[smplynik]

Hi,

I'm having a problem accessing my hard drive. I have used Malwarebytes and removed all of the infections that they've found. I've also run ATF cleaner and restarted my computer a number of times. After the final restart I ran Malwarebytes again and it found no infections but I'm still getting the error message 'Windows cannot find resycled\boot.com'. Any help would be greatly appreciated, I have included my hijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:44 PM, on 12/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Hawking\Common\RaUI.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F1 - win.ini: run=C:\WINNT\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vtm_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...tzip/RdxIE2.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_0_2_1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 9684 bytes

[Advertisements]

Welcome to GTG.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

F1 - win.ini: run=C:\WINNT\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

[greyknight17]

Welcome to GTG.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

F1 - win.ini: run=C:\WINNT\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

[smplynik]

Thanks alot for your help, here is the ComboFix log


ComboFix 08-12-28.01 - Owner 2008-12-28 17:50:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.886 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\program files\INSTALL.LOG
C:\setup.exe
c:\winnt\system\oeminfo.ini
c:\winnt\system32\1656_up.exe
c:\winnt\system32\301_up.exe
c:\winnt\system32\3474_up.exe
c:\winnt\system32\mdm.exe
c:\winnt\winhelp.ini
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2008-12-24 10:31 . 2008-12-24 10:33 <DIR> d-------- c:\program files\iTunes
2008-12-24 10:31 . 2008-12-24 10:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-21 00:58 . 2008-12-21 00:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-21 00:57 . 2008-12-21 00:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-21 00:57 . 2008-12-21 00:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-21 00:57 . 2008-12-03 19:52 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2008-12-21 00:57 . 2008-12-03 19:52 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2008-12-21 00:14 . 2008-12-21 00:14 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-21 00:13 . 2008-12-21 04:28 <DIR> d-------- c:\program files\McAfee
2008-12-20 23:52 . 2008-12-20 23:49 410,984 --a------ c:\winnt\system32\deploytk.dll
2008-12-19 05:55 . 2008-12-19 06:36 <DIR> d-------- c:\winnt\system32\CatRoot_bak
2008-12-18 20:56 . 2008-12-18 20:56 <DIR> d-------- c:\documents and settings\Owner\Application Data\MailFrontier
2008-12-18 20:08 . 2008-10-09 14:25 1,221,008 --a------ c:\winnt\system32\zpeng25.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 22:42 254,931,744 --sha-w c:\winnt\system32\drivers\fidbox.dat
2008-12-27 03:15 3,239,636 --sha-w c:\winnt\system32\drivers\fidbox.idx
2008-12-26 15:00 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2008-12-24 15:32 --------- d-----w c:\program files\iPod
2008-12-24 15:32 --------- d-----w c:\program files\Common Files\Apple
2008-12-24 15:23 --------- d-----w c:\program files\QuickTime
2008-12-24 05:36 581,632 ----a-w c:\winnt\Internet Logs\xDB1C.tmp
2008-12-24 00:48 --------- d-----w c:\program files\YSIGet
2008-12-24 00:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 21:20 56,438 ----a-w c:\winnt\Internet Logs\zlclient_2nd_2008_12_23_16_20_08_small.dmp.zip
2008-12-23 19:50 4,177,355 -c--a-w c:\winnt\Internet Logs\tvDebug.zip
2008-12-22 07:44 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2008-12-21 22:12 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-21 09:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-21 09:26 289,280 ----a-w c:\winnt\Internet Logs\xDB1B.tmp
2008-12-21 05:14 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-21 04:49 --------- d-----w c:\program files\Java
2008-12-21 03:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-21 01:12 413,184 ----a-w c:\winnt\Internet Logs\xDB19.tmp
2008-12-21 01:12 1,880,064 ----a-w c:\winnt\Internet Logs\xDB1A.tmp
2008-12-18 17:09 348,672 ----a-w c:\winnt\Internet Logs\xDB17.tmp
2008-12-18 17:09 1,767,936 ----a-w c:\winnt\Internet Logs\xDB18.tmp
2008-12-14 05:43 853,504 ----a-w c:\winnt\Internet Logs\xDB16.tmp
2008-11-20 17:35 20,747 ----a-w c:\winnt\system32\drivers\AegisP.sys
2008-11-20 17:35 --------- d-----w c:\program files\Hawking
2008-11-20 17:19 1,073,664 ----a-w c:\winnt\Internet Logs\xDB15.tmp
2008-10-23 13:01 283,648 ----a-w c:\winnt\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\winnt\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\winnt\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\winnt\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\winnt\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\winnt\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\winnt\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\winnt\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\winnt\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\winnt\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\winnt\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\winnt\system32\muweb.dll
2008-10-09 19:25 73,104 ----a-w c:\winnt\zllsputility.exe
2008-10-08 04:43 166,912 ----a-w c:\winnt\Internet Logs\xDB14.tmp
2008-10-03 10:15 247,326 ----a-w c:\winnt\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\winnt\system32\msxml4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2004-03-12 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"MSConfig"="c:\winnt\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 c:\winnt\GWMDMMSG.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Hawking Wireless Utility.lnk - c:\program files\Hawking\Common\RaUI.exe [2008-11-20 638976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I263"= i263_32.drv
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\winnt\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\winnt\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=c:\winnt\pss\Lotus QuickStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\winnt\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Motorola Wireless USB Adapter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Motorola Wireless USB Adapter.lnk
backup=c:\winnt\pss\Motorola Wireless USB Adapter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Lotus SmartSuite 97 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Lotus SmartSuite 97 Registration.lnk
backup=c:\winnt\pss\Lotus SmartSuite 97 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\winnt\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\winnt\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a--c--- 2004-06-03 11:05 684032 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a--c--- 2005-08-05 15:08 67160 c:\program files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a--c--- 2006-11-07 10:29 50736 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 20:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a--c--- 2002-10-07 00:23 90112 c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 c:\winnt\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--a--c--- 2001-10-04 01:00 28672 c:\program files\Creative\SBAudigy\Program\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
--a--c--- 2002-10-14 15:09 57344 c:\program files\Lexmark X74-X75\lxbbbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a--c--- 2002-12-10 17:32 155648 c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a--c--- 2002-12-10 17:31 61440 c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 16:54 127022 c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a--c--- 2002-04-17 10:42 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a--c--- 2004-05-21 13:59 87184 c:\progra~1\Symantec\LIVEUP~1\SNDMon.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2006-02-01 17:22 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a--c--- 2000-05-11 01:00 90112 c:\winnt\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2004-03-12 08:23 159744 c:\program files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-11-05 21:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a--c--- 2002-07-02 17:56 24576 c:\winnt\system32\cthelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot Key Kbd 9910 Daemon]
--a--c--- 2001-01-03 14:50 66048 c:\winnt\system32\SK9910DM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra--c--- 2002-07-16 12:16 372736 c:\winnt\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gateway\\SRCD\\GWDL.EXE"=
"c:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\PC-Doctor for Windows\\Pcdrw32.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINNT\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\allfours.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\SAS\\SAS 9.1\\sas.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\winnt\system32\drivers\wf2kvcap.sys [2004-08-28 75829]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-12-21 206096]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\winnt\system32\drivers\wf2ktunr.sys [2004-08-28 33959]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\winnt\system32\drivers\wf2kxbar.sys [2004-08-28 10005]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2006-05-22 9510]
S3 iscFlash;iscFlash;\??\c:\winnt\SYSTEM32\DRIVERS\iscflash.sys []
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys []
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;c:\winnt\system32\DRIVERS\wind502u.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\winnt\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - resycled\boot.com c:

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-28 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-28 c:\winnt\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 08:04]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-AVG7_EMC - c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
MSConfigStartUp-Keyboard Preload Check - c:\oemdrvrs\KEYB\Preload.exe
MSConfigStartUp-McAfeeUpdaterUI - c:\program files\Network Associates\Common Framework\UpdaterUI.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-Network Associates Error Reporting Service - c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe
MSConfigStartUp-ShStatEXE - c:\program files\Network Associates\VirusScan\SHSTAT.EXE
MSConfigStartUp-SpyKiller - c:\program files\SpyKiller\spykiller.exe
MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\winnt\Downloaded Program Files\ppctl.dll - O16 -: ppctlcab
hxxp://www.pestscan.com/scanner/ppctlcab.cab
c:\winnt\Downloaded Program Files\OSD406.OSD
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\8slveo54.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 17:54:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-12-28 17:58:27
ComboFix-quarantined-files.txt 2008-12-28 22:57:08

Pre-Run: 3,303,051,264 bytes free
Post-Run: 3,280,461,824 bytes free

276 --- E O F --- 2008-12-21 03:08:35

[greyknight17]

Download the Flash Disinfector at http://www.techsuppo...Disinfector.exe and save it to your desktop. Double-click on it to run it and follow the on-screen instructions. Make sure you plug in any of your USB drives that were used recently as they may be infected.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Driver::
iscFlash
PCDRDRV
wind502u

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Do you still get that error at startup now?

[smplynik]

Hi,

I can access my hard drive now with no resycled error popping up. Here is the latest log.


ComboFix 08-12-28.01 - Owner 2008-12-28 20:27:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.731 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISCFLASH
-------\Service_iscFlash
-------\Service_PCDRDRV
-------\Service_wind502u


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.

2008-12-24 10:31 . 2008-12-24 10:33 <DIR> d-------- c:\program files\iTunes
2008-12-24 10:31 . 2008-12-24 10:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-21 00:58 . 2008-12-21 00:58 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-21 00:57 . 2008-12-21 00:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-21 00:57 . 2008-12-21 00:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-21 00:57 . 2008-12-03 19:52 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2008-12-21 00:57 . 2008-12-03 19:52 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2008-12-21 00:14 . 2008-12-21 00:14 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-21 00:13 . 2008-12-21 04:28 <DIR> d-------- c:\program files\McAfee
2008-12-20 23:52 . 2008-12-20 23:49 410,984 --a------ c:\winnt\system32\deploytk.dll
2008-12-19 05:55 . 2008-12-19 06:36 <DIR> d-------- c:\winnt\system32\CatRoot_bak
2008-12-18 20:56 . 2008-12-18 20:56 <DIR> d-------- c:\documents and settings\Owner\Application Data\MailFrontier
2008-12-18 20:08 . 2008-10-09 14:25 1,221,008 --a------ c:\winnt\system32\zpeng25.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 01:36 3,310,556 --sha-w c:\winnt\system32\drivers\fidbox.idx
2008-12-29 01:36 254,931,744 --sha-w c:\winnt\system32\drivers\fidbox.dat
2008-12-26 15:00 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2008-12-24 15:32 --------- d-----w c:\program files\iPod
2008-12-24 15:32 --------- d-----w c:\program files\Common Files\Apple
2008-12-24 15:23 --------- d-----w c:\program files\QuickTime
2008-12-24 05:36 581,632 ----a-w c:\winnt\Internet Logs\xDB1C.tmp
2008-12-24 00:48 --------- d-----w c:\program files\YSIGet
2008-12-24 00:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 21:20 56,438 ----a-w c:\winnt\Internet Logs\zlclient_2nd_2008_12_23_16_20_08_small.dmp.zip
2008-12-23 19:50 4,177,355 -c--a-w c:\winnt\Internet Logs\tvDebug.zip
2008-12-22 07:44 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2008-12-21 22:12 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-21 09:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-21 09:26 289,280 ----a-w c:\winnt\Internet Logs\xDB1B.tmp
2008-12-21 05:14 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-21 04:49 --------- d-----w c:\program files\Java
2008-12-21 03:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-21 01:12 413,184 ----a-w c:\winnt\Internet Logs\xDB19.tmp
2008-12-21 01:12 1,880,064 ----a-w c:\winnt\Internet Logs\xDB1A.tmp
2008-12-18 17:09 348,672 ----a-w c:\winnt\Internet Logs\xDB17.tmp
2008-12-18 17:09 1,767,936 ----a-w c:\winnt\Internet Logs\xDB18.tmp
2008-12-14 05:43 853,504 ----a-w c:\winnt\Internet Logs\xDB16.tmp
2008-11-20 17:35 20,747 ----a-w c:\winnt\system32\drivers\AegisP.sys
2008-11-20 17:35 --------- d-----w c:\program files\Hawking
2008-11-20 17:19 1,073,664 ----a-w c:\winnt\Internet Logs\xDB15.tmp
2008-10-23 13:01 283,648 ----a-w c:\winnt\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\winnt\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\winnt\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\winnt\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\winnt\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\winnt\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\winnt\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\winnt\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\winnt\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\winnt\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\winnt\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\winnt\system32\muweb.dll
2008-10-09 19:25 73,104 ----a-w c:\winnt\zllsputility.exe
2008-10-08 04:43 166,912 ----a-w c:\winnt\Internet Logs\xDB14.tmp
2008-10-03 10:15 247,326 ----a-w c:\winnt\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\winnt\system32\msxml4.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-28_17.56.15.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\winnt\ERDNT\subs\ERDNT.EXE
- 2008-12-28 17:23:57 4,212 -c-ha-w c:\winnt\system32\zllictbl.dat
+ 2008-12-29 01:12:47 4,212 -c-ha-w c:\winnt\system32\zllictbl.dat
- 2008-12-28 22:48:38 721,432 ----a-w c:\winnt\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-12-29 01:37:52 722,048 ----a-w c:\winnt\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-12-29 01:37:58 16,384 ----atw c:\winnt\Temp\Perflib_Perfdata_7e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2004-03-12 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"MSConfig"="c:\winnt\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 c:\winnt\GWMDMMSG.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Hawking Wireless Utility.lnk - c:\program files\Hawking\Common\RaUI.exe [2008-11-20 638976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I263"= i263_32.drv
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\winnt\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\winnt\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=c:\winnt\pss\Lotus QuickStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\winnt\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Motorola Wireless USB Adapter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Motorola Wireless USB Adapter.lnk
backup=c:\winnt\pss\Motorola Wireless USB Adapter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Lotus SmartSuite 97 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Lotus SmartSuite 97 Registration.lnk
backup=c:\winnt\pss\Lotus SmartSuite 97 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\winnt\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\winnt\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a--c--- 2004-06-03 11:05 684032 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a--c--- 2005-08-05 15:08 67160 c:\program files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a--c--- 2006-11-07 10:29 50736 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 20:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a--c--- 2002-10-07 00:23 90112 c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 c:\winnt\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--a--c--- 2001-10-04 01:00 28672 c:\program files\Creative\SBAudigy\Program\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
--a--c--- 2002-10-14 15:09 57344 c:\program files\Lexmark X74-X75\lxbbbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a--c--- 2002-12-10 17:32 155648 c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a--c--- 2002-12-10 17:31 61440 c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 16:54 127022 c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a--c--- 2002-04-17 10:42 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a--c--- 2004-05-21 13:59 87184 c:\progra~1\Symantec\LIVEUP~1\SNDMon.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2006-02-01 17:22 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a--c--- 2000-05-11 01:00 90112 c:\winnt\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2004-03-12 08:23 159744 c:\program files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-11-05 21:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a--c--- 2002-07-02 17:56 24576 c:\winnt\system32\cthelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot Key Kbd 9910 Daemon]
--a--c--- 2001-01-03 14:50 66048 c:\winnt\system32\SK9910DM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra--c--- 2002-07-16 12:16 372736 c:\winnt\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gateway\\SRCD\\GWDL.EXE"=
"c:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\PC-Doctor for Windows\\Pcdrw32.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINNT\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\allfours.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\SAS\\SAS 9.1\\sas.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\winnt\system32\drivers\wf2kvcap.sys [2004-08-28 75829]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-12-21 206096]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\winnt\system32\drivers\wf2ktunr.sys [2004-08-28 33959]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\winnt\system32\drivers\wf2kxbar.sys [2004-08-28 10005]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2006-05-22 9510]
.
Contents of the 'Scheduled Tasks' folder

2008-12-28 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-29 c:\winnt\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 08:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\winnt\Downloaded Program Files\ppctl.dll - O16 -: ppctlcab
hxxp://www.pestscan.com/scanner/ppctlcab.cab
c:\winnt\Downloaded Program Files\OSD406.OSD
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\8slveo54.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 20:38:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\ZoneLabs\vsmon.exe
c:\winnt\system32\ZoneLabs\avsys\ScanningProcess.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\winnt\system32\LEXBCES.EXE
c:\winnt\system32\LEXPPS.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\system32\nvsvc32.exe
c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
c:\winnt\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-12-28 20:46:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-29 01:46:05
ComboFix2.txt 2008-12-28 22:58:29

Pre-Run: 3,152,916,480 bytes free
Post-Run: 2,945,327,104 bytes free

279 --- E O F --- 2008-12-21 03:08:35

[greyknight17]

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

[smplynik]

I don't have any problems.

Thanks alot for your help

Nik

[greyknight17]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.