Repeated Shutdowns after AntiSpyCheck and Security Toolbar 7.1

YeloJakIt · 06-23-2008, 03:36 PM

I had previously posted my thread on XP support but was recommended to this forum. You can go to the original thread on this link http://www.techsupportforum.com/microsoft-support/windows-xp-support/260100-repeated-shutdowns-problems-computer.html.

The original post:
To begin with, before any major problems started, the computer continually restarted itself the first time the computer is turned on but after the first, sometimes 2nd restart. Computer works fine.

However, last night I went to a site that asked me to download an update for Video ActiveX. I continued (bad choice I know) and McAffee told me that it had automatically removed a trojan. Computer restarted itself. AntiSpyCheck was installed and so was Security Toolbar 7.1. The computer hasn't stopped restarted since then. Computer restarts whenever, McAffee virus scan starts, Disk clean up starts, try to delete browsing history, using add/remove program from control panels, and trying to use Ad-Aware. It also restarts regardless if the computer is simply left on too long.

I know the steps before posting told me not to remove anything but I happened to before I arrived at this forum. I went into safe mode and turned off automatic restart, and deleted AntiSpyCheck's program from the C: Program files. I also deleted the temp files from the local settings from each user.

Afterwards, BSOD occurs occasionally when i use the above mentioned programs. Otherwise, it is just a black screen and nothing happens. BSOD states that a driver has overrun a stack-based buffer and the technical information is:

*** 0x000000F7 (0x0000000, 0x0000A2DE, 0xFFFF5D21, 0x00000000)

Also, I tried doing other things before i found this site. I installed SmitFraud.exe to "clean" but when it hits disk cleanup, it stops and restarts.

Now, when I use IE, Security Toolbar is gone and so is AntiSpyCheck. I did use Security Task Manager. Well I installed it. Btw, I am using a laptop, where the problem is on the computer. (It is connected to the network, is this dangerous/a problem?)

I can provide other information to this, just ask. Hopefully, I haven't forgotten anything. Anyways, I need help. Thanks

These are the steps that I cannot/could not finish:
Step 1
I don’t know of any illegal software that I have. From what I know, I only have McAfee installed and I can’t use the add/remove because it shuts off while the list is being populated under normal conditions and shows BSOD under safe mode.
Step 2
Can’t run online scan because it shuts off before it works and can’t access internet under safe mode.
Step 3
Installed Spyblaster and IE-spyad.
Step 4:
I have the computer to automatically update windows. Plus, under System Properties, it says that SP2 is running.
Step 5:
Can’t run DSS.exe on normal conditions because the computer shuts down before I can do anything. Tried it on safe mode but says it prefers normal conditions unless analyst instructs to do so. So I didn’t.

Other info:
On previous thread, someone had me install everest to check on system temperatures. It does seem that the computer stays on longer when it is cooler. I vacuumed the computer especially the fans since there was a lot of dust. I also moved it under the desk, where it was cooler. Computer still shuts down though.

YeloJakIt · 06-25-2008, 03:36 PM

Hello, it is me again. I was able to get DSS.exe to run. here is main.txt:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-25 16:17:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
39: 2008-06-25 22:18:07 UTC - RP356 - Deckard's System Scanner Restore Point
38: 2008-06-21 22:20:47 UTC - RP355 - Software Distribution Service 3.0
37: 2008-06-15 00:21:50 UTC - RP354 - System Checkpoint
36: 2008-06-14 00:16:32 UTC - RP353 - System Checkpoint
35: 2008-06-11 20

17 UTC - RP352 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-03-17 18:21:51 UTC - RP318 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-25 16:20:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\AntiSpyCheck\IEWarning.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\system32\162123\162123.dll (file missing)
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: Slide - {F25D0054-4CA2-49D5-A8B0-D79B7829D14E} - C:\Program Files\Slide\SlideBar.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [AntiSpyCheck] C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\172FDS3A\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\W98VG7GN\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\Q91ERQH4\USERLO~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\W98VG7GN\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\Q91ERQH4\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\KFDFMQFT\VIDEOF~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\ZAGRRLS1\ADS9_3~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\GTMRO927\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\MPBG1CRI\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DKQXQFA4\ADS9_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\Q91ERQH4\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\S1UN4DMF\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\O9AVS9IB\ADS9_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\P44FDHKD\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DRJJH5WE\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DKQXQFA4\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\KFDFMQFT\ADS9_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DRJJH5WE\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\M90JEBQL\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\P44FDHKD\USERLO~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\W98VG7GN\VIDEOF~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\P44FDHKD\ADS9_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\W98VG7GN\ADS9_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DKQXQFA4\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\W98VG7GN\ADIABA~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\47ZB2O59\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\47ZB2O59\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\47ZB2O59\ADS9_4~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\KFDFMQFT\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\2KPM4W72\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\D45BO8HM\ADS9_2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\3ZVW37SL\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\D45BO8HM\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\QYDCKXJ2\ADS9_2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\84J28WUB\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\ZV5PWJLZ\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\THVNF5ZT\ADS9_5~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\THVNF5ZT\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\5BGDB3E5\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\T1PBISWA\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\KDG64IYT\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\8YO0A131\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\T1PBISWA\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1PAZ471M\ADS9_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\8YO0A131\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1PAZ471M\ADS9_2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BCTQKZQY\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BCTQKZQY\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DWFLBPQS\ADS9_2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\YA632GEY\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\EHTJN77W\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\W802CFDL\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\2BNU4Z08\CLIENT~1.SH!
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_06) - http://sdlc-esd.sun.com/ESD42/JSCDL/...ws-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\system32\psqnuvo.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 16833 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 tdidrv32.sys - c:\windows\system32\tdidrv32.sys
R2 TICalc - c:\windows\system32\drivers\ticalc.sys

S3 EverestDriver (Lavalys EVEREST Kernel Driver) - c:\docume~1\owner\locals~1\temp\everestdriver.sys (file missing)
S3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 01:00:04 332 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-05-15 01:45:26 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-01-21 10:00:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-04-02 22:05:21 354 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1159232941.job

-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-23 13:33:11 0 d-------- C:\ie-spyad_zo
2008-06-17 15:52:52 0 d-------- C:\Program Files\SpywareBlaster
2008-06-17 15:49:24 0 d-------- C:\Program Files\Lavalys
2008-06-16 15:27:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-06-16 15:19:34 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-16 15:19:29 0 d-------- C:\Program Files\Security Task Manager
2008-06-16 00:42:55 287997 --a------ C:\Pass2.cmd
2008-06-16 00:19:51 3162 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-16 00:18:54 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-16 00:18:54 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-16 00:18:54 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-16 00:18:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-16 00:18:54 53248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-16 00:18:54 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-16 00:18:54 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-16 00:18:54 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-15 19:36:52 18 --ah----- C:\SYSREST
2008-06-15 18:46:59 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\SendTo
2008-06-15 18:46:59 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Recent
2008-06-15 18:46:59 0 d--h----- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\PrintHood
2008-06-15 18:46:59 0 d--h----- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\NetHood
2008-06-15 18:46:59 0 dr------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\My Documents
2008-06-15 18:46:59 0 d--h----- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Local Settings
2008-06-15 18:46:59 0 dr------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Favorites
2008-06-15 18:46:59 0 d-------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Desktop
2008-06-15 18:46:59 0 d--hs---- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Cookies
2008-06-15 18:46:59 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Application Data
2008-06-15 18:46:59 0 d-------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Application Data\Symantec
2008-06-15 18:46:59 0 d-------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Application Data\Sun
2008-06-15 18:46:59 0 d-------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Application Data\SampleView
2008-06-15 18:46:59 0 d-------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Application Data\Real
2008-06-15 18:46:59 0 d---s---- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Application Data\Microsoft
2008-06-15 18:46:59 0 d-------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Application Data\Identities
2008-06-15 18:46:59 0 d-------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Application Data\Gtek
2008-06-15 18:46:58 0 d-------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\WINDOWS
2008-06-15 18:46:58 0 d--h----- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Templates
2008-06-15 18:46:58 0 dr------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\Start Menu
2008-06-15 18:46:58 1048576 --ah----- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\NTUSER.DAT
2008-06-15 18:42:56 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-15 18:42:56 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-15 18:42:56 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-15 18:42:56 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-15 18:42:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-15 18:42:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-15 18:42:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-15 18:42:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-15 18:42:56 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-15 18:42:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-15 18:42:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-06-15 18:42:55 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-15 18:42:55 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-15 18:42:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-15 18:42:55 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-15 18:42:55 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-15 18:42:55 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-15 18:42:55 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-15 18:42:55 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-15 18:42:55 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-15 18:42:54 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-14 23:02:46 8704 --a------ C:\WINDOWS\system32\tdidrv32.sys
2008-06-07 16:41:03 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-07 16:39:54 0 d-------- C:\Program Files\Sun
2008-06-07 16:36:18 0 d-------- C:\Program Files\LimeWire
2008-06-06 13:12:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-06-06 13:12:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla

-- Find3M Report ---------------------------------------------------------------

2008-06-25 16:16:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-06-23 13:29:14 0 d-------- C:\Program Files\BitLord
2008-06-21 16:27:37 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-19 22:37:58 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-06-17 15:47:18 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-06-17 11:34:41 0 d-------- C:\Program Files\McAfee
2008-06-16 15:01:41 0 d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-06-15 18:54:04 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-06-15 18:53:59 0 d-------- C:\Program Files\Messenger
2008-06-15 18:53:47 0 d-------- C:\Program Files\DivX
2008-06-15 18:53:47 0 d-------- C:\Program Files\DAP
2008-06-13 23:09:07 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-07 16:39:36 0 d-------- C:\Program Files\Java

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56FA7933-DC3E-403b-8D47-BB5E3F345A21}]
C:\Program Files\AntiSpyCheck\IEWarning.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95667A7A-03B3-4EE0-91AE-A4DE74D25729}]
C:\WINDOWS\system32\162123\162123.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99BA268B-4021-4739-9945-3C774217FE75}]
C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [01/16/2004 05:33 AM C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [01/16/2004 09:34 PM C:\WINDOWS\AGRSMMSG.exe]
"Bart Station"="C:\Program Files\ISP50\hta\station.sbrt" []
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [11/08/2007 01:15 AM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 04:37 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"AntiSpyCheck 2.1.0"="C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/30/2007 10:57 PM]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 10:24 AM]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [11/11/2004 07:50 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [10/30/2006 11:01 AM]
"AntiSpyCheck"="C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\172FDS3A\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\W98VG7GN\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\Q91ERQH4\USERLO~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\W98VG7GN\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\Q91ERQH4\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\KFDFMQFT\VIDEOF~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\ZAGRRLS1\ADS9_3~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\GTMRO927\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\MPBG1CRI\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DKQXQFA4\ADS9_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\Q91ERQH4\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\S1UN4DMF\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\O9AVS9IB\ADS9_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\P44FDHKD\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DRJJH5WE\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DKQXQFA4\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\KFDFMQFT\ADS9_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DRJJH5WE\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\M90JEBQL\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\P44FDHKD\USERLO~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\W98VG7GN\VIDEOF~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\P44FDHKD\ADS9_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\W98VG7GN\ADS9_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DKQXQFA4\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\W98VG7GN\ADIABA~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\47ZB2O59\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\47ZB2O59\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\47ZB2O59\ADS9_4~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\KFDFMQFT\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\2KPM4W72\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\D45BO8HM\ADS9_2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\3ZVW37SL\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\D45BO8HM\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\QYDCKXJ2\ADS9_2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\84J28WUB\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\ZV5PWJLZ\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\THVNF5ZT\ADS9_5~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\THVNF5ZT\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\5BGDB3E5\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\T1PBISWA\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\KDG64IYT\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\8YO0A131\RIGHTP~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\T1PBISWA\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1PAZ471M\ADS9_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\8YO0A131\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1PAZ471M\ADS9_2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BCTQKZQY\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BCTQKZQY\VIDEOF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DWFLBPQS\ADS9_2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\YA632GEY\WELCOM~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\EHTJN77W\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\W802CFDL\RIGHTP~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\2BNU4Z08\CLIENT~1.SH!

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [4/2/2004 4:51:16 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 1

58 AM]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [4/6/2003 12:37:38 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/30/2003 6:49:48 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{257f6f44-2c64-46bb-acb4-55f9b9e0ae08}"= C:\WINDOWS\system32\psqnuvo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2008-06-25 16:21:42 ------------

btw: is there a way to edit your posts so that I could have added it to my first post? that way it doesn't seem like someone has already replied to my thread and has "helped" me.

Ried · 06-25-2008, 10:18 PM

Hello YeloJakIt and welcome,

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

We'll begin with ComboFix.exe. Please download it from here and save it directly to your desktop.

Do not run it yet.

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console on your machine before doing any malware removal.

The Windows recovery console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Download the file & save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix. **perform these steps in Safe Mode if necessary

Drag the setup package onto ComboFix.exe and drop it.
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
At the next prompt, click 'Yes' to run the full ComboFix scan.
When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

YeloJakIt · 06-26-2008, 10:24 AM

Thank you Ried. No problem, I will stick with you to fix this problem.

Okay I followed your instructions. But on the step about closing all programs, I was unable to close/turn off McAfee from the taskbar but I did close the window of it. I proceeded with ComboFix and while it was trying to make a recovery point, it said that it had already had one and the operation was aborted. Then it continued until it hit the BSOD. I was in safe mode because the computer couldn't stay on long enough for me to use it on normal mode. (Why can it stay on longer for some times?). I tried it again and the same thing happened.

Ried · 06-26-2008, 11:25 AM

Do you get any warning displayed before the computer shuts down, or does it just shut down?

Kindly provide as much detail as possible so I can devise a work-around.

YeloJakIt · 06-26-2008, 12:02 PM

In normal mode, the computer normally just restarts but I turned off the automatic restart from the my computer > properties menu, so it doesn't actually turn off anymore, it just goes to this black screen and the computer stops working. It must be turned off and back on for it to work. When in safe mode, instead of going to the black screen, it goes to the blue screen of death instead with the error message posted in the first post.

During safe mode, it only goes to the BSOD when using disk clean up, Virus scan or anything similar to that.

Ried · 06-26-2008, 12:13 PM

I have 2 ideas here to try to stabilize the system a bit so we can run the necessary tools.

1. First, boot your system the same as you would to enter Safe Mode, except this time, highlight 'Last known good configuration'.

Now try to run ComboFix.exe again. If you are successful, please post the C:\ComboFix.txt for further review.

2. If the above did not work out, see if you can sneak this in before it shuts down:

Go to Start > Run - type msconfig <Press Enter> (this opens the system configuration utility)

Under the General Tab, select Diagnostic Startup & click OK
Reboot your computer when prompted.

Now try again to run ComboFix.exe and post it's report if successful.

YeloJakIt · 06-26-2008, 01:29 PM

alright so I tried last known good configuration and that didn't work. It shut down just as before. It didn't seem to help.

The 2nd one worked and here is the log report:

ComboFix 08-06-25.3 - Owner 2008-06-26 14:12:36.1 - NTFSx86

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\Application Data\ShoppingReport
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Michelle\Application Data\ShoppingReport
C:\Documents and Settings\Michelle\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Michelle\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Michelle\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Michelle\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Michelle\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Michelle\Application Data\ShoppingReport\cs\report\send_storage.xml
.
---- Previous Run -------
.
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1169173661.old
C:\Program Files\WinBudget\bin\crap.1187408264.old
C:\Program Files\WinBudget\bin\matrix.dll.1187408262.old
C:\Program Files\WinBudget\bin\matrix.dll.1189301722.old
C:\WINDOWS\system32\tdidrv32.sys
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-23 13:52 . 2008-06-23 13:52 <DIR> d-------- C:\Deckard
2008-06-23 13:33 . 2008-06-23 13:33 <DIR> d-------- C:\ie-spyad_zo
2008-06-17 15:52 . 2008-06-17 15:54 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-17 15:49 . 2008-06-17 15:49 <DIR> d-------- C:\Program Files\Lavalys
2008-06-16 15:19 . 2008-06-16 15:27 <DIR> d-------- C:\Program Files\Security Task Manager
2008-06-16 15:19 . 2008-06-16 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-16 00:42 . 2008-06-16 17:08 287,997 --a------ C:\Pass2.cmd
2008-06-16 00:19 . 2008-06-16 17:06 3,162 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-16 00:18 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-16 00:18 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-16 00:18 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-16 00:18 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-16 00:18 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-16 00:18 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-16 00:18 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-16 00:18 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-16 00:18 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-15 19:36 . 2008-06-15 19:36 18 --ah----- C:\SYSREST
2008-06-15 18:46 . 2004-04-02 16:38 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3\WINDOWS
2008-06-15 18:46 . 2008-06-15 18:47 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-2S4KN5K0H3
2008-06-15 18:42 . 2004-04-02 16:38 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-15 18:42 . 2008-06-15 18:42 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-11 13:57 . 2008-06-13 07:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 16:41 . 2008-06-14 23:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-07 16:39 . 2008-06-07 16:39 <DIR> d-------- C:\Program Files\Sun
2008-06-07 16:39 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-07 16:36 . 2008-06-15 18:59 <DIR> d-------- C:\Program Files\LimeWire
2008-06-06 13:12 . 2008-06-06 13:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 19:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-06-26 19:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 19:29 --------- d-----w C:\Program Files\BitLord
2008-06-21 22:27 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-20 04:37 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-06-17 21:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-06-17 17:34 --------- d-----w C:\Program Files\McAfee
2008-06-16 21:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM
2008-06-16 00:54 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-06-16 00:53 --------- d-----w C:\Program Files\DivX
2008-06-16 00:53 --------- d-----w C:\Program Files\DAP
2008-06-14 05:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-07 22:39 --------- d-----w C:\Program Files\Java
2008-05-14 04:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 22:14 --------- d-----w C:\Documents and Settings\Michelle\Application Data\U3
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 -c--a-w C:\WINDOWS\system32\msjint40.dll
2008-03-15 23:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.EXE" [2007-12-04 13:32 111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 01:56 158208]

C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2007-11-08 01:15 4568576 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2006-10-30 11:01 392832 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 16:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2004-11-11 19:50 212992 C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-30 22:57 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--------- 2004-01-16 05:33 49152 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"UMWdf"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"MpfService"=2 (0x2)
"mnmsrvc"=3 (0x3)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrvR"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 16:00:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-04-03 04:05:21 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1159232941.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2008-05-15 07:45:26 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-01 07:00:04 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
BHO-{95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\system32\162123\162123.dll
BHO-{99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll
Toolbar-{51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
WebBrowser-{51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
SharedTaskScheduler-{257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\system32\psqnuvo.dll
MSConfigStartUp-AntiSpyCheck - C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
MSConfigStartUp-AntiSpyCheck 2.1 - C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe
MSConfigStartUp-Bart Station - C:\Program Files\ISP50\hta\station.sbrt
MSConfigStartUp-KernelFaultCheck - C:\WINDOWS\system32\dumprep 0 -k

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 14:16:04
Windows 5.1

06-23-2008, 03:36 PM	#1 (permalink)
YeloJakIt Registered User Join Date: Jun 2008 Posts: 15 OS: xp	Repeated Shutdowns after AntiSpyCheck and Security Toolbar 7.1 I had previously posted my thread on XP support but was recommended to this forum. You can go to the original thread on this link http://www.techsupportforum.com/microsoft-support/windows-xp-support/260100-repeated-shutdowns-problems-computer.html. The original post: To begin with, before any major problems started, the computer continually restarted itself the first time the computer is turned on but after the first, sometimes 2nd restart. Computer works fine. However, last night I went to a site that asked me to download an update for Video ActiveX. I continued (bad choice I know) and McAffee told me that it had automatically removed a trojan. Computer restarted itself. AntiSpyCheck was installed and so was Security Toolbar 7.1. The computer hasn't stopped restarted since then. Computer restarts whenever, McAffee virus scan starts, Disk clean up starts, try to delete browsing history, using add/remove program from control panels, and trying to use Ad-Aware. It also restarts regardless if the computer is simply left on too long. I know the steps before posting told me not to remove anything but I happened to before I arrived at this forum. I went into safe mode and turned off automatic restart, and deleted AntiSpyCheck's program from the C: Program files. I also deleted the temp files from the local settings from each user. Afterwards, BSOD occurs occasionally when i use the above mentioned programs. Otherwise, it is just a black screen and nothing happens. BSOD states that a driver has overrun a stack-based buffer and the technical information is: *** 0x000000F7 (0x0000000, 0x0000A2DE, 0xFFFF5D21, 0x00000000) Also, I tried doing other things before i found this site. I installed SmitFraud.exe to "clean" but when it hits disk cleanup, it stops and restarts. Now, when I use IE, Security Toolbar is gone and so is AntiSpyCheck. I did use Security Task Manager. Well I installed it. Btw, I am using a laptop, where the problem is on the computer. (It is connected to the network, is this dangerous/a problem?) I can provide other information to this, just ask. Hopefully, I haven't forgotten anything. Anyways, I need help. Thanks These are the steps that I cannot/could not finish: Step 1 I don’t know of any illegal software that I have. From what I know, I only have McAfee installed and I can’t use the add/remove because it shuts off while the list is being populated under normal conditions and shows BSOD under safe mode. Step 2 Can’t run online scan because it shuts off before it works and can’t access internet under safe mode. Step 3 Installed Spyblaster and IE-spyad. Step 4: I have the computer to automatically update windows. Plus, under System Properties, it says that SP2 is running. Step 5: Can’t run DSS.exe on normal conditions because the computer shuts down before I can do anything. Tried it on safe mode but says it prefers normal conditions unless analyst instructs to do so. So I didn’t. Other info: On previous thread, someone had me install everest to check on system temperatures. It does seem that the computer stays on longer when it is cooler. I vacuumed the computer especially the fans since there was a lot of dust. I also moved it under the desk, where it was cooler. Computer still shuts down though.

06-25-2008, 10:18 PM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 18,684 OS: WinXP and Win98se	Re: Repeated Shutdowns after AntiSpyCheck and Security Toolbar 7.1 Hello YeloJakIt and welcome, This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. We'll begin with ComboFix.exe. Please download it from here and save it directly to your desktop. Do not run it yet. With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console on your machine before doing any malware removal. The Windows recovery console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix. perform these steps in Safe Mode if necessary Drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. At the next prompt, click 'Yes' to run the full ComboFix scan. When the tool is finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a new HijackThis log for further review. __________________ Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Keep this site free for all. Please consider, donating** "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

06-26-2008, 10:24 AM	#4 (permalink)
YeloJakIt Registered User Join Date: Jun 2008 Posts: 15 OS: xp	Re: Repeated Shutdowns after AntiSpyCheck and Security Toolbar 7.1 Thank you Ried. No problem, I will stick with you to fix this problem. Okay I followed your instructions. But on the step about closing all programs, I was unable to close/turn off McAfee from the taskbar but I did close the window of it. I proceeded with ComboFix and while it was trying to make a recovery point, it said that it had already had one and the operation was aborted. Then it continued until it hit the BSOD. I was in safe mode because the computer couldn't stay on long enough for me to use it on normal mode. (Why can it stay on longer for some times?). I tried it again and the same thing happened.

06-26-2008, 11:25 AM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 18,684 OS: WinXP and Win98se	Re: Repeated Shutdowns after AntiSpyCheck and Security Toolbar 7.1 Do you get any warning displayed before the computer shuts down, or does it just shut down? Kindly provide as much detail as possible so I can devise a work-around. __________________ Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Keep this site free for all. Please consider, donating "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

06-26-2008, 12:02 PM	#6 (permalink)
YeloJakIt Registered User Join Date: Jun 2008 Posts: 15 OS: xp	Re: Repeated Shutdowns after AntiSpyCheck and Security Toolbar 7.1 In normal mode, the computer normally just restarts but I turned off the automatic restart from the my computer > properties menu, so it doesn't actually turn off anymore, it just goes to this black screen and the computer stops working. It must be turned off and back on for it to work. When in safe mode, instead of going to the black screen, it goes to the blue screen of death instead with the error message posted in the first post. During safe mode, it only goes to the BSOD when using disk clean up, Virus scan or anything similar to that.

06-26-2008, 12:13 PM	#7 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 18,684 OS: WinXP and Win98se	Re: Repeated Shutdowns after AntiSpyCheck and Security Toolbar 7.1 I have 2 ideas here to try to stabilize the system a bit so we can run the necessary tools. 1. First, boot your system the same as you would to enter Safe Mode, except this time, highlight 'Last known good configuration'. Now try to run ComboFix.exe again. If you are successful, please post the C:\ComboFix.txt for further review. 2. If the above did not work out, see if you can sneak this in before it shuts down: Go to Start > Run - type msconfig <Press Enter> (this opens the system configuration utility) Under the General Tab, select Diagnostic Startup & click OK Reboot your computer when prompted. Now try again to run ComboFix.exe and post it's report if successful. __________________ Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Keep this site free for all. Please consider, donating "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."