DaniWeb IT Discussion Community
1 2
Show 40 post(s) from this thread on one page

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   Boot up problem (http://www.daniweb.com/forums/thread124096.html)

JGR May 13th, 2008 8:16 pm
Boot up problem
 
Hi, for a while now my computer has been going a slow and acting wierd. Some times when i use a windows shortcut key such as ctrl + C explorer will restart or when im in a folder and right click it will restart but only every once in and a while. Then when i boot it up at the screen where its all black and theres a dash that flashes it takes at least 2 minutes which is a lot longer than it used to and then it will go to the windows splash screen and act normally. Then it goes to my log on screen but before it goes there its blank and stays there for along time before showing the log on screen. Its also a little slow when logging on after explorer loads. I have posted a hijackthis log below. Any help would be appreciated, Thanks.






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:24 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer2.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.212.29.70:6588
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer2.exe
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program Files\ConnectionServices\ConnectionServices.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Registration Brothers In Arms.LNK = C:\Documents and Settings\Green\Desktop\New Folder (3)\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149550927593
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36E0607A-7608-42E8-A37C-B762491C2426}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3BBCB58-9107-4336-89A2-15FC5F127074}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{C452D6C8-892A-4324-AE70-C9886BEB4F1C}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O20 - AppInit_DLLs: C:\WINDOWS\system32\prai.dll
O20 - Winlogon Notify: PermissionResearch - C:\WINDOWS\system32\prls.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10196 bytes

JGR May 13th, 2008 9:57 pm
Re: Boot up problem
 
I did a registry cleaning and some other stuff heres the hijackthis report.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:18 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer2.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.212.29.70:6588
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer2.exe
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program

Files\ConnectionServices\ConnectionServices.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh

Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsof...?1149550927593
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36E0607A-7608-42E8-A37C-B762491C2426}: NameServer =

85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3BBCB58-9107-4336-89A2-15FC5F127074}: NameServer =

85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{C452D6C8-892A-4324-AE70-C9886BEB4F1C}: NameServer =

85.255.116.50,85.255.112.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O20 - AppInit_DLLs: C:\WINDOWS\system32\prai.dll
O20 - Winlogon Notify: PermissionResearch - C:\WINDOWS\system32\prls.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust

Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust

Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust

Antivirus\InoTask.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9679 bytes

gerbil May 14th, 2008 1:31 am
Re: Boot up problem
 
You write like you are not in the Ukraine, so...
==Download fixwareout from http://www.bleepingcomputer.com/file...Fixwareout.exe - and save it to your desktop.
Double click Fixwareout.exe to start the Fixwareout Setup Wizard, click next and then install. Ensure that Run fixit is checked, and click on Finish. After the fix follow the prompts. You will be asked to reboot your computer, and it may take longer than usual to load - this is normal.

Only if your Internet connection is now not working perform this.... In control panel select the Network and Internet Connections , rclick on your default connection, usually local area connection for cable and dsl, and lclick on properties. Click the Networking tab. Dclick on the Internet Protocol (TCP/IP) item and select Obtain DNS servers automatically. Press OK twice to get out of the properties screen and reboot if it asks.

FIX CHECKED ENTRIES....!!
Start Hijackthis, do a Scan Only and place checkmarks against all of the following, and then press Fix Checked:
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - (no file)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{36E0607A-7608-42E8-A37C-B762491C2426}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3BBCB58-9107-4336-89A2-15FC5F127074}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{C452D6C8-892A-4324-AE70-C9886BEB4F1C}: NameServer = 85.255.116.50,85.255.112.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86
O20 - AppInit_DLLs: C:\WINDOWS\system32\prai.dll
O20 - Winlogon Notify: PermissionResearch - C:\WINDOWS\system32\prls.dll
Good. Now...
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

Okay, please run HT again and repost with the fixwareout log and the Combofix log.

JGR May 14th, 2008 10:39 pm
Re: Boot up problem
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:48 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.212.29.70:6588
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149550927593
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7721 bytes





Username "Green" - 05/14/2008 19:33:27 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.50 85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{36E0607A-7608-42E8-A37C-B762491C2426}
"nameserver"="85.255.116.50,85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A3BBCB58-9107-4336-89A2-15FC5F127074}
"nameserver"="85.255.116.50,85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C452D6C8-892A-4324-AE70-C9886BEB4F1C}
"nameserver"="85.255.116.50,85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{36E0607A-7608-42E8-A37C-B762491C2426}
"DhcpNameServer"="85.255.116.50,85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BD82609A-923B-4AE8-83A3-33F96FCBB190}
"DhcpNameServer"="85.255.116.50,85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C452D6C8-892A-4324-AE70-C9886BEB4F1C}
"DhcpNameServer"="85.255.116.50,85.255.112.86" <Value cleared.

Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"SoundMan"="SOUNDMAN.EXE"
"StormCodec_Helper"="\"C:\\Program Files\\Ringz Studio\\Storm Codec\\StormSet.exe\" /S /opti"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="\"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~







ComboFix 08-05-12.1 - Green 2008-05-14 19:54:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1095 [GMT -5:00]
Running from: C:\Documents and Settings\Green\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\deskbar
C:\Program Files\deskbar\deskbar.dll
C:\Program Files\deskbar\icons.bmp
C:\Program Files\deskbar\inst.bat
C:\Program Files\deskbar\mbback.bmp
C:\Program Files\deskbar\mbbigopen.bmp
C:\Program Files\deskbar\mbclose.bmp
C:\Program Files\deskbar\mbfwd.bmp
C:\Program Files\deskbar\mblogo.bmp
C:\Program Files\deskbar\mbsep.bmp
C:\Program Files\deskbar\options.html
C:\Program Files\deskbar\softomate.gif
C:\Program Files\deskbar\version.txt
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\tigen001.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\cfg32o.dll
C:\WINDOWS\cfg32r.dll
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\system32\bang-006.ico
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\prls.dll
C:\WINDOWS\system32\tpuninstall.exe
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm

.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-14 19:32 . 2008-05-14 19:43 <DIR> d-------- C:\fixwareout
2008-05-13 18:02 . 2008-05-13 18:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-05 20:05 . 2008-05-05 20:05 <DIR> d-------- C:\Program Files\vixy.net
2008-05-05 19:31 . 2008-05-05 20:00 <DIR> d-------- C:\Downloads
2008-04-30 17:55 . 2008-04-30 17:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-30 17:55 . 2008-04-30 17:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-23 18:32 . 2008-04-23 18:33 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{C7F18430-E561-4213-B311-85908A54007B}
2008-04-20 22:26 . 2008-04-20 22:26 <DIR> d-------- C:\Program Files\CCleaner
2008-04-20 15:16 . 2008-04-23 19:23 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-04-20 12:31 . 2008-04-20 12:36 <DIR> d-------- C:\Program Files\ABC Amber Text Converter
2008-04-20 12:21 . 2008-04-20 12:21 327,680 --a------ C:\WINDOWS\system32\dvdauthor.ocx
2008-04-19 23:54 . 2008-04-19 23:54 <DIR> d-------- C:\Documents and Settings\Green\Application Data\ATI
2008-04-19 20:44 . 2008-04-19 20:44 <DIR> d-------- C:\ATI
2008-04-19 19:39 . 2008-04-19 19:39 <DIR> d-------- C:\Documents and Settings\Green\Application Data\Gearbox Software
2008-04-19 19:10 . 2008-04-19 19:10 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-16 17:14 . 2008-04-16 17:14 233,472 --a------ C:\WINDOWS\system32\viscomdvdimg.dll
2008-04-15 20:23 . 2008-04-15 20:23 0 --a------ C:\WINDOWS\Irremote.ini
2008-04-15 20:00 . 2008-04-15 20:06 <DIR> d-------- C:\temp\CheetahAudio
2008-04-15 20:00 . 2008-04-15 20:00 <DIR> d-------- C:\temp
2008-04-15 19:54 . 2008-04-15 19:54 <DIR> d-------- C:\Program Files\Cheetah Burner
2008-04-15 19:54 . 2005-11-14 05:23 1,228,800 --a------ C:\WINDOWS\system32\FoxBurner.ocx
2008-04-15 19:54 . 2003-12-17 16:00 1,208,320 --a------ C:\WINDOWS\system32\PTxSCP.ocx
2008-04-15 19:54 . 2007-07-31 12:57 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2008-04-15 19:54 . 2004-02-08 15:53 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2008-04-15 19:54 . 2005-01-19 00:44 454,656 --a------ C:\WINDOWS\system32\FoxDVDImager.ocx
2008-04-15 19:54 . 2002-03-25 03:03 380,928 --a------ C:\WINDOWS\system32\CDRipperX.ocx
2008-04-15 19:54 . 2005-01-19 00:18 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2008-04-15 19:54 . 2007-04-06 00:08 196,608 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2008-04-15 19:54 . 2003-08-19 04:31 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2008-04-15 19:43 . 2008-04-23 19:22 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-04-15 19:15 . 2008-04-15 19:15 <DIR> d-------- C:\Documents and Settings\Green\Application Data\CDBurnerXP_Soft
2008-04-15 18:57 . 2008-04-23 19:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 22:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 22:42 --------- d-----w C:\Documents and Settings\Green\Application Data\AdobeUM
2008-05-12 00:22 --------- d-----w C:\Program Files\mIRC
2008-05-08 03:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-07 00:28 --------- d-----w C:\Documents and Settings\Green\Application Data\LimeWire
2008-05-06 01:00 --------- d-----w C:\Documents and Settings\Green\Application Data\Orbit
2008-04-30 03:41 --------- d-----w C:\Program Files\ConnectionServices
2008-04-29 03:47 --------- d-----w C:\Program Files\Opera
2008-04-22 02:24 --------- d-----w C:\Program Files\EasyBurning
2008-04-22 02:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 23:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-20 01:47 --------- d-----w C:\Program Files\ATI Technologies
2008-04-16 01:28 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-16 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-10 00:35 --------- d-----w C:\Documents and Settings\Green\Application Data\Nero
2008-04-10 00:30 --------- d-----w C:\Program Files\Nero
2008-03-30 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-03-21 02:58 --------- d-----w C:\Program Files\FLV Player
2008-03-20 02:33 --------- d-----w C:\Program Files\Microsoft Reader
2008-03-17 23:51 --------- d-----w C:\Program Files\MagicISO
2008-03-17 20:07 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-17 20:07 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-17 18:54 --------- d-----w C:\Program Files\Kristanix
2008-03-16 00:41 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-03-15 20:35 --------- d-----w C:\Documents and Settings\Green\Application Data\Xfire
2008-03-15 20:34 --------- d-----w C:\Program Files\Xfire
2007-12-27 02:39 22,328 ----a-w C:\Documents and Settings\Green\Application Data\PnkBstrK.sys
2007-09-27 01:40 458,752 ----a-w C:\Program Files\AVSVideoToolsTrial.exe
2006-08-24 21:25 20,632 ----a-w C:\Documents and Settings\Green\Application Data\GDIPFONTCACHEV1.DAT
2006-10-12 21:32 3,072 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-10-12 21:32 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2005-05-13 23:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 17:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 03:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-08 01:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 18:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 16:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 19:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14 504080]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 13:30 97357]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-01-29 19:13 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Brandon\Start Menu\Programs\Startup\
Killindex.lnk - C:\WINDOWS\system32\cmd.exe [2004-08-04 07:00:00 388608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Green^Start Menu^Programs^Startup^Think-Adz.lnk]
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-04-20 12:10 50792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-04-10 09:15 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 08:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-04-20 12:10 50792 C:\Program Files\Common Files\AOL\1148587091\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Documents and Settings\\Green\\Desktop\\New Folder\\Limewire\\LimeWire.exe"=
"F:\\Games\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"F:\\Games\\Unreal Tournament\\Unreal Tournament\\UnrealTournament\\System\\UnrealTournament.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19812:TCP"= 19812:TCP:BitComet 19812 TCP
"19812:UDP"= 19812:UDP:BitComet 19812 UDP
"1620:UDP"= 1620:UDP:Windows Media Format SDK (firefox.exe)
"1621:UDP"= 1621:UDP:Windows Media Format SDK (firefox.exe)
"6112:TCP"= 6112:TCP:6112
"6113:TCP"= 6113:TCP:6113
"6114:TCP"= 6114:TCP:6114
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 ACEDRV06;ACEDRV06;C:\WINDOWS\system32\drivers\ACEDRV06.sys [2006-12-28 17:59]
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-20 20:37]
S3 MaplomL;MaplomL;C:\WINDOWS\system32\drivers\MaplomL.sys [2008-01-04 16:05]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-10-16 00:11]
S3 psdriver;psdriver;C:\Program Files\psdriver\psdriver.sys []
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-24 20:19]
S3 XDva006;XDva006;C:\WINDOWS\system32\XDva006.sys []
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys []
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autoplay.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 02:45:46 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-21 17:24:34 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 20:06:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2008-05-14 20:25:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 01:25:04

Pre-Run: 25,512,640,512 bytes free
Post-Run: 25,563,234,304 bytes free

257 --- E O F --- 2008-05-14 21:01:34

gerbil May 15th, 2008 10:38 am
Re: Boot up problem
 
JGR, just one obvious pest to remove: searchbar.findthewebsiteyouneed.com
Fix this entry with hijackthis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
Good, now a clean..
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
...and a Spyware scan:
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng...i-spyware-free
-Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file.
...with your comments, please?

JGR May 16th, 2008 10:46 pm
Re: Boot up problem
 
Ok well i got the spyware program but couldnt really find an area called quarantine so i just deleted them. I then restarted my computer and it took even longer after explorer loaded for the icons and taskbar to load... I had some custom themes and thought that was the probelm when i use shortcut keys and right click so i uninstalled them and it still does it. well i hoped that helped some, here's the report from the AVG program.







"General properties" ""
"Report name" "Complete Test"
"Start time" "5/15/2008 7:04:53 PM"
"End time" "5/15/2008 11:44:39 PM (total: 4:39:45.5 hrs)"
"Launch method" "Scanning launched manually"
"Scanning result" "Threats found"
"Report status" "Scanning completed successfully"
" " ""
"Object summary" ""
"Scanned" "216881"
"Threats Found" "9"
"Cleaned" "0"
"Moved to vault" "0"
"Deleted" "8"
"Errors" "0"
"C:\Documents and Settings\Green\Desktop\New Folder\Rars\GameMaker67.rar:\GameMaker6.1.rar:\crack.exe" "Trojan horse Generic5.HCE" "Infected, Embedded object, Deleted"
"C:\Documents and Settings\Green\Desktop\New Folder\Rars\GameMaker67.rar" "Trojan horse Generic5.HCE" "Infected, Archive"
"C:\w77uxb8v9.exe" "" "Deleted"
"C:\Documents and Settings\Green\Desktop\Keygen.exe" "" "Deleted"
"C:\Program Files\Common Files\fmmm\fmmma.exe" "" "Deleted"
"C:\Program Files\Common Files\fmmm\fmmmp.exe" "" "Deleted"
"C:\Program Files\ConnectionServices\ConnectionServices.dll" "" "Deleted"
"C:\WINDOWS\system32vypqj.exe" "" "Deleted"
"C:\WINDOWS\Uninstall.exe" "" "Deleted"
"C:\WINDOWS\system32\vypqj.exe" "" "Deleted"

gerbil May 17th, 2008 10:25 am
Re: Boot up problem
 
AVG Quarantine.... that is a setting, explained in this line:
-under Scanner/ Settings please change the Default Action from Recommended Actions to QUARANTINE, and run the complete system scan.
What that change does is force AVG to save the suspect files in a safe so you can review them before deleting or restoring them; otherwise AVG will apply its inbuilt Rec. Actions which generally for detections is deletion.
Not preaching here, but cracks n stuff.... if I wrote a tasty bit of software and wanted payment for it I would be annoyed at folks bypassing me with cracks. So, being a software writer, I would push out my own cracks... and they would be bad. Loaded. Pestware, adware, the lot, to put folks off downloading stuff to beat my software. Writers do that.
And if you earn a living by loading trojans with adware for payment, well cracks are just another way to get ppl to accept your trojans and execute them.
Best you run this virus scan [CClean first]:
==Please use IE or Firefox to do an online scan at panda:- http://www.pandasecurity.com/homeuse...s/activescan/?
-for the free online virus scan select the link Scan your PC, then Register [otherwise there will be no disinfection, merely detection] with a valid email and follow through.
Post the log it produces here.

JGR May 19th, 2008 6:11 pm
Re: Boot up problem
 
1 Attachment(s)
I did the ccleaner before i did the online scan but i dont think it got the other users on my computer though. When i copy and pasted the results it looked a little wierd so I also attached it in my reply.










;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-19 15:59:30
PROTECTIONS: 1
MALWARE: 68
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.524 7.5.524 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029331 adware/bookedspace Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
00047660 adware/sqwire Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa
00099612 adware/ipbill Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}
00125533 Adware/Sqwire Adware No 0 Yes No C:\Program Files\Common Files\fmmm\fmmmd\fmmmc.dll
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Green\Cookies\green@atdmt[2].txt
00145083 adware/mirar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
00145083 adware/mirar Adware No 1 Yes No HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta\https
00145083 adware/mirar Adware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}
00145083 adware/mirar Adware No 1 Yes No HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}
00145083 adware/mirar Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
00145083 adware/mirar Adware No 1 Yes No hkey_local_machine\software\classes\nn_bar_dummy.nn_bardummy.1
00145083 adware/mirar Adware No 1 Yes No hkey_local_machine\software\classes\nn_bar_dummy.nn_bardummy
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.tradedoubler.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.mediaplex.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.clickbank.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.com.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[counter.hitslink.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Green\Cookies\green@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[ad.yieldmanager.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[www.burstbeacon.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[server.iad.liveperson.net/hc/42739635]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[server.iad.liveperson.net/hc/76931915]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.ads.pointroll.com/]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[hc2.humanclick.com/]
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[hc2.humanclick.com/hc/49044919]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[.adrevolver.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\3ijqz59j.default\cookies.txt[searchportal.information.com/]
00222340 Adware/Sqwire Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148395.exe
00222376 Adware/Sqwire Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148392.exe
00222405 Adware/Sqwire Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148193.exe
00222405 Adware/Sqwire Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\tsuninst.exe.vir
00262580 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148189.exe
00262580 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148196.exe
00262580 Adware/Zenosearch Adware No 0 Yes No C:\QooBox\Quarantine\C\TIGEN001.exe.vir
00262580 Adware/Zenosearch Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\dwdsregt.exe.vir
00262580 Adware/Zenosearch Adware No 0 Yes No C:\WINDOWS\system32\ordsregn.exe
00276655 Adware/NewAds Adware No 0 Yes No C:\WINDOWS\system32\kfaflghp.dll
00286207 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\cfg32.exe
00286207 Adware/BookedSpace Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148199.exe
00286207 Adware/BookedSpace Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\cfg32a.exe.vir
00293079 Spyware/7r7t Spyware No 1 Yes No C:\WINDOWS\srvcjfoias.exe
00293079 Spyware/7r7t Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\tpuninstall.exe.vir
00293079 Spyware/7r7t Spyware No 1 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148192.exe
00302188 Adware/ActiveSearch Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148185.dll
00302188 Adware/ActiveSearch Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Deskbar\deskbar.dll.vir
00303646 Adware/DigInk Adware No 0 No No C:\WINDOWS\srvvjkbzix.exe[TagASaurus.exe]
00305469 Adware/Mirar Adware No 1 Yes No C:\WINDOWS\876056.exe
00319551 Adware/DigInk Adware No 0 No No C:\WINDOWS\srvvjkbzix.exe[Sos28.exe]
00324322 Adware/NewAds Adware No 0 Yes No C:\WINDOWS\system32\BattyRun2.dll
00333957 Adware/BookedSpace Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148197.dll
00333957 Adware/BookedSpace Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\cfg32o.dll.vir
00335213 Adware/BookedSpace Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\cfg32r.dll.vir
00335213 Adware/BookedSpace Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148198.dll
00335420 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\stub_mm1.exe
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\fixwareout\FindT\nircmd.exe
00375120 Adware/Borlander Adware No 0 Yes No C:\Program Files\Ringz Studio\Storm Codec\stormupd.dll
00504757 Adware/PurityScan Adware No 0 No No C:\WINDOWS\srvcjfoias.exe[PSDream.exe]
00527287 Adware/WebHancer Adware No 0 Yes No C:\WINDOWS\whCC-MTHREE.exe
00597660 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\cfg32p.dll
00747431 Spyware/LinkReplacer Spyware No 1 Yes No C:\WINDOWS\system32drei.exe
00751900 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148382.exe
00756242 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\WINDOWS\srvvjkbzix.exe[uni_7eh.exe]
00769879 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\WINDOWS\srvvjkbzix.exe[109uninst.exe]
00773544 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\vlcfkcdp.exe
00774185 Spyware/LinkReplacer Spyware No 1 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148396.exe
00774185 Spyware/LinkReplacer Spyware No 1 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148398.exe
00788432 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\stub_mm6.exe
01078863 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Game_Maker7\DrXJ.exe
01078863 Generic Trojan Virus/Trojan No 0 No No C:\Program Files\Game_Maker7\crack.exe[DrXJ.exe]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148253.exe[327882R2FWJFW\NirCmdC.cfexe]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Green\Desktop\New Folder\Rars\Scanning Programs\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148216.EXE
02186720 Adware/BookedSpace Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148397.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148207.sys
02888154 Adware/Adband Adware No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148187.exe
02888154 Adware/Adband Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\ISM\ism.exe.vir
02916576 Spyware/MarketScore Spyware No 1 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP548\A0148191.dll
02916576 Spyware/MarketScore Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\prls.dll.vir
02924197 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{72505BEB-2B0E-4985-8C69-1D60384BDC6B}\RP556\A0148394.exe
02925267 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\DAEMON Tools Pro\Patch.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location L
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description L
;===================================================================================================================================================================================
;===================================================================================================================================================================================

gerbil May 20th, 2008 1:59 am
Re: Boot up problem
 
Thanks for attaching that log, JG, it does make it easier to read.
Delete C:\QOOBOX folder.

==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....
Windows Registry Editor Version 5.00



[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}]



[-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa]



[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}]



[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}]



[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta\https]



[-HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}]



[-HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}]



[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}]



[-hkey_local_machine\software\classes\nn_bar_dummy.nn_bardummy.1]



[-hkey_local_machine\software\classes\nn_bar_dummy.nn_bardummy]

==Download killbox from here:- http://www.downloads.subratam.org/KillBox.zip -unzip it onto your desktop.
Dclick killbox to start it.
>Highlight the pathnames in the following block and copy them into clipboard [press Ctrl+C] [ or rclick, copy...]:-
C:\Program Files\Common Files\fmmm\fmmmd\fmmmc.dll

C:\WINDOWS\system32\ordsregn.exe

C:\WINDOWS\system32\kfaflghp.dll

C:\WINDOWS\cfg32.exe

C:\WINDOWS\srvcjfoias.exe

C:\WINDOWS\srvvjkbzix.exe[TagASaurus.exe]

C:\WINDOWS\876056.exe

C:\WINDOWS\srvvjkbzix.exe[Sos28.exe]

C:\WINDOWS\system32\BattyRun2.dll

C:\WINDOWS\stub_mm1.exe

C:\Program Files\Ringz Studio\Storm Codec\stormupd.dll

C:\WINDOWS\srvcjfoias.exe[PSDream.exe]

C:\WINDOWS\whCC-MTHREE.exe

C:\WINDOWS\cfg32p.dll

C:\WINDOWS\system32drei.exe

C:\WINDOWS\srvvjkbzix.exe[uni_7eh.exe]

C:\WINDOWS\srvvjkbzix.exe[109uninst.exe]

C:\WINDOWS\vlcfkcdp.exe

C:\WINDOWS\stub_mm6.exe

C:\Program Files\Game_Maker7\DrXJ.exe

C:\Program Files\Game_Maker7\crack.exe[DrXJ.exe]

-in killbox, go File menu, choose Paste from clipboard.
Select "Delete on reboot", "Unregister dll before deleting" if available, click the "all files" .
Click the red and white X button, click Yes on the reboot prompt, click OK if a pendingfilerenameoperation box opens. [do not be concerned if it says it cannot find a file...]
If your computer does not reboot please restart it manually.

==You must clear all your system restore points because some have been infected.... you do this by toggling System Restore Off then On again. So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.
[[a quick way in is Start > run, paste: control sysdm.cpl,,4 -and OK]]
Now make a fresh, clean restore point: Start > programs > accessories > system tools > system restore and create a restore point now!!
[[the quick way to System Restore is Start > run, paste: %systemroot%\system32\restore\rstrui.exe -and OK]]
Say how things are now.

JGR May 22nd, 2008 1:26 pm
Re: Boot up problem
 
I did all that and things are still the same :(


All times are GMT -4. The time now is 7:37 pm.
1 2
Show 40 post(s) from this thread on one page

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC