1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer Keeps Crashing Need Help!!

Discussion in 'Virus & Other Malware Removal' started by zackw419, Aug 7, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. zackw419

    zackw419 Thread Starter

    Joined:
    Aug 7, 2006
    Messages:
    9
    ok for a while now my computer's been just randomly shuting down and giving me a blue screen telling me to restart and what not. Ever time i reboot it my virus scanner pops up askin g me if i want to delete "trojan horse download.generic2.EYP and i always heal it but my computer crashes about 3-5 times a day now i ran all my virus scanners and it still wont stop happening. I really need this fixed because ima dj and il be on the final step of recording something and it will just crash. Can someone PLEASE help me with this asap id really appreciate it. I got the hijackthis thing and im not sure if this will help but this is the log

    Logfile of HijackThis v1.99.1
    Scan saved at 4:34:38 PM, on 8/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\System32\LVCOMS.EXE
    C:\WINDOWS\System32\PRISMSVR.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\Program Files\Grisoft\AVG Free\avgwb.dat
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\SKS~1\winspool.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: (no name) - {CF5F2160-B9DB-E22E-A48E-953BF4002791} - C:\WINDOWS\System32\qwtdc.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\huu.dll (file missing)
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {CF5F2160-B9DB-E22E-A48E-953BF4002791} - C:\WINDOWS\System32\qwtdc.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\System32\LVCOMS.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Iasgxyjp] C:\WINDOWS\System32\??sks\winspool.exe
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O20 - AppInit_DLLs: wowexec.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


    if someone could help me id apreciate it soo much. Hiring people to fix my comp is getting expensive and i just cant afford it anymore.

    Thanks.


    P.S. sorry if this is posted in the wrong forum.
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.


    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Run ActiveScan online virus scan: here

    When the scan is finished, save the results from the scan!


    Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
     
  3. zackw419

    zackw419 Thread Starter

    Joined:
    Aug 7, 2006
    Messages:
    9
    Logfile of HijackThis v1.99.1
    Scan saved at 3:40:35 PM, on 8/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\WINDOWS\System32\LVCOMS.EXE
    C:\WINDOWS\System32\PRISMSVR.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: (no name) - {CF5F2160-B9DB-E22E-A48E-953BF4002791} - C:\WINDOWS\System32\qwtdc.dll (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {CF5F2160-B9DB-E22E-A48E-953BF4002791} - C:\WINDOWS\System32\qwtdc.dll (file missing)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\System32\LVCOMS.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O20 - AppInit_DLLs: wowexec.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE






    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 2:33:33 PM 8/8/2006

    + Scan result:



    HKLM\SOFTWARE\KMiNT21 -> Adware.DesktopSpyAgent : Cleaned with backup (quarantined).
    C:\Documents and Settings\Betsy Brightman\Local Settings\Temporary Internet Files\Content.IE5\U9IROVEH\!update-4095[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
    C:\Documents and Settings\Betsy Brightman\Local Settings\temp\!update.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\aѕsembly\chkdsk.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
    C:\Program Files\MsMovies\MsMovies.exe -> Dropper.WinAD.h : Cleaned with backup (quarantined).
    C:\Program Files\MsMovies\p.zip/Video.exe -> Dropper.WinAD.h : Cleaned with backup (quarantined).
    C:\Program Files\MsMovies\v.tmp -> Dropper.WinAD.h : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\windump.exe -> Not-A-Virus.Monitor.Win32.EliteKeylogger.26 : Cleaned with backup (quarantined).
    :mozilla.102:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Betsy Brightman\Cookies\betsy [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Betsy Brightman\Cookies\betsy [email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    :mozilla.89:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.90:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.91:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.92:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.93:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    :mozilla.27:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.28:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.30:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.31:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.32:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.42:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.49:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.50:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.51:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.52:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    :mozilla.78:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    :mozilla.37:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.38:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.39:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.40:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    :mozilla.77:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    :mozilla.70:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.71:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.72:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    :mozilla.103:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.104:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.105:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    :mozilla.10:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    :mozilla.86:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    :mozilla.106:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.107:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.108:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.109:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.110:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.111:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.112:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    :mozilla.113:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.114:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    :mozilla.79:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.80:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    :mozilla.82:C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Betsy Brightman\Cookies\betsy [email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
    C:\WINDOWS\Clearer.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\Clearer.exe -> Trojan.Small : Cleaned with backup (quarantined).


    ::Report end




    ACTIVE SCAN


    Incident Status Location

    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Betsy Brightman\Application Data\Mozilla\Firefox\Profiles\m4q3dxa7.default\cookies.txt[.realmedia.com/]
    Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Betsy Brightman\Application Data\tizupd.bin[Mshtml3.exe]
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  5. zackw419

    zackw419 Thread Starter

    Joined:
    Aug 7, 2006
    Messages:
    9
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    11:34 PM: Shield States
    11:33 PM: Spyware Definitions: 735
    11:32 PM: Spy Sweeper 5.0.5.1286 started
    10:45 PM: | End of Session, Tuesday, August 08, 2006 |
    10:42 PM: Your spyware definitions have been updated.
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    10:35 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST33.tmp". Reason: The process cannot access the file because it is being used by another process
    10:35 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\temp\SST33.tmp.log". Reason: The process cannot access the file because it is being used by another process
    10:35 PM: Warning: S-1-5-21-776561741-484763869-725345543-500 could not be unmapped. Error Code 87
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    10:34 PM: Shield States
    10:34 PM: Spyware Definitions: 691
    10:33 PM: Spy Sweeper 5.0.5.1286 started
    10:33 PM: Spy Sweeper 5.0.5.1286 started
    10:33 PM: | Start of Session, Tuesday, August 08, 2006 |
    ********
    11:26 PM: Removal process completed. Elapsed time 00:12:25
    11:26 PM: Preparing to restart your computer. Please wait...
    11:22 PM: Quarantining All Traces: stopzilla cookie
    11:22 PM: Quarantining All Traces: partypoker cookie
    11:22 PM: Quarantining All Traces: purityscan
    11:22 PM: Quarantining All Traces: family keylogger
    11:22 PM: Quarantining All Traces: trojan-downloader-moneymind
    11:22 PM: Failed to quarantine HKLM: system\currentcontrolset\services\usbkbd\
    11:22 PM: Failed to quarantine HKLM: system\currentcontrolset\services\tdiip\
    11:22 PM: c:\windows\system32\mciole.dll is in use. It will be removed on reboot.
    11:22 PM: c:\windows\system32\drivers\extfs.sys is in use. It will be removed on reboot.
    11:22 PM: c:\windows\system32\drivers\tdiip.sys is in use. It will be removed on reboot.
    11:22 PM: c:\windows\system32\drivers\usbkbd.sys is in use. It will be removed on reboot.
    11:22 PM: c:\windows\system32\mscache.sys is in use. It will be removed on reboot.
    11:22 PM: Failed to quarantine elite keylogger
    11:22 PM: Warning: TBZipFileCompressor.Compress: Cannot compress a file or directory that does not exist (C:\WINDOWS\temp\SST97).
    11:22 PM: Warning: TBZipFileCompressor.Compress: Cannot compress a file or directory that does not exist (C:\WINDOWS\temp\SST90).
    11:14 PM: Quarantining All Traces: elite keylogger
    11:14 PM: Removal process initiated
    11:11 PM: Traces Found: 17
    11:11 PM: Full Sweep has completed. Elapsed time 00:26:13
    11:11 PM: File Sweep Complete, Elapsed Time: 00:22:31
    11:08 PM: Warning: Failed to access drive E:
    11:08 PM: Warning: Failed to access drive D:
    11:07 PM: Warning: Failed to open file "c:\documents and settings\betsy brightman\local settings\temp\~dfa56e.tmp". The operation completed successfully
    11:07 PM: Warning: Failed to open file "c:\documents and settings\betsy brightman\application data\mozilla\firefox\profiles\m4q3dxa7.default\parent.lock". The operation completed successfully
    11:07 PM: c:\windows\system32\mciole.dll (ID = 135832)
    11:07 PM: C:\System Volume Information\_restore{df95ae74-32de-49f1-acd5-25a85b909264}\RP510\A0102201.exe (ID = 184400)
    10:58 PM: c:\windows\system32\drivers\extfs.sys (ID = 184401)
    10:58 PM: c:\windows\system32\drivers\tdiip.sys (ID = 184402)
    10:56 PM: C:\System Volume Information\_restore{df95ae74-32de-49f1-acd5-25a85b909264}\RP510\A0102190.exe (ID = 450)
    10:55 PM: c:\windows\system32\drivers\usbkbd.sys (ID = 184403)
    10:55 PM: c:\windows\system32\mscache.sys (ID = 126080)
    10:51 PM: C:\System Volume Information\_restore{df95ae74-32de-49f1-acd5-25a85b909264}\RP510\A0102197.exe (ID = 320646)
    10:51 PM: Found Adware: purityscan
    10:49 PM: C:\WINDOWS\system32\CTF (3 subtraces) (ID = 2147486304)
    10:49 PM: Found System Monitor: family keylogger
    10:49 PM: Starting File Sweep
    10:49 PM: Warning: Failed to access drive A:
    10:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
    10:49 PM: c:\documents and settings\betsy brightman\cookies\betsy [email protected][1].txt (ID = 3466)
    10:49 PM: Found Spy Cookie: stopzilla cookie
    10:49 PM: c:\documents and settings\betsy brightman\cookies\betsy [email protected][2].txt (ID = 3111)
    10:49 PM: Found Spy Cookie: partypoker cookie
    10:49 PM: Starting Cookie Sweep
    10:49 PM: Registry Sweep Complete, Elapsed Time:00:00:51
    10:49 PM: HKU\S-1-5-21-776561741-484763869-725345543-1004\software\xjado\ (ID = 144725)
    10:49 PM: Found Trojan Horse: trojan-downloader-moneymind
    10:48 PM: HKLM\system\currentcontrolset\services\usbkbd\ (ID = 610091)
    10:48 PM: HKLM\system\currentcontrolset\services\tdiip\ (ID = 610070)
    10:48 PM: Found System Monitor: elite keylogger
    10:48 PM: Starting Registry Sweep
    10:48 PM: Memory Sweep Complete, Elapsed Time: 00:02:33
    10:45 PM: Starting Memory Sweep
    10:45 PM: Sweep initiated using definitions version 735
    10:45 PM: Spy Sweeper 5.0.5.1286 started
    10:45 PM: | Start of Session, Tuesday, August 08, 2006 |
    ********




    Logfile of HijackThis v1.99.1
    Scan saved at 11:47:07 PM, on 8/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\System32\LVCOMS.EXE
    C:\WINDOWS\System32\PRISMSVR.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: (no name) - {CF5F2160-B9DB-E22E-A48E-953BF4002791} - C:\WINDOWS\System32\qwtdc.dll (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {CF5F2160-B9DB-E22E-A48E-953BF4002791} - C:\WINDOWS\System32\qwtdc.dll (file missing)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [YBrowser] "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\System32\LVCOMS.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Tweak UI] "RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O20 - AppInit_DLLs: wowexec.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    R3 - URLSearchHook: (no name) - {CF5F2160-B9DB-E22E-A48E-953BF4002791} - C:\WINDOWS\System32\qwtdc.dll (file missing)

    O2 - BHO: (no name) - {CF5F2160-B9DB-E22E-A48E-953BF4002791} - C:\WINDOWS\System32\qwtdc.dll (file missing)

    O20 - AppInit_DLLs: wowexec.dll


    Close Hijack This.

    Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.
    • Save it to your desktop.
    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


      C:\WINDOWS\System32\wowexec.dll

    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

    Post a new Hijack This log.
     
  7. zackw419

    zackw419 Thread Starter

    Joined:
    Aug 7, 2006
    Messages:
    9
    Logfile of HijackThis v1.99.1
    Scan saved at 8:35:01 PM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\System32\LVCOMS.EXE
    C:\WINDOWS\System32\PRISMSVR.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [YBrowser] "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\System32\LVCOMS.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Tweak UI] "RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE






    and yes i did recieve the PendingFileRenameOperations prompt
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    How are things now?
     
  9. zackw419

    zackw419 Thread Starter

    Joined:
    Aug 7, 2006
    Messages:
    9
    Great I havn't had it crash for a couple days :) i think its fixed. One thing though could u post up a good free virus/spyware all that protecter just so it doesnt happen again? and also a popup blocker there is a free one.


    I really really really apreciate your help man.
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You're welcome :)

    Read here on How to tighten your computer's security settings: http://forums.techguy.org/t208517.html

    Security Help Tools: http://forums.techguy.org/security/110854-security-help-tools.html

    Now turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer.

    Turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

    You can mark your thread "Solved" from the Thread Tools drop down menu.
     
  11. zackw419

    zackw419 Thread Starter

    Joined:
    Aug 7, 2006
    Messages:
    9
    i dont see a system restore tab..was i supposed to do somthing in one of the urls? because i havnt had time to read them.
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    There's helpful info in the urls.

    Click Start, Run and type REGEDIT and press Enter
    Navigate to the following key:
    HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows NT \ SystemRestore

    In the right-pane:
    Delete the value DisableConfig
    Delete the value DisableSR
    For Windows XP Professional, you can accomplish the above using Group Policy Editor as well.

    Click Start, Run and type GPEDIT.MSC
    Navigate to this path:
    => Computer Configuration
    ==> Administrative Templates
    ===> System
    ====> System Restore

    Set Turn off System Restore to Not Configured
    Set Turn off Configuration to Not Configured
     
  13. zackw419

    zackw419 Thread Starter

    Joined:
    Aug 7, 2006
    Messages:
    9
    i cant open it it says it encountered an illigal instruction?
     
  14. zackw419

    zackw419 Thread Starter

    Joined:
    Aug 7, 2006
    Messages:
    9
    c/windows/system32/regedit.com
    the ntvdm cdu has encountered an illegal instruction

    cs:0551 IP:9c3f OP:0f 04 00 10 04
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Boot into Safe Mode.

    Please double-click Killbox.exe to run it.
    Select:
    Delete on Reboot
    then Click on the All Files button.
    Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\WINDOWS\system32\CMD.COM
    C:\WINDOWS\system32\netstat.com
    C:\WINDOWS\system32\ping.com
    C:\WINDOWS\system32\regedit.com
    C:\WINDOWS\system32\tasklist.com
    C:\WINDOWS\system32\taskkill.com
    C:\WINDOWS\system32\tracert.com
    C:\WINDOWS\system32\bszip.dll




    Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

    Post a new Hijack This log.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490310

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice