Windows Error on start up/ safe mode wont work... please help

Trumandrummer

Ok I try to keep my computer clean but, unfortunatly im not the only one who uses it... its my lap top, and i got a password on my name but my little brother and some other familly members keep figuring out my password somehow....

Now when i turn on my computer and log into my name, after about 10sec it freezes and a blue screen pops up for only about a sec and say (windows has a serious error) and my computer shuts off..... If i restart it, it does it again. it takes about 5 restarts and it magically works.

If i go into safe mode, and log in.... it will stay on for about only a minute and automatically shut off, no matter what.
Can somebody please help me?

Heres my hijack this log:

Removed by me, updated log below

Trumandrummer

Ok I used all the programs in your guide, i used ad-aware, avg(ewido), spy bot, spyware blaster, super anti spyware, and i ran a panda active scan (which found a few spyware, 1 hack tool and a virus).....

I found a lot of stuff, i found the most with spybot...... mostly WWW searchbars and spybot said it couldnt delete about 6 of them.

I tried booting into safe mode and running spy bot but my computer shut off again. it still wont run more than like 2-5 min in safe mode.

Heres a NEW hijacak this Followed by the panda activescan results

Logfile of HijackThis v1.99.1
Scan saved at 10:41:26 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\key\AGSeiApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.closerenemies.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFetcher - {16E8A050-74CE-43D5-8DC0-BADD7347B2DD} - C:\Program Files\GeoVid\FlashFetcher\FlashFetcher.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: &ZuneIt - {A8533C62-9399-4640-B36B-D1DDE91EB8B1} - mscoree.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [A8GSdsApp] C:\Program Files\key\AGSeiApp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Nick\Desktop\phone filea\P2k Commander\P2kAutostart.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ZuneIt - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll (file missing)
O9 - Extra button: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - C:\Program Files\GeoVid\FlashFetcher\FlashFetcher.dll
O9 - Extra 'Tools' menuitem: FlashFetcher - {07174FC7-B4C1-4643-9C03-B4D2148EB057} - C:\Program Files\GeoVid\FlashFetcher\FlashFetcher.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



PANDA ACTIVESCAN

Incident Status Location

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\kz5lktiy.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\kz5lktiy.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\kz5lktiy.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\kz5lktiy.default\cookies.txt[.overture.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\kz5lktiy.default\cookies.txt[.realmedia.com/]
Hacktool:HackTool/KillProcWin.A Not disinfected C:\Documents and Settings\Nick\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0B.dat[simple_killw.exe]
Virus:Trj/Pswmon.B Disinfected C:\Documents and Settings\Nick\My Documents\Golden Eye 4.50 (keylogger)\gesetup.exe
Adware:Adware/WhenUSearch Not disinfected C:\Program Files\DAEMON Tools\SetupDTSB.exe
Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL

Trogan

Your log is mainly clean.

A few things:

1. Panda identified a Keylogger. Cause of this, you are strongly advised to do the following immediately!:

• Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
• From a clean computer, change *all* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

2. Run HijackThis and click on Open the Misc Tools section.
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:

C:\Program Files\DAEMON Tools\SetupDTSB.exe

When you are asked "Do you want to restart your computer now?", click OK.

Your PC MUST reboot to delete the file!

3. Your Java needs updating. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6u2.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

4. Need to scan a file:

• Go to VirusTotal
• Copy and paste the following file path into the Search Box at the top of the page:
• C:\Program Files\key\AGSeiApp.exe
• Click on the Send button
• Please post the results in your next reply.

5. Download this file to your Desktop - combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

6. Post the ComboFix log, and the scan results.

Trumandrummer

ok im just about to do everything you just said

one thing, should I about the keylogger, I insalled glodeneye keylogger on my computer, and it said that anti-viruses will thing its a trojan?

Trogan

From what I gather, Golden Eye is not legit. Panda also Disinfected it. It doesn't sound good.

Trumandrummer

Ok i updated java just like you said, Im running combo fix right now

virustotal didn't work........ when i clicked send it said 0bytes received so i looged for the file myself, and there seems to be nor program files/key folder.....

also when I deleted all the java files out of add remove programs and restarted the computer it did it again, i logged into my name, and before everything was even loaded, a blue screen poped up and said windows error or something and the computer restarted again....... it did it 3 times

Trumandrummer

EDIT: ok nvm heres my logfile from combofix

"Nick" - 2007-07-06 15:41:33 - ComboFix 07-07-04.4 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

---

\LEGACY_NWSAPAGENT

---

\nm

---

\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))


2007-07-06 15:41 51,200 --a

---

C:\WINDOWS\nircmd.exe
2007-07-05 19:57 <DIR> d

---

C:\Program Files\SUPERAntiSpyware
2007-07-05 19:57 <DIR> d

---

C:\DOCUME~1\Nick\APPLIC~1\SUPERAntiSpyware.com
2007-07-05 19:57 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-05 17:11 <DIR> d

---

C:\WINDOWS\system32\ActiveScan
2007-07-05 17:05 <DIR> d

---

C:\Program Files\SpywareBlaster
2007-07-05 15:58 <DIR> d

---

C:\Program Files\Lavasoft
2007-07-05 15:58 <DIR> d

---

C:\DOCUME~1\Nick\APPLIC~1\Lavasoft
2007-07-05 15:56 <DIR> d

---

C:\hijackthis_199
2007-07-05 15:53 <DIR> d

---

C:\Program Files\ewido anti-malware
2007-07-05 15:40 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-04 00:57 <DIR> d

---

C:\Program Files\Citrus Alarm Clock
2007-07-02 00:27 2,463,976 --a

---

C:\WINDOWS\system32\NPSWF32.dll
2007-07-02 00:27 190,696 --a

---

C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2007-07-02 00:20 <DIR> d

---

C:\Program Files\Bonjour
2007-07-01 23:00 <DIR> d

---

C:\DOCUME~1\Nick\APPLIC~1\Cakewalk
2007-07-01 22:52 <DIR> d

---

C:\Program Files\Cakewalk
2007-07-01 22:52 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cakewalk
2007-07-01 22:52 <DIR> d

---

C:\Cakewalk Projects
2007-07-01 12:27 233,472 --a

---

C:\WINDOWS\system32\REX Shared Library.dll
2007-07-01 12:27 <DIR> d

---

C:\DOCUME~1\Nick\APPLIC~1\Propellerhead Software
2007-07-01 12:27 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
2007-07-01 12:17 <DIR> d

---

C:\Program Files\Propellerhead
2007-06-29 16:14 <DIR> d

---

C:\DOCUME~1\Nick\APPLIC~1\NetMedia Providers
2007-06-29 15:59 <DIR> d

---

C:\Program Files\Sony Setup
2007-06-29 15:13 <DIR> d

---

C:\Program Files\VstPlugins
2007-06-29 15:10 <DIR> d

---

C:\Program Files\Fruity loops
2007-06-28 22:13 <DIR> d

---

C:\Program Files\AmitySource
2007-06-26 15:15 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-06-26 13:14 <DIR> d

---

C:\Program Files\Common Files\Macrovision Shared
2007-06-26 13:01 <DIR> d

---

C:\Program Files\PowerISO
2007-06-22 14:36 <DIR> d

---

C:\Program Files\AlienGUIse
2007-06-09 10:54 <DIR> d

---

C:\Program Files\Incomplete
2007-06-06 14:49 <DIR> d

---

C:\WINDOWS\system32\Sys52Data
2007-06-06 00:15 <DIR> d

---

C:\Program Files\Program Lock Pro Trial
2007-06-06 00:15 <DIR> d

---

C:\DOCUME~1\Nick\APPLIC~1\Progpro


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-06 17:42:48

---

d

---

w C:\Program Files\DAEMON Tools
2007-07-06 07:59:13 1,182 ----a-w C:\DOCUME~1\Nick\APPLIC~1\wklnhst.dat
2007-07-06 00:48:00

---

d

---

w C:\DOCUME~1\Nick\APPLIC~1\Azureus
2007-07-05 23:56:32

---

d

---

w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-05 23:26:11

---

d

---

w C:\Program Files\iTunes
2007-07-05 23:18:05

---

d

---

w C:\Program Files\Folding@Home
2007-07-05 23:14:59

---

d

---

w C:\Program Files\CursorXP
2007-07-05 23:14:40

---

d

---

w C:\Program Files\Common Files\Stardock
2007-07-05 23:13:00

---

d

---

w C:\Program Files\Common Files\LightScribe
2007-07-05 22:48:01

---

d

---

w C:\Program Files\AIM6
2007-07-05 22:34:43

---

d

---

w C:\Program Files\7-Zip
2007-07-03 01:01:12

---

d

---

w C:\Program Files\LimeWire
2007-07-03 00:26:47

---

d

---

w C:\DOCUME~1\Nick\APPLIC~1\LimeWire
2007-06-29 20:27:05

---

d

---

w C:\DOCUME~1\Nick\APPLIC~1\Sony
2007-06-29 20:00:39

---

d

---

w C:\Program Files\Sony
2007-06-26 18:50:04 35,363 ----a-w C:\WINDOWS\system32\windrvNT.sys
2007-06-15 00:15:09

---

d

---

w C:\Program Files\Trillian Pro
2007-06-13 17:49:10

---

d--h--w C:\Program Files\InstallShield Installation Information
2007-06-03 21:27:56

---

d

---

w C:\DOCUME~1\Nick\APPLIC~1\Ulead Systems
2007-06-03 21:16:43

---

d

---

w C:\Program Files\Ulead Systems
2007-06-03 21:13:15

---

d

---

w C:\Program Files\Common Files\Ulead Systems
2007-06-03 05:38:13

---

d

---

w C:\Program Files\pspvideo9
2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-29 20:25:54

---

d

---

w C:\DOCUME~1\Nick\APPLIC~1\Atari
2007-05-29 19:13:01

---

d

---

w C:\Program Files\Atari
2007-05-28 20:51:35

---

d

---

w C:\DOCUME~1\Nick\APPLIC~1\uTorrent
2007-05-28 16:23:02

---

d

---

w C:\Program Files\Azureus
2007-05-25 21:33:01

---

d

---

w C:\Program Files\Kaspersky Lab
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-04 10:58:38 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2005-05-13 22:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 16:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 02:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-08 00:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 17:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2004-01-25 05:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 15:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 18:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 05:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-04-26 18:19 438848 --a

---

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 21:38 63128 --a

---

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16E8A050-74CE-43D5-8DC0-BADD7347B2DD}]
2006-08-15 20:07 98304 --a

---

C:\Program Files\GeoVid\FlashFetcher\FlashFetcher.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a

---

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-06-14 18:32 509592 --a

---

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8533C62-9399-4640-B36B-D1DDE91EB8B1}]
2006-12-22 14:53 28672 --a

---

C:\Program Files\MyTube\ZuneIEPlugin\ZuneIEPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58]
"nwiz"="nwiz.exe" [2006-08-18 04:00 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 20:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 01:01]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-12 00:55]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30]
"QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" []
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 19:02]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 20:03]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"NWEReboot"="" []
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 22:12]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 22:17]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 22:13]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-06 12:13]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 17:20]
"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 20:40]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 08:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-01-29 23:02]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 12:06]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:44]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 11:29]
"P2kAutostart"="C:\Documents and Settings\Nick\Desktop\phone filea\P2k Commander\P2kAutostart.exe" [2005-11-01 19:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Program Files\ewido anti-malware\shellhook.dll" [2004-09-30 08:21]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll" [2005-05-10 14:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc5e38d9-09a8-11dc-92e5-001636ad133c}]
AutoRun\command- G:\system\viewer\Viewer.exe
View your videos\command- G:\system\viewer\Viewer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4697698-9e0e-11db-92ab-001636ad133c}]
AutoRun\command- G:\setupSNK.exe


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-06 16:03:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???@o??????Y?
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = C:\Documents and Settings\Nick\Desktop\phone filea\P2k Commander\P2kAutostart.exe?0???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

disk error: C:\WINDOWS\system32

please note that you need administrator rights to perform deep scan
**************************************************************************

Completion time: 2007-07-06 16:12:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-06 16:08

--- E O F ---

Trogan

That looks fine to me.

Lets run one more scan, but first I need you to uninstall AVG Anti-Spyware.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
  
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  
• On the main screen under Your Computer's security.
  
  • Click on Change state next to Resident shield. It should now change to inactive.
    
  • Click on Change state next to Automatic updates. It should now change to inactive.
    
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    
  • Wait until you see the Update succesfull message.
    
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

• Click on Scanner on the toolbar.
  
• Click on the Settings tab.
  
  • Under How to act?
    
    • Click on Recommended Action and choose Quarantine from the popup menu.
      
  • Under How to scan?
    
    • All checkboxes should be ticked.
      
  • Under Possibly unwanted software:
    
    • All checkboxes should be ticked.
      
  • Under Reports:
    
    • Select Do not automatically generate reports
      
  • Under What to scan?
    
    • Select Scan every file.
      
• Click on the Scan tab.
  
• Click on Complete System Scan to start the scan process.
  
• Let the program scan the machine.
  
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    
  • At the bottom of the window click on the Apply all Actions button. (3)
    
    
• When done, click the Save Scan Report button. (4)
  
  • Click the Save Report as button.
    
  • Save the report to your Desktop.
    
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  [FONT=&quot]

Reboot back into Normal Mode and post a new HijackThis log, along with the AVG Anti-Spyware log.[/FONT]

Trumandrummer

ok Thank you

im about to do what you said.....

one question...... if everything is looking clean, why am i having problems when starting windows, and why cant i run safe mode?

i also found 6 WWW.MYSearchbar things with spybot that it said it couldnt delete should i worry about those?

Trumandrummer

Heres my avg anti-spyware log

---

AVG Anti-Spyware - Scan Report

---

+ Created at: 10:36:18 PM 7/6/2007

+ Scan result:



C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP215\A0055622.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP215\A0055650.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).


::Report end

Trogan

AVG Anti-Spyware looks fine.

Don't worry about the Spybot findings.

What happens when you try and access Safe Mode?

Trumandrummer

Well I tried Safe mode and it finally worked fine....

But when i restarted my computer it did that thing again.... where it waits about a minute flashes a blue screen saying "error on windows" and it shuts off....

it did it 5 times and i was able to study it. everytime it flashes the blue screen and shuts off, it does it after all the system tray tasks load EXCEPT KASPERSKY ANTI VIRUS. it will shut off about 5 times and everytime kaspersky dont load, and when it finally turns on, kaspersky loads....

i was able to get a couple pics (i didnt have a digi cam so its a phone camera but it works.)

Heres the Blue error screen

---

And when the computer finally does turn on, it flashes this screen as many times as windows failed.

Trumandrummer

that blues screen flashes for about 1 sec literally........ there was no way i could even read it.... this is the first time i have read it.

And i have not installed any new hardware though.... im very confused.

Trogan

It looks like a hardware problem, maybe your RAM is going bad? I dunno. Rum Memtest or ask in the Hardware forum.

Trumandrummer

Ok, done with one problem, onto the next..


Thanks a for the help trogan