Boz

Sorry that I couldn't get back faster. 1- current issues Things seem to be a little better (?) after I replaced the Hosts file. What I still have is mostly slow performance issues, like: *startup *web pages load too slow, *email msgs. hesitate before deleting in Thunderbird, *Firefox takes a while to start, *and sometimes it seems to lose one (only one) of the windows (web pages) left open in the previous session. 2- Old Stuff You had written: "Other programs you have installed that could be part of this problem are listed below: Ad-Aware Desktop Doctor Avast GearDrvs" Desktop Doctor is a Comcast prog. and it says it is not working properly in Add/Remove. Shall I repair it or remove it ? GearDrvs, I don't know and I cannot find it in Add/Remove. I used to have Norton, but I uninstalled it a long time ago. 3- Suggestions You know what programs I have on my machine. If you can see any conflicts or problems, I am wide open to your recommendations. Any suggestions for substitutions or other tips are very much appreciated... and may save you from having to deal with me again in the future. Thanks for all your help.

Thnx, I did what you asked. (1) Here's the HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:45:54 PM, on 12/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191179581135 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Anonymizer Anti-Spyware Service (AnonAswSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: g7bs_device - - C:\WINDOWS\system32\g7bscoms.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8150 bytes *************** (2) Avast found 52 items. One Trojan ( in 'User Dumps' inside pctsSvs.exe, I think that is a Spyware Dr. file) which I deleted. And 51 items it could not scan because they were password protected: Ad-Aware skin files; Spybot recovery files; Thunderbird profiles; and System restore. Sounds OK to me, what do you think ?? ******************* (3) Spyware Dr. support (after looking at the scan results that I couldn't send you) thought I had Hosts file problems and I refreshed that file.

(1) The 'possible hijack' infections Spyware Dr. had found were (all at 127.0.0.1): engine.awaps.net aj.daniweb.com dl.jingmin.com ads.techguy.org ar.atwola.com wdcs.trendmicro.com metrics.experts-exchange.com a.networkworld.com (2) I had managed to remove the old (troublesome HJT) while I was in safe mode yesterday. I downloaded a fresh one this morning (after performing the other procedures you asked) at: http://www.download.com/Trend-Micro-Hijack...4-10379544.html Same problem. I hit 'install' and my computer freezes. I turn it off and on again and try to start HJT from the desktop, but it freezes again. I can't get to to my Task Manager or even my task bar at the bottom. What do you think ? (3) I have some questions about what you advised in the beginning of your reply, but that'll have to wait. I got to leave now. Thanks for your help.

Thank you for your explanations. My Spyware Dr. is licensed and supposedly fully functional. I have reported the problem (inability to remove hijacking malware) to their support, but I am not getting much in the way of a resolution yet. I just tried to open the '.bat' file, but it won't open... still 'flashing' a window and disappearing. What do you want me to do next ?

I ran Spyware Dr. in safe mode. It discovered some Hijack items which it could not clean up. I am going to try to upload scan results. ...I could not upload (size limitations)... any suggestions ? Thnx.

here we go: 4X UltraSaver Ad-Aware Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 Plugin Adobe Reader 8.1.2 AI RoboForm (All Users) Anonymizer Software Anonymizer Software AnyTV 2.12 Apple Software Update avast! Antivirus Brain Builder CCleaner (remove only) Comcast High-Speed Internet Install Wizard Comcast Toolbar Compatibility Pack for the 2007 Office system Desktop Doctor GearDrvs getPlus® for Adobe GoodSync V6 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) IE7Pro IE7Pro Java 6 Update 7 Logitech Audio Echo Cancellation Component Logitech CallCentral Logitech Video Enumerator Logitech

I'm sorry, I am going sound a little stupid here.... but like what ?... what are "file sharing software" ??

what is "p2p" ??

Yes, the last I looked. 1- My Spyware Dr. freezes my computer when I run a Full Scan. 2- I cannot remove or run HJT. 3- my computer acts funny: slow startup and surfing; quick flashing and disappearing windows, etc.

Done. mbam_log_2008_12_05__17_42_07_.txt mbam_log_2008_12_05__17_42_07_.txt

Thanks for your reply. You guys must be very busy. I had posted a later version of this issue the next day. It said: "1- the mbam-log and 2- the Panda log. However the Panda interface was not the same as in the illustration, and now they only allow access to level-1 threats log (included). Level-2 threats showed: cookie/Adv. Tracking latent Adware/cws adware latent but would not allow me to save it. 3- HJT is freezing my computer when I try to install it (tried several times). I also had installed a earlier copy the program on my machine a couple of weeks ago when I started noticing problems. And I could not remove it. It freezes my computer every time I try to remove it. I think (?) this is part of the problem.... please advise." It included some logs, but I am having a particluar problem w/ HJT. I cannot remove the earlier version, and cannot install a fresh one. Any suggestions ??

Below is my entry (yesterday) b4 including the required logs. Now I am uploading 1- the mbam-log and 2- the Panda log. However the Panda interface was not the same as in the illustration, and now they only allow access to level-1 threats log (included). Level-2 threats showed: cookie/Adv. Tracking latent Adware/cws adware latent but would not allow me to save it. 3- HJT is freezing my computer when I try to install it (tried several times). I also had installed a earlier copy the program on my machine a couple of weeks ago when I started noticing problems. And I could not remove it. It freezes my computer every time I try to remove it. I think (?) this is part of the problem.... please advise. ************* My Spyware Doctor found some malware (a hijack) while running a 'deep scan', but it could not remove it. The matter has been reported and followed up with their tech support for a couple of weeks... but no results yet. The malware does not show up in a regular scan. And now when I run a 'deep scan', my computer freezes. Associated problems: 1- slow startup 2- Spyware Dr. starts even slower 3- Firefox acts funny, slow, and loses one open window from the previous session Thanks for your help. mbam_log_2008_11_30__18_06_42_.txt ActiveScan.txt mbam_log_2008_11_30__18_06_42_.txt ActiveScan.txt

My Spyware Doctor found some malware (a hijack) while running a 'deep scan', but it could not remove it. The matter has been reported and followed up with their tech support for a couple of weeks... but no results yet. The malware does not show up in a regular scan. And now when I run a 'deep scan', my computer freezes. Associated problems: 1- slow startup 2- Spyware Dr. starts even slower 3- Firefox acts funny, slow, and loses one open window from the previous session Thanks for your help.

Thank you for all your help !

I ran ScanDisk and Defrag, and both Spyware Dr. and Anonymizer seem to be behaving so far. However, two items I don't recognize requested to access the internet. (1) alg.exe, and (2)"SupportSoft Agent" Is it something to worry about ?... I read that SupportSoft Agent is sometimes related to Dell computers. But I do not have a Dell computer. Thanks.

********************************* When I restarted the computer, Spyware Dr. did the same ol' trick and came up "disconnected". I restarted it and it detected 33 new infections: Applications.TrackingCookies and Adware.Advertising items. I hope this helps (?!) Thnx.

Here are the 'Results'. When I tried running it the first time, it did not run and my computer froze. I had to cut off its power, restart it and do it all over. File/Folder avenger.zip not found. File/Folder avenger.exe not found. File/Folder Avenger not found. File/Folder avenger.txt not found. File/Folder bfu.zip not found. File/Folder BFU not found. C:\WINDOWS\subs folder deleted successfully. C:\QooBox\Quarantine\Registry_backups folder deleted successfully. C:\QooBox\Quarantine\C\Documents and Settings\Basil\Cookies folder deleted successfully. C:\QooBox\Quarantine\C\Documents and Settings\Basil folder deleted successfully. C:\QooBox\Quarantine\C\Documents and Settings folder deleted successfully. C:\QooBox\Quarantine\C folder deleted successfully. C:\QooBox\Quarantine folder deleted successfully. C:\QooBox\BackEnv folder deleted successfully. C:\QooBox folder deleted successfully. Service not present: catchme. Service not present: gmer. File delete failed. C:\Documents and Settings\Basil\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Basil\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Basil\Desktop\OTMoveIt2.exe scheduled to be deleted on reboot.

Got 'Run' working OK now, thanks. So are you declaring my system totally 'clean' now and good to go ? BTW, just as a matter of your curiosity, I have a new file on my desktop in which I put all the security programs. However, I can't get the Combofix.exe icon to go in it. I drag and drop, but it just won't do it. It just sits there "proudly independent" Any ideas why ??

Spyware Dr. still comes out "disconnected" at startup. I have to manually shut it down and restart it to keep it on. But I am not sure what you mean by the Spyware Dr. log or where to find it. So I tried posting the quarantined items, but I don't seem to be able to 'copy' the list after I highlight it. If you need something else let me know. and here is the MB log also. It came out clean. Malwarebytes' Anti-Malware 1.28 Database version: 1226 Windows 5.1.2600 Service Pack 3 10/2/2008 6:12:38 PM mbam-log-2008-10-02 (18-12-38).txt Scan type: Quick Scan Objects scanned: 51303 Time elapsed: 3 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ************************************* Thnx.

I followed your instructions and I have a couple of observations/questions. (1) I seem to have lost the 'Run' function button in 'Start'... how do I get it back ? (2) IE seems to have taken over as my default browser and installed a new (I already had one) short cut on my desktop (3) Spyware Doctor detected 88 infections (nothing too serious) when I restarted it. I let it fix them. Following are the logs: Combofix ComboFix 08-09-30.03 - Basil 2008-10-02 7:02:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1547 [GMT -5:00] Running from: C:\Documents and Settings\Basil\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Basil\Cookies\basil@symantec[1].txt C:\WINDOWS\Downloaded Program Files\ODCTOOLS . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MCHINJDRV ((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 ))))))))))))))))))))))))))))))) . 2008-09-30 18:24 . 2008-09-30 18:24 <DIR> d-------- C:\Program Files\CCleaner 2008-09-26 22:58 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-26 22:57 . 2008-09-26 22:58 <DIR> d-------- C:\Program Files\Java 2008-09-26 22:57 . 2008-09-26 22:57 <DIR> d-------- C:\Program Files\Common Files\Java 2008-09-24 14:46 . 2008-09-24 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-24 14:45 . 2008-09-24 14:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-24 14:01 . 2008-09-24 14:01 <DIR> d-------- C:\Program Files\VS Revo Group 2008-09-24 07:49 . 2008-09-24 07:49 <DIR> d-------- C:\Program Files\Common Files\McAfee 2008-09-24 07:48 . 2008-09-24 09:48 <DIR> d-------- C:\Program Files\McAfee 2008-09-23 10:45 . 2008-09-23 10:45 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\Anonymizer 2008-09-23 10:43 . 2008-09-23 10:43 <DIR> d-------- C:\Program Files\Anonymizer 2008-09-23 10:43 . 2008-09-23 10:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Anonymizer 2008-09-23 10:43 . 2008-09-23 10:44 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{9E97B640-FCFE-4900-B18A-72FAE662D6B7} 2008-09-19 16:27 . 2008-09-19 16:27 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\Windows Search 2008-09-19 15:53 . 2008-09-19 15:53 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-09-19 15:53 . 2008-09-19 15:53 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\Windows Desktop Search 2008-09-19 15:52 . 2008-09-19 15:52 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-09-19 15:52 . 2008-09-19 15:52 <DIR> d-------- C:\Program Files\Windows Desktop Search 2008-09-19 15:51 . 2008-03-07 12:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-09-19 15:51 . 2008-03-07 12:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-09-19 15:51 . 2008-03-07 12:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-09-19 13:29 . 2008-09-19 13:33 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\OfficeUpdate12 2008-09-19 13:28 . 2008-09-19 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-09-18 11:34 . 2008-09-18 11:34 <DIR> d-------- C:\Program Files\Panda Security 2008-09-18 11:34 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-09-18 10:38 . 2008-09-18 10:38 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-18 09:41 . 2008-09-18 09:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-18 09:41 . 2008-09-18 09:41 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\Malwarebytes 2008-09-18 09:41 . 2008-09-18 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-18 09:41 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-18 09:41 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-17 17:34 . 2008-09-17 17:34 <DIR> d-------- C:\Program Files\Windows Defender 2008-09-17 16:27 . 2008-09-17 16:27 <DIR> d-------- C:\Program Files\ZoneAlarmSB 2008-09-17 16:26 . 2008-09-17 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-09-17 14:04 . 2008-09-17 14:04 <DIR> d-------- C:\Program Files\Alwil Software 2008-09-17 10:33 . 2008-09-17 10:33 <DIR> d-------- C:\hp 2008-09-14 11:30 . 2008-09-14 11:30 <DIR> d-------- C:\Program Files\gs 2008-09-14 11:30 . 2008-09-14 11:30 <DIR> d-------- C:\Program Files\G7PS 2008-09-14 11:30 . 2008-09-14 11:30 <DIR> d-------- C:\Program Files\Common Files\G7PS 2008-09-14 11:30 . 2008-09-14 11:30 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\G7PS 2008-09-14 11:30 . 2008-09-14 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VJEcoDBSetup 2008-09-14 11:30 . 2008-09-14 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\G7PS 2008-09-14 11:26 . 2008-09-16 20:42 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15} 2008-09-14 11:26 . 2008-09-14 11:27 <DIR> d-------- C:\Program Files\VersaJette M300 2008-09-08 22:43 . 2008-09-08 22:43 <DIR> d-------- C:\Documents and Settings\Basil\Application Data\McAfee 2008-09-08 22:07 . 2008-09-08 22:07 84 --a------ C:\WINDOWS\wininit.ini 2008-09-07 07:10 . 2008-09-07 07:10 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\IEPro 2008-09-06 08:02 . 2008-09-06 08:03 <DIR> d-------- C:\WINDOWS\system32\URTTemp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-02 12:08 5,763,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-10-02 12:05 78,164 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-10-02 12:05 241,152 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-10-02 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-02 11:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-02 11:13 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-10-01 11:09 --------- d-----w C:\Program Files\Spyware Doctor 2008-09-26 23:04 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SACore 2008-09-24 19:46 --------- d-----w C:\Program Files\Lavasoft 2008-09-24 15:02 --------- d-----w C:\Documents and Settings\Basil\Application Data\skypePM 2008-09-24 15:02 --------- d-----w C:\Documents and Settings\Basil\Application Data\Skype 2008-09-24 12:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-09-21 14:07 --------- d-----w C:\Documents and Settings\Basil\Application Data\SiteAdvisor 2008-09-17 21:25 --------- d-----w C:\Program Files\Zone Labs 2008-09-17 18:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-17 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-09-14 16:28 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-11 23:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-09 03:59 --------- d-----w C:\Documents and Settings\Basil\Application Data\MiniDm 2008-08-31 12:12 --------- d-----w C:\Program Files\Windows Installer Clean Up 2008-08-31 12:10 --------- d-----w C:\Program Files\MSECache 2008-08-25 19:31 524,288 ----a-w C:\WINDOWS\opuc.dll 2008-08-25 16:36 81,288 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-25 16:36 66,952 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-25 16:36 40,840 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-07-09 14:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2008-01-16 00:42 56,912 ------w C:\Documents and Settings\Basil\g2mdlhlpx.exe 2008-01-04 00:04 32 ------w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-03-05 15:41 532,992 ----a-w C:\Program Files\OEView.exe 2007-02-16 17:45 2,790 ----a-w C:\Program Files\OEViewer.txt 2007-10-13 13:12 125,472 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech CallCentral"="C:\Program Files\Logitech\CallCentral\CallCentral.exe" [2007-02-20 366616] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe] backup=C:\WINDOWS\pss\Reboot.exeCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anonymizer] --a------ 2008-09-23 10:45 1557176 C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] --a------ 2008-07-19 09:38 78008 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --ah----- 2008-04-13 19:12 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2] --a------ 2008-04-24 13:25 202560 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] --a------ 2007-03-22 20:29 39264 C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2007-02-20 11:47 488984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray] --a------ 2007-09-26 13:14 1629184 C:\Program Files\NetZero\exec.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] --a------ 2008-07-08 16:41 2828184 C:\Program Files\Registry Mechanic\RegMech.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-12-07 16:08 21686568 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] --a------ 2008-07-09 09:05 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower] -ra------ 2007-02-28 00:33 53248 C:\WINDOWS\system32\SiSPower.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "WinDefend"=2 (0x2) "Symantec Core LC"=2 (0x2) "sprtsvc_ddoctorv2"=2 (0x2) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "ose"=3 (0x3) "McAfee SiteAdvisor Service"=2 (0x2) "LVSrvLauncher"=2 (0x2) "LiveUpdate Notice Service"=2 (0x2) "LiveUpdate Notice Ex"=2 (0x2) "LiveUpdate"=3 (0x3) "g7bs_device"=3 (0x3) "comHost"=2 (0x2) "CLTNetCnService"=2 (0x2) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) "AnonMgmtSvc"=2 (0x2) "AnonAswSvc"=2 (0x2) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\IEPro\\MiniDM.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 lvdevenb;Logitech Device Enabler Filter;C:\WINDOWS\system32\DRIVERS\lvdevenb.sys [2006-12-04 35104] S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [ ] S4 AnonAswSvc;Anonymizer Anti-Spyware Service;C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe [2007-10-22 37560] S4 AnonMgmtSvc;Anonymizer Management Service;C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe [2007-10-22 37560] S4 g7bs_device;g7bs_device;C:\WINDOWS\system32\g7bscoms.exe [2005-12-05 491520] S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Basil\Application Data\Mozilla\Firefox\Profiles\527inxro.default\ FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.mcafee.com O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191179581135 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7822 bytes

Thanks for the follow up. I haven't had a chance to run the programs yesterday. I am about to leave now. But I'm planning to do my 'homework' this evening. I'll post as soon as I have the logs.

Thank you for your detailed instructions. I was away, and now I am ready to do the routine you suggest. I know this may sound a little stupid, but I don't want to take the risk of getting online 'naked'. I want to confirm the exact order of the steps, especially the disabling and re-enabling of the different components. Should I disable everything (ZA, Spyware Doctor, and Avast) before I start the whole process ?..or should I first disable ZoneAlarm only then dwnld and run CCleaner then (?) disable Spyware Doctor (or disable it before I run CCleaner ?) .....BTW, there is no 'Pick a Category' or 'Startup Settings' under settings, how about if I just .....uncheck it in MSconfig startup and reboot ? then, re-enable it ? then, disable Avast then, dwnld and run ComboFix then, run HJT then re-enable ZA and Avast and post ComboFix and HJT logs? Thank you for your patience.

OK, I updated JAVA w/ no problems. Thank you for noticing it. I have cleaned up a lot of viruses, trojans, etc. from my computer recently. However I still suspect something is wrong. My machine sometimes slows to a crawl, and a lot of security programs keep encountering problems... repeatedly. I first noticed trouble when one day I couldn't reach Norton360 anymore, so I removed it and replaced it with Avast and ZoneAlarm. SiteAdvisor also stops working. I uninstall and reinstall it. It'll work for a couple of days and stops again. I discover my Spyware Doctor (activated in startup) 'disconnected' sometimes. I exit and start again. My Anonymizer (also activated in startup) refuses to come on, w/ a msg. of: "Anonymizer Software has encountered a problem and needs to close." I have uninstalled and reinstalled it a couple of times already. What do you think ?

.......as requested MB and HJT logs follow: MB: Malwarebytes' Anti-Malware 1.28 Database version: 1211 Windows 5.1.2600 Service Pack 3 9/26/2008 5:44:42 PM mbam-log-2008-09-26 (17-44-42).txt Scan type: Quick Scan Objects scanned: 52648 Time elapsed: 5 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ***************************************** HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:03:07 PM, on 9/26/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Logitech\CallCentral\CallCentral.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Anonymizer\Anonymizer Software\common\AnonProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://*.mcafee.com O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191179581135 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9668 bytes