|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Crashes
ok i was told to put my hijack this log into here so someone could look it over and possibly help me figure out whats wrong with my computer and why it crashes so much.
Logfile of HijackThis v1.99.1 Scan saved at 12:13:03 PM, on 3/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINDOWS\inteldev\DevStat.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Visitor\My Documents\aim\aim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://empnads.com/servlet/ajrotator...?zone=enternet O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [Intel Device Agent] C:\WINDOWS\inteldev\DevStat.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Visitor\My Documents\aim\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1119843217078 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1120625253702 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...19/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
#2
|
||||
|
||||
Howdy ZachDavis,
There is an indicator of infection showing in that log. We'll work on that, and see how it impacts your other problem. Please do the following. Close all open windows and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis. R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://empnads.com/servlet/ajrotator...?zone=enternet O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer. Then go here and download LQFix.exe to your Desktop. Once you have done that, remain connected to the Internet and doubleclick on LQfix.exe. Click Next and follow the prompts. Leave the default settings. If you change them, the fix will fail. Make sure 'Launch LQfix' is checked and after clicking Finish, the fix will start. Follow the prompts on the screen. Your system will reboot afterwards however it may take longer than usual to start up this one time so please be patient. Then run a new scan with HijackThis and post that here, and provide an update on how your system is doing at this point. |
#3
|
|||
|
|||
here it is i dont know how its working will reply soon
Logfile of HijackThis v1.99.1 Scan saved at 9:44:13 PM, on 3/15/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\inteldev\DevStat.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\MSN Messenger\msnmsgr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [Intel Device Agent] C:\WINDOWS\inteldev\DevStat.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Visitor\My Documents\aim\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1119843217078 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1120625253702 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...19/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
#4
|
|||
|
|||
still restarting here is event log
The following boot-start or system-start driver(s) failed to load: szkg For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. 1394 Net Adapter : Has determined that the adapter is not functioning properly. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The computer has rebooted from a bugcheck. The bugcheck was: 0x000000cd (0x96e6b000, 0x00000000, 0x804da2c0, 0x00000000). A full dump was not saved. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The IMAPI CD-Burning COM Service service entered the stopped state. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. |
#5
|
|||
|
|||
there are more around the time of the crash
|
#6
|
||||
|
||||
Go here and download WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.
When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in this thread. |
#7
|
|||
|
|||
here it is part 1
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... UPX! 2/14/2006 10:52:14 PM 158312 C:\WINDOWS\ExeDialer.exe PECompact2 2/10/2005 12:04:06 AM 12753493 C:\WINDOWS\LPT$VPN.400 qoologic 2/10/2005 12:04:06 AM 12753493 C:\WINDOWS\LPT$VPN.400 SAHAgent 2/10/2005 12:04:06 AM 12753493 C:\WINDOWS\LPT$VPN.400 UPX! 2/10/2005 7:07:02 AM 170053 C:\WINDOWS\tsc.exe PECompact2 2/10/2005 12:04:06 AM 12753493 C:\WINDOWS\VPTNFILE.400 qoologic 2/10/2005 12:04:06 AM 12753493 C:\WINDOWS\VPTNFILE.400 SAHAgent 2/10/2005 12:04:06 AM 12753493 C:\WINDOWS\VPTNFILE.400 UPX! 2/10/2005 7:07:02 AM 1044560 C:\WINDOWS\vsapi32.dll aspack 2/10/2005 7:07:02 AM 1044560 C:\WINDOWS\vsapi32.dll Checking %System% folder... SAHAgent 9/30/2005 6:18:26 PM 3389 C:\WINDOWS\SYSTEM32\909fbt3h.ini UPX! 7/24/2005 8:11:34 PM 135680 C:\WINDOWS\SYSTEM32\ANSMTP.dll SAHAgent 9/30/2005 5:58:24 PM 35 C:\WINDOWS\SYSTEM32\cphu6m1p.ini aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll PEC2 8/23/2001 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PEC2 1/6/2006 9:06:34 AM 573952 C:\WINDOWS\SYSTEM32\DivX.dll PECompact2 1/6/2006 9:06:34 AM 573952 C:\WINDOWS\SYSTEM32\DivX.dll UPX! 2/14/2006 10:52:14 PM 72192 C:\WINDOWS\SYSTEM32\EGDACCESS_1074.dll SAHAgent 9/30/2005 5:58:24 PM 35 C:\WINDOWS\SYSTEM32\ggbncm9a.ini PTech 2/14/2006 9:20:14 AM 550120 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll PECompact2 3/9/2006 4:10:36 PM 4799320 C:\WINDOWS\SYSTEM32\MRT.exe aspack 3/9/2006 4:10:36 PM 4799320 C:\WINDOWS\SYSTEM32\MRT.exe aspack 8/3/2004 11:56:38 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll qoologic 2/9/2005 11:23:50 AM 8344768 C:\WINDOWS\SYSTEM32\pav.sig aspack 2/9/2005 11:23:50 AM 8344768 C:\WINDOWS\SYSTEM32\pav.sig SAHAgent 2/9/2005 11:23:50 AM 8344768 C:\WINDOWS\SYSTEM32\pav.sig winsync 2/9/2005 11:23:50 AM 8344768 C:\WINDOWS\SYSTEM32\pav.sig Umonitor 8/3/2004 11:56:46 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 8/23/2001 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... PTech 8/3/2004 9:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla*** Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 3/15/2006 9:56:02 PM S 2048 C:\WINDOWS\bootstat.dat 2/3/2006 11:41:00 PM S 183296 C:\WINDOWS\NDNuninstall7_22.exe 3/15/2006 11:19:02 PM H 54156 C:\WINDOWS\QTFont.qfn 3/16/2006 7:25:32 PM HS 7680 C:\WINDOWS\Thumbs.db 1/30/2006 8:54:04 PM HS 6656 C:\WINDOWS\$NtServicePackUninstall$\Thumbs.db 3/10/2006 4:47:42 PM HS 6656 C:\WINDOWS\BDOSCAN8\Thumbs.db 2/8/2006 11:22:48 PM HS 7168 C:\WINDOWS\Help\Thumbs.db 1/30/2006 8:53:58 PM HS 5120 C:\WINDOWS\SHELLNEW\Thumbs.db 3/15/2006 9:56:28 PM H 38354 C:\WINDOWS\system32\vsconfig.xml 3/13/2006 5:34:26 PM H 4212 C:\WINDOWS\system32\zllictbl.dat 2/14/2006 9:20:42 AM S 7086 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WGA.cat 3/16/2006 11:28:48 AM H 1024 C:\WINDOWS\system32\config\default.LOG 3/16/2006 7:23:32 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG 3/15/2006 10:04:12 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 3/16/2006 7:43:20 PM H 1024 C:\WINDOWS\system32\config\software.LOG 3/16/2006 7:35:24 PM H 1024 C:\WINDOWS\system32\config\system.LOG 3/14/2006 10:00:32 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.da t.LOG 3/6/2006 9:33:22 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\7431decf-880c-4d36-b049-0810370fa65d 3/6/2006 9:33:22 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 3/16/2006 7:00:02 PM H 270 C:\WINDOWS\Tasks\D8FE67DF91366E8F.job 3/15/2006 9:56:04 PM H 6 C:\WINDOWS\Tasks\SA.DAT 1/30/2006 8:53:58 PM HS 7680 C:\WINDOWS\Web\Thumbs.db Checking for CPL files... Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Intel Corporation 2/10/2004 9:53:24 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 4/13/2005 3:48:52 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 8/23/2001 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 8/23/2001 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Ahead Software AG 10/9/2002 1:36:14 PM 57344 C:\WINDOWS\SYSTEM32\NeroBurnRights.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl NVIDIA Corporation 1/9/2005 4:32:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 8/23/2001 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl Intel(R) Corporation 10/23/2002 9:06:36 AM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 8/23/2001 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Texas Instruments Incorporated 4/29/2004 12:51:28 AM 32768 C:\WINDOWS\SYSTEM32\TIControlPanel.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 8/3/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 8/23/2001 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 8/23/2001 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 8/23/2001 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 8/23/2001 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl Intel Corporation 2/10/2004 9:53:24 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFi les\igfxcpl.cpl |
#8
|
|||
|
|||
part 2
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 9/16/2004 9:17:34 PM 793 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk 3/15/2005 9:32:42 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk 9/12/2004 7:13:42 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini 1/18/2006 7:12:36 PM 794 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 9/12/2004 12:01:12 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini 10/4/2005 3:25:22 PM 1379 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 1/31/2006 6:08:18 PM 988 C:\Documents and Settings\Visitor\Start Menu\Programs\Startup\Adobe Gamma.lnk 9/12/2004 7:13:42 PM HS 84 C:\Documents and Settings\Visitor\Start Menu\Programs\Startup\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 9/5/2005 6:02:12 PM 326 C:\Documents and Settings\Visitor\Application Data\AdobeDLM.log 9/12/2004 12:01:12 PM HS 62 C:\Documents and Settings\Visitor\Application Data\desktop.ini 11/27/2005 2:24:04 AM 20 C:\Documents and Settings\Visitor\Application Data\EV Nova License.lcs 12/5/2005 5:19:10 PM 140 C:\Documents and Settings\Visitor\Application Data\EV Nova Prefs.prf »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform] SV1 = acc=vonner = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Of fline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Qu ickLoad {0f0a4d40-adf0-4e8f-98d8-7208b98be01e} = C:\WINDOWS\system32\mscoree.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Wi nRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Wi nZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Ya hoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZL AVShExt {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a 2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\SpySweeper {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\ZLAVShExt {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} ButtonText = Yahoo! Services : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} MenuText = Uninstall BitDefender Online Scanner v8 : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} ButtonText = Research : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} ButtonText = AIM : C:\Documents and Settings\Visitor\My Documents\aim\aim.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = : {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] IgfxTray C:\WINDOWS\System32\igfxtray.exe HotKeysCmds C:\WINDOWS\System32\hkcmd.exe Smapp C:\Program Files\Analog Devices\SoundMAX\Smtray.exe IMONTRAY C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe PRONoMgr.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe Intel Device Agent C:\WINDOWS\inteldev\DevStat.exe QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] ctfmon.exe C:\WINDOWS\system32\ctfmon.exe Steam Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet Subliminal Master "C:\Program Files\Subliminal Master\smTray.exe" /s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to type32.exe.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to type32.exe.lnk backup C:\WINDOWS\pss\Shortcut to type32.exe.lnkCommon Startup location Common Startup command C:\PROGRA~1\MI758C~1\type32.exe item Shortcut to type32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item jusched hkey HKLM command C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item jusched hkey HKLM command C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item realsched hkey HKLM command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item realsched hkey HKLM command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinService32 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item svchost hkey HKLM command svchost inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item svchost hkey HKLM command svchost inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ypager hkey HKCU command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ypager hkey HKCU command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ext HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700} 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system dontdisplaylastusername 1 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer NoDriveTypeAutoRun 145 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\NonEnum {645FF040-5081-101B-9F08-00AA002F954E} = shell32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui = igfxsrvc.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 3/16/2006 7:51:03 PM |
#9
|
||||
|
||||
That found some more, and some to be checked on. Please do the following.
Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" Go to this SITE. Click on the Browse button, and navigate to the following hilighted file(s), upload and submit it. Copy the results with the notepad and copy/paste them back here. C:\WINDOWS\SYSTEM32\909fbt3h.ini C:\WINDOWS\SYSTEM32\cphu6m1p.ini C:\WINDOWS\SYSTEM32\ggbncm9a.ini Open HijackThis, and choose None of the above, just start the program. Click Config – Misc Tools - Delete File on Reboot. Navigate to each of the following files, double-click on each, say No to reboot until the last file, say Yes and allow it to reboot. C:\WINDOWS\ExeDialer.exe C:\WINDOWS\SYSTEM32\EGDACCESS_1074.dll C:\WINDOWS\NDNuninstall7_22.exe After the reboot, Go here for an online AV scan. Scan "Local Disks" and when finished save the scan log and then post the log here. |
#10
|
|||
|
|||
Service load: 0% 100%
File: 909fbt3h.ini Status: OK MD5 31afe9d749a8f105f60903ab05a0d4ff Packers detected: - Service Service load: 0% 100% File: cphu6m1p.ini Status: OK MD5 38d2a3cc699649e19ec32e74ace72ebe Packers detected: - Service load: 0% 100% File: ggbncm9a.ini Status: INFECTED/MALWARE MD5 a0042462a5c4ec85e59f2365fb326d7e Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Sahat.ao NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found nothing |
#11
|
||||
|
||||
We'll let those be for now. Please do the following.
Download : HOSTER, and have it ready for use. Download Killbox from http://www.bleepingcomputer.com/file...re/KillBox.zip, unzip the file to your Desktop and click on it to run. Next, download the trial version of Ewido Security Suite from here and install it. When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu". Launch Ewido, (there should be an icon on your desktop, doubleclick it). The program will now go to the main screen. You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido. ewido manual updates http://www.ewido.net/en/download/updates/. Do not run a scan yet. ------------------------------------------------------------------ Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode). Run Hoster. Press the Restore Original Hosts button and then press the OK button. Now run Killbox. Click on Tools - Delete Temp Files. Then click Options - Check ALL Options. Next, click the Delete Selected Temp Files button. Using the dropdown box, repeat these steps for all users listed. Run Ewido. Click on scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido. Then reboot, and post back here the Ewido log please. |
#12
|
|||
|
|||
---------------------------------------------------------
ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 9:15:41 PM, 3/21/2006 + Report-Checksum: E6C77E15 + Scan result: C:\Documents and Settings\Leslie\Local Settings\Temp\Cookies\leslie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temp\Cookies\leslie@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temp\Cookies\leslie@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\DJBB5P82\content[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\I1SVE1A1\tbd_web[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\I1SVE1A1\tbd_web[2].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\I1SVE1A1\tbd_web[3].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\I1SVE1A1\tbd_web[4].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\I1SVE1A1\tbd_web[5].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\I1SVE1A1\tbd_web[6].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\IJAJA96F\prompt[1].php -> Downloader.WinAD.a : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\SD8747SF\818b23d18ff0527ee22e445 2e5f2804c[1].js -> Downloader.Small.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\CoffeeTycoon_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[1].js -> Downloader.IstBar.ad : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[2].js -> Downloader.IstBar.ad : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[3].js -> Downloader.IstBar.ad : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[4].js -> Downloader.IstBar.ad : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[6].js -> Downloader.IstBar.ad : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[7].js -> Downloader.IstBar.ad : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[8].js -> Downloader.IstBar.ad : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[9].js -> Downloader.IstBar.ad : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[10].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[11].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[12].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[13].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[14].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[15].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[16].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[1].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[2].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[3].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[4].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[5].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[6].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[7].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[8].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[9].js -> Downloader.IstBar.af : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\mtrslib2[1].js -> Downloader.Small.ag : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\mtrslib2[2].js -> Downloader.Small.ag : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\mtrslib2[3].js -> Downloader.Small.ag : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\mtrslib2[4].js -> Downloader.Small.ag : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\prompt[2].htm -> Downloader.IstBar.j : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\prompt[3].htm -> Downloader.IstBar.j : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\prompt[4].htm -> Downloader.IstBar.j : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\prompt[5].htm -> Downloader.IstBar.j : Cleaned with backup C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\prompt[6].htm -> Downloader.IstBar.j : Cleaned with backup C:\Documents and Settings\Visitor\Cookies\visitor@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Visitor\My Documents\Instant-Access.exe -> Dialer.InstantAccess.m : Cleaned with backup C:\Documents and Settings\Visitor\My Documents\MyTiData\Halo_CE_www[1].crack.cd_.zip/gqmn.exe -> Downloader.INService : Cleaned with backup C:\Documents and Settings\Visitor\My Documents\MyTiData\Halo_www[1].crack.cd_.zip/frex.exe -> Downloader.INService : Cleaned with backup C:\Downloads\CoffeeTycoon_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup C:\OldDriveC\Documents and Settings\alison\Cookies\alison@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup C:\OldDriveC\Documents and Settings\alison\Cookies\alison@ads.euniverseads[2].txt -> TrackingCookie.Euniverseads : Cleaned with backup C:\OldDriveC\Documents and Settings\alison\Cookies\alison@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\OldDriveC\Documents and Settings\alison\Cookies\alison@www.myaffiliateprog ram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\OldDriveC\Documents and Settings\alison\Cookies\alison@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\OldDriveC\Documents and Settings\alison\Cookies\alison@www2.enigmasoftware group[2].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned with backup C:\OldDriveC\Documents and Settings\alison\Local Settings\Temp\Cookies\alison@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@-1shz2prbmdj6wvny-1sez2pra2dj6wfk4skazkfog-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@-1shz2prbmdj6wvny-1sez2pra2dj6wjmiklcjkgpw-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1idzwgoaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1sdjcdow2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@-1shz2prbmdj6wvny-1sez2pra2dj6wjnyeocjwgqa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@-1shz2prbmdj6wvny-1sez2pra2dj6wjnyopczwdoa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4epajihpwydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4uhcpakogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkycmdzegpwidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkykgdzcbpqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyopczicpgudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4khazoeoa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoakdzaapwwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocnajoeoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyepc5mkpawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyqidjgfpg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4epdpwbow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliemdjelpqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlogpazmdpgudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokkd5egqqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloqmdjafoqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloskdzigqaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyegajgaogydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqldjsapgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmisgd5ecowydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqjajieqqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Program Files\Common Files\Download\freeprodtb.exe -> Adware.Maxifiles : Cleaned with backup C:\Program Files\Microsoft Games\block-checker-xp.exe/2 -> Adware.Chiem : Cleaned with backup C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Cleaned with backup C:\Program Files\VVSN\VVSN.exe -> Adware.SaveNow : Cleaned with backup ::Report End |
#13
|
||||
|
||||
Ewido didn't pick up on that file you identified as possibly a bad one earlier, so we'll delete it now. Been trying to make sure infection is not the cause of your crash problems all along. Am curious about the following, and would like to eliminate all avenues before I recommened rejoining your existing XP forum thread with this problem.
Quote:
Let's do the following. Do a search ( Start - Search/Find - Files or Folders) for the following hilighted files/folders (shown in Bold), and if found, delete them. C:\WINDOWS\SYSTEM32\ggbncm9a.ini Then go here and download RootKit Revealer. Once downloaded, unzip the files to their own folder and rename RootKitRevealer.exe to zach.exe. The reason for this is that some rootkit trojans can detect this program and hide themselves from it. When you have done this, click on Options and make sure that "Hide Standard NTFS Metadata Files" and "Scan Registry" are both checked. When preparing to scan, make sure all other running programs are closed, and no other actions (like a scheduled AV scan) will occur while this scan completes. Do not use your computer during the scan. Click on scan and let it scan your drive (it will take a while so be patient). When it has finished, go to File > Save, save the log and post it in this thread. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Crashes | palmettocgirl | Windows Vista | 0 | October 2nd, 2009 08:14 PM |
My Pc Crashes | chevybob98 | Windows XP | 2 | April 29th, 2007 01:42 AM |
WMP 11 Crashes | dudeking | Windows XP | 2 | January 28th, 2007 12:54 PM |
Explorer crashes and crashes again... | Phoen1x | Windows XP | 20 | July 1st, 2006 03:21 PM |
Everything crashes | TangerineDream | Windows XP | 0 | November 1st, 2004 11:42 AM |
All times are GMT +1. The time now is 04:52 PM.