcxxaspf080823.exe O4 - Global Startup: Personal Coach.lnk = ? O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab O16 - DPF: {601B418B-E6A6-47FC-A094-07248741CEB3} (Camtronics Medical Systems Web Viewer) - file://D:\vwr_data\WebVwr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142393051781 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218148378062 O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe O23 - Service: 6to4 - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: afisicx Event propagation service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe (file missing) O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Wired AutoConfig (Dot3svc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Extensible Authentication Protocol Service (EapHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Health Key and Certificate Management Service (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Ias - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Iprip - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing) O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: IPSE Service (Messanger) - Unknown owner - c:\windows\svchost.exe (file missing) O23 - Service: Messenger - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: MHN - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Network Access Protection Agent (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: nobicyt Service (nobicyt) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing) O23 - Service: noxtcyr Portable Media Serial Service (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing) O23 - Service: roxtctm Corporation (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe (file missing) O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing) O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing) O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Time (w32time) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Windows Media Optimizer (WMOptimizer) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: wsldoekd Co. Ltd. (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe (file missing) O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe -- End of file - 19344 bytes Here is the uninstall list: CODE ABBYY FineReader 6.0 Sprint Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Reader 8.1.2 AnswerWorks 4.0 Runtime - English AOLIcon Bejeweled 2 Deluxe Canon Camera Access Library Canon Camera Support Core Library Canon G.726 WMP-Decoder Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon Utilities CameraWindow Canon Utilities CameraWindow DC Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities MyCamera DC Canon Utilities PhotoStitch Canon Utilities RemoteCapture DC Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility C-Media Wi-Sonic Wireless Audio Driver Conexant D850 56K V.9x DFVc Modem Corel Paint Shop Pro X Corel Photo Album 6 Coupon Printer for Windows Creative MediaSource Dell CinePlayer Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Photo AIO Printer 964 Dell Support 3.1 Digital Content Portal Digital Line Detect EducateU ELIcon ERUNT 1.1j ESPNMotion Google Google Earth Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB952287) Intel Matrix Storage Manager Intel(R) PRO Network Connections Drivers Intel(R) PROSet for Wired Connections Intel(R) Quick Resume Technology Drivers Intel(R) Quick Resume Technology Drivers Intel® Viiv™ IntelliMover J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Java(TM) SE Runtime Environment 6 Update 1 Learn2 Player (Uninstall Only) Linksys Wireless-G Music Bridge Mavis Beacon Teaches Typing 15 McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft User-Mode Driver Framework Feature Pack 1.0 Modem Helper MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Musicmatch for Windows Media Player Musicmatch® Jukebox NetWaiting NVIDIA Drivers Otto PlayLinc Print to Fax Qualxserve Service Agreement QuickTime RealPlayer Basic Roxio DLA Roxio Express Labeler Roxio MyDVD Plus Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Sonic Activation Module Sonic Encoders Sonic Update Manager Sound Blaster X-Fi Starware Recipe Toolbar TurboTax Deluxe 2005 TurboTax Deluxe 2007 TurboTax Deluxe Deduction Maximizer 2006 TurboTax ItsDeductible 2005 TurboTax ItsDeductible 2006 Unlocker 1.8.5 Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update Rollup 2 for Windows XP Media Center Edition 2005 URL Assistant Verizon Online Help and Support Verizon Servicepoint 1.3.21 Virtools 3D Life Player WebCyberCoach 3.2 Dell WebIQ Client Software Webshots Desktop WexTech AnswerWorks Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix - KB895316 Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] Windows Vista Upgrade Advisor Windows XP Media Center Edition 2005 KB908246 Windows XP Service Pack 3

fenzodahl512 View Member Profile	Sep 30 2008, 09:47 PM Post #2
Trusted Helper Posts: 4,446 OS: Windows XP	Hello, my name is fenzodahl512 and welcome to Geekstogo... Please post the logs as it is.. Don't use code or quote tags.. It will be much easier for my eyes.. Lets do this... Please download SDFix by Andy Manchesta and save it to your desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please reboot into Safe Mode In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions. *NEXT* Please visit below webpage for instructions for downloading and running ComboFix. Make sure you download and save ComboFix DIRECTLY to your Desktop http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given.. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log. Please post these logs in your next reply.. Please post each log in separate post.. 1. SDFix 2. ComboFix 3. A fresh HijackThis log (after ComboFix step) Regards fenzodahl512

pyroman1 View Member Profile	Oct 1 2008, 07:39 AM Post #3
Member Posts: 17 OS: Windows XP, Vista	SDFix: Version 1.230 Run by Administrator on Wed 10/01/2008 at 08:13 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Name : macidwe nobicyt perfs routing sobicyt tdxdowkc Path : C:\WINDOWS\system32\macidwe.exe C:\WINDOWS\system32\Nobicyt.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\sobicyt.exe C:\WINDOWS\system32\tdxdowkc.exe macidwe - Deleted nobicyt - Deleted perfs - Deleted routing - Deleted sobicyt - Deleted tdxdowkc - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\atsxyzd.sys - Deleted C:\WINDOWS\system32\comsa32.sys - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-01 08:26:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe::Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe::Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe::Enabled:AOL" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE::Enabled:Internet Explorer" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe::Enabled:Blizzard Downloader" "C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe::Enabled:Blizzard Downloader" "C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax" "C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe::Enabled:Yahoo! FT Server" "D:\\Setup.exe"="D:\\Setup.exe::Enabled:Setup" "E:\\Setup.exe"="E:\\Setup.exe::Enabled:Setup" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe::Enabled:Windows Messenger" "C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax" "C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager" "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe::Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe::Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe::Enabled:IncrediMail" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe::Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe::Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe::Enabled:AOL" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" Remaining Files* : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 1 Feb 2000 40,960 ..SHR --- "C:\WINDOWS\system32\Karna2Drv.dll" Tue 1 Feb 2000 40,960 ..SHR --- "C:\WINDOWS\system32\Karna3Drv.dll" Tue 1 Feb 2000 40,960 ..SHR --- "C:\WINDOWS\system32\Karna4Drv.dll" Tue 1 Feb 2000 40,960 ..SHR --- "C:\WINDOWS\system32\Karna5Drv.dll" Tue 1 Feb 2000 40,960 ..SHR --- "C:\WINDOWS\system32\Karna6Drv.dll" Tue 1 Feb 2000 40,960 ..SHR --- "C:\WINDOWS\system32\KarnaDrv.dll" Mon 23 Jun 2008 1,682 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Tue 16 Aug 2005 10,752 A.SH. --- "C:\WINDOWS\system32\Proxy.dll" Wed 2 Feb 2000 103,424 ..SHR --- "C:\WINDOWS\system32\waoptimizer.dll" Mon 25 Aug 2008 14,848 A..H. --- "C:\WINDOWS\system32\zordisa.dll" Fri 16 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 1 Oct 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak" Thu 15 Aug 2002 266,240 A..H. --- "C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\Mavis Beacon Teaches Typing.exe" Mon 25 Aug 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak" Mon 25 Aug 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak" Sat 23 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Fri 10 Mar 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp" Fri 10 Mar 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp" Fri 10 Mar 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp" Tue 14 Mar 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp" Finished! This post has been edited by pyroman1: Oct 1 2008, 07:39 AM

pyroman1

Oct 1 2008, 07:40 AM

Post #4

Member

Posts: 17
OS: Windows XP, Vista

ComboFix 08-09-30.03 - Mickey Gill 2008-10-01 9:00:00.1 - NTFSx86
Running from: C:\Documents and Settings\Mickey Gill\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware337
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\723_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\723_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\726_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Dating0.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Free_Credit_Score0.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware337\buttons\Ringtones0.bmp
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware337\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware337\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Configurator\Configurator.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Configurator\Configurator.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Dating\DatingOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Dating\DatingOptions.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Free_Credit_Score\Free_Credit_ScoreOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Manager\ManagerOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Recipe_RSS\Recipe_RSSOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Recipe_RSS\Recipe_RSSOptions.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Reference\ReferenceOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Ringtones\RingtonesOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Ringtones\RingtonesOptions.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Search_Recipes\Search_RecipesOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Search_Recipes\Search_RecipesOptions.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Charlene Gill\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Configurator\Configurator.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Configurator\Configurator.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Dating\DatingOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Dating\DatingOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Free_Credit_Score\Free_Credit_ScoreOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Manager\ManagerOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Recipe_RSS\Recipe_RSSOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Recipe_RSS\Recipe_RSSOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Reference\ReferenceOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Ringtones\RingtonesOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Ringtones\RingtonesOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Search_Recipes\Search_RecipesOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Search_Recipes\Search_RecipesOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Mickey Gill\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup
C:\Program Files\delfin
C:\Program Files\delfin\PromulGate\Description.txt
C:\Program Files\delfin\PromulGate\License.txt
C:\Program Files\delfin\PromulGate\preference.dat
C:\Program Files\delfin\PromulGate\uninstal.log
C:\Program Files\delfin\PromulGate\user.html
C:\Program Files\MyWay
C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP
C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT
C:\Program Files\MyWay\myBar\Cache\003D8AF4.bmp
C:\Program Files\MyWay\myBar\Cache\003D8FCD.bmp
C:\Program Files\MyWay\myBar\Cache\003D9270.bmp
C:\Program Files\MyWay\myBar\Cache\00778C37.bin
C:\Program Files\MyWay\myBar\Cache\00778ECA.bin
C:\Program Files\MyWay\myBar\Cache\00779230.bin
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\Starware337
C:\Program Files\Starware337\brand.bmp
C:\Program Files\Starware337\icons\star_16.ico
C:\Program Files\Starware337\Starware337Config.xml
C:\WINDOWS\dcbdcatys32_080816a.dll
C:\WINDOWS\dcbdcatys32_080823a.dll
C:\WINDOWS\Install.txt
C:\WINDOWS\system32\fhattach.dll
C:\WINDOWS\system32\fhpatch.dll
C:\WINDOWS\system32\inf\scsys16_080823.dll
C:\WINDOWS\system32\inf\sppdcrs080823.scr
C:\WINDOWS\system32\inf\svchoct.exe
C:\WINDOWS\system32\inf\svchosd.exe
C:\WINDOWS\system32\Install.txt
C:\WINDOWS\system32\IPHACTION.dll
C:\WINDOWS\system32\iphy.dll
C:\WINDOWS\system32\IpSvchostF.dll
C:\WINDOWS\system32\KarnaDrv.dll
C:\WINDOWS\system32\mywfhit.ini
C:\WINDOWS\system32\mywfhit.ini.tmp
C:\WINDOWS\system32\oduxftw.sys
C:\WINDOWS\system32\Proxy.dll
C:\WINDOWS\system32\riphy.dll
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\syspilog.pil
C:\WINDOWS\system32\tmpacj0.exe
C:\WINDOWS\system32\zordisa.dll
C:\WINDOWS\tawisys.ini

Infected copy of C:\WINDOWS\system32\svchost.exe was found & disinfected
Restored copy from - C:\WINDOWS\ServicePackFiles\i386\svchost.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_AFINDING
-------\Legacy_AFISICX
-------\Legacy_IAS
-------\Legacy_IPRIP
-------\Legacy_MESSANGER
-------\Legacy_NOXTCYR
-------\Legacy_ROXTCTM
-------\Legacy_SEICTRL
-------\Legacy_WSERVING
-------\Legacy_WSLDOEKD
-------\Service_6to4
-------\Service_afisicx
-------\Service_Ias
-------\Service_Iprip
-------\Service_Messanger
-------\Service_noxtcyr
-------\Service_roxtctm
-------\Service_seictrl
-------\Service_wsldoekd

((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.

2008-10-01 09:02 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-10-01 08:12 . 2008-10-01 08:12 578,560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-10-01 08:11 . 2008-10-01 08:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-01 08:09 . 2008-10-01 08:29 <DIR> d-------- C:\SDFix
2008-09-23 08:49 . 2008-09-23 08:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-22 17:02 . 2008-09-22 17:02 <DIR> d-------- C:\Documents and Settings\Mickey Gill\DoctorWeb
2008-09-22 16:23 . 2008-09-22 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-09-07 13:52 . 2008-09-07 13:52 <DIR> d-------- C:\Files & Settings
2008-09-07 13:30 . 2008-09-07 13:30 <DIR> d-------- C:\Program Files\ERUNT
2008-09-01 16:15 . 2008-09-01 16:15 <DIR> d-------- C:\Documents and Settings\Charlene Gill\Application Data\SiteAdvisor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 13:12 36,774 ----a-w C:\WINDOWS\Prefetch\MMDIAG.EXE
2008-09-23 15:46 --------- d-----w C:\Program Files\Trend Micro
2008-09-19 16:03 --------- d-----w C:\Program Files\Dl_cats
2008-08-26 01:20 --------- d-----w C:\Program Files\McAfee
2008-08-26 01:18 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-08-26 01:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-26 01:11 --------- d-----w C:\Program Files\SiteAdvisor
2008-08-26 01:11 --------- d-----w C:\Documents and Settings\Mickey Gill\Application Data\SiteAdvisor
2008-08-26 01:11 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-08-26 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-26 01:09 --------- d-----w C:\Program Files\McAfee.com
2008-08-26 01:09 --------- d-----w C:\Program Files\Common Files\McAfee
2008-08-07 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-05 21:50 --------- d-----w C:\Program Files\Java
2007-06-12 22:01 439,296 -c--a-w C:\Documents and Settings\Mickey Gill\GoToAssist_phone__320_en.exe
2000-02-02 00:01 40,960 --sh--r C:\WINDOWS\system32\Karna2Drv.dll
2000-02-02 00:01 40,960 --sh--r C:\WINDOWS\system32\Karna3Drv.dll
2000-02-02 00:01 40,960 --sh--r C:\WINDOWS\system32\Karna4Drv.dll
2000-02-02 00:01 40,960 --sh--r C:\WINDOWS\system32\Karna5Drv.dll
2000-02-02 00:01 40,960 --sh--r C:\WINDOWS\system32\Karna6Drv.dll
2008-06-23 23:40 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2000-02-02 22:49 103,424 --sh--r C:\WINDOWS\system32\waoptimizer.dll
2000-02-02 19:28 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012000020220000203\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-09 7110656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-10 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-10 98304]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192]
"dlcjmon.exe"="C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-09-30 430080]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 286720]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 1880064]
"CmFlywaveName"="C:\WINDOWS\System\CmFlywav.exe" [2005-10-05 32768]
"Linksys WMB54G Utility"="C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe" [2005-11-23 1167360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"DLCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"CTHelper"="CTHELPER.EXE" [2005-09-20 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 C:\WINDOWS\system32\CTXFIHLP.EXE]

C:\Documents and Settings\Mickey Gill\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 45056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-03-10 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Setup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R3 Angel;Angel MPEG Device;C:\WINDOWS\system32\DRIVERS\Angel.sys [2005-02-25 375936]
R3 cmvad;C-Media Wi-Sonic Wireless Audio Interface;C:\WINDOWS\system32\drivers\cmudaxv.sys [2005-09-26 1351360]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-09-20 1093632]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-10-25 17664]
S2 WMOptimizer;Windows Media Optimizer;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2005-06-10 15576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
wmosvr REG_MULTI_SZ WMOptimizer
waosvr REG_MULTI_SZ WAOptimizer

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - MFERKDK
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-tgcmd - C:\Program Files&#