View Full Version : Reboots during S&D, Defrag and Anit-virus scans.
I'm a first time poster here so please be patient.
I am having a problem with my desktop PC and reboots that occur during any attempt to defrag or run antivirus scan or deep scans from my spy ware detectors (including of course SS&D 1.4). This only affects scans of one of my partitioned (Via Partition Magic 7.0) drives.
I’ve flailed around at the MS Knowledge Base, Symantec, Spybot S&D sites, with as yet no luck. I’ve tried the Windows Disk Defragmenter and the Norton Speed Disk and AV scan in Safe Mode.
I’m suspecting I have an undetected infection of some sort as I’ve also had IE come up pointing to what I believe is a legitimate Microsoft site, that headlines “Malicious Software Removal Tool has Changed Your Home Page”
Here goes more detail:
System is P4 2.26 with gig of DDR RAM running XP Home (SP2 and all updates applied). It was OEM so I do not have an XP Home Disk (other than one I bought to upgrade an older machine). For what its worth…I run a D-Link 54g router off a cable modem)
I have two physical hard drives (80 gig each). The original Drive was partitioned into three drives with Partition Magic. C primarily for the operating system, F for data and G for most business, personal applications (from A to Z).
I have plenty of stuff installed but operative here I think are:
Norton System Works Premier 2005 (with AV enabled and features like Disk Doctor and Speed Disk).
Lavasoft’s current free Ad-Aware SE Personal Addition Build SR1.06.r1
Spybot S&D 1.04 (with Tea Timer enabled)
Windows Defender Version 1.1.1051.0
Zone Alarm (Current Free Version)
The system reboots only if I attempt to use the defrag, antivirus or any of the spy ware tools drive G (the Apps drive) Norton AV shows my last full system scan at 2-22-06. I have been able to run a Windows Defender Scan without a reboot (or discovery of any problem).
My System appears to run fine in all other respects…its only when I try this critical maintenance that I have the problem. I think I discovered Saturday when Norton System Monitor showed thresholds for Defrag on two of my drives including G) and that I hadn’t run a full system scan since Feb 22nd. This was prompted, as I got ready to install TurboTax on Drive G. Hence the heightened paranoia about spy ware or a system failure while preparing taxes.
P.S. Since drafting this post I've uninstalled Windows Defender...no difference. Also I went in and did AV or spyware scan on each directory on the G Drive and narrowed it down to reboot when entering (by scan or file manager/explorer) a particular subset of an application directory for PageManager (Newsoft).
Can anyone help me with a solution. Thanks in advance. WDMARK
When needed, I can post a hijackthis log, or will just try to in a minute.
Logfile of HijackThis v1.99.1
Scan saved at 6:33:31 PM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://start.ear
thlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.micro
soft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVE
R}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://my.yahoo.com/p/d.html"); (C:\Documents and Settings\VALUE
CUSTOMER\Application
Data\Mozilla\Profiles\default\6jbnmi8x.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins
%5CSBWeb_02.src"); (C:\Documents and Settings\VALUE
CUSTOMER\Application
Data\Mozilla\Profiles\default\6jbnmi8x.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
- C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no
file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
G:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A}
- G:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E}
- (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no
file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} -
C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cache Cleaner] C:\Program Files\Neoteris\Cache
Cleaner\dsCacheCleaner.exe -action delete
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program
Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///G:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Coupons - file://C:\Program
Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Search Using Copernic Agent - G:\Program
Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///G:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///G:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///G:\Program
Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084}
- G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent -
{193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -
G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - G:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Copernic Agent -
{688DC797-DC11-46A7-9F1B-445F4F58CE6E} -
G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
- C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet
Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O15 - Trusted Zone: personal.retail.fidelity.com
O15 - Trusted Zone: scs.fidelity.com
O15 - Trusted Zone: *.fidelity.com
O16 - DPF: ppctlcab -
O16 - DPF: {00000075-0000-0010-8000-00AA00389B71} -
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft
SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script
Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor
Class) -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
- G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID
Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} -
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) -
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} -
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clien
t/muweb_site.cab?1128197769765
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner
37680.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {B1246F8F-7A4A-11D3-BE28-0020AF31C4F6} (QuickVideo ActiveX
Capture) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI
Registry Information Class) -
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class)
- http://www.umediaserver.net/bin/UMediaControl4.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj
Class) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -
O18 - Protocol: bw+0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 -
{9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 -
{6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} - C:\Program
Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software -
C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. -
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: Iomega App Services - Iomega Corporation -
C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation -
C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program
Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) -
Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
:scratch:
Hello and sorry for the wait.
Please go here and post a link back to this topic to flag a helper.
If you have waited three days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)
CalamityJane
2006-04-05, 14:35
Hi WDMARK,
Apologies for the wait and thank you for your patience.
I would be happy to review your log, however, it is rather unreadable in it's present format. Could you please open notepad and choose *format* at the top and uncheck wordwrap? That should produce a more reader friendly log. Scan and post a fresh HijackThis log and I'll be happy to look it over for you. :)
No apology necessary...thanks in advance. Updated Log attached. Note: Since my original post I have reinstalled Windows Defender and scan from it shows nothing. Spybot scans show nothing also.
BTW: How 'bout them Gators!
CalamityJane
2006-04-05, 15:58
Thanks, that's much better. Let me just paste it in here so I can take a look at it (oops it's too long, will have to split this up). Actually, I'm going to remove the surplus Logitech entries to make it fit.
Logfile of HijackThis v1.99.1
Scan saved at 9:34:24 AM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://start.earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.yahoo.com/p/d.html"); (C:\Documents and Settings\VALUE CUSTOMER\Application Data\Mozilla\Profiles\default\6jbnmi8x.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://G%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\VALUE CUSTOMER\Application Data\Mozilla\Profiles\default\6jbnmi8x.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - G:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - G:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cache Cleaner] C:\Program Files\Neoteris\Cache Cleaner\dsCacheCleaner.exe -action delete
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///G:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Search Using Copernic Agent - G:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///G:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///G:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///G:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - G:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - G:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O15 - Trusted Zone: personal.retail.fidelity.com
O15 - Trusted Zone: scs.fidelity.com
O15 - Trusted Zone: *.fidelity.com
O16 - DPF: ppctlcab -
O16 - DPF: {00000075-0000-0010-8000-00AA00389B71} -
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} -
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} -
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) -
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} -
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128197769765
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {76886F39-D4D8-4F00-A354-3CC1C364F363} -
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {B1246F8F-7A4A-11D3-BE28-0020AF31C4F6} (QuickVideo ActiveX Capture) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -
O18 - Protocol: bw+0 - {6C4EC0C5-0661-481C-B8A1-BFC2CFD54A82} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
{snipped additional 018 Logitech entries}
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
CalamityJane
2006-04-05, 16:49
There's nothing evil lurking on your HijackThis log, but then HJT doesn't scan the entire system. I would recommend to be sure that you get an onine AV scan at one of the following:
Trend Micro (PC-cillin) - Free on-line Scan
http://housecall.antivirus.com
Panda's Active Scan
http://www.pandasoftware.com/products/activescan.htm
Let us know if any problems are found. Panda will disinfect any virus or trojan found but it doesn't disinfect spyware/adware - however, it will produce a log that will help. If you do the Panda scan, save the report at the end and post the results back here.
Your HijackThis log does show a lot of orphaned entries to be fixed (not a big deal) and we can do that after you get the online scans to rule out any real malware problems.
Also the Logitech desktop messenger, you may want to uninstall logitech desktop messenger if you're not using it, because it can cause slows down and a lot of errors.
When you're done scanning, report back on what, if anything exactly was found.
I tried scans from both Trend and Panda Each time the system spontaneously rebooted during the scan. In Panda's case, it had identified 2 viruses (not by name) but I don't have a log. I've uninstalled the Logitech Software.
Note that I'd tried the online Norton and Trend scans before with the same reboot result.
I have now booted into Safe Mode with Networking and am running the Panda Scan again. I may not get to report back on it tonight but that's the update from here. I'll post again when I have more. :scratch:
Calamity Jane: Even in Safe Mode, both the Panda and Trend on-line scans caused a reboot and therefore no log or background. Not sure where to go from here. Any ideas? Even if I tried to reformat G drive, I'd worry that it would trigger a reboot during that. I do appreciate your time and effort, but I recognize this is not a virus board but if you have a referall to a similar forum elsewhere, I'd welcome it. Thank you. :scratch:
CalamityJane
2006-04-07, 03:26
WDMARK,
I don't think we have a malware problem here. I've asked one of our Adviser Team members (Bitman) to post his thoughts here for you to see if he could help with what he thinks might be the problem.
I'm going to move this post to the Spybot S&D forum for now, so Bitman can assist you with this.
WDMARK,
I'd been watching your thread, but didn't want to jump in until CalamityJane was sure it wasn't malware. Though your issue is slightly different, we've seen quite a few systems shut down or reboot during Spybot S&D scans, and many have been due to processor overheat. The reason for this is the high processor utilization created by Spybot during its scans.
However, in your case you seem to believe the issue is related to a specific disk partition, so we need to determine if that's really true. If you have specific reasons to believe this, please let us know. Otherwise, please try a couple simple tests to confirm where the issue really lies.
Please try running some scans that would normally cause the problem where you can select which drive letters to scan. Since Spybot can't do this, try one of the antivirus programs or a drive defrag. Simply deselect the drive that you suspect and see if the reboot still occurs or not. If it doesn't then try scanning only that partition to see what happens.
I'm guessing you may have already done this with defrag or antivirus, so fill me in if so. Based on this, I'll try to help you either way.
Thank you Bitman. Yes I had tried some individual scans with the on line AV that allow and again tonight with Norton Antivirus (From within my Norton System Works Premier 2005). The reboots occurred on G and I was narrowing it down to specific folder(s) and got to the G://Program Files/Newsoft folder and had reboots. The situation then worsened as when I left the machine unattended for an emergency call during a Scan I cam back to constant reboots and could not boot in to Safe Mode. Below is what I typed off line about the current state of things and I'll probably leave well enough alone until I wake up early tomorrow. I'll try and wait for your post....but may be inclined to do the bios thing and possibly open up the case and check connections. I had not installed any new hardware or software.
Following now appears on Blue Screen with constant reboots. I was unable to boot into Safe Mode. Could see but not catch the text of Blue Screen before reboot would occur. After disabling auto restart after shutdown in Bios: The text below does come up and stay on a Blue Screen. I have not yet tried any of the BIOS suggestions within the text.
A problem has been detected windows has been shut down to prevent damage
to your computer.
DRIVER_IRQL_NOT_LESS_OR EQUAL
If this is the first time you’ve seen this Stop error screen,
Restart your computer. If this screen appears again, follow
these steps:
Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer
for any windows updates you might need.
If problems continue, disable or remove any newly installed hardware
or software. Disable BIOS memory options such as caching or shadowing.
If you need to use Same Mode to remove or disable components, restart
Your computer, press F8 to select Advanced Startup Options, and then select Same Mode.
Technical information:
***STOP: 0x000000D1 (0x00000034, 0x00000002, 0x00000000, 0xF77B9B74)
*** IdeChnDr.sys – Address F77B9B74 base at F77B4000, DateStamp 3d99eac3
Well, glad you did the tests and discovered this issue. It appears the IdeChnDr.sys is your problem and has quite a history of BSoD errors and/or reboot symptoms. These often occur when scanning with antivirus, defrag or other tools, sounds familiar doesn't it?
This file is part of the Intel® Application Accelerator, which was a hard disk performance enhancing driver for certain Intel chipsets. It appears it hasn't been updated since late 2002, and has had known issues with the Windows XP Service Pack 2 update which released two years later. The problems may also be related to bad sectiors on the disk, which could explain the specific location of your problem, though this is probably just another symptom of the problem with an out of date driver.
It appears the only dependable way to fix the problem is to switch back to the default Windows drivers, which in some cases reduces performance, but makes the system stable again. This is done by removing the Intel® Application Accelerator in Add/Remove Programs per the instructions below.
I'd recommend removing the program since it's so out of date and known to create these problems. The risks and trouble aren't worth any slight performance improvement you may be seeing, if there even is any. Only one person reported that fixing bad disk clusters solved their problem with others reporting it didn't help.
It's also recommended that you run a chkdsk on the problem drive after removing the driver to repair any remaining problems.
Let us know if this fixes the problems for you.
Bitman
************************************************************
* 8. UNINSTALLING THE SOFTWARE
************************************************************
NOTE: This procedure assumes that the above installation
process was successful. This un-installation procedure
is specific only to the version of the software and
installation file included in this package.
1. Click on the Start button. Open the Settings menu.
Click on the Control Panel icon to open the Control
Panel window.
2. Click on the Add/Remove programs icon.
3. Select Intel(R) Application Accelerator and click OK.
4. Click on Yes when the script prompts for confirmation.
5. The uninstall script will prompt you to restart the
system.
Well, glad you did the tests and discovered this issue. It appears the IdeChnDr.sys is your problem and has quite a history of BSoD errors and/or reboot symptoms. These often occur when scanning with antivirus, defrag or other tools, sounds familiar doesn't it?
Thanks again....awake again I read your post. My MB is Intel 845 Chipset and I have the accelerator.
Problem on uninstall is that as yet I can't even get in to SAFE MODE to uninstall per instructions. Note too that I'd had reboots occur before during Disk Doctor or chkdsk routines. Is there a BIOS change I might make (e.g. to an IDE Controller?) that might get me in to Windows?
For now I am am googling the file, visiting other sites. Interesting that I ame across this:
"Important: Some malware camouflage themselves as IdeChnDr.sys, particularly if they are located in c:\windows or c:\windows\system32 folder" [.....reference to a recommended, NON Spybot tool removed..]
Would appreciate any more help you can offer. WDMARK
P.S. I now recall too having reboots during gaming awhile back that I never did resolve. That app was on my G drive.
Hi Bitman: Through some gyrations (risky perhaps), that I won't detail here now, I was able to boot back in to Windows. Before uninstall or any risk of not being able to get back in I'm copying off some key data files that I need for taxes etc. These are files that I routinely back-up to my second unpartitioned drive I: I did not want to have to remove that hard drive to get to the data!
I also did not want to run PCBACKUP (Aloha Bob) as I feared a reboot during the routine.
At any rate. Once accomplished I'll uninstall the Intel App Accelerator and report back. Thanks again for your help. Thank God I recently purchased a new laptop with 100 G drive and wireless.....as with my vintage 1999 Compaq I had little room left on its drive and it did not have a writer beyond a floppy! WDMARK
For now I am am googling the file, visiting other sites. Interesting that I ame across this:
"Important: Some malware camouflage themselves as IdeChnDr.sys, particularly if they are located in c:\windows or c:\windows\system32 folder" [.....reference to a recommended, NON Spybot tool removed..]
I saw that reference to malware too, but since you have the application installed and based on the specific symptoms you're having, I suspect it's simply the known issue with the Accelerator itself.
I see from your follow up that you've gotten some control. The sudden apparent flare-up of the problem may be due to hidden problems beginning on the drive which are aggravating the existing problem, so making backups is a good idea. I hope the removal of the Intel Accelerator improves the situation, but I'd be prepared since it sounds like an older system.
Bitman
Yes! Thanks to Calmity and you Bitman for your help and support. Virtually All is good now...I have been able to virus scan G drive without reboot and found no viruses. I've been able to defrag, though it turned out it didn't need it. I hope this thread helps someone else someday...as I'm not the only one with Intel products/software. BTW my system is a Pentium 2.26 with Intel Motherboard....not new///not ancient. I'm pretty sure now that the reboots that occured while gaming probably game from the same source.
Note One Chkdsk session showed 4 bad sectors on G, but I've not been able to reproduce that.
I also do have one missing file in the Newsoft/Page Manager folder that showed up in Chkdsk and in Norton Win Doctor and One Step Check-ups. It is a DLL for Presto Page Manager app. No worries there. On a low priority, I'll reinstall that infrequently used software at a later date!
Hi Bitman: Through some gyrations (risky perhaps), that I won't detail here now, I was able to boot back in to Windows.
(I know this post is a couple months old, but I thought I would check anyway). WDMARK, how did you manage to boot into Windows? I am experiencing the same exact STOP error / blue screen. I cannot boot into Safe or Normal Mode. Last Known Good Configuration does not work. The STOP error occurs after the Windows XP progress bar is shown for 10 seconds or so.
I saw on another forum that someone disabled the secondary IDE channel and could then boot. This did not work for me. I've tried using the XP Recovery Console to rename IdeChnDr.sys to IdeChnDr.old in the hopes that Windows would not load it. This just yields a 0x7B STOP error blue screen. I also saw on another forum (possibly an Intel site? can't remember) that this problem may be related to an Iomega Zip Drive incompatibility. The computer I'm working on has a Zip 250 drive but I've unplugged that as well.
I was also thinking I could manually uninstall Intel Application Accelerator (this is a client's computer that I've never worked on before so I'm not even sure it has that loaded onto it), but I haven't come across any documentation that would guide me in that direction.
Anyone have any suggestions?
Tonedef,
I tried what you said, renamed idechndr.sys to idechndr.old. I would advise no one else try this. It took me most of the day yesterday to be able to get back into the system to rename it back. If you rename it, the computer will continue to run until you reboot, because it is still in memory. When WD scanned the computer and found it in memory, AP shut down the computer as it had been doing. Then I couldn't even boot into the operating system. After much searching, I found a free utility that allowed me to rename the file from DOS (NTFS4DOS). It will then boot into the system. If you uninstall WD before it does a real time scan, you will be in business. If you prefer to remove Intel Accelerator, you would be better off by uninstalling Windows Defender first. Then if you want it back, you can reinstall it.
My final determination is that it was not the update that caused the problem. I was able to accept the update without the shutdown, but it was the new definition that causes XP to shut down. I was able to continue without a shutdown after I updated, but when I did a scan with WD and it sees idechndr.sys in memory, it somehow causes XP to shutdown. I don't want an antispyware program to have that much control, so I will not use WD unless they put it back to the way it operated when it was Microsoft Antispyware. I was able to see many instances when MA blocked access attempts, but I haven't seen any blocked instances with WD running in real time, except for my Intel Accelerator, which has always been there.