Tech Support Forum banner
Status
Not open for further replies.

Computer shuts off unexpectedly

2K views 22 replies 2 participants last post by  MoralTerror 
#1 ·
my computer (windows XP) will turn off unexpectedly, particular when I run spybot (about 1/2 way through the scan), and also when i run some music programs such as Pro Tools. here is a hi-jack log: thanks!

Logfile of HijackThis v1.99.1
Scan saved at 3:27:09 PM, on 4/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\BEATMACHINE\Desktop\HiJack this Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: LastWinDet Class - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124299888\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74FD30C4-6179-4F9A-A793-15573980EED6}: NameServer = 4.2.2.2,38.9.211.2
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O21 - SSODL: NTDBGTOOL - {10408F89-B5F3-4C85-AA13-57B4F2B00C71} - C:\WINDOWS\System32\vidxgn32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: System Process Monitor (sysprcm) - Unknown owner - C:\WINDOWS\System32\msnprcss.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)
O23 - Service: Asynchronous Load Balance (ySvcHst) - Unknown owner - C:\WINDOWS\System32\srvnst.exe (file missing)
 
See less See more
#2 ·
Hi woodstiff

Sorry for the delay in getting to you, the forum has been really busy lately and all our helpers are volunteers. Since it's been a few days since you last posted a log please follow these instructions if you still need help and I'll be happy to assist you.

Download Deckard's System Scanner to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, 2 text files will open - main.txt and extra.txt
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
  5. Please attach extra.txt to your post.


To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
 
#4 · (Edited)
Hi woodstiff

Please print out or copy this page to Notepad in order to assist you while carrying out the following instructions. This page will not be available to you at some points during the fix. Please read the instructions carefully before you begin and if you have any questions then post them here before continuing.

This process is not instant and may take several posts. Please ensure you continue with the instructions until you are told you are clear. Lack of symptons does not mean lack of malware.

Please make sure you close all other windows including browsers when carrying out the fix. It is important you carry out the instructions in the exact order stated.

-------------------------------------------------------
Downloads

1. Download combofix to your desktop from 1 of these locations

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

Go to Start>Run then copy/paste the following red text into the Run box then click OK

"%userprofile%\desktop\combofix.exe" /wow-drv sysprcm ySvcHst /v vidxgn32

When finished, it shall produce a log for you. We'll need that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


-------------------------------------------------------
Fixes and Deletions

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab
O21 - SSODL: NTDBGTOOL - {10408F89-B5F3-4C85-AA13-57B4F2B00C71} - C:\WINDOWS\System32\vidxgn32.dll (file missing)


Remember to close all other windows and click Fix Checked


Delete the following Files (if they still exist)

C:\WINDOWS\System32\msnprcss.exe
C:\WINDOWS\System32\srvnst.exe


-------------------------------------------------------

Online Scan

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


-------------------------------------------------------

Required Logs

C:\combofix.txt
Panda report
new HijackThis log
an update on system behaviour
 
#5 ·
hi here are the new logfiles. computer still turns off unexpectedly. mainly when i run programs such as protools and about half thru spybot....wondering if it has something to do with power supply, but i wouldn't be sure of how to know this.

"BEATMACHINE" - 2007-05-09 11:39:43 Service Pack 1
ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\BEATMACHINE\Desktop\"
Command switches used :: "/wow-drv sysprcm ySvcHst /v vidxgn32"


((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 ))))))))))))))))))))))))))))))))))


2007-05-08 21:38 692 --a------ C:\WINDOWS\system32\EPUNINST.BAT
2007-05-08 20:58 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-05-08 20:58 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-05-08 20:58 98,304 --a------ C:\WINDOWS\system32\wmpshell.dll
2007-05-08 20:58 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-05-08 20:58 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2007-05-08 20:58 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-05-08 20:58 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2007-05-08 20:58 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-05-08 20:58 7,680 --a------ C:\WINDOWS\system32\asferror.dll
2007-05-08 20:58 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-05-08 20:58 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-05-08 20:58 66,560 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2007-05-08 20:58 61,952 --a------ C:\WINDOWS\system32\wpdconns.dll
2007-05-08 20:58 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2007-05-08 20:58 52,224 --a------ C:\WINDOWS\system32\MsPMSNSv.dll
2007-05-08 20:58 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-05-08 20:58 480,768 --a------ C:\WINDOWS\system32\Audiodev.dll
2007-05-08 20:58 47,104 --a------ C:\WINDOWS\system32\uwdf.exe
2007-05-08 20:58 410,248 --a------ C:\WINDOWS\system32\wmadmod.dll
2007-05-08 20:58 38,912 --a------ C:\WINDOWS\system32\wpd_ci.dll
2007-05-08 20:58 38,912 --a------ C:\WINDOWS\system32\wdfmgr.exe
2007-05-08 20:58 358,912 --a------ C:\WINDOWS\system32\MSSCP.dll
2007-05-08 20:58 344,064 --a------ C:\WINDOWS\system32\WMDRMdev.dll
2007-05-08 20:58 331,776 --a------ C:\WINDOWS\system32\wpdmtpdr.dll
2007-05-08 20:58 327,680 --a------ C:\WINDOWS\system32\wpdsp.dll
2007-05-08 20:58 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2007-05-08 20:58 290,816 --a------ C:\WINDOWS\system32\WMDRMNet.dll
2007-05-08 20:58 27,136 --a------ C:\WINDOWS\system32\WMDMLOG.dll
2007-05-08 20:58 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-05-08 20:58 245,760 --a------ C:\WINDOWS\system32\MSWMDM.dll
2007-05-08 20:58 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2007-05-08 20:58 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2007-05-08 20:58 23,552 --a------ C:\WINDOWS\system32\WMDMPS.dll
2007-05-08 20:58 225,280 --a------ C:\WINDOWS\system32\wmpdxm.dll
2007-05-08 20:58 218,112 --a------ C:\WINDOWS\system32\wmasf.dll
2007-05-08 20:58 201,728 --a------ C:\WINDOWS\system32\MsPMSP.dll
2007-05-08 20:58 20,480 --a------ C:\WINDOWS\system32\wmpui.dll
2007-05-08 20:58 20,480 --a------ C:\WINDOWS\system32\wmpcd.dll
2007-05-08 20:58 2,940,928 --a------ C:\WINDOWS\system32\wmploc.dll
2007-05-08 20:58 18,944 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2007-05-08 20:58 175,104 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2007-05-08 20:58 167,936 --a------ C:\WINDOWS\system32\wmerror.dll
2007-05-08 20:58 159,232 --a------ C:\WINDOWS\system32\cewmdm.dll
2007-05-08 20:58 15,872 --a------ C:\WINDOWS\system32\wdfapi.dll
2007-05-08 20:58 143,360 --a------ C:\WINDOWS\system32\wmidx.dll
2007-05-08 20:58 114,176 --a------ C:\WINDOWS\system32\wpdmtp.dll
2007-05-08 20:58 106,496 --a------ C:\WINDOWS\system32\wmpasf.dll
2007-05-08 20:58 10,752 --a------ C:\WINDOWS\system32\wpdtrace.dll
2007-05-08 20:58 1,589,760 --a------ C:\WINDOWS\system32\wmpencen.dll
2007-05-08 20:58 1,509,376 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2007-05-08 20:58 1,298,432 --a------ C:\WINDOWS\system32\wmpcore.dll
2007-05-08 20:58 1,181,944 --a------ C:\WINDOWS\system32\wmvadvd.dll
2007-05-08 20:58 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-05-08 15:33 <DIR> d-------- C:\Deckard
2007-04-28 18:06 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-04-28 18:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-04-28 18:05 95,344 --a------ C:\WINDOWS\system32\ISafeIf.dll
2007-04-28 18:05 74,864 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-04-28 18:05 74,864 --a------ C:\WINDOWS\system32\iSafProd.dll
2007-04-28 18:05 629,264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-04-28 18:05 243,824 --a------ C:\WINDOWS\unicows.dll
2007-04-28 18:05 21,031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-04-28 18:05 15,735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-04-28 18:05 15,478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-04-28 18:05 115,824 --a------ C:\WINDOWS\UnVet32.exe
2007-04-28 18:05 111,728 --a------ C:\WINDOWS\AVShlExt.dll
2007-04-28 18:05 108,592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-04-28 18:05 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-04-28 18:04 86,016 --a------ C:\WINDOWS\system32\YPcservice.exe
2007-04-28 18:04 131,072 --a------ C:\WINDOWS\system32\ypclsp.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-09 04:36:47 -------- d-----w C:\Program Files\EPSON
2007-05-05 01:02:13 -------- d-----w C:\Program Files\Trillian
2007-04-29 19:39:05 -------- d-----w C:\Program Files\America Online 9.0
2007-04-29 01:05:17 -------- d-----w C:\Program Files\Yahoo!
2007-04-25 22:31:13 -------- d-----w C:\DOCUME~1\BEATMA~1\APPLIC~1\Digidesign
2007-03-13 20:32:16 -------- d-----w C:\DOCUME~1\BEATMA~1\APPLIC~1\Yahoo!


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll"
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{1201333E-BAD9-481C-BCF5-6904498CF85B}"="C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"="C:\PROGRA~1\Yahoo!\common\yiesrvc.dll"
"{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}"="C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll"
"{BDF3E430-B101-42AD-A544-FADC6B084872}"="C:\Program Files\Norton AntiVirus\NavShExt.dll"
"{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}"="C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"VTTimer"="VTTimer.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.2\\SetHook.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1124299888\\ee\\AOLSoftware.exe"
"DigidesignMMERefresh"="C:\\Program Files\\Digidesign\\Drivers\\MMERefresh.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"StrgSync.exe"="C:\\Program Files\\StorageSync\\StrgSync.exe -w"
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe\" -quiet"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{10408F89-B5F3-4C85-AA13-57B4F2B00C71}"="C:\WINDOWS\System32\vidxgn32.dll" [x]


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^microsoft office.lnk
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^norton system doctor.lnk
C:\PROGRA~1\NORTON~2\SYSDOC32.EXE /STARTUP

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^kp^start menu^programs^startup^openoffice.org 1.1.2.lnk
C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btcliveupdate
"C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmaudio
RunDll32 cmicnfg.cpl,CMICtrlWnd

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\digidesignmmerefresh
C:\Program Files\Digidesign\Drivers\MMERefresh.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\elbycheckelbycdfl
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epson stylus c64 series
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ghoststarttrayapp
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
C:\Program Files\iTunes\iTunesHelper.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck
%systemroot%\system32\dumprep 0 -k

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerocheck
C:\WINDOWS\system32\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck
C:\WINDOWS\system32\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nforce tray options
sstray.exe /r

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwereboot


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
nwiz.exe /install

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reschangerxp
C:\Program Files\ResChanger XP\ResChangerXP.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\searchsetter
C:\WINDOWS\System32\searchsetter[1].exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-09 11:46:59
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-09 11:48:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-09 11:48

panda report


Incident Status Location

Adware:adware/blazefind Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.overture.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.go.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.target.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\BEATMACHINE\Application Data\Netscape\NSB\Profiles\r1g957v6.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\BEATMACHINE\Cookies\beatmachine@adopt.hbmediapro[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\BEATMACHINE\Cookies\beatmachine@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\BEATMACHINE\Cookies\beatmachine@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\BEATMACHINE\Cookies\beatmachine@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\BEATMACHINE\Cookies\beatmachine@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\BEATMACHINE\Cookies\beatmachine@dist.belnk[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\BEATMACHINE\Cookies\beatmachine@go[2].txt
Spyware:Cookie/Pollstar Not disinfected C:\Documents and Settings\BEATMACHINE\Cookies\beatmachine@pollstar[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\BEATMACHINE\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\LocalService\Cookies\system@questionmarket[2].txt


hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 12:44:33 PM, on 5/9/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Common Files\AOL\1124299888\ee\AOLSoftware.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
c:\program files\common files\aol\1124299888\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1124299888\ee\aolsoftware.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\BEATMACHINE\Desktop\HiJack this Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: LastWinDet Class - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124299888\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74FD30C4-6179-4F9A-A793-15573980EED6}: NameServer = 4.2.2.2,38.9.211.2
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: System Process Monitor (sysprcm) - Unknown owner - C:\WINDOWS\System32\msnprcss.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)
O23 - Service: Asynchronous Load Balance (ySvcHst) - Unknown owner - C:\WINDOWS\System32\srvnst.exe (file missing)
 
#6 ·
Hi woodstick


I have attached a file to this post - View attachment regdel.zip Download this file to your desktop. Double click on the zip folder, then double click on the delete.reg file within. Click yes to allow it to merge into your registry.You can delete the file afterwards.


Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"


  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

----------------------------------------

Boot to Safe Mode(by repeatedly tapping the F8 key until the menu appears)

----------------------------------------

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

O23 - Service: System Process Monitor (sysprcm) - Unknown owner - C:\WINDOWS\System32\msnprcss.exe (file missing)
O23 - Service: Asynchronous Load Balance (ySvcHst) - Unknown owner - C:\WINDOWS\System32\srvnst.exe (file missing)


Remember to close all other windows and click Fix Checked


Delete the Files (If they still exist)

C:\WINDOWS\System32\searchsetter[1].exe




Empty the contents of the following Folders (DO NOT delete the folders)

C:\Documents and Settings\LocalService\Cookies
C:\Documents and Settings\BEATMACHINE\Cookies



Please clear your firefox cookies

Click Tools > Options select the Cookies tab and press Clear Cookies now

Clear your netscape cookies

Click Tools > Options select the Privacy on the left then Cookies and press Clear


-------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

-------------------------------------------

Reboot to normal mode

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives[*]Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

-------------------------------------------
Required Logs

AVG AntiSpyware report
Kaspersky report
new HijackThis log


Is the PC still shutting down?
 
#7 ·
hi, my computer no longer shuts off automatically, which is good. but there seems to be a problem with shutting down and restarting. when i shut down, a lot of times it wont fully shut down. when i start up, a black screen promts me to: "start windows normally, or start using last known good configuration." also , windows media player constantly has to be re-installed if i attempt to play a music/movie file. i didn't do the last steps you sent yet, b/c the computer was no longer shutting down unexpectedly. thanks for your help.
 
#9 ·
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:48:58 AM 5/14/2007

+ Scan result:



C:\Program Files\WinBudget\bin\crap.1168587707.old -> Adware.BHO : Cleaned with backup (quarantined).
C:\Program Files\WinBudget\bin\matrix.dll -> Adware.BHO : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0 -> Adware.BlazeFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0\- -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\Program Files\Fellowes\MediaFACE 4.2\MFHookManager.dll -> Adware.WinAD : Cleaned with backup (quarantined).
D:\mshp.dll -> Downloader.WinShow.u : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Tools\Restart.exe -> Not-A-Virus.Tool.Win32.RestartCounter : Cleaned with backup (quarantined).
C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe -> Trojan.Feutel.av : Cleaned with backup (quarantined).


::Report end

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 14, 2007 2:13:44 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 14/05/2007
Kaspersky Anti-Virus database records: 318632
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 76533
Number of viruses found: 23
Number of infected objects: 181 / 0
Number of suspicious objects: 1
Duration of the scan process: 01:06:16

Infected Object Name / Virus Name / Last Action
C:\!KillBox\vidxgn32.dll Infected: Virus.Win32.Bayan-based skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-05-14_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\cert8.db Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\history.dat Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\key3.db Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\parent.lock Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\search.sqlite Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\0hki97ly.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BEATMACHINE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BEATMACHINE\ntuser.dat Object is locked skipped
C:\Documents and Settings\BEATMACHINE\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\02792BC0.htm Infected: Trojan-Downloader.VBS.Psyme.ap skipped
C:\Program Files\Norton AntiVirus\Quarantine\027C55BC.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\05DD525B Infected: Email-Worm.Win32.Sober.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\06EA6B0B.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CA12D00.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CA12D00.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CA12D00.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CA12D00.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CA12D00.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CA12D00.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CA12D00.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F0F1431.exe Infected: Trojan.Win32.Crypt.e skipped
C:\Program Files\Norton AntiVirus\Quarantine\11EF3283.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\11EF3283.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\11EF3283.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\11EF3283.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\11EF3283.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\11EF3283.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\11FD1266 Infected: Backdoor.Win32.Haxdoor.kg skipped
C:\Program Files\Norton AntiVirus\Quarantine\19B36A71.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\19B6146E.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\1BF84E8D.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\1BFC788A.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\1BFC788A.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\1BFC788A.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\1BFC788A.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\1BFC788A.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1BFC788A.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CAF4EEA.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CAF4EEA.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CAF4EEA.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CAF4EEA.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CAF4EEA.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CAF4EEA.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1CAF4EEA.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1E51495D.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\1E5B4752.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\1E7F152A.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\1E9E34F4.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EFE7A9E.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F281C6F.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F2C466C.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F56683D.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\20136B6D.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\21400222.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\219B70CB.wmf Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\23546A25.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\23546A25.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\23546A25.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\23546A25.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\23546A25.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\240B6D0F.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\24505EC4.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\24E9264F.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\255253A8.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\25705C5E.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\25C73B26.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\25DE610D.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\26234795.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\26234795.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\26234795.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\26234795.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\26234795.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\26234795.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\26845F3A.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\26845F3A.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\26845F3A.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\26845F3A.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\26845F3A.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\26845F3A.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\26845F3A.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\26880936.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\268B3333.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E450AF2.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E8A794F.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E8A794F.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E8A794F.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E8A794F.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E8A794F.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E8A794F.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E8A794F.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E8D234B.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E904D47.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3079624E.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\32121C6C.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\32121C6C.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\32121C6C.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\32121C6C.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\32121C6C.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\35464D25.wmf Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\356A1AFD.wmf Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A656EB3.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A656EB3.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A656EB3.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A656EB3.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A656EB3.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A656EB3.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\3DA37D49 Infected: Email-Worm.Win32.Sober.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\3DB0253A Infected: Email-Worm.Win32.Sober.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\41FF5FBF.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton AntiVirus\Quarantine\42232D98.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton AntiVirus\Quarantine\429770EA Infected: Trojan-Downloader.Win32.IstBar.nj skipped
C:\Program Files\Norton AntiVirus\Quarantine\43C036A3 Infected: Email-Worm.Win32.Sober.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\471E58DA Infected: Email-Worm.Win32.Sober.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\4A3D70E9.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D0D544B.tmp Infected: Backdoor.Win32.Haxdoor.kg skipped
C:\Program Files\Norton AntiVirus\Quarantine\54184260.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\54184260.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\54184260.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\54184260.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\54184260.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\54184260.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\546D6F96.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\558D7FFF.wmf Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\55B7002B.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\565D5D74.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\576D271F.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\58D656F5.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A8654E0.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\5AB74AAB.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CDA3E4F.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CE0189B.exe Infected: Email-Worm.Win32.Sober.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\611F0117.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\611F0117.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\611F0117.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\611F0117.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\611F0117.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\611F0117.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\61D6471D.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\621B2203.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\621B2203.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\621B2203.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\621B2203.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\621B2203.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\621B2203.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\621E4BFF.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\621E4BFF.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\621E4BFF.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\621E4BFF.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\621E4BFF.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\621E4BFF.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\622175FC.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\62241FF8.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6302658B.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\633A5316.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton AntiVirus\Quarantine\633C594A.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\637A7706.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\637E44CB.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton AntiVirus\Quarantine\671E58CE.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton AntiVirus\Quarantine\694F6A9B.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\6FA9179E.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\6FDD3764.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\707D40B4.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\70AA1CD9.exe Infected: Trojan-Downloader.Win32.Small.akz skipped
C:\Program Files\Norton AntiVirus\Quarantine\70AB0C82.dll Infected: Trojan.Win32.StartPage.uz skipped
C:\Program Files\Norton AntiVirus\Quarantine\74557445.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\74557445.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\74557445.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\74557445.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\74557445.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\74557445.zip CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\74817A9F.exe Infected: Trojan-Downloader.Win32.Small.akz skipped
C:\Program Files\Norton AntiVirus\Quarantine\7E8F484B.wmf Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FE31F2C.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FE31F2C.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FE31F2C.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FE31F2C.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FE31F2C.zip ZIP: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FE31F2C.zip CryptFF: infected - 4 skipped
C:\Program Files\Sonewire\ace.dll Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Sonewire\avwmsdba.exe Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Sonewire\spoclien.exe Infected: Trojan.Win32.Crypt.t skipped
C:\Program Files\Sonewire\WinGenerics.dll Infected: Trojan.Win32.Crypt.t skipped
C:\System Volume Information\_restore{39ED43D7-7263-4D14-96B7-977BF90EB594}\RP608\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\Config\system\zipped.wrm/mail.document.Datex-packed.exe Infected: Email-Worm.Win32.Sober.n skipped
C:\WINDOWS\Config\system\zipped.wrm ZIP: infected - 1 skipped
C:\WINDOWS\Config\system\zipped.wrm MIME.Broken: infected - 1 skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\dmlcert6.exe Infected: Trojan.Win32.Crypt.t skipped
C:\WINDOWS\system32\drivers\riontmgr.sys Suspicious: Rootkit.Win32.Agent.ao skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\inittvwr.dll Infected: Virus.Win32.Bayan-based skipped
C:\WINDOWS\system32\qprell32.dll Infected: Trojan.Win32.Crypt.t skipped
C:\WINDOWS\system32\srrtrans.exe Infected: Trojan.Win32.Crypt.t skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\RECYCLED\NPROTECT\NPROTECT.LOG Object is locked skipped

Logfile of HijackThis v1.99.1
Scan saved at 2:16:36 AM, on 5/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Common Files\AOL\1124299888\ee\AOLSoftware.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
c:\program files\common files\aol\1124299888\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1124299888\ee\aolsoftware.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\BEATMACHINE\Desktop\HiJack this Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: LastWinDet Class - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124299888\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74FD30C4-6179-4F9A-A793-15573980EED6}: NameServer = 4.2.2.2,38.9.211.2
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O21 - SSODL: NTDBGTOOL - {10408F89-B5F3-4C85-AA13-57B4F2B00C71} - C:\WINDOWS\System32\vidxgn32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: System Process Monitor (sysprcm) - Unknown owner - C:\WINDOWS\System32\msnprcss.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)
O23 - Service: Asynchronous Load Balance (ySvcHst) - Unknown owner - C:\WINDOWS\System32\srvnst.exe (file missing)


here are reports. computer isn't turning off unexpectedly anymore, now just having problems when i shut down, and boot up, and windows media player keeps having to be re-installed. thanks
 
#10 ·
Hi woodstiff

woodstiff said:
having problems when i shut down, and boot up, and windows media player keeps having to be re-installed.
You are still seriously infected these symptons may dissappear as you get nearer to being clean. Keep me informed about these and if malware isn't the cause then we can take a different route once your cleaned.

All the stuff we already removed has returned, did you use Last Known Good Config?

----------------------------------------------

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please use Symantec's guide to remove the Norton Quarantine files.

----------------------------------------------

Go to Start>Run then copy/paste the following red text into the Run box then click OK

"%userprofile%\desktop\combofix.exe" /wow-drv sysprcm ySvcHst /v vidxgn32 inittvwr

When finished, it shall produce a log for you. We'll need that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


----------------------------------------------

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

----------------------------------------------

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

----------------------------------------------

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O21 - SSODL: NTDBGTOOL - {10408F89-B5F3-4C85-AA13-57B4F2B00C71} - C:\WINDOWS\System32\vidxgn32.dll (file missing)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab
O23 - Service: System Process Monitor (sysprcm) - Unknown owner - C:\WINDOWS\System32\msnprcss.exe (file missing)
O23 - Service: Asynchronous Load Balance (ySvcHst) - Unknown owner - C:\WINDOWS\System32\srvnst.exe (file missing)



Remember to close all other windows and click Fix Checked


Delete the following Files (if they still exist)

C:\WINDOWS\System32\msnprcss.exe
C:\WINDOWS\System32\srvnst.exe
C:\WINDOWS\Config\system\zipped.wrm
C:\WINDOWS\system32\drivers\riontmgr.sys


----------------------------------------------

Double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post the entire contents of the log.txt file in the aproposfix folder.

----------------------------------------------
Required Logs

combofix.txt
log.txt
new HijackThis log
 
#11 ·
"BEATMACHINE" - 2007-05-14 11:03:38 Service Pack 1
ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\BEATMACHINE\Desktop\"
Command switches used :: "/wow-drv sysprcm ySvcHst /v vidxgn32 inittvwr"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-14 ))))))))))))))))))))))))))))))))))


2007-05-14 00:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-13 23:25 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-11 10:36 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-05-11 10:36 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-05-11 10:36 98,304 --a------ C:\WINDOWS\system32\wmpshell.dll
2007-05-11 10:36 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-05-11 10:36 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2007-05-11 10:36 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-05-11 10:36 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2007-05-11 10:36 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-05-11 10:36 7,680 --a------ C:\WINDOWS\system32\asferror.dll
2007-05-11 10:36 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-05-11 10:36 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-05-11 10:36 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2007-05-11 10:36 52,224 --a------ C:\WINDOWS\system32\MsPMSNSv.dll
2007-05-11 10:36 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-05-11 10:36 480,768 --a------ C:\WINDOWS\system32\Audiodev.dll
2007-05-11 10:36 410,248 --a------ C:\WINDOWS\system32\wmadmod.dll
2007-05-11 10:36 358,912 --a------ C:\WINDOWS\system32\MSSCP.dll
2007-05-11 10:36 344,064 --a------ C:\WINDOWS\system32\WMDRMdev.dll
2007-05-11 10:36 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2007-05-11 10:36 290,816 --a------ C:\WINDOWS\system32\WMDRMNet.dll
2007-05-11 10:36 27,136 --a------ C:\WINDOWS\system32\WMDMLOG.dll
2007-05-11 10:36 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-05-11 10:36 245,760 --a------ C:\WINDOWS\system32\MSWMDM.dll
2007-05-11 10:36 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2007-05-11 10:36 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2007-05-11 10:36 23,552 --a------ C:\WINDOWS\system32\WMDMPS.dll
2007-05-11 10:36 225,280 --a------ C:\WINDOWS\system32\wmpdxm.dll
2007-05-11 10:36 218,112 --a------ C:\WINDOWS\system32\wmasf.dll
2007-05-11 10:36 201,728 --a------ C:\WINDOWS\system32\MsPMSP.dll
2007-05-11 10:36 20,480 --a------ C:\WINDOWS\system32\wmpui.dll
2007-05-11 10:36 20,480 --a------ C:\WINDOWS\system32\wmpcd.dll
2007-05-11 10:36 2,940,928 --a------ C:\WINDOWS\system32\wmploc.dll
2007-05-11 10:36 175,104 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2007-05-11 10:36 167,936 --a------ C:\WINDOWS\system32\wmerror.dll
2007-05-11 10:36 159,232 --a------ C:\WINDOWS\system32\cewmdm.dll
2007-05-11 10:36 143,360 --a------ C:\WINDOWS\system32\wmidx.dll
2007-05-11 10:36 106,496 --a------ C:\WINDOWS\system32\wmpasf.dll
2007-05-11 10:36 1,589,760 --a------ C:\WINDOWS\system32\wmpencen.dll
2007-05-11 10:36 1,509,376 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2007-05-11 10:36 1,298,432 --a------ C:\WINDOWS\system32\wmpcore.dll
2007-05-11 10:36 1,181,944 --a------ C:\WINDOWS\system32\wmvadvd.dll
2007-05-11 10:36 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-05-11 00:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-09 14:54 66,560 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2007-05-09 14:54 61,952 --a------ C:\WINDOWS\system32\wpdconns.dll
2007-05-09 14:54 47,104 --a------ C:\WINDOWS\system32\uwdf.exe
2007-05-09 14:54 38,912 --a------ C:\WINDOWS\system32\wpd_ci.dll
2007-05-09 14:54 38,912 --a------ C:\WINDOWS\system32\wdfmgr.exe
2007-05-09 14:54 331,776 --a------ C:\WINDOWS\system32\wpdmtpdr.dll
2007-05-09 14:54 327,680 --a------ C:\WINDOWS\system32\wpdsp.dll
2007-05-09 14:54 18,944 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2007-05-09 14:54 15,872 --a------ C:\WINDOWS\system32\wdfapi.dll
2007-05-09 14:54 114,176 --a------ C:\WINDOWS\system32\wpdmtp.dll
2007-05-09 14:54 10,752 --a------ C:\WINDOWS\system32\wpdtrace.dll
2007-05-09 12:09 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-09 11:48 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-08 21:38 692 --a------ C:\WINDOWS\system32\EPUNINST.BAT
2007-05-08 15:33 <DIR> d-------- C:\Deckard
2007-05-05 12:01 4,931,584 --a------ C:\DOCUME~1\BEATMA~1\ntuser.dat
2007-04-28 18:06 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-04-28 18:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-04-28 18:05 95,344 --a------ C:\WINDOWS\system32\ISafeIf.dll
2007-04-28 18:05 74,864 --a------ C:\WINDOWS\system32\VetRedir.dll
2007-04-28 18:05 74,864 --a------ C:\WINDOWS\system32\iSafProd.dll
2007-04-28 18:05 629,264 --a------ C:\WINDOWS\system32\drivers\VetEFile.sys
2007-04-28 18:05 243,824 --a------ C:\WINDOWS\unicows.dll
2007-04-28 18:05 21,031 --a------ C:\WINDOWS\system32\drivers\Vet-Filt.sys
2007-04-28 18:05 15,735 --a------ C:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-04-28 18:05 15,478 --a------ C:\WINDOWS\system32\drivers\Vet-Rec.sys
2007-04-28 18:05 115,824 --a------ C:\WINDOWS\UnVet32.exe
2007-04-28 18:05 111,728 --a------ C:\WINDOWS\AVShlExt.dll
2007-04-28 18:05 108,592 --a------ C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-04-28 18:05 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-04-28 18:04 86,016 --a------ C:\WINDOWS\system32\YPcservice.exe
2007-04-28 18:04 131,072 --a------ C:\WINDOWS\system32\ypclsp.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-14 06:41:39 6,507 ----a-w C:\WINDOWS\mozver.dat
2007-05-11 00:43:50 -------- d--h--w C:\DOCUME~1\BEATMA~1\APPLIC~1\Move Networks
2007-05-09 19:36:58 -------- d-----w C:\Program Files\Norton Utilities
2007-05-09 19:36:55 -------- d-----w C:\Program Files\Norton AntiVirus
2007-05-09 19:31:52 -------- d-----w C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2007-05-09 19:31:33 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-09 19:14:07 -------- d-----w C:\Program Files\StorageSync
2007-05-09 19:13:53 -------- d-----w C:\Program Files\Speed Disk
2007-05-09 04:36:47 -------- d-----w C:\Program Files\EPSON
2007-05-05 01:02:13 -------- d-----w C:\Program Files\Trillian
2007-04-29 19:39:05 -------- d-----w C:\Program Files\America Online 9.0
2007-04-29 01:05:17 -------- d-----w C:\Program Files\Yahoo!
2007-04-25 22:31:13 -------- d-----w C:\DOCUME~1\BEATMA~1\APPLIC~1\Digidesign
2007-03-13 20:32:16 -------- d-----w C:\DOCUME~1\BEATMA~1\APPLIC~1\Yahoo!


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll"
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{1201333E-BAD9-481C-BCF5-6904498CF85B}"="C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"="C:\PROGRA~1\Yahoo!\common\yiesrvc.dll"
"{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}"="C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll"
"{BDF3E430-B101-42AD-A544-FADC6B084872}"="C:\Program Files\Norton AntiVirus\NavShExt.dll"
"{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}"="C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"VTTimer"="VTTimer.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.2\\SetHook.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1124299888\\ee\\AOLSoftware.exe"
"DigidesignMMERefresh"="C:\\Program Files\\Digidesign\\Drivers\\MMERefresh.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"StrgSync.exe"="C:\\Program Files\\StorageSync\\StrgSync.exe -w"
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe\" -quiet"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{10408F89-B5F3-4C85-AA13-57B4F2B00C71}"="C:\WINDOWS\System32\vidxgn32.dll" [x]


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^microsoft office.lnk
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^norton system doctor.lnk
C:\PROGRA~1\NORTON~2\SYSDOC32.EXE /STARTUP

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^kp^start menu^programs^startup^openoffice.org 1.1.2.lnk
C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btcliveupdate
"C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmaudio
RunDll32 cmicnfg.cpl,CMICtrlWnd

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\digidesignmmerefresh
C:\Program Files\Digidesign\Drivers\MMERefresh.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\elbycheckelbycdfl
"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epson stylus c64 series
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O5 "LPT1:" /M "Stylus C64"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ghoststarttrayapp
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
C:\Program Files\iTunes\iTunesHelper.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck
%systemroot%\system32\dumprep 0 -k

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerocheck
C:\WINDOWS\system32\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck
C:\WINDOWS\system32\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nforce tray options
sstray.exe /r

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwereboot


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
nwiz.exe /install

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reschangerxp
C:\Program Files\ResChanger XP\ResChangerXP.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-14 11:08:12
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-14 11:09:09 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-14 11:09
C:\ComboFix2.txt ... 2007-05-09 11:48

Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\BEATMACHINE\Desktop\aproposfix

************

Warning: batch running in normal mode, not Safe Mode! In normal mode the fix WILL NOT WORK!


Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!

Logfile of HijackThis v1.99.1
Scan saved at 11:38:38 AM, on 5/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Common Files\AOL\1124299888\ee\AOLSoftware.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
c:\program files\common files\aol\1124299888\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1124299888\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\BEATMACHINE\Desktop\HiJack this Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: LastWinDet Class - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124299888\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74FD30C4-6179-4F9A-A793-15573980EED6}: NameServer = 4.2.2.2,38.9.211.2
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: System Process Monitor (sysprcm) - Unknown owner - C:\WINDOWS\System32\msnprcss.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)
O23 - Service: Asynchronous Load Balance (ySvcHst) - Unknown owner - C:\WINDOWS\System32\srvnst.exe (file missing)



computer seems to start now w/o having to be asked, "boot in last known good config?"
 
#12 · (Edited)
Hi woodstiff

AproposFix must be run from safe mode or it doesn't work.

---------------------------------------------

Boot to safe mode (by repeatedly tapping F8 key until the menu appears)

---------------------------------------------

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

O23 - Service: System Process Monitor (sysprcm) - Unknown owner - C:\WINDOWS\System32\msnprcss.exe (file missing)
O23 - Service: Asynchronous Load Balance (ySvcHst) - Unknown owner - C:\WINDOWS\System32\srvnst.exe (file missing)


Remember to close all other windows and click Fix Checked

---------------------------------------------

Double-click the RunThis.bat inside the AproposFix folder and follow the prompts. Once the tool finishes reboot to normal mode

---------------------------------------------

Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java, if not 1.5 (J2SE Runtime Environment.... )

    It may have a coffee cup icon next to it.
    Select it and click Remove.
  • Then Download and install the newest version from here:
    http://www.java.com/en/download/manual.jsp

---------------------------------------------
Required Logs

log.txt (from AproposFix)
new HijackThis log
update on system behaviour
 
#13 ·
Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\BEATMACHINE\Desktop\HiJack this Stuff\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!

Logfile of HijackThis v1.99.1
Scan saved at 2:24:25 PM, on 5/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Common Files\AOL\1124299888\ee\AOLSoftware.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
c:\program files\common files\aol\1124299888\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1124299888\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\BEATMACHINE\Desktop\HiJack this Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: LastWinDet Class - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124299888\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74FD30C4-6179-4F9A-A793-15573980EED6}: NameServer = 4.2.2.2,38.9.211.2
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: System Process Monitor (sysprcm) - Unknown owner - C:\WINDOWS\System32\msnprcss.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)
O23 - Service: Asynchronous Load Balance (ySvcHst) - Unknown owner - C:\WINDOWS\System32\srvnst.exe (file missing)


windows media player still having troubles. those two 023 lines dont seem to want to delete.
 
#14 · (Edited)
OK woodstiff

Lets see if a different route will remove those two O23s

Click Start > run and type services.msc

1. Locate the service - Asynchronous Load Balance (ySvcHst)
2. Double-click on it to open the Properties dialog.
  • Under the General tab, note down the name of "Service name". We shall need it later.
  • Stop the service by using the Stop button.
  • Change the Startup type to Disabled & then click on the OK button
3. Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
4. In the popup box that appears, type in "Service name" & then click on the OK button

Answer NO, If prompted to reboot

Repeat steps 1-4 for the following services :-

System Process Monitor (sysprcm)


--------------------------------------------

We will have to search the registry for those Apropos entries

Download RegSearch. Extract the contents of regsearch.zip to your desktop. (Don't run it yet we will later)

--------------------------------------------

Boot to safe mode (by repeatedly tapping the F8 key until the menu appears)

--------------------------------------------

Double-click on RegSearch.exe (from the regsearch folder) and enter the following into the search box

adchannel


& click "Ok".
Notepad will open with some text in it (RegSearch.txt will also be saved in the program's folder as well).
Post this text in your next reply

Open HijackThis and click Open the Misc Tools section, under System Tools click Open uninstall manager... and click Save list. Save it to HijackThis directory and post the entire contents of uninstall_list.txt here.


Make sure these Files no longer exist

C:\WINDOWS\System32\srvnst.exe
C:\WINDOWS\System32\msnprcss.exe

--------------------------------------------

Reboot to normal mode

--------------------------------------------
Required Logs

RegSearch.txt
uninstall_list.txt
new HijackThis log
 
#15 ·
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.4.2

; Results at 5/15/2007 10:47:30 AM for strings:
; 'adchannel'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

3D Studio MAX R3
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS
Adobe Reader 7.0
Advanced Networking Pack for Windows XP
AIM 6.0
Antares Auto-Tune 3.04 DirectX
Antares Auto-Tune 3.06 DirectX
Antares Auto-Tune v3.25 DX
Antares Auto-Tune v3.25 RTAS
Antares Microphone Modeler - ZONE
Antares Tube v1.0
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Explorer
AOL Spyware Protection
AOL Toolbar 2.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AT&T Yahoo! Applications
Atmosphere
AVG Anti-Spyware 7.5
BFD
Bomb Factory (48k Edition) v3.15
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CDex extraction audio
CDK Players
CloneCD
C-Media 3D Audio
Compact Wireless-G USB Adapter
CS-80V
CuteFTP 7 Home
Desktop Weather by The Weather Channel
Digidesign DigiDelivery
DigiDesign Focusrite D2 1.71.345
DigiDesign Focusrite D3 AudioSuite 1.51.345
Digidesign Pro Tools® LE 6.4
Digidesign Shared Plug-Ins
Digidesign WaveDriver
DirectX 9 Hotfix - KB839643
DVD Shrink 3.2
DVDXCopy Xpress 2.5.2
Edirol HyperCanvas v1.02
Edirol SuperQuartet v1.02
EPSON Printer Software
Exif Launcher Ver.1.1
exPressit S.E. 2.1
FastData
FinePixViewer Ver.1.1
FriendAdder Combo Pack
FXpansion DR-008
HALion v1.11
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
hp deskjet 3320 series
Hyplay
iPod for Windows 2005-09-23
iPod for Windows 2006-06-28
iTunes
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
LimeWire
LiveReg (Symantec Corporation)
LiveUpdate
LiveUpdate 3.0 (Symantec Corporation)
Lounge Lizard 1.0
Macromedia Flash Player 8
MaxBlast 3
MediaFACE 4.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
mkw Audio Compression Toolkit
Move Networks Player for Firefox
Mozilla Firefox (2.0.0.3)
N.I Pro-53 v3.0-OxYGeN
Native Instruments B4 for VST
Native Instruments Battery
Native Instruments FM7 v1.10.006
Native Instruments Kontakt
Native Instruments Kontakt v1.02
Native Instruments Pro-52 v2.0-OxYGeN
Native Instruments Pro-52 v2.1
Native Instruments Sibelius Player
Nero Media Player
Nero OEM
NeroVision Express 2
Netscape Browser (remove only)
Neuratron PhotoScore Lite
Norton AntiVirus 2003
Norton Ghost
Norton Utilities 2002 for Windows
Norton WMI Update
NVIDIA Drivers
Outlook Express Q823353
PACE System Files
Pitch 'n Time AudioSuite
PSP VintageWarmer 1.1
Pure Networks Port Magic
QuickTime
RealPlayer
Reason
ReBirth RB-338 2.01
Rock and Roll JEOPARDY! (remove only)
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Sentinel System Driver
Serato.Pitch.n.Time.RTAS.v2.2.1
Sibelius 3
Sibelius Scorch
Sonic Foundry ACID 4.0
Sonic Foundry DVD Architect 1.0
Sonic Foundry Vegas 4.0
Sony Digital Voice Editor 2
Sony Inflator RTAS v1.0
Sony Vegas 5.0b
Spy Sweeper
Spy Sweeper
Spybot - Search & Destroy 1.3
SpywareBlaster v3.2
Steinberg HALion v2.0
Steinberg LM-4 VSTi v1.1
Steinberg Mastering Edition v1.0
Steinberg WaveLab v4.0d
StorageSync Backup Software
Stylus
Symantec pcAnywhere
TC Bundle v2.0
T-RackS 24
Trillian
Trilogy
Viewpoint Media Player
Voice Editor 2
VST to RTAS Adapter
Waldorf Attack VSTi v1.01
Waves Audio Processors 3.2
Waves Diamond Bundle v5.0
Waves Masters
Waves Renaissance Collection 2
WinAce Archiver
Winamp (remove only)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB820291
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB826942
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839643
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB867282
Windows XP Hotfix (SP2) Q322011
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q814995

Logfile of HijackThis v1.99.1
Scan saved at 11:17:42 AM, on 5/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Common Files\AOL\1124299888\ee\AOLSoftware.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
c:\program files\common files\aol\1124299888\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1124299888\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\BEATMACHINE\Desktop\HiJack this Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: LastWinDet Class - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124299888\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74FD30C4-6179-4F9A-A793-15573980EED6}: NameServer = 4.2.2.2,38.9.211.2
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)
 
#16 ·
Hi woodstiff

Looking much better now, are you still having problems with Windows Media Player?

ViewPoint Media Player does not do anything bad such as deliver ads or spy on you, but it is considered foistware as it is installed without your consent through programs like AOl, AIM, Compuserve, etc. If you wish not to keep Viewpoint Media Player then uninstall it via Control Panel > Add/Remove Programs.
 
#17 ·
hi, computer definitely isn't shutting off anymore. thanks for helping. WMP is still messed up. when i click on an mp3 or movie file, it says windows media player isn't installed, then all icons on the the desktop, suddenly dont work and cannot be clicked, or double clicked on. also, still getting the start-up screen asking me to "start from last know good config"?
 
#18 ·
Hi woodstiff

Download and run Blacklight

*Note that you must have local administrative privileges to run the program.

Click Scan. BlackLight will use Windows Explorer (the desktop process) to scan for hidden items. Your anti-virus software or personal firewall might display a warning that says Blacklight (blbeta.exe) is trying to manipulate the Windows Explorer process (explorer.exe). If you want to continue the scan, you should allow BlackLight to do this

When it finishes, click Next. Click on Close

BlackLight beta would create a log file "fsbl-<date-and-time>.log". By default, the log file is in the same directory as the executable. Please post the log

----------------------------------------

Download Dr.Web CureIt - ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Save it to the root of drive C (C:\drweb-cureit.exe)

Double-click drweb-cureit.exe
*Dr.Web begins by asking to run the express scan. Allow it.
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:
* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv

----------------------------------------
Required Logs

fsbl-<date-and-time>.log
DrWeb.csv
 
#19 ·
05/17/07 00:42:32 [Info]: BlackLight Engine 1.0.61 initialized
05/17/07 00:42:32 [Info]: OS: 5.1 build 2600 (Service Pack 1)
05/17/07 00:42:32 [Note]: 7019 4
05/17/07 00:42:32 [Note]: 7005 0
05/17/07 00:42:44 [Note]: 7006 0
05/17/07 00:42:44 [Note]: 7011 564
05/17/07 00:42:44 [Note]: 7026 0
05/17/07 00:42:44 [Note]: 7026 0
05/17/07 00:42:48 [Note]: FSRAW library version 1.7.1021


inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer\210.5.4.4\suite;Probably BACKDOOR.Trojan;;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_210.5.2.1_suite;Probably BACKDOOR.Trojan;;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;;
setup.exe;C:\Program Files\AOL\Installers\ASP 2.0;Probably BACKDOOR.Trojan;;
setup.exe;C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite;Probably BACKDOOR.Trojan;;
ace.dll;C:\Program Files\Sonewire;Adware.Apropos;;
avwmsdba.exe;C:\Program Files\Sonewire;Adware.Apropos;;
spoclien.exe;C:\Program Files\Sonewire;Adware.Apropos;;
WinGenerics.dll;C:\Program Files\Sonewire;Adware.Apropos;;
Ysctr.exe;C:\Program Files\Yahoo!\common;Probably DLOADER.Trojan;;
dmlcert6.exe;C:\WINDOWS\system32;Adware.Apropos;;
inittvwr.dll;C:\WINDOWS\system32;BackDoor.Srvlite;Deleted.;
qprell32.dll;C:\WINDOWS\system32;Adware.Apropos;;
srrtrans.exe;C:\WINDOWS\system32;Adware.Apropos;;



should i mess with system restore? could aol spyware and avg running have something to do with it? in addition do WMP and troubles starting up, sometimes when i shut down, the mouse freezes and the comptuer doesn't shut down properly.
 
#20 ·
No woodstiff don't use System Restore, you have been badly infected, were you to restore back to a heavily infected point you would make matters worse. Once your cleaned we will have you flush it out to get rid of infected restore points. I'm consulting with some experts about the Apropos infection and ask you to hold tight for further instructions.
 
#21 ·
Hi there. I am writing this from another computer. My computer will not boot at all. It goes to the screen that says "boot normally", or "boot using last known configuration?", but then when you click on either of those and hit enter, it goes back to the very beginning boot process, and takes you back to that same screen over and over again. Safe mode doesn't work either, and you get to the same screen when you try that.

What can i do to get the computer booting? is there any kind of start up trick? thanks again for all your help.
 
#22 ·
....also thought i'd mention that i noticed, the red and green lights by the on/off button stay steady lit, as well as my D drive (the kind that can slide in and out from the front) red and green lights stay steady lit the whole time the computer is trying to boot. it doesn't normally do this (all red/green light fully on) as far as i know.
 
#23 ·
OK woodstiff

Sorry for the delay in getting back to you. We need to know a few things before we can plan the best way to tackle this.

Can you describe any actions you had taken, or the events leading up to this current issue.

Do you have the XP install disk?
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top