0

Hi there,

ABUT ME:-

I'm new to the group and I'm rubbish when it comes to technical problems with computers. I'm quite good at installing and using software, but other than that... oh dear.

MY PROBLEM:-

I've recently installed a wireless networking device (LINKSYS WIRELESS-G networking adaptor) onto my PC, which has/possibly now had Windows XP installed, Panda AntVirus and other programs. After installing the adaptor I had an error message appear saying application error (referring to LINKSYS SYSTEM MONITOR). This message kept appearing until there were 52 messages on the screen and I had to re-boot the computer.

Since then, my computer crashes on start-up. On start up a blue screen appears and after checking file system on C: that type of file FAT32. It then starts to check disk consistancy. It verifies 100% then it says:
the \pagefile.sys entry contain a non valid link.
the size of the \pagefile.sys entry is not valid.
\WINDOWS\DUMP8695.tmp is crossed-linked on allocation unit 1006408.

It then locks on this screen, trying to load but nothing happens.

What have I done???? Has someone hacked our computer???

3
Contributors
15
Replies
16
Views
11 Years
Discussion Span
Last Post by tayspen
0

Hi there,

ABOUT ME:-

I'm new to the group and I'm rubbish when it comes to technical problems with computers. I'm quite good at installing and using software, but other than that... oh dear.

MY PROBLEM:-

I've recently installed a wireless networking device (LINKSYS WIRELESS-G networking adaptor) onto my PC, which has/possibly now had Windows XP installed, Panda AntVirus and other programs. After installing the adaptor I had an error message appear saying application error (referring to LINKSYS SYSTEM MONITOR). This message kept appearing until there were 52 messages on the screen and I had to re-boot the computer.

Since then, my computer crashes on start-up. On start up a blue screen appears and after checking file system on C: that type of file FAT32. It then starts to check disk consistancy. It verifies 100% then it says:
the \pagefile.sys entry contain a non valid link.
the size of the \pagefile.sys entry is not valid.
\WINDOWS\DUMP8695.tmp is crossed-linked on allocation unit 1006408.

It then locks on this screen, trying to load but nothing happens.

What have I done???? Has someone hacked our computer???

Also I've done a antivirus scan and nothing was found.

And I've found that if you leave it for ages it finally boots up and loads. But then if you chose to open a powerful program like Adobe, it freezes. Then shuts itself down, turns to turn on and load, then shuts itself down again. It continues to do this until you force it to shut down by holding the power button for 10 seconds.

0

Hmm, definitely sounds like spyware to me.

I'm going to move your thread into the Viruses/Spyware/Nasties forum.

In the meantime:

Download HijackThis (current verison is v1.99.1)

or here (Alternate 1, a self-extracting zip file)
or here (Alternate 2, an *.exe file)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

  • C:\HijackThis\
  • C:\Programs\hijackthis\
  • C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

Definitely be sure to include this in your reply.

Thanks.

0

Hi there,

Thanks for you help on this. Right I didn't exasctly as you advised and got the following...it doesn't look too good but I'm not a big computer expert.

p.s
after taking three/four attempts to start it the computer will eventually start and then take ages to load. Once loaded, it the runs reletively quickly - but then somes sudden crashes and this little paragraph starts over again.

Logfile of HijackThis v1.99.1
Scan saved at 19:07:42, on 15/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\WebProxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HIJACK\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\avciman.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\psimreal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = " "
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://uk.search.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s
C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O1 - Hosts: 9.31.81.22 www.google.ca www.google.cd www.google.cg www.google.ch
www.google.ci www.google.cl www.google.co.cr
O1 - Hosts: 9.31.81.22 www.google.co.hu www.google.co.il www.google.co.in
www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr
O1 - Hosts: 9.31.81.22 www.google.co.ls www.google.co.nz www.google.co.th
www.google.co.ug www.google.co.uk www.google.co.ve www.google.com
O1 - Hosts: 9.31.81.22 www.google.com.ag www.google.com.ar www.google.com.au
www.google.com.br www.google.com.co www.google.com.cu www.google.com.do
O1 - Hosts: 9.31.81.22 www.google.com.ec www.google.com.fj www.google.com.gi
www.google.com.gr www.google.com.gt www.google.com.hk www.google.com.ly
O1 - Hosts: 9.31.81.22 www.google.com.mt www.google.com.mx www.google.com.my
www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np
O1 - Hosts: 9.31.81.22 www.google.com.pa www.google.com.pe www.google.com.ph
www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa
O1 - Hosts: 9.31.81.22 www.google.com.sg www.google.com.sv www.google.com.tr
www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc
O1 - Hosts: 9.31.81.22 www.google.com.vn www.google.de www.google.dj
www.google.dk www.google.es www.google.fi www.google.fm
O1 - Hosts: 9.31.81.22 www.google.fr www.google.gg www.google.gl www.google.gm
www.google.hn www.google.ie www.google.it
O1 - Hosts: 9.31.81.22 www.google.kz www.google.li www.google.lt www.google.lu
www.google.lv www.google.mn www.google.ms
O1 - Hosts: 9.31.81.22 www.google.mu www.google.mw www.google.nl www.google.no
www.google.off.ai www.google.pl www.google.pn
O1 - Hosts: 9.31.81.22 www.google.pt www.google.ro www.google.ru www.google.rw
www.google.se www.google.sh www.google.sk
O1 - Hosts: 9.31.81.22 www.google.sm www.google.td www.google.tm www.google.tt
www.google.uz www.google.vg google.ae
O1 - Hosts: 9.31.81.22 google.am google.as google.at google.az google.be
google.bi google.ca
O1 - Hosts: 9.31.81.22 google.cd google.cg google.ch google.ci google.cl
google.co.cr google.co.hu
O1 - Hosts: 9.31.81.22 google.co.il google.co.in google.co.je google.co.jp
google.co.ke google.co.kr google.co.ls
O1 - Hosts: 9.31.81.22 google.co.nz google.co.th google.co.ug google.co.uk
google.co.ve google.com google.com.ag
O1 - Hosts: 9.31.81.22 google.com.ar google.com.au google.com.br google.com.co
google.com.cu google.com.do google.com.ec
O1 - Hosts: 9.31.81.22 google.com.fj google.com.gi google.com.gr google.com.gt
google.com.hk google.com.ly google.com.mt
O1 - Hosts: 9.31.81.22 google.com.mx google.com.my google.com.na google.com.nf
google.com.ni google.com.np google.com.pa
O1 - Hosts: 9.31.81.22 google.com.pe google.com.ph google.com.pk google.com.pr
google.com.py google.com.sa google.com.sg
O1 - Hosts: 9.31.81.22 google.com.sv google.com.tr google.com.tw google.com.ua
google.com.uy google.com.vc google.com.vn
O1 - Hosts: 9.31.81.22 google.de google.dj google.dk google.es google.fi
google.fm google.fr
O1 - Hosts: 9.31.81.22 google.gg google.gl google.gm google.hn google.ie
google.it google.kz
O1 - Hosts: 9.31.81.22 google.li google.lt google.lu google.lv google.mn
google.ms google.mu
O1 - Hosts: 9.31.81.22 google.mw google.nl google.no google.off.ai google.pl
google.pn google.pt
O1 - Hosts: 9.31.81.22 google.ro google.ru google.rw google.se google.sh
google.sk google.sm
O1 - Hosts: 9.31.81.22 google.td google.tm google.tt google.uz google.vg
search.yahoo.com ar.search.yahoo.com
O1 - Hosts: 9.31.81.22 br.search.yahoo.com ca.search.yahoo.com
cf.search.yahoo.com mx.search.yahoo.com espanol.search.yahoo.com
au.search.yahoo.com ct.search.yahoo.com
O1 - Hosts: 9.31.81.22 fr.search.yahoo.com de.search.yahoo.com
it.search.yahoo.com uk.search.yahoo.com search.msn.com search.msn.at
search.sympatico.msn.ca
O1 - Hosts: 9.31.81.22 search.msn.co.za search.ninemsn.com.au
search.xtramsn.co.nz search.msn.co.uk search.msn.be search.msn.dk search.msn.fi
O1 - Hosts: 9.31.81.22 search.msn.fr search.msn.de search.msn.it search.msn.nl
search.msn.no search.msn.es uk.search.msn.com
O1 - Hosts: 9.31.81.22 search.msn.se search.msn.ch search.msn.co.in
search.msn.com.sg toolbar.search.msn.com beta.search.msn.com beta.search.msn.at
O1 - Hosts: 9.31.81.22 beta.search.sympatico.msn.ca beta.search.msn.co.za
beta.search.ninemsn.com.au beta.search.xtramsn.co.nz beta.search.msn.co.uk
beta.search.msn.be beta.search.msn.dk
O1 - Hosts: 9.31.81.22 beta.search.msn.fi beta.search.msn.fr beta.search.msn.de
beta.search.msn.it beta.search.msn.nl beta.search.msn.no beta.search.msn.es
O1 - Hosts: 9.31.81.22 beta.search.msn.se beta.search.msn.ch
beta.search.msn.co.in beta.search.msn.com.sg auto.search.msn.com www.alexa.com
alexa.com
O1 - Hosts: 9.31.81.22 www.google.ae www.google.am www.google.as www.google.at
www.google.az www.google.be www.google.bi
O1 - Hosts: 9.31.81.22 www.google.ca www.google.cd www.google.cg www.google.ch
www.google.ci www.google.cl www.google.co.cr
O1 - Hosts: 9.31.81.22 www.google.co.hu www.google.co.il www.google.co.in
www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr
O1 - Hosts: 9.31.81.22 www.google.co.ls www.google.co.nz www.google.co.th
www.google.co.ug www.google.co.uk www.google.co.ve www.google.com
O1 - Hosts: 9.31.81.22 www.google.com.ag www.google.com.ar www.google.com.au
www.google.com.br www.google.com.co www.google.com.cu www.google.com.do
O1 - Hosts: 9.31.81.22 www.google.com.ec www.google.com.fj www.google.com.gi
www.google.com.gr www.google.com.gt www.google.com.hk www.google.com.ly
O1 - Hosts: 9.31.81.22 www.google.com.mt www.google.com.mx www.google.com.my
www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np
O1 - Hosts: 9.31.81.22 www.google.com.pa www.google.com.pe www.google.com.ph
www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa
O1 - Hosts: 9.31.81.22 www.google.com.sg www.google.com.sv www.google.com.tr
www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc
O1 - Hosts: 9.31.81.22 www.google.com.vn www.google.de www.google.dj
www.google.dk www.google.es www.google.fi www.google.fm
O1 - Hosts: 9.31.81.22 www.google.fr www.google.gg www.google.gl www.google.gm
www.google.hn www.google.ie www.google.it
O1 - Hosts: 9.31.81.22 www.google.kz www.google.li www.google.lt www.google.lu
www.google.lv www.google.mn www.google.ms
O1 - Hosts: 9.31.81.22 www.google.mu www.google.mw www.google.nl www.google.no
www.google.off.ai www.google.pl www.google.pn
O1 - Hosts: 9.31.81.22 www.google.pt www.google.ro www.google.ru www.google.rw
www.google.se www.google.sh www.google.sk
O1 - Hosts: 9.31.81.22 www.google.sm www.google.td www.google.tm www.google.tt
www.google.uz www.google.vg google.ae
O1 - Hosts: 9.31.81.22 google.am google.as google.at google.az google.be
google.bi google.ca
O1 - Hosts: 9.31.81.22 google.cd google.cg google.ch google.ci google.cl
google.co.cr google.co.hu
O1 - Hosts: 9.31.81.22 google.co.il google.co.in google.co.je google.co.jp
google.co.ke google.co.kr google.co.ls
O1 - Hosts: 9.31.81.22 google.co.nz google.co.th google.co.ug google.co.uk
google.co.ve google.com google.com.ag
O1 - Hosts: 9.31.81.22 google.com.ar google.com.au google.com.br google.com.co
google.com.cu google.com.do google.com.ec
O1 - Hosts: 9.31.81.22 google.com.fj google.com.gi google.com.gr google.com.gt
google.com.hk google.com.ly google.com.mt
O1 - Hosts: 9.31.81.22 google.com.mx google.com.my google.com.na google.com.nf
google.com.ni google.com.np google.com.pa
O1 - Hosts: 9.31.81.22 google.com.pe google.com.ph google.com.pk google.com.pr
google.com.py google.com.sa google.com.sg
O1 - Hosts: 9.31.81.22 google.com.sv google.com.tr google.com.tw google.com.ua
google.com.uy google.com.vc google.com.vn
O1 - Hosts: 9.31.81.22 google.de google.dj google.dk google.es google.fi
google.fm google.fr
O1 - Hosts: 9.31.81.22 google.gg google.gl google.gm google.hn google.ie
google.it google.kz
O1 - Hosts: 9.31.81.22 google.li google.lt google.lu google.lv google.mn
google.ms google.mu
O1 - Hosts: 9.31.81.22 google.mw google.nl google.no google.off.ai google.pl
google.pn google.pt
O1 - Hosts: 9.31.81.22 google.ro google.ru google.rw google.se google.sh
google.sk google.sm
O1 - Hosts: 9.31.81.22 google.td google.tm google.tt google.uz google.vg
search.yahoo.com ar.search.yahoo.com
O1 - Hosts: 9.31.81.22 br.search.yahoo.com ca.search.yahoo.com
cf.search.yahoo.com mx.search.yahoo.com espanol.search.yahoo.com
au.search.yahoo.com ct.search.yahoo.com
O1 - Hosts: 9.31.81.22 fr.search.yahoo.com de.search.yahoo.com
it.search.yahoo.com uk.search.yahoo.com search.msn.com search.msn.at
search.sympatico.msn.ca
O1 - Hosts: 9.31.81.22 search.msn.co.za search.ninemsn.com.au
search.xtramsn.co.nz search.msn.co.uk search.msn.be search.msn.dk search.msn.fi
O1 - Hosts: 9.31.81.22 search.msn.fr search.msn.de search.msn.it search.msn.nl
search.msn.no search.msn.es uk.search.msn.com
O1 - Hosts: 9.31.81.22 search.msn.se search.msn.ch search.msn.co.in
search.msn.com.sg toolbar.search.msn.com beta.search.msn.com beta.search.msn.at
O1 - Hosts: 9.31.81.22 beta.search.sympatico.msn.ca beta.search.msn.co.za
beta.search.ninemsn.com.au beta.search.xtramsn.co.nz beta.search.msn.co.uk
beta.search.msn.be beta.search.msn.dk
O1 - Hosts: 9.31.81.22 beta.search.msn.fi beta.search.msn.fr beta.search.msn.de
beta.search.msn.it beta.search.msn.nl beta.search.msn.no beta.search.msn.es
O1 - Hosts: 9.31.81.22 beta.search.msn.se beta.search.msn.ch
beta.search.msn.co.in beta.search.msn.com.sg auto.search.msn.com www.alexa.com
alexa.com
O1 - Hosts: 9.31.81.22 www.google.ae www.google.am www.google.as www.google.at
www.google.az www.google.be www.google.bi
O1 - Hosts: 9.31.81.22 www.google.ca www.google.cd www.google.cg www.google.ch
www.google.ci www.google.cl www.google.co.cr
O1 - Hosts: 9.31.81.22 www.google.co.hu www.google.co.il www.google.co.in
www.google.co.je www.google.co.jp www.google.co.ke www.google.co.kr
O1 - Hosts: 9.31.81.22 www.google.co.ls www.google.co.nz www.google.co.th
www.google.co.ug www.google.co.uk www.google.co.ve www.google.com
O1 - Hosts: 9.31.81.22 www.google.com.ag www.google.com.ar www.google.com.au
www.google.com.br www.google.com.co www.google.com.cu www.google.com.do
O1 - Hosts: 9.31.81.22 www.google.com.ec www.google.com.fj www.google.com.gi
www.google.com.gr www.google.com.gt www.google.com.hk www.google.com.ly
O1 - Hosts: 9.31.81.22 www.google.com.mt www.google.com.mx www.google.com.my
www.google.com.na www.google.com.nf www.google.com.ni www.google.com.np
O1 - Hosts: 9.31.81.22 www.google.com.pa www.google.com.pe www.google.com.ph
www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sa
O1 - Hosts: 9.31.81.22 www.google.com.sg www.google.com.sv www.google.com.tr
www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc
O1 - Hosts: 9.31.81.22 www.google.com.vn www.google.de www.google.dj
www.google.dk www.google.es www.google.fi www.google.fm
O1 - Hosts: 9.31.81.22 www.google.fr www.google.gg www.google.gl www.google.gm
www.google.hn www.google.ie www.google.it
O1 - Hosts: 9.31.81.22 www.google.kz www.google.li www.google.lt www.google.lu
www.google.lv www.google.mn www.google.ms
O1 - Hosts: 9.31.81.22 www.google.mu www.google.mw www.google.nl www.google.no
www.google.off.ai www.google.pl www.google.pn
O1 - Hosts: 9.31.81.22 www.google.pt www.google.ro www.google.ru www.google.rw
www.google.se www.google.sh www.google.sk
O1 - Hosts: 9.31.81.22 www.google.sm www.google.td www.google.tm www.google.tt
www.google.uz www.google.vg google.ae
O1 - Hosts: 9.31.81.22 google.am google.as google.at google.az google.be
google.bi google.ca
O1 - Hosts: 9.31.81.22 google.cd google.cg google.ch google.ci google.cl
google.co.cr google.co.hu
O1 - Hosts: 9.31.81.22 google.co.il google.co.in google.co.je google.co.jp
google.co.ke google.co.kr google.co.ls
O1 - Hosts: 9.31.81.22 google.co.nz google.co.th google.co.ug google.co.uk
google.co.ve google.com google.com.ag
O1 - Hosts: 9.31.81.22 google.com.ar google.com.au google.com.br google.com.co
google.com.cu google.com.do google.com.ec
O1 - Hosts: 9.31.81.22 google.com.fj google.com.gi google.com.gr google.com.gt
google.com.hk google.com.ly google.com.mt
O1 - Hosts: 9.31.81.22 google.com.mx google.com.my google.com.na google.com.nf
google.com.ni google.com.np google.com.pa
O1 - Hosts: 9.31.81.22 google.com.pe google.com.ph google.com.pk google.com.pr
google.com.py google.com.sa google.com.sg
O1 - Hosts: 9.31.81.22 google.com.sv google.com.tr google.com.tw google.com.ua
google.com.uy google.com.vc google.com.vn
O1 - Hosts: 9.31.81.22 google.de google.dj google.dk google.es google.fi
google.fm google.fr
O1 - Hosts: 9.31.81.22 google.gg google.gl google.gm google.hn google.ie
google.it google.kz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {F10159AE-FFE4-4C9F-859B-DF9A55365333} -
C:\WINDOWS\System32\dhle.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O12 - Plugin for .mpeg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) -
http://www.midasplayer.com/midasa.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) -
http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -
http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) -
http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147616968530
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) -
http://www.shockwave.com/content/tumblebugs/sis/axhost.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} -
C:\WINDOWS\System32\kfokilkp.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software -
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program
files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program
Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda
Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe

0

Hi, Please run HJT again, and select Do system scan only. Then place a check (tick) next to these items.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = " "

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

O2 - BHO: (no name) - {F10159AE-FFE4-4C9F-859B-DF9A55365333} -

O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) -

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -

O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control)-

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) -

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

O18 - Filter: text/html - (no CLSID) - (no file)

O18 - Filter: text/plain - (no CLSID) - (no file)

O21 - SSODL: SysTray.Exgr - {5368D1FC-4F5C-4f1b-B134-E67214FC78E9} -

Click Fix Checked.

________________________________________________

Download Hoster.

  • Unzip Hoster to

C:\Hoster .[*]Run Hoster.exe from its new home[*]Click "Make Hosts Writable?" in the upper right corner (If available) .[*]Click Restore Original Hosts and then click OK.[*]Click the X to exit the program.


Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

________________________________________________

Now lets have ewido take out what it can, before we proceed manually.


Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

  • Open up Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido anti-malware.

Reboot.

_______________________________________________________

Post the ewido log, and a new HJT log

0

HI there,

I got as far as downloading it and clicking on Restore Original Hosts, but when I click on OK... i get and ERROR box that say: Cannot create file C:/WINDOWS/system32/DRIVERS/ETC/hosts.

Then my Panda antivirus pops up and says that a dangerous operation has been blocked....

I'm so sorry if this is an easy problem to fix but I'm making a big event out of it.

0

Heh it's cool.

Try disabeling Panda Antivirus before downloading again.

O ya, and by the way, this isn't abnormal--oftentimes AVs accuse other AVs of being spyware and such.

Thanks.

0

Hi guys,

Here's the reponses....

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:          23:09:53, 15/05/2006
 + Report-Checksum:     396D2591

 + Scan result:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objecta\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} -> Trojan.Zapchast : Cleaned with
backup
    C:\WINDOWS\system32\LogFiles\A5291900.so -> Trojan.Crypt.b : Cleaned with
backup
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll ->
Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup


::Report End

-----------------------------------------

and then

Logfile of HijackThis v1.99.1
Scan saved at 19:52:43, on 16/05/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\WebProxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HIJACK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =  
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
[URL="javascript:ol('http://www.yahoo.com/');"][COLOR=#0000ff]http://www.yahoo.com/[/COLOR][/URL]
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s
C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O12 - Plugin for .mpeg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) -
[URL="javascript:ol('http://www.midasplayer.com/midasa.cab');"][COLOR=#0000ff]http://www.midasplayer.com/midasa.cab[/COLOR][/URL]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
[URL="http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab"][COLOR=#0000ff]http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab[/COLOR][/URL]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
[URL="http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab"][COLOR=#0000ff]http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab[/COLOR][/URL]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
[URL="javascript:ol('http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab');"][COLOR=#0000ff]http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab[/COLOR][/URL]
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
[URL="http://chat.msn.com/controls/msnchat45.cab"][COLOR=#0000ff]http://chat.msn.com/controls/msnchat45.cab[/COLOR][/URL]
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program
Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software -
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program
files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program
Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda
Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe


-----------------------------------------

Edited by mike_2000_17: Fixed formatting

0

p.s
it is now working a little faster and also doesn't need to be re-booted/switched off so many times before it boots up properly and allows you to use it.

I have also found that closing a few programs helping - just the ones I'm not using like a Java program, Quick Time & Big Fix.

0

Alrite, couple more entries to fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab

Awsome, now we're gonna run CCleaner to clean some more:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

Now, ya need to update Java--it's not the latest version. -- this is sorta important

Here's the link to dl it:


http://www.java.com/en/download/manual.jsp

Now, post back here with a new HJT log.

Thanks.

0

Hi there,

Thank you so much for you help - promise to raise your rep after this problem is completed.

Right - ran the programs etc and the computer seemed to be running much much much quicker after completion of CCleaner. Restarted the computer too - just to see what happens. It restarted without any problem. The 'checking disk constitancy' blue screen still pops up at the beginning though and it reboots itself once it gets to the Windows log-on page. Do you knoe this happens?

The report read:

Logfile of HijackThis v1.99.1
Scan saved at 23:01:16, on 16/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\WebProxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HIJACK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s
C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O12 - Plugin for .mpeg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) -
http://www.midasplayer.com/midasa.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program
Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software -
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International
- C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus +
Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program
files\panda software\panda titanium 2006 antivirus +
antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program
Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda
Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZONELABS\vsmon.exe


and the result means....

0

Hi guys,

Thank you for your help. I've done as suggested and for the first time in weeks the computer as shut-down and started up without any problems.

Still haven't tried any of my programs though, so will let you know in about 30 minutes.

0

A Big Thank You To The Community Of Daniweb For Helping Me Get My Computer Back Into Working Order....

Its Just As Fast As When I First Got It!

Thank You

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.