Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Stop: OxOOOOOO7e Error problem...

(New)
(!)

Scottls's Avatar
Scottls Scottls is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Maybe a little less than Advanced
19-Dec-2007, 11:39 PM #1
Stop: OxOOOOOO7e Error problem...
This one has me stumped. I got a HP Pavilion 516x computer (a little over 3 years old I think) from my 'god-daughter' that looks like it had never been updated, defragged or scanned for viruses. Of course she didn't think anything about it until it finally got to the point of not working at all. It has a 2.4GHz processor with 512MB of ram and running Windows XP home.

It had either the Sassser worm or something because it was restarting over and over again but I figured out how to stop it by just disconnecting the Ethernet cable. Then I was able to boot it up and clean it out a bit. I used a jump drive to load it with Ad-aware and scanned it a few times with that and the anti-spy ware and antivirus that was installed with Yahoo DSL.

Them after a lot of tinkering around, I loaded SP2, and a lot of other updates plus Windows Defender and McAfee Antivirus, but I still have a problem with it wanting to reboot quite often. I disabled the reboot feature so it would just stop at the blue screen of death with the Error Code. It gave me a 0X0000007E code and I looked it up to be something about a driver problem but even after I updated a few of the drivers it still does the same, with the same error code.

The drivers I updated where the Intel(R) 82845G/GL/GE/PE/GV Graphics Controller, Realtek AC'97 Audio, Realtek RTL8139/810x Family Fast Ethernet NIC, and I updated the BIOS.

Now the computer seems to load and run just fine. I can keep it attached to my home network where it can share files and communicate with my other computers with no problem. But as soon as I enable my DSL modem and try to access the internet, it will still turn off with the same error code coming up. It does allow me to go online for a short while, and a few times it did it for quite a while without clicking off, allowing me to get a few more updates and know that everything can function correctly, but I still can not boot it up if the Ethernet cable is connected or expect to connect to the internet every time without it shutting off again.

The time it seems to shut off is either right away when I first get connected to the internet, or if I try to go to any Microsoft website. I thought maybe this was because there is something trying to check for new updates that is triggered by going to Microsoft.

Any Ideas?

P.S. I also forgot to mention that I tried to go online with both the automatic time
synchronizing and auto-updates disabled but it still cut off with the same error
code.

I would have reinstalled XP but she could not find the back up disks.
ozrom1e's Avatar
Computer Specs
Member with 11,849 posts.
 
Join Date: May 2006
Experience: Advanced
20-Dec-2007, 12:20 AM #2
Welcome to TSG....

To download HJTsetup.exe from TrendSecure To Download HijackThis go to the following at the File Repository
Click on the link below to Download HijackThis Self Installer:

http://www.trendsecure.com/portal/en...HJTInstall.exe

Save the file to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\HijackThis.
Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialog box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
A security expert with a gold shield to the right of their name should take a look at your log - please be patient.
__________________
I still use my Osborne 01 with a 300 Baud modem all the time.

I was always taught to respect my elders, but it keeps getting harder to find one.

Heaven goes by favorites, If it didn't then your dog would get in first. Amen.
Scottls's Avatar
Scottls Scottls is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Maybe a little less than Advanced
20-Dec-2007, 01:21 AM #3
Here it is...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:49 AM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
c:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://cc.ad-ware.cc/gjogtlpahZ2E_C3l1yYg.chm::/on.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0034.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1197503068078
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downl...ameManager.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O20 - AppInit_DLLs: C:\WINDOWS\System32\sol718.txt
O21 - SSODL: tkiPLA - {FCCEC30A-5664-69A0-20FE-1234C7FD6457} - C:\WINDOWS\System32\rdfwu.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)

--
End of file - 10771 bytes
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
20-Dec-2007, 01:52 PM #4
Check and "fix" these three items in the scanlog >>

O20 - AppInit_DLLs: C:\WINDOWS\System32\sol718.txt
O21 - SSODL: tkiPLA - {FCCEC30A-5664-69A0-20FE-1234C7FD6457} - C:\WINDOWS\System32\rdfwu.dll (file missing)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe

The one above is particularly important and may be your culprit >> http://www.bleepingcomputer.com/star...exe-20479.html

Reboot and determine if they have stayed removed; special instructions may be needed for the first --

After that, follow these instructions to upload your recent "minidump" files >>

I can run a debugging utility on the dump files if you do this:

1 > create a new folder on the desktop and call it "dumpcheck" or whatever you like
2 > navigate to %systemroot%\minidump and copy the last few minidump files to that folder.%systemroot% is normally c:\windows. They are numbered by date. You can paste that address in address bar to get there.
3 > close the folder and right click on it and select Send to Compressed (zipped) Folder.
4 > use the "manage attachments" in the "advanced" reply window to upload that zip file here as an attachment.

This might point us to a 3rd party driver causing the error, if one exists for it.



>> you may also wish to review the "7E" errors here to see if any bells are rung:

http://aumha.org/a/stop.php#0x7e

Last edited by Rollin' Rog; 20-Dec-2007 at 01:57 PM..
Scottls's Avatar
Scottls Scottls is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Maybe a little less than Advanced
20-Dec-2007, 04:06 PM #5
ok, I did all that...
And it seem to just delete those entries. I also copied the only minidump file that was in the folder you directed me to.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Rollin' Rog's Avatar
Computer Specs
Member with 45,855 posts.
 
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
20-Dec-2007, 08:07 PM #6
You're going to need further help. The fault occured in an unknown and almost certainly malicious driver >>

Quote:
BugCheck 1000007E, {c0000005, 804db548, f88d2bdc, f88d28d8}

*** WARNING: Unable to verify timestamp for Yncw45.sys
*** ERROR: Module load completed but symbols could not be loaded for Yncw45.sys
Probably caused by : Yncw45.sys ( Yncw45+1b80e )
Post another HijackThis scanlog
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,467 posts.
 
Join Date: Aug 2003
20-Dec-2007, 08:22 PM #7
Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet after downloading the program and before scanning.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re-enable the protection again afterwards before connecting to the Internet.

Download ComboFix and save it to your desktop.

**Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running ComboFix.
  • WARNING: IF you have not already done so ComboFix will disconnect your machine from the Internet when it starts.
  • Please do not re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection when Combofix has completely finished then restart your computer to restore the connection.

Double-click on combofix.exe and follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall**
__________________
Microsoft MVP - Consumer Security
Scottls's Avatar
Scottls Scottls is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: Dec 2007
Experience: Maybe a little less than Advanced
21-Dec-2007, 02:45 PM #8
I Can't Believe it, but...
I think we've got it!!! I have to thank you all a 100 times each but what actually fixed the problem was when I ran the ComboFix program. I didn't do anything but what was listed, and I didn't watch it close enough but I did notice it deleted 4 to 6 things and then restarted the computer. I copied the log file afterwards and will post it along with a fresh HijackThis log as well. Out of curiosity I re-enabled the antivirus and firewall. and tried to go online and it worked. I then tested it further by rebooting the machine without disconnecting the ethernet cable and it booted up just fine! Everything seems to be working fine. I even did a couple more updates and listened to some streaming music without any problems. I think I can give it back to her now and tell her that if she can not be more responsible and take care of it with regular maintenance then I will not re responsible for this again. I will also tell her to find those disks and HANG ON TO THEM! Thanks again for all your help everyone!!!!!

here are the logs....

ComboFix 07-12-21.4 - Owner 2007-12-21 11:39:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.211 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\hosts
C:\WINDOWS\system32\bronto.dll
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\YNCW45.sys
C:\WINDOWS\system32\NTSVC.ocx
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\winsub.xml

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_YNCW45


((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-20 14:05 . 2007-12-20 14:06 <DIR> d-------- C:\Autoruns
2007-12-20 11:34 . 2007-12-20 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2007-12-20 11:32 . 2007-12-20 11:32 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2007-12-20 00:04 . 2007-12-20 00:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-19 23:21 . 2003-07-13 01:49 89,184 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-19 23:21 . 2003-07-13 01:49 57,344 --------- C:\WINDOWS\system32\ImageDrive.cpl
2007-12-19 23:21 . 2003-07-13 01:49 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-12-19 23:20 . 2007-12-19 23:20 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-19 23:20 . 2007-12-19 23:21 <DIR> d-------- C:\Program Files\Ahead
2007-12-19 23:20 . 2003-07-13 01:49 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-12-19 23:20 . 2003-07-13 01:49 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-12-19 23:20 . 2003-07-13 01:49 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-12-19 23:20 . 2003-07-13 01:49 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-19 16:13 . 2005-06-21 16:43 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2007-12-19 16:07 . 2007-12-19 16:07 <DIR> d-------- C:\Program Files\Realtek AC97
2007-12-19 13:41 . 2001-08-17 12:11 35,328 --a------ C:\WINDOWS\system32\drivers\pcntpci5.sys
2007-12-19 13:41 . 2001-08-17 12:11 35,328 --a--c--- C:\WINDOWS\system32\dllcache\pcntpci5.sys
2007-12-18 16:21 . 2003-02-13 14:13 59,392 --------- C:\WINDOWS\system32\ltremove.exe
2007-12-18 15:15 . 2007-12-18 15:15 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-18 11:31 . 2007-12-21 11:45 4,310 --a------ C:\WINDOWS\system32\Config.MPF
2007-12-18 11:26 . 2007-12-18 11:26 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-12-18 11:26 . 2007-12-18 11:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2007-12-18 11:26 . 2007-12-18 11:26 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-18 11:26 . 2007-12-18 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-18 11:23 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-18 11:23 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-12-18 11:23 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-18 11:23 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-12-18 11:23 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-18 11:23 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-12-18 11:21 . 2007-12-18 11:22 <DIR> d-------- C:\Program Files\McAfee.com
2007-12-18 11:21 . 2007-12-18 14:22 <DIR> d-------- C:\Program Files\McAfee
2007-12-18 11:21 . 2007-12-18 11:23 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-12-17 21:57 . 2007-12-18 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-17 19:57 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-17 19:57 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-17 19:55 . 2007-12-17 19:55 <DIR> d-------- C:\Program Files\MSBuild
2007-12-17 19:45 . 2007-12-18 17:14 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-17 19:44 . 2007-12-17 19:44 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-17 19:42 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-17 19:41 . 2007-12-17 19:42 <DIR> d-------- C:\dca63250b0e90eeb620cf1e367
2007-12-17 19:41 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-17 19:41 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-17 19:41 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-17 19:40 . 2007-12-17 19:40 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-17 19:37 . 2007-12-17 19:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-17 19:37 . 2007-12-17 19:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-17 15:21 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-12-17 15:21 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2007-12-17 15:21 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2007-12-17 15:21 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2007-12-17 15:21 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-12-17 15:21 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2007-12-17 15:21 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-12-17 14:48 . 2007-12-17 14:48 <DIR> d-------- C:\Program Files\Realtek
2007-12-17 14:47 . 2007-12-17 14:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-12-17 00:35 . 2007-12-17 00:35 <DIR> d-------- C:\Program Files\iPod
2007-12-17 00:35 . 2007-12-17 00:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-12-17 00:35 . 2007-12-21 11:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-17 00:35 . 2007-12-17 00:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-17 00:34 . 2007-12-17 00:35 <DIR> d-------- C:\Program Files\iTunes
2007-12-17 00:33 . 2007-12-17 00:34 <DIR> d-------- C:\Program Files\QuickTime
2007-12-17 00:33 . 2007-12-17 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-17 00:32 . 2007-12-17 00:32 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-17 00:32 . 2007-12-17 00:32 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-17 00:31 . 2007-12-17 00:31 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-17 00:31 . 2007-12-17 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 00:10 . 2007-12-17 00:10 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-16 15:17 . 2007-12-16 15:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-16 11:58 . 2007-12-18 14:42 199,404 --a------ C:\WINDOWS\system32\pghash.dat
2007-12-16 11:58 . 2007-12-17 00:06 85,800 --a------ C:\WINDOWS\system32\pguard.dat
2007-12-16 11:54 . 2007-12-18 14:43 <DIR> d-------- C:\Program Files\ProcessGuard
2007-12-16 11:54 . 2005-01-20 14:13 24,911 --a------ C:\WINDOWS\system32\drivers\procguard.sys
2007-12-16 09:21 . 2007-12-16 09:21 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-16 09:21 . 2003-03-18 16:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-15 20:48 . 2007-12-15 21:03 <DIR> d-------- C:\Program Files\1 Click PC Fix 2007
2007-12-15 15:17 . 2007-12-15 15:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2007-12-15 13:37 . 2007-12-15 13:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-12-15 13:29 . 2007-12-18 09:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-15 13:28 . 2003-04-10 02:00 <DIR> d-------- C:\Documents and Settings\Owner\WINDOWS
2007-12-15 13:28 . 2003-04-10 06:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2007-12-15 13:28 . 2003-04-10 01:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-15 13:28 . 2003-04-10 01:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder
2007-12-15 13:28 . 2003-04-10 02:04 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2007-12-15 13:28 . 2003-04-10 01:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InterTrust
2007-12-15 13:28 . 2007-12-15 13:57 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\interMute
2007-12-15 05:08 . 2007-12-15 05:08 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-12-15 01:13 . 2007-12-15 01:13 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-15 01:13 . 2007-12-15 01:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-15 01:11 . 2007-12-15 01:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-14 09:49 . 2007-12-14 09:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2007-12-14 08:59 . 2007-12-15 11:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-13 15:11 . 2007-08-13 21:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-13 14:58 . 2006-08-21 04:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-12-13 14:58 . 2006-08-21 04:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-12-13 14:58 . 2006-08-21 07:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-12-13 12:35 . 2007-12-13 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-13 12:35 . 2007-12-18 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-13 12:15 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-12 19:50 . 2007-12-12 19:50 <DIR> d-------- C:\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 21:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-18 21:23 --------- d-----w C:\Program Files\PC-Doctor for Windows
2007-12-18 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 05:10 --------- d-----w C:\Program Files\Real
2007-12-17 05:10 --------- d-----w C:\Program Files\Common Files\Real
2007-12-15 19:01 --------- d-----w C:\Program Files\Yahoo!
2007-12-15 19:00 --------- d-----w C:\Program Files\Common Files\Scanner
2007-12-15 18:58 --------- d-----w C:\Program Files\Softex
2007-12-15 18:57 --------- d-----w C:\Program Files\Spyware Cleaner
2007-12-15 18:53 --------- d-----w C:\Program Files\MSN Messenger
2007-12-15 18:30 --------- d-----w C:\Program Files\Easy Internet signup
2007-11-21 00:09 104,320 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-26 16:20 4,124,352 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
1758-04-10 21:37 4,263 --sh--w C:\WINDOWS\windllreg1c.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44]
"KYE_UDSI"="C:\Program Files\USB Storage RW\udsi.exe" [2003-02-21 23:30]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 19:42]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2002-09-27 16:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 06:48]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 22:20]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-22 09:27]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-17 00:08]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 16:57]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 01:49]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 19:38]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-04-10 02:04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 procguard;procguard;C:\WINDOWS\system32\drivers\procguard.sys [2005-01-20 14:13]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Plus V7.1]
C:\WINDOWS\igfxunit32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ViewSonic Explorer V5.3]
C:\WINDOWS\msdtcsw32.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-17 05:32:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 18:30:26 C:\WINDOWS\Tasks\easy Internet sign-up.job"
- C:\PROGRA~1\EASYIN~1\HPSdpApp.exe
"2007-12-18 16:22:34 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-12-18 16:22:32 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-12-21 16:35:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 11:46:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2007-12-21 11:49:48 - machine was rebooted
.
2007-12-18 20:58:26 --- E O F ---
______________________________________________________________________



and...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:00 AM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://cc.ad-ware.cc/gjogtlpahZ2E_C3l1yYg.chm::/on.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0034.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1197503068078
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downl...ameManager.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)

--
End of file - 10135 bytes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,467 posts.
 
Join Date: Aug 2003
21-Dec-2007, 07:38 PM #9
Please disable Windows Defender's real-time protection as it will interfere with the fix. you can re-enable it when we're finished the cleanup.
  • Open Windows Defender
  • Click on "Tools"
  • Click on "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on Real-time protection (recommended)"
  • Click "Save"



Go to Control Panel - Add/Remove programs and remove:

WildTangent


Open Notepad and copy and paste the text in the quote box below into it:

Quote:
File::
C:\WINDOWS\igfxunit32.exe
C:\WINDOWS\msdtcsw32.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Plus V7.1]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ViewSonic Explorer V5.3]
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


Also, please do this:

Go to Start - Search - All Files and Folders and under More advanced search options.
Make sure there is a check by Search System Folders and Search hidden files and folders and Search system subfolders.

Next click on My Computer. Go to Tools - Folder Options. Click on the View tab and make sure that Show hidden files and folders is checked. Also uncheck Hide protected operating system files and Hide extensions for known file types. Now click Apply to all folders. Click Apply then OK.


Now, go to the following link and upload each of the following files for analysis and let me know what the results are please:

http://virusscan.jotti.org/

C:\WINDOWS\windllreg1c.sys
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑