Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old March 15th, 2006, 06:53 AM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
Exclamation Crashes

ok i was told to put my hijack this log into here so someone could look it over and possibly help me figure out whats wrong with my computer and why it crashes so much.


Logfile of HijackThis v1.99.1
Scan saved at 12:13:03 PM, on 3/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\inteldev\DevStat.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Visitor\My Documents\aim\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://empnads.com/servlet/ajrotator...?zone=enternet
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Intel Device Agent] C:\WINDOWS\inteldev\DevStat.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Visitor\My Documents\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1119843217078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1120625253702
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...19/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Reply With Quote
  #2  
Old March 15th, 2006, 06:48 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Howdy ZachDavis,


There is an indicator of infection showing in that log. We'll work on that, and see how it impacts your other problem. Please do the following.


Close all open windows and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://empnads.com/servlet/ajrotator...?zone=enternet
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.



Then go here and download LQFix.exe to your Desktop. Once you have done that, remain connected to the Internet and doubleclick on LQfix.exe. Click Next and follow the prompts. Leave the default settings. If you change them, the fix will fail. Make sure 'Launch LQfix' is checked and after clicking Finish, the fix will start. Follow the prompts on the screen. Your system will reboot afterwards however it may take longer than usual to start up this one time so please be patient.


Then run a new scan with HijackThis and post that here, and provide an update on how your system is doing at this point.
Reply With Quote
  #3  
Old March 16th, 2006, 06:44 AM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
here it is i dont know how its working will reply soon

Logfile of HijackThis v1.99.1
Scan saved at 9:44:13 PM, on 3/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\inteldev\DevStat.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\MSN Messenger\msnmsgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Intel Device Agent] C:\WINDOWS\inteldev\DevStat.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Visitor\My Documents\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.1.2.76.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1119843217078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1120625253702
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...19/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Reply With Quote
  #4  
Old March 16th, 2006, 07:08 AM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
still restarting here is event log


The following boot-start or system-start driver(s) failed to load:
szkg

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



1394 Net Adapter : Has determined that the adapter is not functioning properly.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.




The computer has rebooted from a bugcheck. The bugcheck was: 0x000000cd (0x96e6b000, 0x00000000, 0x804da2c0, 0x00000000). A full dump was not saved.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The IMAPI CD-Burning COM Service service entered the stopped state.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Reply With Quote
  #5  
Old March 16th, 2006, 07:08 AM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
there are more around the time of the crash
Reply With Quote
  #6  
Old March 16th, 2006, 12:34 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Go here and download WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in this thread.
Reply With Quote
  #7  
Old March 17th, 2006, 07:03 AM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
here it is part 1

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 2/14/2006 10:52:14 PM 158312 C:\WINDOWS\ExeDialer.exe
PECompact2 2/10/2005 12:04:06 AM 12753493 C:\WINDOWS\LPT$VPN.400
qoologic 2/10/2005 12:04:06 AM 12753493 C:\WINDOWS\LPT$VPN.400
SAHAgent 2/10/2005 12:04:06 AM 12753493 C:\WINDOWS\LPT$VPN.400
UPX! 2/10/2005 7:07:02 AM 170053 C:\WINDOWS\tsc.exe
PECompact2 2/10/2005 12:04:06 AM 12753493 C:\WINDOWS\VPTNFILE.400
qoologic 2/10/2005 12:04:06 AM 12753493 C:\WINDOWS\VPTNFILE.400
SAHAgent 2/10/2005 12:04:06 AM 12753493 C:\WINDOWS\VPTNFILE.400
UPX! 2/10/2005 7:07:02 AM 1044560 C:\WINDOWS\vsapi32.dll
aspack 2/10/2005 7:07:02 AM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
SAHAgent 9/30/2005 6:18:26 PM 3389 C:\WINDOWS\SYSTEM32\909fbt3h.ini
UPX! 7/24/2005 8:11:34 PM 135680 C:\WINDOWS\SYSTEM32\ANSMTP.dll
SAHAgent 9/30/2005 5:58:24 PM 35 C:\WINDOWS\SYSTEM32\cphu6m1p.ini
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 8/23/2001 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 1/6/2006 9:06:34 AM 573952 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 1/6/2006 9:06:34 AM 573952 C:\WINDOWS\SYSTEM32\DivX.dll
UPX! 2/14/2006 10:52:14 PM 72192 C:\WINDOWS\SYSTEM32\EGDACCESS_1074.dll
SAHAgent 9/30/2005 5:58:24 PM 35 C:\WINDOWS\SYSTEM32\ggbncm9a.ini
PTech 2/14/2006 9:20:14 AM 550120 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 3/9/2006 4:10:36 PM 4799320 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 3/9/2006 4:10:36 PM 4799320 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/3/2004 11:56:38 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
qoologic 2/9/2005 11:23:50 AM 8344768 C:\WINDOWS\SYSTEM32\pav.sig
aspack 2/9/2005 11:23:50 AM 8344768 C:\WINDOWS\SYSTEM32\pav.sig
SAHAgent 2/9/2005 11:23:50 AM 8344768 C:\WINDOWS\SYSTEM32\pav.sig
winsync 2/9/2005 11:23:50 AM 8344768 C:\WINDOWS\SYSTEM32\pav.sig
Umonitor 8/3/2004 11:56:46 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 9:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
3/15/2006 9:56:02 PM S 2048 C:\WINDOWS\bootstat.dat
2/3/2006 11:41:00 PM S 183296 C:\WINDOWS\NDNuninstall7_22.exe
3/15/2006 11:19:02 PM H 54156 C:\WINDOWS\QTFont.qfn
3/16/2006 7:25:32 PM HS 7680 C:\WINDOWS\Thumbs.db
1/30/2006 8:54:04 PM HS 6656 C:\WINDOWS\$NtServicePackUninstall$\Thumbs.db
3/10/2006 4:47:42 PM HS 6656 C:\WINDOWS\BDOSCAN8\Thumbs.db
2/8/2006 11:22:48 PM HS 7168 C:\WINDOWS\Help\Thumbs.db
1/30/2006 8:53:58 PM HS 5120 C:\WINDOWS\SHELLNEW\Thumbs.db
3/15/2006 9:56:28 PM H 38354 C:\WINDOWS\system32\vsconfig.xml
3/13/2006 5:34:26 PM H 4212 C:\WINDOWS\system32\zllictbl.dat
2/14/2006 9:20:42 AM S 7086 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WGA.cat
3/16/2006 11:28:48 AM H 1024 C:\WINDOWS\system32\config\default.LOG
3/16/2006 7:23:32 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
3/15/2006 10:04:12 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
3/16/2006 7:43:20 PM H 1024 C:\WINDOWS\system32\config\software.LOG
3/16/2006 7:35:24 PM H 1024 C:\WINDOWS\system32\config\system.LOG
3/14/2006 10:00:32 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.da t.LOG
3/6/2006 9:33:22 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\7431decf-880c-4d36-b049-0810370fa65d
3/6/2006 9:33:22 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
3/16/2006 7:00:02 PM H 270 C:\WINDOWS\Tasks\D8FE67DF91366E8F.job
3/15/2006 9:56:04 PM H 6 C:\WINDOWS\Tasks\SA.DAT
1/30/2006 8:53:58 PM HS 7680 C:\WINDOWS\Web\Thumbs.db

Checking for CPL files...
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 2/10/2004 9:53:24 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 4/13/2005 3:48:52 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Ahead Software AG 10/9/2002 1:36:14 PM 57344 C:\WINDOWS\SYSTEM32\NeroBurnRights.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 1/9/2005 4:32:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/23/2001 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel(R) Corporation 10/23/2002 9:06:36 AM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Texas Instruments Incorporated 4/29/2004 12:51:28 AM 32768 C:\WINDOWS\SYSTEM32\TIControlPanel.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/3/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 2/10/2004 9:53:24 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFi les\igfxcpl.cpl
Reply With Quote
  #8  
Old March 17th, 2006, 07:03 AM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
part 2

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/16/2004 9:17:34 PM 793 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
3/15/2005 9:32:42 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
9/12/2004 7:13:42 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
1/18/2006 7:12:36 PM 794 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/12/2004 12:01:12 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
10/4/2005 3:25:22 PM 1379 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
1/31/2006 6:08:18 PM 988 C:\Documents and Settings\Visitor\Start Menu\Programs\Startup\Adobe Gamma.lnk
9/12/2004 7:13:42 PM HS 84 C:\Documents and Settings\Visitor\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
9/5/2005 6:02:12 PM 326 C:\Documents and Settings\Visitor\Application Data\AdobeDLM.log
9/12/2004 12:01:12 PM HS 62 C:\Documents and Settings\Visitor\Application Data\desktop.ini
11/27/2005 2:24:04 AM 20 C:\Documents and Settings\Visitor\Application Data\EV Nova License.lcs
12/5/2005 5:19:10 PM 140 C:\Documents and Settings\Visitor\Application Data\EV Nova Prefs.prf

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
SV1 =
acc=vonner =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Of fline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Qu ickLoad
{0f0a4d40-adf0-4e8f-98d8-7208b98be01e} = C:\WINDOWS\system32\mscoree.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Wi nRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Wi nZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Ya hoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZL AVShExt
{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a 2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\ZLAVShExt
{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Documents and Settings\Visitor\My Documents\aim\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
IgfxTray C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
Smapp C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
IMONTRAY C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
PRONoMgr.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
Intel Device Agent C:\WINDOWS\inteldev\DevStat.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Steam
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
Subliminal Master "C:\Program Files\Subliminal Master\smTray.exe" /s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to type32.exe.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to type32.exe.lnk
backup C:\WINDOWS\pss\Shortcut to type32.exe.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MI758C~1\type32.exe
item Shortcut to type32.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinService32
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item svchost
hkey HKLM
command svchost
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item svchost
hkey HKLM
command svchost
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system
dontdisplaylastusername 1
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\NonEnum
{645FF040-5081-101B-9F08-00AA002F954E} = shell32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 3/16/2006 7:51:03 PM
Reply With Quote
  #9  
Old March 17th, 2006, 10:36 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
That found some more, and some to be checked on. Please do the following.


Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

Go to this SITE. Click on the Browse button, and navigate to the following hilighted file(s), upload and submit it. Copy the results with the notepad and copy/paste them back here.

C:\WINDOWS\SYSTEM32\909fbt3h.ini
C:\WINDOWS\SYSTEM32\cphu6m1p.ini
C:\WINDOWS\SYSTEM32\ggbncm9a.ini


Open HijackThis, and choose None of the above, just start the program. Click Config – Misc Tools - Delete File on Reboot. Navigate to each of the following files, double-click on each, say No to reboot until the last file, say Yes and allow it to reboot.

C:\WINDOWS\ExeDialer.exe
C:\WINDOWS\SYSTEM32\EGDACCESS_1074.dll
C:\WINDOWS\NDNuninstall7_22.exe


After the reboot, Go here for an online AV scan.

Scan "Local Disks" and when finished save the scan log and then post the log here.
Reply With Quote
  #10  
Old March 18th, 2006, 06:47 AM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
Service load: 0% 100%

File: 909fbt3h.ini
Status: OK
MD5 31afe9d749a8f105f60903ab05a0d4ff
Packers detected: -


Service
Service load: 0% 100%

File: cphu6m1p.ini
Status: OK
MD5 38d2a3cc699649e19ec32e74ace72ebe
Packers detected: -


Service load: 0% 100%

File: ggbncm9a.ini
Status: INFECTED/MALWARE
MD5 a0042462a5c4ec85e59f2365fb326d7e
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Sahat.ao
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Reply With Quote
  #11  
Old March 18th, 2006, 02:31 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
We'll let those be for now. Please do the following.


Download : HOSTER, and have it ready for use.


Download Killbox from http://www.bleepingcomputer.com/file...re/KillBox.zip, unzip the file to your Desktop and click on it to run.


Next, download the trial version of Ewido Security Suite from here and install it.

When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu".

Launch Ewido, (there should be an icon on your desktop, doubleclick it). The program will now go to the main screen. You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido.
ewido manual updates http://www.ewido.net/en/download/updates/. Do not run a scan yet.


------------------------------------------------------------------

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).

Run Hoster. Press the Restore Original Hosts button and then press the OK button.

Now run Killbox.

Click on Tools - Delete Temp Files.
Then click Options - Check ALL Options.
Next, click the Delete Selected Temp Files button.

Using the dropdown box, repeat these steps for all users listed.


Run Ewido. Click on scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido.


Then reboot, and post back here the Ewido log please.
Reply With Quote
  #12  
Old March 22nd, 2006, 06:17 AM
ZachDavis ZachDavis is offline
New Member
 
Join Date: Mar 2006
O/S: Windows XP Pro
Location: Oregon
Posts: 26
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:15:41 PM, 3/21/2006
+ Report-Checksum: E6C77E15

+ Scan result:

C:\Documents and Settings\Leslie\Local Settings\Temp\Cookies\leslie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temp\Cookies\leslie@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temp\Cookies\leslie@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\DJBB5P82\content[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\I1SVE1A1\tbd_web[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\I1SVE1A1\tbd_web[2].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\I1SVE1A1\tbd_web[3].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\I1SVE1A1\tbd_web[4].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\I1SVE1A1\tbd_web[5].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\I1SVE1A1\tbd_web[6].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\IJAJA96F\prompt[1].php -> Downloader.WinAD.a : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\SD8747SF\818b23d18ff0527ee22e445 2e5f2804c[1].js -> Downloader.Small.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\CoffeeTycoon_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[1].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[2].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[3].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[4].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[6].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[7].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[8].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\ibar[9].js -> Downloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[10].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[11].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[12].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[13].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[14].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[15].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[16].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[1].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[2].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[3].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[4].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[5].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[6].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[7].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[8].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\init[9].js -> Downloader.IstBar.af : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\mtrslib2[1].js -> Downloader.Small.ag : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\mtrslib2[2].js -> Downloader.Small.ag : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\mtrslib2[3].js -> Downloader.Small.ag : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\mtrslib2[4].js -> Downloader.Small.ag : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\prompt[2].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\prompt[3].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\prompt[4].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\prompt[5].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\UT87YX65\prompt[6].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Visitor\Cookies\visitor@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Visitor\My Documents\Instant-Access.exe -> Dialer.InstantAccess.m : Cleaned with backup
C:\Documents and Settings\Visitor\My Documents\MyTiData\Halo_CE_www[1].crack.cd_.zip/gqmn.exe -> Downloader.INService : Cleaned with backup
C:\Documents and Settings\Visitor\My Documents\MyTiData\Halo_www[1].crack.cd_.zip/frex.exe -> Downloader.INService : Cleaned with backup
C:\Downloads\CoffeeTycoon_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\OldDriveC\Documents and Settings\alison\Cookies\alison@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\OldDriveC\Documents and Settings\alison\Cookies\alison@ads.euniverseads[2].txt -> TrackingCookie.Euniverseads : Cleaned with backup
C:\OldDriveC\Documents and Settings\alison\Cookies\alison@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\OldDriveC\Documents and Settings\alison\Cookies\alison@www.myaffiliateprog ram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\OldDriveC\Documents and Settings\alison\Cookies\alison@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\OldDriveC\Documents and Settings\alison\Cookies\alison@www2.enigmasoftware group[2].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned with backup
C:\OldDriveC\Documents and Settings\alison\Local Settings\Temp\Cookies\alison@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@-1shz2prbmdj6wvny-1sez2pra2dj6wfk4skazkfog-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@-1shz2prbmdj6wvny-1sez2pra2dj6wjmiklcjkgpw-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1idzwgoaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1sdjcdow2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@-1shz2prbmdj6wvny-1sez2pra2dj6wjnyeocjwgqa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@-1shz2prbmdj6wvny-1sez2pra2dj6wjnyopczwdoa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4epajihpwydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4uhcpakogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkycmdzegpwidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkykgdzcbpqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyopczicpgudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4khazoeoa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoakdzaapwwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocnajoeoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyepc5mkpawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyqidjgfpg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4epdpwbow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliemdjelpqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlogpazmdpgudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokkd5egqqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloqmdjafoqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloskdzigqaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyegajgaogydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqldjsapgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmisgd5ecowydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\OldDriveC\Documents and Settings\kevin\Cookies\kevin@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqjajieqqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Program Files\Common Files\Download\freeprodtb.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\Microsoft Games\block-checker-xp.exe/2 -> Adware.Chiem : Cleaned with backup
C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Cleaned with backup
C:\Program Files\VVSN\VVSN.exe -> Adware.SaveNow : Cleaned with backup


::Report End
Reply With Quote
  #13  
Old March 22nd, 2006, 12:12 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Ewido didn't pick up on that file you identified as possibly a bad one earlier, so we'll delete it now. Been trying to make sure infection is not the cause of your crash problems all along. Am curious about the following, and would like to eliminate all avenues before I recommened rejoining your existing XP forum thread with this problem.

Quote:
The following boot-start or system-start driver(s) failed to load:
szkg

Let's do the following.


Do a search ( Start - Search/Find - Files or Folders) for the following hilighted files/folders (shown in Bold), and if found, delete them.

C:\WINDOWS\SYSTEM32\ggbncm9a.ini

Then go here and download RootKit Revealer. Once downloaded, unzip the files to their own folder and rename RootKitRevealer.exe to zach.exe. The reason for this is that some rootkit trojans can detect this program and hide themselves from it.

When you have done this, click on Options and make sure that "Hide Standard NTFS Metadata Files" and "Scan Registry" are both checked.

When preparing to scan, make sure all other running programs are closed, and no other actions (like a scheduled AV scan) will occur while this scan completes. Do not use your computer during the scan. Click on scan and let it scan your drive (it will take a while so be patient). When it has finished, go to File > Save, save the log and post it in this thread.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Crashes palmettocgirl Windows Vista 0 October 2nd, 2009 08:14 PM
My Pc Crashes chevybob98 Windows XP 2 April 29th, 2007 01:42 AM
WMP 11 Crashes dudeking Windows XP 2 January 28th, 2007 12:54 PM
Explorer crashes and crashes again... Phoen1x Windows XP 20 July 1st, 2006 03:21 PM
Everything crashes TangerineDream Windows XP 0 November 1st, 2004 11:42 AM


All times are GMT +1. The time now is 09:45 PM.