Random switching off...

[Zeokage]

Recently my computer's been switching itself off as if the power's been cut. AVG and AdAware aren't picking up anything. I've managed to isolate 2 instances that seem to trigger it...

1. Running Spybot. It gets somewhere between 13,000 and 17,000 on the bot check and the computer cuts out. AV-Gold was the last checkpoint I remember it hanging on.

2. Running Football Manager 2006. It wasn't doing it in the first place, but recently I've gone back to playing it and every time I try the computer eventually switches off.

Here's my ComboScan...

Quote:

ComboScan v20070212.14 run by Owner on 2007-02-15 at 09:56:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Owner.com) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:00:33, on 2007/02/15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\NTMETER.EXE
C:\Smdata\ReadSctService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\LiquidView\lviewj.exe
C:\WINDOWS\System32\hfsmop.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PCGATE Personal\pcgate.exe
C:\Program Files\子画面設定ユーティリティ\piputil.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Yahoo!J\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\conime.exe
C:\HJT\comboscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~zdddysk.tmp\Owner.com

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SHRunOnce] C:\Program Files\SmartHobby\SHRunOnce.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LiquidView] C:\Program Files\LiquidView\lviewj.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HFSMOP] C:\WINDOWS\System32\hfsmop.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!J\Messenger\ypagerj.exe" -quiet
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo!メッセンジャー - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerj.exe
O9 - Extra 'Tools' menuitem: Yahoo!メッセンジャー - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerj.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.biglobe.ne.jp/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ｳｲﾙｽﾊﾞｽﾀｰ On-Line Scan) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NT Meter - Unknown owner - C:\WINDOWS\system32\NTMETER.EXE
O23 - Service: BroadPass Manager (Poling_Service) - 日本電気株式会社 - c:\Program Files\BIGLOBE\BroadPass\base\base.exe
O23 - Service: ReadSector (ReadSctService) - Unknown owner - C:\Smdata\ReadSctService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 aeaudio - system32\drivers\aeaudio.sys
3 AgereSoftModem (Agere Systems Soft Modem) - System32\DRIVERS\AGRSM.sys
1 AmdK7 (AMD K7 Processor Driver) - System32\DRIVERS\amdk7.sys
3 AMIJMDMC (AMIJMDMC Driver) - system32\DRIVERS\amijmdmc.sys
3 AMIJUSBC (AMIJUSBC Driver) - system32\DRIVERS\amijusbc.sys
1 Avg7Core (AVG7 Kernel) - \SystemRoot\System32\Drivers\avg7core.sys
1 Avg7RsW (AVG7 Wrap Driver) - \SystemRoot\System32\Drivers\avg7rsw.sys
1 Avg7RsXP (AVG7 Rezident Driver) - \SystemRoot\System32\Drivers\avg7rsxp.sys
1 AvgClean (AVG7 Clean Driver) - \SystemRoot\System32\Drivers\avgclean.sys
2 AvgTdi (AVG Network Redirector) - \SystemRoot\System32\Drivers\avgtdi.sys
3 CCDECODE (クローズド キャプション デコーダ) - system32\DRIVERS\CCDECODE.sys
1 FsVga - System32\DRIVERS\fsvga.sys
3 GEARAspiWDM (GEAR CDRom Filter) - SYSTEM32\DRIVERS\GEARAspiWDM.sys
1 HFSMCHK - \SystemRoot\system32\drivers\hfsmchk.sys
3 HidUsb (Microsoft HID Class Driver) - System32\DRIVERS\hidusb.sys
3 LVUSBSta (Logitech USB Monitor Filter) - system32\drivers\lvusbsta.sys
3 mouhid (マウス HID ドライバ) - System32\DRIVERS\mouhid.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NdisIP (Microsoft TV/ビデオ接続) - system32\DRIVERS\NdisIP.sys
2 NwlnkIpx (NWLink IPX/SPX/NetBIOS 互換トランスポート プロトコル) - system32\DRIVERS\nwlnkipx.sys
2 NwlnkNb (NWLink NetBIOS) - system32\DRIVERS\nwlnknb.sys
2 NwlnkSpx (NWLink SPX/SPXII プロトコル) - system32\DRIVERS\nwlnkspx.sys
0 PCIIde - System32\DRIVERS\pciide.sys
0 Pcmcia - System32\DRIVERS\pcmcia.sys
3 pepifilter (Volume Adapter) - system32\DRIVERS\lv302af.sys
3 PID_08A0 (QuickCam IM(PID_08A0)) - system32\DRIVERS\LV302AV.SYS
3 Ps2Led (NEC Note Keyboard with One-touch start buttons) - System32\DRIVERS\Ps2Led.sys
1 Ps2LedIF - \SystemRoot\system32\drivers\ps2ledif.sys
0 PxHelp20 - System32\DRIVERS\PxHelp20.sys
3 SiS315 - System32\DRIVERS\sisgrp.sys
0 sisagp (SiS AGP Filter) - System32\DRIVERS\SISAGPX.sys
1 SiSkp - system32\drivers\srvkp.sys
3 SISNIC (SiS PCI Fast Ethernet Adapter Driver) - System32\DRIVERS\sisnic.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
3 smwdm - system32\drivers\smwdm.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
1 StyleXPHelper - \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
3 SymEvent - \??\C:\Program Files\Symantec\SYMEVENT.SYS
3 usbaudio (USB オーディオ ドライバ (WDM)) - system32\drivers\usbaudio.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - System32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - System32\DRIVERS\usbohci.sys
3 usbscan (USB スキャナ ドライバ) - system32\DRIVERS\usbscan.sys
3 USBSTOR (USB 大容量記憶装置ドライバ) - System32\DRIVERS\USBSTOR.SYS
2 vsdatant - \??\C:\WINDOWS\System32\vsdatant.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 Apache - "C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
2 Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
2 AVGEMS (AVG E-mail Scanner) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3 iPodService - C:\Program Files\iPod\bin\iPodService.exe
2 NT Meter - C:\WINDOWS\system32\NTMETER.EXE
3 Poling_Service (BroadPass Manager) - c:\Program Files\BIGLOBE\BroadPass\base\base.exe
2 ReadSctService (ReadSector) - C:\Smdata\ReadSctService.exe
2 SoundMAX Agent Service (default) (SoundMAX Agent Service) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
3 SPTISRV (Sony SPTI Service) - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
2 StyleXPService - "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service


-- Scheduled Tasks --------------------------------------------------------------

2007-02-15 09:58:07 254 --a------ C:\WINDOWS\Tasks\Windows Live Toolbar の更新プログラムを確認します.job<WINDOW~1.JOB>
2007-02-15 09:57:00 474 --a------ C:\WINDOWS\Tasks\McAfee.com製品のアップデート確認 (COMPUTERNAME-Owner).job<MCAFEE~1.JOB>
2005-10-07 00:28:17 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
-- :: 0 --------- C:\WINDOWS\Tasks\McAfee.com?≫?i?I?A?b?v?f?[?g?m”F (COMPUTERNAME-Owner).job


-- Files created between 2007-01-15 and 2007-02-15 ------------------------------

2007-02-12 19:59:37 0 d-------- C:\Program Files\Windows Live Favorites<WI48FA~1>
2007-02-12 19:58:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar<WINDOW~2>
2007-02-12 19:55:14 0 d-------- C:\Program Files\Windows Live Toolbar<WINDOW~4>
2007-02-12 19:39:06 0 d-------- C:\WINDOWS\WBEM
2007-02-12 19:39:02 0 d-------- C:\WINDOWS\system32\ja-jp
2007-02-12 19:34:30 0 d--h---c- C:\WINDOWS\ie7
2007-02-12 19:17:35 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-02-12 18:49:52 0 d-------- C:\3852cd9f2400c99f99<3852CD~1>
2007-02-12 18:47:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-01-27 17:14:06 0 d-------- C:\Program Files\SplendidCity5<SPLEND~2>


-- Find3M Report ----------------------------------------------------------------

2007-02-12 20:35:47 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-12 20:00:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Microsoft<MICROS~1>
2007-02-11 20:10:22 0 d-------- C:\Program Files\Opera
2007-01-28 17:14:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2007-01-27 17:16:20 0 d--h----- C:\Program Files\Zero G Registry<ZEROGR~1>
2007-01-27 16:54:30 0 d-------- C:\Program Files\Splendid City<SPLEND~1>
2007-01-19 02:33:49 0 d-------- C:\Program Files\BitComet


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!J\\Messenger\\ypagerj.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NECMFK"="C:\\Program Files\\necmfk\\necmfk.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SHRunOnce"="C:\\Program Files\\SmartHobby\\SHRunOnce.exe"
"StorageGuard"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"LiquidView"="C:\\Program Files\\LiquidView\\lviewj.exe"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"HFSMOP"="C:\\WINDOWS\\System32\\hfsmop.exe"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"WinTools"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^ﾛｼﾞｸｰﾙ ﾃﾞｽｸﾄｯﾌﾟ ﾒｯｾﾝｼﾞｬｰ.lnk]
"path"="C:\\Documents and Settings\\All Users\\スタート メニュー\\プログラム\\スタートアップ\\ﾛｼﾞｸｰﾙ ﾃﾞｽｸﾄｯﾌﾟ ﾒｯｾﾝｼﾞｬｰ.lnk"
"backup"="C:\\WINDOWS\\pss\\ﾛｼﾞｸｰﾙ ﾃﾞｽｸﾄｯﾌﾟ ﾒｯｾﾝｼﾞｬｰ.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="ﾛｼﾞｸｰﾙ ﾃﾞｽｸﾄｯﾌﾟ ﾒｯｾﾝｼﾞｬｰ"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ezthemes_WhenUSaveNow_Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ezthemes_WhenUSaveNow_Installer"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ezthemes_WhenUSaveNow_Installer\\Ezthemes_WhenUSaveNow_Installer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SearchM"
"hkey"="HKCU"
"command"="C:\\Program Files\\SmartHobby\\PlugIn\\CopyFromDigitalCamera\\SearchM.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="ctfmon.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="ctfmon.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-02-15 at 10:02:00 -------------------------

[Zeokage]

With the warning about ComboScan, and the inability for Panda Scan to get through the scan without the computer switching off, here's the HJT log. Was the analyzer discontinued?

I think it's got something to do with Football Manager 2006, but I have no idea what as this is a recent problem and I've had the game for a long while now.

Quote:

Logfile of HijackThis v1.99.1
Scan saved at 19:50:50, on 2007/02/17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\NTMETER.EXE
C:\Smdata\ReadSctService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\LiquidView\lviewj.exe
C:\WINDOWS\System32\hfsmop.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PCGATE Personal\pcgate.exe
C:\Program Files\子画面設定ユーティリティ\piputil.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\HJT\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SHRunOnce] C:\Program Files\SmartHobby\SHRunOnce.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LiquidView] C:\Program Files\LiquidView\lviewj.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HFSMOP] C:\WINDOWS\System32\hfsmop.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!J\Messenger\ypagerj.exe" -quiet
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo!メッセンジャー - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerj.exe
O9 - Extra 'Tools' menuitem: Yahoo!メッセンジャー - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerj.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.biglobe.ne.jp/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ｳｲﾙｽﾊﾞｽﾀｰ On-Line Scan) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NT Meter - Unknown owner - C:\WINDOWS\system32\NTMETER.EXE
O23 - Service: BroadPass Manager (Poling_Service) - 日本電気株式会社 - c:\Program Files\BIGLOBE\BroadPass\base\base.exe
O23 - Service: ReadSector (ReadSctService) - Unknown owner - C:\Smdata\ReadSctService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Zeokage]

Bump...

[Ried]

Hello Zeokage,

Careful with the names of the tools--ComboScan is OK to use. It's Combofix that has been pulled temporarily.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************


Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Ezthemes_WhenUSaveNow_Installer

--------------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"WinTools"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ezthemes_WhenUSaveNow_Installer]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Folder if it still exists.

C:\Program Files\ Ezthemes_WhenUSaveNow_Installer

--------------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.

• Select option #1 - Search by typing 1 and press "Enter"
• A text file will appear which lists infected files (if present).
• Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

[Zeokage]

Thanks for the tip. I saw "Combo" and panicked slightly, especially as I hadn't seen Combofix mentioned anywhere before. I assumed they were the same thing.

Anyhoo, here's the text tile. It's a Japanese computer, so I hope those サ symbols are just a substitute for another key and don't disrupt what you're checking. What do you think has caused the problem?

Quote:

Originally Posted by rapport.txt

SmitFraudFix v2.144

Scan done at 13:10:46.48, 2007/02/21
Run from C:\Documents and Settings\Owner\デスクトップ\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ hosts

hosts file corrupted !

# [MICROSOFT.COM]
127.0.0.1 microsoft.com.org
127.0.0.1 www.www.microsoft.com.org

ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\WINDOWS


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\WINDOWS\system


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\WINDOWS\Web


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\WINDOWS\system32


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\Documents and Settings\Owner


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\Documents and Settings\Owner\Application Data


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Start Menu


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\DOCUME~1\Owner\FAVORI~1


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Desktop


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ C:\Program Files


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Corrupted keys


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Desktop Components



ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ pe386-msguard-lzx32-huy32


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ Scanning wininet.dll infection


ｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻｻ End

[Zeokage]

Just a quick addition (just in case it means that I have to redo that last step), I just tried Football Manager to see if anything had happened, but the computer still cut out.

[Ried]

Hi,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

******************************************************

Download HostsXpert v3.7

Extract all files and double click HostsXpert.exe.

• In the 'Editing Tools' section, click "Make Hosts Writable?" in the upper right corner (If available).
• Just below, you will see the 'Backup and Restore' section. Click Restore Microsofts's Hosts File.
• Click File>Exit

--------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

(Alternate Link if main link doesn't work - http://www.greyknight17.com/spy/CleanUp.exe )

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users
• Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.

Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Close all applications and windows.Double-click on comboscan.exe to run it, and follow the prompts.

• When the scan is complete, a text file will open - ComboScan.txt
• Copy and paste the contents of ComboScan.txt in your thread in the HijackThis Log Help forum.
• A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt
• Please Attach the Supplementary.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:ComboScanSupplementary.txt

3. Click Upload.

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
ComboScan.txt
Attach the Supplementary.txt

[Zeokage]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:01:41 2007/02/23

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{6ECDB36B-1205-5DE1-F02E-335C36B4124F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C07C138C-3550-6D41-1B01-76F790035395} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\biob.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\forestgreenxs.exe\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\biob.zip\Ezthemes_WhenUSaveNowCrunch_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\biob.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\forestgreenxs.exe\Ezthemes_WhenUSaveNowCrunch_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\forestgreenxs.exe\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F8A424DD-51E1-4693-ACA2-781625F98C1D}\RP379\A0081275.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\WinCtlAdX.dll -> Adware.WinAD : Cleaned with backup (quarantined).


::Report end

----------------------------------------------------------------------

Panda didn't complete after two attempts due to computer cutting out, so I guess the problem still exists. *sigh*

----------------------------------------------------------------------


ComboScan v20070221.16 run by Owner on 2007-02-23 at 13:03:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Owner.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:04:58, on 2007/02/23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\NTMETER.EXE
C:\Smdata\ReadSctService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\LiquidView\lviewj.exe
C:\WINDOWS\System32\hfsmop.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PCGATE Personal\pcgate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!J\Messenger\ymsgr_tray.exe
C:\Program Files\子画面設定ユーティリティ\piputil.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HJT\comboscan.exe
C:\HJT\Owner.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SHRunOnce] C:\Program Files\SmartHobby\SHRunOnce.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LiquidView] C:\Program Files\LiquidView\lviewj.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HFSMOP] C:\WINDOWS\System32\hfsmop.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.