PDA

View Full Version : Malware infection



coug6672
2009-02-22, 19:46
Seem to have a malware infection that is randomly porting me to different sites even when I'm not actively using the computer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:00 AM, on 2/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193600044437
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8721 bytes

Blade81
2009-02-24, 21:36
Hi

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

coug6672
2009-02-25, 21:33
DDS (Ver_09-02-01.01) - NTFSx86
Run by Admin at 13:31:08.53 on Wed 02/25/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.522 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090225-1] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: SFCDisable=4 (0x4)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [Aim6]
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
mRun: [IMONTRAY] c:\program files\intel\intel(r) active monitor\imontray.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] f:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - c:\program files\silicon image\siisataraid\SATARaid.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193600044437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-3 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-3 20560]
R2 avast! Antivirus;avast! Antivirus;f:\program files\alwil software\avast4\ashServ.exe [2007-3-19 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-20 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;f:\program files\alwil software\avast4\ashMaiSv.exe [2007-3-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;f:\program files\alwil software\avast4\ashWebSv.exe [2007-3-19 352920]
S3 PCIDATA;PCIDATA;\??\d:\pcidata.sys --> d:\PCIDATA.sys [?]

=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 13:31:35.09 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 3/10/2007 4:28:21 PM
System Uptime: 2/25/2009 8:09:45 AM (5 hours ago)

Motherboard: Intel Corporation | | D845PEBT2
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | J1E1 | 2634/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 26.321 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 75 GiB total, 66.814 GiB free.
G: is FIXED (NTFS) - 233 GiB total, 57.766 GiB free.
H: is FIXED (NTFS) - 233 GiB total, 91.331 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP562: 11/30/2008 12:01:42 PM - System Checkpoint
RP563: 12/1/2008 12:53:33 PM - System Checkpoint
RP564: 12/1/2008 6:22:04 PM - Installed Java(TM) 6 Update 10
RP565: 12/3/2008 8:43:43 AM - System Checkpoint
RP566: 12/4/2008 11:07:33 AM - System Checkpoint
RP567: 12/5/2008 11:27:37 AM - System Checkpoint
RP568: 12/6/2008 11:31:12 AM - System Checkpoint
RP569: 12/7/2008 6:58:07 PM - System Checkpoint
RP570: 12/9/2008 9:47:46 AM - System Checkpoint
RP571: 12/10/2008 10:02:29 AM - System Checkpoint
RP572: 12/11/2008 10:32:11 AM - System Checkpoint
RP573: 12/12/2008 10:57:54 AM - System Checkpoint
RP574: 12/13/2008 8:42:30 PM - System Checkpoint
RP575: 12/15/2008 8:35:08 AM - System Checkpoint
RP576: 12/15/2008 6:30:11 PM - Installed Java(TM) 6 Update 11
RP577: 12/17/2008 9:00:28 AM - System Checkpoint
RP578: 12/18/2008 9:24:08 AM - System Checkpoint
RP579: 12/19/2008 9:27:57 AM - System Checkpoint
RP580: 12/20/2008 5:07:02 PM - System Checkpoint
RP581: 12/22/2008 8:25:12 AM - System Checkpoint
RP582: 12/23/2008 9:27:43 AM - System Checkpoint
RP583: 12/24/2008 10:00:51 AM - System Checkpoint
RP584: 12/25/2008 12:08:17 PM - System Checkpoint
RP585: 12/26/2008 12:19:01 PM - System Checkpoint
RP586: 12/27/2008 1:12:25 PM - System Checkpoint
RP587: 12/28/2008 1:32:53 PM - System Checkpoint
RP588: 12/29/2008 1:50:41 PM - System Checkpoint
RP589: 12/30/2008 2:45:47 PM - System Checkpoint
RP590: 1/3/2009 5:52:27 PM - System Checkpoint
RP591: 1/4/2009 9:17:03 PM - System Checkpoint
RP592: 1/5/2009 9:27:59 PM - System Checkpoint
RP593: 1/6/2009 9:28:27 PM - System Checkpoint
RP594: 1/8/2009 9:06:05 AM - System Checkpoint
RP595: 1/9/2009 12:02:58 PM - System Checkpoint
RP596: 1/10/2009 12:30:36 PM - System Checkpoint
RP597: 1/12/2009 8:15:35 AM - System Checkpoint
RP598: 1/13/2009 9:06:59 AM - System Checkpoint
RP599: 1/14/2009 9:10:34 AM - System Checkpoint
RP600: 1/15/2009 10:08:37 AM - System Checkpoint
RP601: 1/16/2009 10:40:57 AM - System Checkpoint
RP602: 1/17/2009 10:50:35 AM - System Checkpoint
RP603: 1/18/2009 5:39:10 PM - System Checkpoint
RP604: 1/19/2009 6:06:06 PM - System Checkpoint
RP605: 1/20/2009 6:20:52 PM - System Checkpoint
RP606: 1/21/2009 7:24:33 PM - System Checkpoint
RP607: 1/22/2009 8:41:26 PM - System Checkpoint
RP608: 1/23/2009 9:22:46 PM - System Checkpoint
RP609: 1/24/2009 10:55:40 PM - System Checkpoint
RP610: 1/26/2009 8:32:40 AM - System Checkpoint
RP611: 1/27/2009 8:43:03 AM - System Checkpoint
RP612: 1/28/2009 11:43:09 AM - System Checkpoint
RP613: 1/29/2009 11:50:23 AM - System Checkpoint
RP614: 1/30/2009 12:09:55 PM - System Checkpoint
RP615: 1/31/2009 6:45:32 PM - System Checkpoint
RP616: 2/1/2009 7:23:24 PM - System Checkpoint
RP617: 2/2/2009 9:32:55 PM - System Checkpoint
RP618: 2/4/2009 9:08:29 AM - System Checkpoint
RP619: 2/5/2009 10:04:20 AM - System Checkpoint
RP620: 2/6/2009 10:19:23 AM - System Checkpoint
RP621: 2/7/2009 11:11:23 AM - System Checkpoint
RP622: 2/8/2009 2:55:05 PM - System Checkpoint
RP623: 2/9/2009 3:11:09 PM - System Checkpoint
RP624: 2/10/2009 3:49:40 PM - System Checkpoint
RP625: 2/11/2009 4:03:02 PM - System Checkpoint
RP626: 2/12/2009 10:43:25 PM - System Checkpoint
RP627: 2/13/2009 11:45:22 PM - System Checkpoint
RP628: 2/15/2009 12:15:45 PM - System Checkpoint
RP629: 2/16/2009 12:27:05 PM - System Checkpoint
RP630: 2/17/2009 12:52:44 PM - System Checkpoint
RP631: 2/18/2009 1:03:19 PM - System Checkpoint
RP632: 2/19/2009 2:31:05 PM - System Checkpoint
RP633: 2/20/2009 3:01:37 PM - System Checkpoint
RP634: 2/22/2009 12:21:01 PM - System Checkpoint
RP635: 2/23/2009 12:48:34 PM - System Checkpoint
RP636: 2/24/2009 1:01:56 PM - System Checkpoint
RP637: 2/25/2009 1:16:08 PM - System Checkpoint

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 7.1.0
Adobe Shockwave Player 11
AIM 6
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
Bonjour
CC Network Video Client
Combined Community Codec Pack 2008-01-24
Data Lifeguard Tools
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ICQ6
Intel Application Accelerator
Intel(R) Active Monitor
Intel(R) PRO Ethernet Adapter and Software
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaspersky Online Scanner
LimeWire 4.12.11
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.71
Logitech Resource Center
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
MobileMe Control Panel
Netflix Movie Viewer
NVIDIA Drivers
PowerDVD
QuickTime
SATARaid
SecondLife (remove only)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Shockwave
Sony Picture Utility
SoundMAX
Spybot - Search & Destroy
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
USB Storage Driver
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Wireless-G PCI Adapter
World of Warcraft
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

2/21/2009 10:35:32 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Blade81
2009-02-26, 07:59
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


LimeWire


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\Program Files\LimeWire


Empty Recycle Bin.

After that:

Please run Kaspersky online scanner with 'my computer' area selected. Post back its report & a fresh dds log.

coug6672
2009-02-27, 04:11
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, February 26, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, February 26, 2009 20:57:29
Records in database: 1849501


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics
Files scanned 77865
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 03:11:25

No malware has been detected. The scan area is clean.
The selected area was scanned.




DDS (Ver_09-02-01.01) - NTFSx86
Run by Admin at 20:09:23.82 on Thu 02/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.685 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090226-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: SFCDisable=4 (0x4)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [Aim6]
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
mRun: [IMONTRAY] c:\program files\intel\intel(r) active monitor\imontray.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] f:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - c:\program files\silicon image\siisataraid\SATARaid.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193600044437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-3 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-3 20560]
R2 avast! Antivirus;avast! Antivirus;f:\program files\alwil software\avast4\ashServ.exe [2007-3-19 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-20 24652]
S3 avast! Mail Scanner;avast! Mail Scanner;f:\program files\alwil software\avast4\ashMaiSv.exe [2007-3-19 254040]
S3 avast! Web Scanner;avast! Web Scanner;f:\program files\alwil software\avast4\ashWebSv.exe [2007-3-19 352920]
S3 PCIDATA;PCIDATA;\??\d:\pcidata.sys --> d:\PCIDATA.sys [?]

=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 20:09:51.46 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 3/10/2007 4:28:21 PM
System Uptime: 2/26/2009 2:39:53 PM (6 hours ago)

Motherboard: Intel Corporation | | D845PEBT2
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | J1E1 | 2634/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 26.302 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 75 GiB total, 66.832 GiB free.
G: is FIXED (NTFS) - 233 GiB total, 57.766 GiB free.
H: is FIXED (NTFS) - 233 GiB total, 91.327 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP562: 11/30/2008 12:01:42 PM - System Checkpoint
RP563: 12/1/2008 12:53:33 PM - System Checkpoint
RP564: 12/1/2008 6:22:04 PM - Installed Java(TM) 6 Update 10
RP565: 12/3/2008 8:43:43 AM - System Checkpoint
RP566: 12/4/2008 11:07:33 AM - System Checkpoint
RP567: 12/5/2008 11:27:37 AM - System Checkpoint
RP568: 12/6/2008 11:31:12 AM - System Checkpoint
RP569: 12/7/2008 6:58:07 PM - System Checkpoint
RP570: 12/9/2008 9:47:46 AM - System Checkpoint
RP571: 12/10/2008 10:02:29 AM - System Checkpoint
RP572: 12/11/2008 10:32:11 AM - System Checkpoint
RP573: 12/12/2008 10:57:54 AM - System Checkpoint
RP574: 12/13/2008 8:42:30 PM - System Checkpoint
RP575: 12/15/2008 8:35:08 AM - System Checkpoint
RP576: 12/15/2008 6:30:11 PM - Installed Java(TM) 6 Update 11
RP577: 12/17/2008 9:00:28 AM - System Checkpoint
RP578: 12/18/2008 9:24:08 AM - System Checkpoint
RP579: 12/19/2008 9:27:57 AM - System Checkpoint
RP580: 12/20/2008 5:07:02 PM - System Checkpoint
RP581: 12/22/2008 8:25:12 AM - System Checkpoint
RP582: 12/23/2008 9:27:43 AM - System Checkpoint
RP583: 12/24/2008 10:00:51 AM - System Checkpoint
RP584: 12/25/2008 12:08:17 PM - System Checkpoint
RP585: 12/26/2008 12:19:01 PM - System Checkpoint
RP586: 12/27/2008 1:12:25 PM - System Checkpoint
RP587: 12/28/2008 1:32:53 PM - System Checkpoint
RP588: 12/29/2008 1:50:41 PM - System Checkpoint
RP589: 12/30/2008 2:45:47 PM - System Checkpoint
RP590: 1/3/2009 5:52:27 PM - System Checkpoint
RP591: 1/4/2009 9:17:03 PM - System Checkpoint
RP592: 1/5/2009 9:27:59 PM - System Checkpoint
RP593: 1/6/2009 9:28:27 PM - System Checkpoint
RP594: 1/8/2009 9:06:05 AM - System Checkpoint
RP595: 1/9/2009 12:02:58 PM - System Checkpoint
RP596: 1/10/2009 12:30:36 PM - System Checkpoint
RP597: 1/12/2009 8:15:35 AM - System Checkpoint
RP598: 1/13/2009 9:06:59 AM - System Checkpoint
RP599: 1/14/2009 9:10:34 AM - System Checkpoint
RP600: 1/15/2009 10:08:37 AM - System Checkpoint
RP601: 1/16/2009 10:40:57 AM - System Checkpoint
RP602: 1/17/2009 10:50:35 AM - System Checkpoint
RP603: 1/18/2009 5:39:10 PM - System Checkpoint
RP604: 1/19/2009 6:06:06 PM - System Checkpoint
RP605: 1/20/2009 6:20:52 PM - System Checkpoint
RP606: 1/21/2009 7:24:33 PM - System Checkpoint
RP607: 1/22/2009 8:41:26 PM - System Checkpoint
RP608: 1/23/2009 9:22:46 PM - System Checkpoint
RP609: 1/24/2009 10:55:40 PM - System Checkpoint
RP610: 1/26/2009 8:32:40 AM - System Checkpoint
RP611: 1/27/2009 8:43:03 AM - System Checkpoint
RP612: 1/28/2009 11:43:09 AM - System Checkpoint
RP613: 1/29/2009 11:50:23 AM - System Checkpoint
RP614: 1/30/2009 12:09:55 PM - System Checkpoint
RP615: 1/31/2009 6:45:32 PM - System Checkpoint
RP616: 2/1/2009 7:23:24 PM - System Checkpoint
RP617: 2/2/2009 9:32:55 PM - System Checkpoint
RP618: 2/4/2009 9:08:29 AM - System Checkpoint
RP619: 2/5/2009 10:04:20 AM - System Checkpoint
RP620: 2/6/2009 10:19:23 AM - System Checkpoint
RP621: 2/7/2009 11:11:23 AM - System Checkpoint
RP622: 2/8/2009 2:55:05 PM - System Checkpoint
RP623: 2/9/2009 3:11:09 PM - System Checkpoint
RP624: 2/10/2009 3:49:40 PM - System Checkpoint
RP625: 2/11/2009 4:03:02 PM - System Checkpoint
RP626: 2/12/2009 10:43:25 PM - System Checkpoint
RP627: 2/13/2009 11:45:22 PM - System Checkpoint
RP628: 2/15/2009 12:15:45 PM - System Checkpoint
RP629: 2/16/2009 12:27:05 PM - System Checkpoint
RP630: 2/17/2009 12:52:44 PM - System Checkpoint
RP631: 2/18/2009 1:03:19 PM - System Checkpoint
RP632: 2/19/2009 2:31:05 PM - System Checkpoint
RP633: 2/20/2009 3:01:37 PM - System Checkpoint
RP634: 2/22/2009 12:21:01 PM - System Checkpoint
RP635: 2/23/2009 12:48:34 PM - System Checkpoint
RP636: 2/24/2009 1:01:56 PM - System Checkpoint
RP637: 2/25/2009 1:16:08 PM - System Checkpoint
RP638: 2/26/2009 1:56:36 PM - System Checkpoint

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 7.1.0
Adobe Shockwave Player 11
AIM 6
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
Bonjour
CC Network Video Client
Combined Community Codec Pack 2008-01-24
Data Lifeguard Tools
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ICQ6
Intel Application Accelerator
Intel(R) Active Monitor
Intel(R) PRO Ethernet Adapter and Software
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.71
Logitech Resource Center
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
MobileMe Control Panel
Netflix Movie Viewer
NVIDIA Drivers
PowerDVD
QuickTime
SATARaid
SecondLife (remove only)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Shockwave
Sony Picture Utility
SoundMAX
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
USB Storage Driver
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Wireless-G PCI Adapter
World of Warcraft
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

2/21/2009 10:35:32 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Blade81
2009-02-27, 09:15
Hi again,

Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader!


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 12 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.



Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

coug6672
2009-02-28, 09:31
ComboFix 09-02-27.02 - Admin 2009-02-28 1:23:22.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.688 [GMT -6:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090227-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\cookies.ini
c:\windows\ffeffe.ini
c:\windows\IE4 Error Log.txt
c:\windows\msettings.ini
c:\windows\system32\msorcl32.exe
c:\windows\wwxwvw.ini

.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-02-28 01:15 . 2009-02-28 01:15 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-28 01:02 . 2009-02-28 01:02 <DIR> d-------- c:\documents and settings\Admin\.SunDownloadManager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 07:15 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-28 07:15 --------- d-----w c:\program files\Java
2009-02-28 06:59 --------- d-----w c:\program files\Common Files\Adobe
2009-02-26 20:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-26 20:39 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-03-19 90112]
"IMONTRAY"="c:\program files\Intel\Intel(R) Active Monitor\imontray.exe" [2002-05-03 32768]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"avast!"="f:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 148888]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-04-24 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-30 67128]
SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2007-03-10 598069]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-03 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-03 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-01-20 24652]
S3 PCIDATA;PCIDATA;\??\d:\pcidata.sys --> d:\PCIDATA.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder

2009-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-19 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2007-06-30 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 01:24:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-28 1:26:31
ComboFix-quarantined-files.txt 2009-02-28 07:26:16
ComboFix2.txt 2008-02-09 22:15:11

Pre-Run: 28,214,513,664 bytes free
Post-Run: 28,826,042,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

121





DDS (Ver_09-02-01.01) - NTFSx86
Run by Admin at 1:28:55.51 on Sat 02/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.640 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090227-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = localhost
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
mRun: [IMONTRAY] c:\program files\intel\intel(r) active monitor\imontray.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] f:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - c:\program files\silicon image\siisataraid\SATARaid.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193600044437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-3 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-3 20560]
R2 avast! Antivirus;avast! Antivirus;f:\program files\alwil software\avast4\ashServ.exe [2007-3-19 138680]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-20 24652]
S3 avast! Mail Scanner;avast! Mail Scanner;f:\program files\alwil software\avast4\ashMaiSv.exe [2007-3-19 254040]
S3 avast! Web Scanner;avast! Web Scanner;f:\program files\alwil software\avast4\ashWebSv.exe [2007-3-19 352920]
S3 PCIDATA;PCIDATA;\??\d:\pcidata.sys --> d:\PCIDATA.sys [?]

=============== Created Last 30 ================

2009-02-28 01:22 <DIR> a-dshr-- C:\cmdcons
2009-02-28 01:21 161,792 a------- c:\windows\SWREG.exe
2009-02-28 01:21 98,816 a------- c:\windows\sed.exe
2009-02-28 01:21 <DIR> --d----- C:\ComboFix
2009-02-28 01:15 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-28 01:02 <DIR> --d----- c:\documents and settings\admin\.SunDownloadManager

==================== Find3M ====================

2009-02-28 01:15 410,984 a------- c:\windows\system32\deploytk.dll

============= FINISH: 1:29:12.00 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 3/10/2007 4:28:21 PM
System Uptime: 2/28/2009 1:10:17 AM (0 hours ago)

Motherboard: Intel Corporation | | D845PEBT2
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | J1E1 | 2634/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 26.869 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 75 GiB total, 66.829 GiB free.
G: is FIXED (NTFS) - 233 GiB total, 58.281 GiB free.
H: is FIXED (NTFS) - 233 GiB total, 91.327 GiB free.
I: is FIXED (NTFS) - 149 GiB total, 14.456 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP562: 11/30/2008 12:01:42 PM - System Checkpoint
RP563: 12/1/2008 12:53:33 PM - System Checkpoint
RP564: 12/1/2008 6:22:04 PM - Installed Java(TM) 6 Update 10
RP565: 12/3/2008 8:43:43 AM - System Checkpoint
RP566: 12/4/2008 11:07:33 AM - System Checkpoint
RP567: 12/5/2008 11:27:37 AM - System Checkpoint
RP568: 12/6/2008 11:31:12 AM - System Checkpoint
RP569: 12/7/2008 6:58:07 PM - System Checkpoint
RP570: 12/9/2008 9:47:46 AM - System Checkpoint
RP571: 12/10/2008 10:02:29 AM - System Checkpoint
RP572: 12/11/2008 10:32:11 AM - System Checkpoint
RP573: 12/12/2008 10:57:54 AM - System Checkpoint
RP574: 12/13/2008 8:42:30 PM - System Checkpoint
RP575: 12/15/2008 8:35:08 AM - System Checkpoint
RP576: 12/15/2008 6:30:11 PM - Installed Java(TM) 6 Update 11
RP577: 12/17/2008 9:00:28 AM - System Checkpoint
RP578: 12/18/2008 9:24:08 AM - System Checkpoint
RP579: 12/19/2008 9:27:57 AM - System Checkpoint
RP580: 12/20/2008 5:07:02 PM - System Checkpoint
RP581: 12/22/2008 8:25:12 AM - System Checkpoint
RP582: 12/23/2008 9:27:43 AM - System Checkpoint
RP583: 12/24/2008 10:00:51 AM - System Checkpoint
RP584: 12/25/2008 12:08:17 PM - System Checkpoint
RP585: 12/26/2008 12:19:01 PM - System Checkpoint
RP586: 12/27/2008 1:12:25 PM - System Checkpoint
RP587: 12/28/2008 1:32:53 PM - System Checkpoint
RP588: 12/29/2008 1:50:41 PM - System Checkpoint
RP589: 12/30/2008 2:45:47 PM - System Checkpoint
RP590: 1/3/2009 5:52:27 PM - System Checkpoint
RP591: 1/4/2009 9:17:03 PM - System Checkpoint
RP592: 1/5/2009 9:27:59 PM - System Checkpoint
RP593: 1/6/2009 9:28:27 PM - System Checkpoint
RP594: 1/8/2009 9:06:05 AM - System Checkpoint
RP595: 1/9/2009 12:02:58 PM - System Checkpoint
RP596: 1/10/2009 12:30:36 PM - System Checkpoint
RP597: 1/12/2009 8:15:35 AM - System Checkpoint
RP598: 1/13/2009 9:06:59 AM - System Checkpoint
RP599: 1/14/2009 9:10:34 AM - System Checkpoint
RP600: 1/15/2009 10:08:37 AM - System Checkpoint
RP601: 1/16/2009 10:40:57 AM - System Checkpoint
RP602: 1/17/2009 10:50:35 AM - System Checkpoint
RP603: 1/18/2009 5:39:10 PM - System Checkpoint
RP604: 1/19/2009 6:06:06 PM - System Checkpoint
RP605: 1/20/2009 6:20:52 PM - System Checkpoint
RP606: 1/21/2009 7:24:33 PM - System Checkpoint
RP607: 1/22/2009 8:41:26 PM - System Checkpoint
RP608: 1/23/2009 9:22:46 PM - System Checkpoint
RP609: 1/24/2009 10:55:40 PM - System Checkpoint
RP610: 1/26/2009 8:32:40 AM - System Checkpoint
RP611: 1/27/2009 8:43:03 AM - System Checkpoint
RP612: 1/28/2009 11:43:09 AM - System Checkpoint
RP613: 1/29/2009 11:50:23 AM - System Checkpoint
RP614: 1/30/2009 12:09:55 PM - System Checkpoint
RP615: 1/31/2009 6:45:32 PM - System Checkpoint
RP616: 2/1/2009 7:23:24 PM - System Checkpoint
RP617: 2/2/2009 9:32:55 PM - System Checkpoint
RP618: 2/4/2009 9:08:29 AM - System Checkpoint
RP619: 2/5/2009 10:04:20 AM - System Checkpoint
RP620: 2/6/2009 10:19:23 AM - System Checkpoint
RP621: 2/7/2009 11:11:23 AM - System Checkpoint
RP622: 2/8/2009 2:55:05 PM - System Checkpoint
RP623: 2/9/2009 3:11:09 PM - System Checkpoint
RP624: 2/10/2009 3:49:40 PM - System Checkpoint
RP625: 2/11/2009 4:03:02 PM - System Checkpoint
RP626: 2/12/2009 10:43:25 PM - System Checkpoint
RP627: 2/13/2009 11:45:22 PM - System Checkpoint
RP628: 2/15/2009 12:15:45 PM - System Checkpoint
RP629: 2/16/2009 12:27:05 PM - System Checkpoint
RP630: 2/17/2009 12:52:44 PM - System Checkpoint
RP631: 2/18/2009 1:03:19 PM - System Checkpoint
RP632: 2/19/2009 2:31:05 PM - System Checkpoint
RP633: 2/20/2009 3:01:37 PM - System Checkpoint
RP634: 2/22/2009 12:21:01 PM - System Checkpoint
RP635: 2/23/2009 12:48:34 PM - System Checkpoint
RP636: 2/24/2009 1:01:56 PM - System Checkpoint
RP637: 2/25/2009 1:16:08 PM - System Checkpoint
RP638: 2/26/2009 1:56:36 PM - System Checkpoint
RP639: 2/27/2009 2:17:50 PM - System Checkpoint
RP640: 2/28/2009 12:59:42 AM - Removed Adobe Reader 7.1.0
RP641: 2/28/2009 1:00:33 AM - Removed Bonjour
RP642: 2/28/2009 1:07:33 AM - Removed Java(TM) 6 Update 10
RP643: 2/28/2009 1:07:57 AM - Removed Java(TM) 6 Update 2
RP644: 2/28/2009 1:08:17 AM - Removed Java(TM) 6 Update 3
RP645: 2/28/2009 1:08:38 AM - Removed Java(TM) 6 Update 5
RP646: 2/28/2009 1:08:59 AM - Removed Java(TM) 6 Update 7
RP647: 2/28/2009 1:15:05 AM - Installed Java(TM) 6 Update 12
RP648: 2/28/2009 1:21:31 AM - ComboFix created restore point

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Shockwave Player 11
AIM 6
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
Combined Community Codec Pack 2008-01-24
Data Lifeguard Tools
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
ICQ6
Intel Application Accelerator
Intel(R) Active Monitor
Intel(R) PRO Ethernet Adapter and Software
iTunes
Java(TM) 6 Update 12
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.71
Logitech Resource Center
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
MobileMe Control Panel
Netflix Movie Viewer
NVIDIA Drivers
PowerDVD
QuickTime
SATARaid
SecondLife (remove only)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Shockwave
Sony Picture Utility
SoundMAX
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
USB Storage Driver
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Wireless-G PCI Adapter
World of Warcraft
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

2/21/2009 10:35:32 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Blade81
2009-02-28, 13:10
Looks quite good now. How's the system running?

Blade81
2009-03-06, 23:10
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.