choob
2007-10-11, 02:21
ive spent the last 5 hours of my life reading other people's threads, but i cant seem to understand/relate that much to them, probably due to the file names. ill start off with hjt:
Logfile of HijackThis v1.99.1
Scan saved at 8:15:25 PM, on 10/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\Brmfrmps.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Mixer.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\noname\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.187.95.190 :80
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC1287] cmd /c del "C:\WINNT\system32\ikiwwkvy.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.bnn.ca
O15 - Trusted Zone: http://www.ctv.ca
O15 - Trusted Zone: http://www.ctvdigital.com
O15 - Trusted Zone: http://www.robtv.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINNT\SYSTEM32\VundoFixSVC.exe
thx
also some random stuff i dont know if its important:
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-10-10 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-10-10 Includes\Cookies.sbi
2007-07-25 Includes\Dialer.sbi
2007-10-10 Includes\DialerC.sbi
2007-08-29 Includes\Hijackers.sbi
2007-10-10 Includes\HijackersC.sbi
2007-10-04 Includes\Keyloggers.sbi
2007-10-10 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-10-04 Includes\Malware.sbi
2007-10-10 Includes\MalwareC.sbi
2007-09-05 Includes\PUPS.sbi
2007-10-10 Includes\PUPSC.sbi
2007-10-10 Includes\Revision.sbi
2007-05-30 Includes\Security.sbi
2007-10-10 Includes\SecurityC.sbi
2007-10-10 Includes\Spybots.sbi
2007-10-10 Includes\SpybotsC.sbi
2007-08-21 Includes\Tracks.uti
2007-10-04 Includes\Trojans.sbi
2007-10-10 Includes\TrojansC.sbi
2008-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 54296
MD5: ACE91F1DB4E08FA62C758ADF2390C07E
Located: HK_LM:Run, ccRegVfy
command: "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
size: 58392
MD5: 8AB27947C7C2B3388F15CE7C3D595050
Located: HK_LM:Run, C-Media Mixer
command: Mixer.exe /startup
file: C:\WINNT\Mixer.exe
size: 1818624
MD5: F83709D0BACBA84D297183825F089D98
Located: HK_LM:Run, ControlCenter2.0
command: C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
file: C:\Program Files\Brother\ControlCenter2\brctrcen.exe
size: 851968
MD5: 7C280EBDF43724636289D50CF26F2AB0
Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: B787D9A60FEE9C3732C2E2D4571BB716
Located: HK_LM:Run, MMTray
command: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
file: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
size: 90112
MD5: 291E6F902C4528671D3018B6AA45A662
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINNT\system32\nwiz.exe
size: 1519616
MD5: 0033CE6494554E47514D3487C9A8F93D
Located: HK_LM:Run, SCDEmuApp.exe
command: C:\Program Files\PowerISO\SCDEmuApp.exe
file: C:\Program Files\PowerISO\SCDEmuApp.exe
size: 167936
MD5: 19C891540B6D72DB8A1C0853AD168F63
Located: HK_LM:Run, SetDefPrt
command: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
file: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
size: 49152
MD5: 129B277C10339EFE2907834E9295D16D
Located: HK_LM:Run, SetDefPrt
command: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
file: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
size: 49152
MD5: 129B277C10339EFE2907834E9295D16D
Located: HK_LM:Run, SSC_UserPrompt
command: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
file: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
size: 218240
MD5: B96C81BE7B8D11710496787E5859D768
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0\bin\jusched.exe
size: 77824
MD5: AB74AA8DEFC1CA82759788A55B673629
Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: F9418981EE4D7E995D359833ADAB59D5
Located: HK_LM:Run, Synchronization Manager
command: mobsync.exe /logon
file: C:\WINNT\system32\mobsync.exe
size: 111376
MD5: 9B2F5B9E745DEAAA57FB78329ED03061
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: DADB538F51007D5EA5FA1EE553183F80
Located: HK_LM:Run, zBrowser Launcher
command: C:\Program Files\Logitech\iTouch\iTouch.exe
file: C:\Program Files\Logitech\iTouch\iTouch.exe
size: 631362
MD5: 535DEFD797D14DBC6EDC4D746DC23D41
Located: HK_LM:Run, Zone Labs Client
command: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 755472
MD5: E85C5DC2659F562C496E839649AA7200
Located: HK_LM:RunOnce, SpybotDeletingC1287
command: cmd /c del "C:\WINNT\system32\ikiwwkvy.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC1287 (DISABLED)
command: cmd /c del "C:\WINNT\system32\ikiwwkvy.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, ^SetupICWDesktop
where: .DEFAULT...
command: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
file: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
size: 186640
MD5: 76D94AF73FB4C5361239782170592C4E
Located: HK_CU:Run, MessengerPlus3
where: S-1-5-21-842925246-1844823847-682003330-1000...
command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: B787D9A60FEE9C3732C2E2D4571BB716
Located: HK_CU:Run, msnmsgr
where: S-1-5-21-842925246-1844823847-682003330-1000...
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 6856704
MD5: 4083F6AE131D51734A85BDF815442826
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-842925246-1844823847-682003330-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
Located: HK_CU:Run, Steam
where: S-1-5-21-842925246-1844823847-682003330-1000...
command: "c:\program files\valve\steam\steam.exe" -silent
file: c:\program files\valve\steam\steam.exe
size: 1271032
MD5: 6A67C2CAA52F9254654E7498E22FC9D3
Located: HK_CU:Run, swg
where: S-1-5-21-842925246-1844823847-682003330-1000...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
Located: Startup (common), Logitech SetPoint.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 532480
MD5: A11F37C1A8CEDB1720983AF36C0C4A55
Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 03B86223007B96D3657F9FA0B1EEC94C
Located: Startup (user), Adobe Gamma.lnk
where: C:\Documents and Settings\noname\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, tuvsrrs
command: tuvsrrs.dll
file: tuvsrrs.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, winrzf32
command: winrzf32.dll
file: winrzf32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wzcnotif
command: wzcdlg.dll
file: wzcdlg.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, yayawuv
command: yayawuv.dll
file: yayawuv.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Please notice the winlogon and "spybot deleting"
thank you very much
Logfile of HijackThis v1.99.1
Scan saved at 8:15:25 PM, on 10/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\Brmfrmps.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Mixer.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\noname\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.187.95.190 :80
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingC1287] cmd /c del "C:\WINNT\system32\ikiwwkvy.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.bnn.ca
O15 - Trusted Zone: http://www.ctv.ca
O15 - Trusted Zone: http://www.ctvdigital.com
O15 - Trusted Zone: http://www.robtv.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINNT\SYSTEM32\VundoFixSVC.exe
thx
also some random stuff i dont know if its important:
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-10-10 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-10-10 Includes\Cookies.sbi
2007-07-25 Includes\Dialer.sbi
2007-10-10 Includes\DialerC.sbi
2007-08-29 Includes\Hijackers.sbi
2007-10-10 Includes\HijackersC.sbi
2007-10-04 Includes\Keyloggers.sbi
2007-10-10 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-10-04 Includes\Malware.sbi
2007-10-10 Includes\MalwareC.sbi
2007-09-05 Includes\PUPS.sbi
2007-10-10 Includes\PUPSC.sbi
2007-10-10 Includes\Revision.sbi
2007-05-30 Includes\Security.sbi
2007-10-10 Includes\SecurityC.sbi
2007-10-10 Includes\Spybots.sbi
2007-10-10 Includes\SpybotsC.sbi
2007-08-21 Includes\Tracks.uti
2007-10-04 Includes\Trojans.sbi
2007-10-10 Includes\TrojansC.sbi
2008-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 54296
MD5: ACE91F1DB4E08FA62C758ADF2390C07E
Located: HK_LM:Run, ccRegVfy
command: "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
size: 58392
MD5: 8AB27947C7C2B3388F15CE7C3D595050
Located: HK_LM:Run, C-Media Mixer
command: Mixer.exe /startup
file: C:\WINNT\Mixer.exe
size: 1818624
MD5: F83709D0BACBA84D297183825F089D98
Located: HK_LM:Run, ControlCenter2.0
command: C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
file: C:\Program Files\Brother\ControlCenter2\brctrcen.exe
size: 851968
MD5: 7C280EBDF43724636289D50CF26F2AB0
Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: B787D9A60FEE9C3732C2E2D4571BB716
Located: HK_LM:Run, MMTray
command: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
file: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
size: 90112
MD5: 291E6F902C4528671D3018B6AA45A662
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINNT\system32\nwiz.exe
size: 1519616
MD5: 0033CE6494554E47514D3487C9A8F93D
Located: HK_LM:Run, SCDEmuApp.exe
command: C:\Program Files\PowerISO\SCDEmuApp.exe
file: C:\Program Files\PowerISO\SCDEmuApp.exe
size: 167936
MD5: 19C891540B6D72DB8A1C0853AD168F63
Located: HK_LM:Run, SetDefPrt
command: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
file: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
size: 49152
MD5: 129B277C10339EFE2907834E9295D16D
Located: HK_LM:Run, SetDefPrt
command: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
file: C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
size: 49152
MD5: 129B277C10339EFE2907834E9295D16D
Located: HK_LM:Run, SSC_UserPrompt
command: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
file: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
size: 218240
MD5: B96C81BE7B8D11710496787E5859D768
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0\bin\jusched.exe
size: 77824
MD5: AB74AA8DEFC1CA82759788A55B673629
Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: F9418981EE4D7E995D359833ADAB59D5
Located: HK_LM:Run, Synchronization Manager
command: mobsync.exe /logon
file: C:\WINNT\system32\mobsync.exe
size: 111376
MD5: 9B2F5B9E745DEAAA57FB78329ED03061
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: DADB538F51007D5EA5FA1EE553183F80
Located: HK_LM:Run, zBrowser Launcher
command: C:\Program Files\Logitech\iTouch\iTouch.exe
file: C:\Program Files\Logitech\iTouch\iTouch.exe
size: 631362
MD5: 535DEFD797D14DBC6EDC4D746DC23D41
Located: HK_LM:Run, Zone Labs Client
command: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 755472
MD5: E85C5DC2659F562C496E839649AA7200
Located: HK_LM:RunOnce, SpybotDeletingC1287
command: cmd /c del "C:\WINNT\system32\ikiwwkvy.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC1287 (DISABLED)
command: cmd /c del "C:\WINNT\system32\ikiwwkvy.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, ^SetupICWDesktop
where: .DEFAULT...
command: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
file: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
size: 186640
MD5: 76D94AF73FB4C5361239782170592C4E
Located: HK_CU:Run, MessengerPlus3
where: S-1-5-21-842925246-1844823847-682003330-1000...
command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: B787D9A60FEE9C3732C2E2D4571BB716
Located: HK_CU:Run, msnmsgr
where: S-1-5-21-842925246-1844823847-682003330-1000...
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 6856704
MD5: 4083F6AE131D51734A85BDF815442826
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-842925246-1844823847-682003330-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
Located: HK_CU:Run, Steam
where: S-1-5-21-842925246-1844823847-682003330-1000...
command: "c:\program files\valve\steam\steam.exe" -silent
file: c:\program files\valve\steam\steam.exe
size: 1271032
MD5: 6A67C2CAA52F9254654E7498E22FC9D3
Located: HK_CU:Run, swg
where: S-1-5-21-842925246-1844823847-682003330-1000...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
Located: Startup (common), Logitech SetPoint.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 532480
MD5: A11F37C1A8CEDB1720983AF36C0C4A55
Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 03B86223007B96D3657F9FA0B1EEC94C
Located: Startup (user), Adobe Gamma.lnk
where: C:\Documents and Settings\noname\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, tuvsrrs
command: tuvsrrs.dll
file: tuvsrrs.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, winrzf32
command: winrzf32.dll
file: winrzf32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wzcnotif
command: wzcdlg.dll
file: wzcdlg.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, yayawuv
command: yayawuv.dll
file: yayawuv.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Please notice the winlogon and "spybot deleting"
thank you very much