TheTechGuide Forum

General Category => Tech Clinic => Topic started by: beck.thomson on March 22, 2007, 02:37:10 PM

Title: Computer randomly shutsdown
Post by: beck.thomson on March 22, 2007, 02:37:10 PM

I'm really at my wit's end with this problem...

My laptop randomly shuts down with no warning after flashing a brief blue screen at me.

I've installed and run Avast Antivirus as well as Spybot.

Avast returned about 40 infected files, which I cleaned off and followed with a boot scan which came back clean.

The system still shuts down... I don't know what the problem could possibly be, and am hesitant to start messing with anything that could totally trash the computer.

Any thoughts?

Title: Computer randomly shutsdown
Post by: Nikolai on March 22, 2007, 04:15:55 PM

lol one time my little bro somehow got onto my computer without me knowing and changed few settings and also activating a program that I had made for a friend years ago in high school that shut his computer down every time his little bro clicked on some game that they played....cept he added a couple of damn lines that forced a shutdown after a given amount of time. Would someone that you know have tried to pull a prank on ya? Easy to just keep a program running each time the computer starts just making sure that it doesnt create a tray or taskbar icon. One way to identify it would be: when u turn the computer on, as long as it doesnt blank out on u fast, go to WTM and see if you can find any applications or processes that you don't know about...

It has happened to me, it might have happened to you, course I could be wrong and it could just be a timeframe manipulation on ur power settings (kinda like making it shutdown as a screensaver lol)

Anyone else got any ideas?

~Nikolai

Title: Computer randomly shutsdown
Post by: guestolo on March 22, 2007, 06:32:33 PM

Hi Beck, we really need to have a closer look at what's happening

Could you do the following please
Download Hijackthis 1.99.1 from my signature below
SAVE it to your desktop

Double click on hijackthis_sfx.exe on desktop
Click the UNZIP button>>OK the prompt
This will self extract to C:\Program Files\HijackThis
Delete hijackthis_sfx.exe from desktop

Go to START>>RUN
Copy>>paste the following to the open field, then hit OK
%systemdrive%\Program Files\HijackThis
This will open the Hijackthis folder
RIGHT CLICK on Hijackthis.exe and select SEND TO>>Desktop (create shortcut)
You can now run Hijackthis.exe from the new shortcut placed on your desktop

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here

Additionally, can you also
RIGHT Click on the "MyComputer" icon and select Properties
Select the "Advanced" tab
Select "Settings" under Startup and Recovery
UNCheck "Automatically Restart" under System Failure
OK out of there
Hopefully, the next time, you won't get a short blue screen and restart
The screen will stay blue, you can note the error message
Manually restart the computer and post the Whole error message back here

Title: Computer randomly shutsdown
Post by: GOD OF WAR on March 22, 2007, 06:50:11 PM

maybe there is a problem with one of the fans in it and it causes it to overheat real real quick... thats wat happened with my last pc. well i would check and see and if theres nothing wrong with the fan then its out of my hands and dont ask me cuz i have no clue how to take apart a laptop

Title: Computer randomly shutsdown
Post by: beck.thomson on March 23, 2007, 09:35:37 AM

[quote name=\'guestolo\' post=\'305021\' date=\'Mar 22 2007, 06:32 PM\']Additionally, can you also
RIGHT Click on the "MyComputer" icon and select Properties
Select the "Advanced" tab
Select "Settings" under Startup and Recovery
UNCheck "Automatically Restart" under System Failure
OK out of there
Hopefully, the next time, you won't get a short blue screen and restart
The screen will stay blue, you can note the error message
Manually restart the computer and post the Whole error message back here[/quote]

Alright, here's the error message:

[codebox]A problem has been detected and Windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.

Check with your harware vendor for any BIOS updates. Disable BIOS memory options shuch as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your compter, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical Information:

*** Stop: 0x0000008E (0xC0000005, 0xEDF5A4A2, 0xB8549A20, 0x00000000)

*** 1zx32.sys - Address EDF5A4A2 base at EDF58000, DateStamp 459f29a6

Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for furthur assistance.
[/codebox]

I'm working on getting the hijack this log together, but it might take a bit, as the computer keeps shutting down. :-p

Title: Computer randomly shutsdown
Post by: beck.thomson on March 23, 2007, 10:33:24 AM

Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 11:27:19 AM, on 3/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\o648lghu1648.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Title: Computer randomly shutsdown
Post by: guestolo on March 23, 2007, 10:50:51 PM

Please download [color=\"#0000FF\"]ComboFix.exe[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") by
sUBs:
NOTE: [color=\"#FF0000\"]In the event you already have ComboFix, this is a new version that I need you to download.
[/color]
* Save it to your desktop.
* Double-click combofix.exe and follow the prompts.
* When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

[color=\"#FF0000\"]NOTE:[/color] Do not mouse-click ComboFix's window while it is running. That may cause it to stall

Title: Computer randomly shutsdown
Post by: beck.thomson on March 26, 2007, 09:43:21 AM

[quote name=\'guestolo\' post=\'305378\' date=\'Mar 23 2007, 10:50 PM\']Please download [color=\"#0000ff\"]ComboFix.exe[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") by
sUBs:
NOTE: [color=\"#ff0000\"]In the event you already have ComboFix, this is a new version that I need you to download.
[/color]
* Save it to your desktop.
* Double-click combofix.exe and follow the prompts.
* When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

[color=\"#ff0000\"]NOTE:[/color] Do not mouse-click ComboFix's window while it is running. That may cause it to stall[/quote]

Well, as it turns out, I can't get the computer to stay on long enough to get ComboFix to run.

/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' /> I keep getting a popup about Windows recovering from a serious error and then it shuts down not long after that. Perhpas it's time to either take it to a shop or get a newer model?

Title: Computer randomly shutsdown
Post by: beck.thomson on March 26, 2007, 10:32:18 AM

I also haven't been able to get it to start in Safe Mode... when it starts to boot, I press F8, but it just goes into regular boot mode anyway. Any thoughts?

Title: Computer randomly shutsdown
Post by: beck.thomson on March 26, 2007, 11:17:42 AM

finally...

"Deborah" - 07-03-26 11:46:45 Service Pack 2
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\Deborah\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{cb6e53b4-3fc4-4557-adb4-9555b9351d3c}]
@=""

[HKEY_CLASSES_ROOT\clsid\{cb6e53b4-3fc4-4557-adb4-9555b9351d3c}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{cb6e53b4-3fc4-4557-adb4-9555b9351d3c}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{cb6e53b4-3fc4-4557-adb4-9555b9351d3c}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjaudite.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system325-11-14.exe
C:\WINDOWS\system327-11-16.exe
C:\WINDOWS\system32\1.exe~
C:\WINDOWS\system32\20-11-22.exe
C:\WINDOWS\system32\23-11-14.exe
C:\WINDOWS\system32\27-11-18.exe
C:\WINDOWS\system32\28-11-20.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe.config
C:\Program Files\Common Files\svchostsys\svchostupdate.exe.config
C:\Program Files\Common Files\svchostsys\sysid.exe
C:\Program Files\Common Files\svchostsys\Version.txt
C:\WINDOWS\system32\loadadv559.exe
C:\WINDOWS\system32\test.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\secure32.html
C:\Program Files\Common Files\{35A17~1
C:\Program Files\Common Files\{35A17~3
C:\Program Files\Common Files\{35A17~2
C:\Program Files\Common Files\{75A17~3
C:\Program Files\Common Files\{75A17~2
C:\Program Files\Common Files\{75A17~4
C:\Program Files\Common Files\{75A17~1
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
C:\WINDOWS\system32\lzx32.sys
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\Program Files\SSTEM3~1\SSTEM3~1

((((((((((((((((((((((((((((((( Files Created from 2007-02-26 to 2007-03-26 ))))))))))))))))))))))))))))))))))

2007-03-23 10:08   6   --a------   C:\WINDOWS\system32\23-03-10.dat
2007-03-23 09:03   6   --a------   C:\WINDOWS\system32\23-03-09.dat
2007-03-23 08:59   6   --a------   C:\WINDOWS\system32\23-03-08.dat
2007-03-22 20:20   6   --a------   C:\WINDOWS\system32\22-03-20.dat
2007-03-22 15:00   6   --a------   C:\WINDOWS\system32\22-03-15.dat
2007-03-22 14:39   6   --a------   C:\WINDOWS\system32\22-03-14.dat
2007-03-22 14:28   <DIR>   d--------   C:\WINDOWS\pss
2007-03-22 12:46   6   --a------   C:\WINDOWS\system32\22-03-12.dat
2007-03-22 11:57   786,432   --ah-----   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-03-22 11:57   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-03-22 11:57   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-03-22 08:34   6   --a------   C:\WINDOWS\system32\22-03-08.dat
2007-03-21 10:07   6   --a------   C:\WINDOWS\system32\21-03-10.dat
2007-03-21 01:43   6   --a------   C:\WINDOWS\system32\21-03-01.dat
2007-03-20 22:27   6   --a------   C:\WINDOWS\system32\20-03-22.dat
2007-03-20 16:15   6   --a------   C:\WINDOWS\system32\20-03-16.dat
2007-03-20 14:37   6   --a------   C:\WINDOWS\system32\20-03-14.dat
2007-03-20 12:03   94,424   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-20 12:03   90,112   --a------   C:\WINDOWS\system32\AVASTSS.scr
2007-03-20 12:03   85,952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-20 12:03   689,280   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-03-20 12:03   43,176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-20 12:03   31,560   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-20 12:03   23,352   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-20 12:03   <DIR>   d--------   C:\Program Files\Alwil Software
2007-03-20 12:01   6   --a------   C:\WINDOWS\system32\20-03-12.dat
2007-03-20 11:55   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-20 11:00   6   --a------   C:\WINDOWS\system32\20-03-11.dat
2007-03-20 10:00   6   --a------   C:\WINDOWS\system32\20-03-10.dat
2007-03-20 09:44   6   --a------   C:\WINDOWS\system32\20-03-09.dat
2007-03-20 03:35   6   --a------   C:\WINDOWS\system32\20-03-03.dat
2007-03-19 20:27   6   --a------   C:\WINDOWS\system32\19-03-20.dat
2007-03-19 13:12   6   --a------   C:\WINDOWS\system32\19-03-13.dat
2007-03-18 12:40   6   --a------   C:\WINDOWS\system32\18-03-12.dat
2007-03-17 11:12   6   --a------   C:\WINDOWS\system32\17-03-11.dat
2007-03-16 14:18   6   --a------   C:\WINDOWS\system32\16-03-14.dat
2007-03-16 12:12   6   --a------   C:\WINDOWS\system32\16-03-12.dat
2007-03-14 14:49   6   --a------   C:\WINDOWS\system32\14-03-14.dat
2007-03-14 12:08   6   --a------   C:\WINDOWS\system32\14-03-12.dat
2007-03-14 11:03   6   --a------   C:\WINDOWS\system32\14-03-11.dat
2007-03-14 10:54   6   --a------   C:\WINDOWS\system32\14-03-10.dat
2007-03-14 09:26   6   --a------   C:\WINDOWS\system32\14-03-09.dat
2007-03-14 08:14   6   --a------   C:\WINDOWS\system32\14-03-08.dat
2007-03-04 19:33   6   --a------   C:\WINDOWS\system324-03-18.dat
2007-03-04 13:55   6   --a------   C:\WINDOWS\system324-03-12.dat
2007-03-04 04:11   6   --a------   C:\WINDOWS\system324-03-03.dat
2007-03-04 03:15   6   --a------   C:\WINDOWS\system324-03-02.dat
2007-03-02 18:11   6   --a------   C:\WINDOWS\system322-03-17.dat
2007-02-27 11:46   26,624   --a------   C:\DOCUME~1\Deborah\PJNA.exe
2007-02-27 11:10   26,624   --a------   C:\DOCUME~1\Deborah\SQJT.exe
2007-02-26 15:05   26,624   --a------   C:\DOCUME~1\Deborah\RSHS.exe
2007-02-26 15:00   26,624   --a------   C:\DOCUME~1\Deborah\DUHJ.exe
2007-02-26 14:55   26,624   --a------   C:\DOCUME~1\Deborah\RTHF.exe
2007-02-26 14:13   26,624   --a------   C:\DOCUME~1\Deborah\QULL.exe
2007-02-26 14:11   26,624   --a------   C:\DOCUME~1\Deborah\QQEJ.exe
2007-02-26 14:07   26,624   --a------   C:\DOCUME~1\Deborah\UPKN.exe
2007-02-26 14:07   26,624   --a------   C:\DOCUME~1\Deborah\JKMT.exe
2007-02-26 14:06   26,624   --a------   C:\DOCUME~1\Deborah\SGGJ.exe
2007-02-26 14:06   26,624   --a------   C:\DOCUME~1\Deborah\FTOB.exe
2007-02-26 14:05   26,624   --a------   C:\DOCUME~1\Deborah\RIBT.exe
2007-02-26 14:05   26,624   --a------   C:\DOCUME~1\Deborah\MJKB.exe
2007-02-26 14:04   26,624   --a------   C:\DOCUME~1\Deborah\SOBO.exe
2007-02-26 14:00   26,624   --a------   C:\DOCUME~1\Deborah\KDSC.exe
2007-02-26 13:59   171,008   --a------   C:\WINDOWS\system32\LXAESUI.DLL
2007-02-26 13:47   6   --a------   C:\WINDOWS\system32\26-02-12.dat

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

[color=\"red\"] Rootkit driver pe386 is present. ... attempting disinfection [/color]
[color=\"blue\"] pe386 ... driver unloaded successfully. Run ADS scan for remnant driver file [/color]

2007-03-23 10:39   --------   d--------   C:\Program Files\plaxo
2007-03-19 14:51   3764   --a------   C:\WINDOWS\mozver.dat
2007-03-19 14:51   --------   d--------   C:\Program Files\java
2007-03-19 14:42   --------   d--------   C:\Program Files\registrycleaner
2007-03-04 13:57   --------   d--------   C:\Program Files\pedevice
2007-03-04 03:08   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-02-24 13:08   6   --a------   C:\WINDOWS\system32\24-02-12.dat
2007-02-16 21:09   6   --a------   C:\WINDOWS\system32\16-02-20.dat
2007-02-13 21:10   --------   d--------   C:\Program Files\google
2007-02-12 19:30   6   --a------   C:\WINDOWS\system32\12-02-18.dat
2007-02-06 14:17   6   --a------   C:\WINDOWS\system326-02-13.dat
2007-02-05 20:52   0   --a------   C:\ywcbxykm.exe
2007-02-05 20:51   6   --a------   C:\WINDOWS\system325-02-19.dat
2007-02-04 21:23   622703   --a------   C:\WINDOWS\system32\registrycleanersetup.exe
2007-02-04 19:52   6   --a------   C:\WINDOWS\system324-02-18.dat
2007-02-04 14:31   6   --a------   C:\WINDOWS\system324-02-13.dat
2007-02-03 20:39   --------   d--------   C:\Program Files\limewire
2007-02-03 18:44   6   --a------   C:\WINDOWS\system323-02-17.dat
2007-02-01 13:24   0   --a------   C:\wdigv.exe
2007-02-01 13:24   0   --a------   C:\tqex.exe
2007-02-01 13:24   0   --a------   C:\rjayw.exe
2007-02-01 13:22   6   --a------   C:\WINDOWS\system321-02-12.dat
2007-02-01 12:13   6   --a------   C:\WINDOWS\system321-02-11.dat
2007-02-01 01:10   0   --a------   C:\qaliew.exe
2007-02-01 01:10   0   --a------   C:\avhbtqbc.exe
2007-02-01 01:09   6   --a------   C:\WINDOWS\system321-02-00.dat
2007-01-31 20:20   6   --a------   C:\WINDOWS\system32\31-01-19.dat
2007-01-31 13:20   6   --a------   C:\WINDOWS\system32\31-01-12.dat
2007-01-30 20:12   6   --a------   C:\WINDOWS\system32\30-01-19.dat
2007-01-21 14:03   6   --a------   C:\WINDOWS\system32\21-01-13.dat
2007-01-20 22:18   6   --a------   C:\WINDOWS\system32\20-01-21.dat
2007-01-20 00:06   0   --a------   C:\xsxqdxkh.exe
2007-01-20 00:06   0   --a------   C:\laqquruw.exe
2007-01-20 00:06   0   --a------   C:\igcqdm.exe
2007-01-20 00:06   0   --a------   C:\caign.exe
2007-01-20 00:05   6   --a------   C:\WINDOWS\system32\19-01-23.dat
2007-01-19 22:19   6   --a------   C:\WINDOWS\system32\19-01-21.dat
2007-01-18 18:49   6   --a------   C:\WINDOWS\system32\18-01-17.dat
2007-01-18 14:18   6   --a------   C:\WINDOWS\system32\18-01-13.dat
2007-01-17 21:23   6   --a------   C:\WINDOWS\system32\17-01-20.dat
2007-01-17 19:23   6   --a------   C:\WINDOWS\system32\17-01-18.dat
2007-01-16 02:00   6   --a------   C:\WINDOWS\system32\16-01-01.dat
2007-01-15 21:48   6   --a------   C:\WINDOWS\system32\15-01-20.dat
2007-01-15 15:52   6   --a------   C:\WINDOWS\system32\15-01-14.dat
2007-01-14 20:33   6   --a------   C:\WINDOWS\system32\14-01-19.dat
2007-01-14 02:02   6   --a------   C:\WINDOWS\system32\14-01-01.dat
2007-01-14 01:53   6   --a------   C:\WINDOWS\system32\14-01-00.dat
2007-01-14 00:16   6   --a------   C:\WINDOWS\system32\13-01-23.dat
2007-01-13 13:26   6   --a------   C:\WINDOWS\system32\13-01-12.dat
2007-01-12 11:39   6   --a------   C:\WINDOWS\system32\12-01-10.dat
2007-01-11 13:47   6   --a------   C:\WINDOWS\system32\11-01-12.dat
2007-01-10 10:17   6   --a------   C:\WINDOWS\system32\10-01-09.dat
2007-01-06 22:03   6   --a------   C:\WINDOWS\system326-01-21.dat
2007-01-01 03:38   0   --a------   C:\vmbbeqsy.exe
2007-01-01 03:38   0   --a------   C:\skfyhkya.exe
2007-01-01 03:38   0   --a------   C:\pjfjj.exe
2007-01-01 03:38   0   --a------   C:\pidp.exe
2007-01-01 03:38   0   --a------   C:\mtywy.exe
2007-01-01 03:38   0   --a------   C:\hrqri.exe
2007-01-01 03:38   0   --a------   C:\cvgk.exe
2007-01-01 03:38   0   --a------   C:\abeg.exe
2007-01-01 03:37   6   --a------   C:\WINDOWS\system321-01-02.dat
2007-01-01 02:11   6   --a------   C:\WINDOWS\system321-01-01.dat
2007-01-01 01:41   6   --a------   C:\WINDOWS\system321-01-00.dat

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="1"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\system32\\1.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACEJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ACEJ"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\ACEJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAVTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="caissdt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAVRID"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVRID.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cpqset"
"hkey"="HKLM"
"command"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cwingllib]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atllsimm"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\atllsimm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DUHJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DUHJ"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\DUHJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EabServr"
"hkey"="HKLM"
"command"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fiyf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="c?rss"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\??crosoft\\c?rss.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GLFC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GLFC"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\GLFC.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1135747143\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Wireless Assistant"
"hkey"="HKLM"
"command"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JFPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="JFPL"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\JFPL.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KDSC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KDSC"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\KDSC.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmwf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kmwfm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\kmwf\\kmwfm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KOPU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KOPU"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\KOPU.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lcoinst]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lcoinst"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\lcoinst.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llsymvb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fldmelds"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\fldmelds.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lmjvservc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cliwdcjk"
"hkey"="HKLM"
"command"="cliwdcjk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPDS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LPDS"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\LPDS.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lsburnwatcher"
"hkey"="HKLM"
"command"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NFIK]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NFIK"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\NFIK.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHKR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PHKR"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\PHKR.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hello"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hello\\Hello.exe\" -b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PlaxoHelper"
"hkey"="HKCU"
"command"="C:\\Program Files\\Plaxo\\2.11.1.5\\PlaxoHelper.exe -a"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SQJT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SQJT"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\SQJT.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPLpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TENF]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TENF"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\TENF.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UrlLstCk"
"hkey"="HKLM"
"command"="c:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UTRF]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UTRF"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\UTRF.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmmanager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vmmanager"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\vmmanager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\weoip]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="weoip"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\system32\\weoip.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wigvy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wigvy"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\system32\\wigvy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinInit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="311046"
"hkey"="HKCU"
"command"="\"C:\\DOCUME~1\\Deborah\\LOCALS~1\\Temp\\311046.exe \" "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wqbujei]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wqbujei"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\system32\\wqbujei.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wuosiu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wuosiu"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\system32\\wuosiu.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{75A175BE-03E1-1033-0903-050503030001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{75A175BE-03E1-1033-0903-050503030001}\\Update.exe\" mc-110-12-0000797"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{75A175BE-03E2-1033-0903-050503030001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{75A175BE-03E2-1033-0903-050503030001}\\Update.exe\" mc-110-12-0000797"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{75A175BE-06FE-1033-0903-050503030001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{75A175BE-06FE-1033-0903-050503030001}\\Update.exe\" mc-110-12-0000797"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{75A175BE-07C5-1033-0903-050503030001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{75A175BE-07C5-1033-0903-050503030001}\\Update.exe\" mc-110-12-0000797"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"dispex.exe"=dword:00000002
"msoeacct.exe"=dword:00000002
"msencode.exe"=dword:00000002
"ipsecsnp.exe"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"xmlprov"=dword:00000003
"WZCSVC"=dword:00000002
"wuauserv"=dword:00000002
"wscsvc"=dword:00000002
"WmiApSrv"=dword:00000003
"WmdmPmSN"=dword:00000003
"winmgmt"=dword:00000002
"WebClient"=dword:00000002
"W32Time"=dword:00000002
"VSS"=dword:00000003
"Viewpoint Manager Service"=dword:00000002
"VETMSGNT"=dword:00000002
"UPS"=dword:00000003
"upnphost"=dword:00000003
"UMWdf"=dword:00000002
"TrkWks"=dword:00000002
"Themes"=dword:00000002
"TermService"=dword:00000003
"TapiSrv"=dword:00000003
"SysmonLog"=dword:00000003
"SymWSC"=dword:00000002
"SwPrv"=dword:00000003
"stisvc"=dword:00000003
"SSDPSRV"=dword:00000003
"srservice"=dword:00000002
"Spooler"=dword:00000002
"SPBBCSvc"=dword:00000003
"SNDSrvc"=dword:00000003
"ShellHWDetection"=dword:00000002
"SharedAccess"=dword:00000002
"SENS"=dword:00000002
"seclogon"=dword:00000002
"Schedule"=dword:00000002
"SCardSvr"=dword:00000003
"SamSs"=dword:00000002
"RSVP"=dword:00000003
"RDSessMgr"=dword:00000003
"RasMan"=dword:00000003
"RasAuto"=dword:00000003
"ProtectedStorage"=dword:00000002
"PolicyAgent"=dword:00000002
"PlugPlay"=dword:00000002
"NtmsSvc"=dword:00000003
"NtLmSsp"=dword:00000003
"Nla"=dword:00000003
"Netman"=dword:00000003
"Netlogon"=dword:00000003
"MSIServer"=dword:00000003
"MSDTC"=dword:00000003
"mnmsrvc"=dword:00000003
"LmHosts"=dword:00000002
"LightScribeService"=dword:00000002
"lanmanworkstation"=dword:00000002
"lanmanserver"=dword:00000002
"ISSVC"=dword:00000002
"iPod Service"=dword:00000003
"ImapiService"=dword:00000003
"IDriverT"=dword:00000003
"HTTPFilter"=dword:00000003
"hpqwmi"=dword:00000003
"helpsvc"=dword:00000002
"gusvc"=dword:00000003
"FastUserSwitchingCompatibility"=dword:00000003
"EventSystem"=dword:00000003
"Eventlog"=dword:00000002
"ERSvc"=dword:00000002
"Dnscache"=dword:00000002
"dmserver"=dword:00000003
"dmadmin"=dword:00000003
"Dhcp"=dword:00000002
"CryptSvc"=dword:00000003
"COMSysApp"=dword:00000003
"CiSvc"=dword:00000003
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccProxy"=dword:00000002
"ccEvtMgr"=dword:00000002
"CAISafe"=dword:00000002
"Browser"=dword:00000002
"BITS"=dword:00000002
"avast! Web Scanner"=dword:00000003
"avast! Mail Scanner"=dword:00000003
"avast! Antivirus"=dword:00000002
"AudioSrv"=dword:00000002
"aswUpdSv"=dword:00000002
"aspnet_state"=dword:00000003
"AppMgmt"=dword:00000003
"ALG"=dword:00000003
"Alerter"=dword:00000002
"Adobe LM Service"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ    HTTPFilter
LocalService   REG_MULTI_SZ    AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ    DnsCache
DcomLaunch   REG_MULTI_SZ    DcomLaunchTermService
rpcss   REG_MULTI_SZ    RpcSs
imgsvc   REG_MULTI_SZ    StiSvc
termsvcs   REG_MULTI_SZ    TermService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net (http://\"http://www.gmer.net\")

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\SYSTEM.SAV\info.bom 16384 bytes
C:\SYSTEM.SAV\INFO.US 4096 bytes
C:\SYSTEM.SAV\Logs
C:\SYSTEM.SAV\Logs\Cia.ini 155648 bytes
C:\SYSTEM.SAV\Logs\Info.bom 16384 bytes
C:\SYSTEM.SAV\Logs\Install.log 368640 bytes
C:\SYSTEM.SAV\Logs\Preinchk.log 4096 bytes
C:\SYSTEM.SAV\Logs\Sysinfo.log 294912 bytes
C:\SYSTEM.SAV\Logs\UIADUMP.EUE 4096 bytes
C:\SYSTEM.SAV\Logs\UIADUMP.FPP 4096 bytes
C:\SYSTEM.SAV\mszone.log 16384 bytes
C:\SYSTEM.SAV\PREINCHK.log 4096 bytes
C:\SYSTEM.SAV\REBOOT.ME 48 bytes
C:\SYSTEM.SAV\REGFLUSH.LOG 4096 bytes
C:\SYSTEM.SAV\RmDev.log 20480 bytes
C:\SYSTEM.SAV\SYSINFO.LOG 294912 bytes
C:\SYSTEM.SAV\SysInfo.US 294912 bytes
C:\SYSTEM.SAV\UTIL
C:\SYSTEM.SAV\UTIL\BOOTSEC.NT4 512 bytes
C:\SYSTEM.SAV\UTIL\BrandIt.Log 20480 bytes
C:\SYSTEM.SAV\UTIL\CHKIMAGE.exe 126976 bytes
C:\SYSTEM.SAV\UTIL\CIA.CDC 69632 bytes
C:\SYSTEM.SAV\UTIL\CIA.INI 81920 bytes
C:\SYSTEM.SAV\UTIL\cpqci.dll 122880 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.exe 118784 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.tmp 168 bytes
C:\SYSTEM.SAV\UTIL\DelDir.exe 36864 bytes
C:\SYSTEM.SAV\UTIL\delmodem.ini 184 bytes
C:\SYSTEM.SAV\UTIL\DELMPLNK.bat 88 bytes
C:\SYSTEM.SAV\UTIL\DELMPLNK.js 480 bytes
C:\SYSTEM.SAV\UTIL\DETECTOS.INI 408 bytes
C:\SYSTEM.SAV\UTIL\DNSP1.LOG 16384 bytes
C:\SYSTEM.SAV\UTIL\EISDTICON.log 32 bytes
C:\SYSTEM.SAV\UTIL\EVENTDEL.VBS 208 bytes
C:\SYSTEM.SAV\UTIL\FB_EIS.log 32 bytes
C:\SYSTEM.SAV\UTIL\hpqnt.dll 77824 bytes
C:\SYSTEM.SAV\UTIL\INSTALL.LOG 368640 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\mscu.log 168 bytes
C:\SYSTEM.SAV\UTIL\PININST.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\PININST.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\PININST.LOG 4096 bytes
C:\SYSTEM.SAV\UTIL\POSTOOBE.LOG 24 bytes
C:\SYSTEM.SAV\UTIL\postproc.ini 536 bytes
C:\SYSTEM.SAV\UTIL\powerset.log 88 bytes
C:\SYSTEM.SAV\UTIL\PREINCHK.BAT 216 bytes
C:\SYSTEM.SAV\UTIL\PREINFO.INI 200 bytes
C:\SYSTEM.SAV\UTIL\PREINFO2.EXE 86016 bytes
C:\SYSTEM.SAV\UTIL\qlb.log 176 bytes
C:\SYSTEM.SAV\UTIL\random.ini 40 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.EXE 106496 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.INI 560 bytes
C:\SYSTEM.SAV\UTIL\sedinst.log 168 bytes
C:\SYSTEM.SAV\UTIL\STRTMENU.EXE 24576 bytes
C:\SYSTEM.SAV\UTIL\SWSET_B.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\ticrdbus.log 32 bytes
C:\SYSTEM.SAV\UTIL\touchpad.log 192 bytes
C:\SYSTEM.SAV\UTIL\WINdvd.log 168 bytes
C:\SYSTEM.SAV\UTIL\wlassistant.log 176 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 60

********************************************************************

Completion time: 07-03-26 12:01:54

Title: Computer randomly shutsdown
Post by: guestolo on March 27, 2007, 12:14:04 AM

You have/had some nasty stuff going on, you also disable things from me I must see running on startup
Can you please go to START>>RUN>>Type in
msconfig
Hit OK
Under the STARTUP tab>>Enable All
Under the SERVICES tab>>Enable ALL
Hit APPLY>>CLOSE
Restart the computer at the prompt
Post a fresh hijackthis log when back in Windows please

Title: Computer randomly shutsdown
Post by: beck.thomson on March 28, 2007, 07:47:07 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:42:03 AM, on 3/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\dispex.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hello\Hello.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Documents and Settings\Deborah\Desktop\HijackThis.exe
C:\WINDOWS\system32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [{75A175BE-07C5-1033-0903-050503030001}] "C:\Program Files\Common Files\{75A175BE-07C5-1033-0903-050503030001}\Update.exe" mc-110-12-0000797
O4 - HKLM\..\Run: [{75A175BE-06FE-1033-0903-050503030001}] "C:\Program Files\Common Files\{75A175BE-06FE-1033-0903-050503030001}\Update.exe" mc-110-12-0000797
O4 - HKLM\..\Run: [{75A175BE-03E2-1033-0903-050503030001}] "C:\Program Files\Common Files\{75A175BE-03E2-1033-0903-050503030001}\Update.exe" mc-110-12-0000797
O4 - HKLM\..\Run: [{75A175BE-03E1-1033-0903-050503030001}] "C:\Program Files\Common Files\{75A175BE-03E1-1033-0903-050503030001}\Update.exe" mc-110-12-0000797
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [lmjvservc] cliwdcjk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [wuosiu] "C:\WINDOWS\system32\wuosiu.exe"
O4 - HKCU\..\Run: [wqbujei] "C:\WINDOWS\system32\wqbujei.exe"
O4 - HKCU\..\Run: [WinInit] "C:\DOCUME~1\Deborah\LOCALS~1\Temp\311046.exe "
O4 - HKCU\..\Run: [wigvy] "C:\WINDOWS\system32\wigvy.exe"
O4 - HKCU\..\Run: [weoip] "C:\WINDOWS\system32\weoip.exe"
O4 - HKCU\..\Run: [vmmanager] C:\WINDOWS\system32\vmmanager.exe
O4 - HKCU\..\Run: [UTRF] "C:\Documents and Settings\Deborah\UTRF.exe"
O4 - HKCU\..\Run: [TENF] "C:\Documents and Settings\Deborah\TENF.exe"
O4 - HKCU\..\Run: [SQJT] "C:\Documents and Settings\Deborah\SQJT.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PHKR] "C:\Documents and Settings\Deborah\PHKR.exe"
O4 - HKCU\..\Run: [NFIK] "C:\Documents and Settings\Deborah\NFIK.exe"
O4 - HKCU\..\Run: [LPDS] "C:\Documents and Settings\Deborah\LPDS.exe"
O4 - HKCU\..\Run: [llsymvb] C:\WINDOWS\system32\fldmelds.exe
O4 - HKCU\..\Run: [lcoinst] C:\WINDOWS\system32\lcoinst.exe
O4 - HKCU\..\Run: [KOPU] "C:\Documents and Settings\Deborah\KOPU.exe"
O4 - HKCU\..\Run: [kmwf] C:\PROGRA~1\COMMON~1\kmwf\kmwfm.exe
O4 - HKCU\..\Run: [KDSC] "C:\Documents and Settings\Deborah\KDSC.exe"
O4 - HKCU\..\Run: [JFPL] "C:\Documents and Settings\Deborah\JFPL.exe"
O4 - HKCU\..\Run: [GLFC] "C:\Documents and Settings\Deborah\GLFC.exe"
O4 - HKCU\..\Run: [Fiyf] C:\Program Files\Common Files\??crosoft\c?rss.exe
O4 - HKCU\..\Run: [DUHJ] "C:\Documents and Settings\Deborah\DUHJ.exe"
O4 - HKCU\..\Run: [cwingllib] C:\WINDOWS\system32\atllsimm.exe
O4 - HKCU\..\Run: [ACEJ] "C:\Documents and Settings\Deborah\ACEJ.exe"
O4 - HKCU\..\Run: [1] "C:\WINDOWS\system32\1.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dispex.exe - Unknown owner - C:\WINDOWS\system32\dispex.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ipsecsnp.exe - Unknown owner - C:\WINDOWS\system32\ipsecsnp.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: msencode.exe - Unknown owner - C:\WINDOWS\system32\msencode.exe (file missing)
O23 - Service: msoeacct.exe - Unknown owner - C:\WINDOWS\system32\msoeacct.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Title: Computer randomly shutsdown
Post by: guestolo on March 29, 2007, 10:18:45 AM

Sorry for the delay Beck
Still some cleaning to do
Also, you have more than one AntiVirus software installed in your computer
Although, some items were disabled, it can still cause conflicts

I suggest that you access your add/remove programs
Determine which AV software you are happiest with and remove the others
Be sure to reboot afterwards

I see eTrust EZ Antivirus, bundled with eTrust Internet Security Suite
Norton AV bundled with Norton Internet Security
and Avast

Again, keep the one your happiest with and remove the others
Also, in add/remove programs, remove Viewpoint Manager and Viewpoint Media player if found
They normally get unintentionally installed

Back in Windows, after rebooting
Can you still do the following

Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O4 - HKLM\..\Run: [{75A175BE-07C5-1033-0903-050503030001}] "C:\Program Files\Common Files\{75A175BE-07C5-1033-0903-050503030001}\Update.exe" mc-110-12-0000797
O4 - HKLM\..\Run: [{75A175BE-06FE-1033-0903-050503030001}] "C:\Program Files\Common Files\{75A175BE-06FE-1033-0903-050503030001}\Update.exe" mc-110-12-0000797
O4 - HKLM\..\Run: [{75A175BE-03E2-1033-0903-050503030001}] "C:\Program Files\Common Files\{75A175BE-03E2-1033-0903-050503030001}\Update.exe" mc-110-12-0000797
O4 - HKLM\..\Run: [{75A175BE-03E1-1033-0903-050503030001}] "C:\Program Files\Common Files\{75A175BE-03E1-1033-0903-050503030001}\Update.exe" mc-110-12-0000797
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [lmjvservc] cliwdcjk.exe
O4 - HKCU\..\Run: [wuosiu] "C:\WINDOWS\system32\wuosiu.exe"
O4 - HKCU\..\Run: [wqbujei] "C:\WINDOWS\system32\wqbujei.exe"
O4 - HKCU\..\Run: [WinInit] "C:\DOCUME~1\Deborah\LOCALS~1\Temp\311046.exe "
O4 - HKCU\..\Run: [wigvy] "C:\WINDOWS\system32\wigvy.exe"
O4 - HKCU\..\Run: [weoip] "C:\WINDOWS\system32\weoip.exe"
O4 - HKCU\..\Run: [vmmanager] C:\WINDOWS\system32\vmmanager.exe
O4 - HKCU\..\Run: [UTRF] "C:\Documents and Settings\Deborah\UTRF.exe"
O4 - HKCU\..\Run: [TENF] "C:\Documents and Settings\Deborah\TENF.exe"
O4 - HKCU\..\Run: [SQJT] "C:\Documents and Settings\Deborah\SQJT.exe"

O4 - HKCU\..\Run: [PHKR] "C:\Documents and Settings\Deborah\PHKR.exe"
O4 - HKCU\..\Run: [NFIK] "C:\Documents and Settings\Deborah\NFIK.exe"
O4 - HKCU\..\Run: [LPDS] "C:\Documents and Settings\Deborah\LPDS.exe"
O4 - HKCU\..\Run: [llsymvb] C:\WINDOWS\system32\fldmelds.exe
O4 - HKCU\..\Run: [lcoinst] C:\WINDOWS\system32\lcoinst.exe
O4 - HKCU\..\Run: [KOPU] "C:\Documents and Settings\Deborah\KOPU.exe"
O4 - HKCU\..\Run: [kmwf] C:\PROGRA~1\COMMON~1\kmwf\kmwfm.exe
O4 - HKCU\..\Run: [KDSC] "C:\Documents and Settings\Deborah\KDSC.exe"
O4 - HKCU\..\Run: [JFPL] "C:\Documents and Settings\Deborah\JFPL.exe"
O4 - HKCU\..\Run: [GLFC] "C:\Documents and Settings\Deborah\GLFC.exe"
O4 - HKCU\..\Run: [Fiyf] C:\Program Files\Common Files\??crosoft\c?rss.exe
O4 - HKCU\..\Run: [DUHJ] "C:\Documents and Settings\Deborah\DUHJ.exe"
O4 - HKCU\..\Run: [cwingllib] C:\WINDOWS\system32\atllsimm.exe
O4 - HKCU\..\Run: [ACEJ] "C:\Documents and Settings\Deborah\ACEJ.exe"
O4 - HKCU\..\Run: [1] "C:\WINDOWS\system32\1.exe"

O23 - Service: dispex.exe - Unknown owner - C:\WINDOWS\system32\dispex.exe
O23 - Service: ipsecsnp.exe - Unknown owner - C:\WINDOWS\system32\ipsecsnp.exe (file missing)
O23 - Service: msencode.exe - Unknown owner - C:\WINDOWS\system32\msencode.exe (file missing)
O23 - Service: msoeacct.exe - Unknown owner - C:\WINDOWS\system32\msoeacct.exe (file missing)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer again, back in Windows
Download [color=\"#FF0000\"]The Avenger.zip[/color] (http://\"http://swandog46.geekstogo.com/avenger.zip\") by Swandog46 to your Desktop.

* Click on Avenger.zip to open the file
* Extract avenger.exe to your desktop

LOG off any other users on the computer except for yourself

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
Make sure you include "Folders to delete:"
=============================================================
[color=\"#0000FF\"]
Folders to delete:
C:\Program Files\Common Files\kmwf

files to delete:
C:\WINDOWS\system32\wuosiu.exe
C:\WINDOWS\system32\wqbujei.exe
C:\WINDOWS\system32\wigvy.exe
C:\Documents and Settings\Deborah\LOCALS~1\Temp\311046.exe
C:\WINDOWS\system32\weoip.exe
C:\WINDOWS\system32\vmmanager.exe
C:\Documents and Settings\Deborah\UTRF.exe"
C:\Documents and Settings\Deborah\TENF.exe
C:\Documents and Settings\Deborah\SQJT.exe
C:\Documents and Settings\Deborah\PHKR.exe
C:\Documents and Settings\Deborah\NFIK.exe"
C:\Documents and Settings\Deborah\LPDS.exe
C:\WINDOWS\system32\fldmelds.exe
C:\WINDOWS\system32\lcoinst.exe
C:\Documents and Settings\Deborah\KOPU.exe
C:\Documents and Settings\Deborah\KDSC.exe
C:\Documents and Settings\Deborah\JFPL.exe
C:\Documents and Settings\Deborah\GLFC.exe
C:\Documents and Settings\Deborah\DUHJ.exe
C:\WINDOWS\system32\atllsimm.exe
C:\Documents and Settings\Deborah\ACEJ.exe
C:\WINDOWS\system32\1.exe
C:\WINDOWS\system32\dispex.exe
C:\WINDOWS\system32\msencode.exe
C:\WINDOWS\system32\msoeacct.exe

[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt

* Under "Script file to execute" choose"Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
* Answer "Yes" twice when prompted.

Avenger should now Reboot your computer
After reboot, avenger will finish cleaning, it will produce a log I will need to see later>>C:Avenger.txt

Afterwards
Now that we have cleared you of multiple virus scanners, and you only have one
Can we run a different scanner please

==Download [color=\"#FF0000\"]AVG Anti-Spyware 7.5[/color] (http://\"http://www.ewido.net/en/download/\")

Save the installer to desktop
Double click the installer, select your language, and then select "OK"
Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
AVG will now install and afterwards click FINISH
AVG Anti-Spyware 7.5 should now Load
Click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top
Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
"Only if Threats are found" IS NOT selected

CLOSE AVG-Antispyware for now, as we will need it later
An AVG icon will be placed in your system tray next to your clock, can you right on it and uncheck
"Resident Shield" , "Automatic updates" and "Start with Windows"

==Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
It's a small download, Save it to your desktop
We'll need this later

Reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

============================================
==Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
==================================================

Load AVG Anti-Spyware 7.5

Click on the Scanner tab at the top
Cick on Complete System Scan.
This scan can take a while to run, let it run uninterrupted
When the scan is complete it will list any infections found on the left hand side.
Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file (like on the Desktop).

I will need to see this log later

Restart the computer back to Normal windows

Back in Windows

I need to see all the following please

1. Post a fresh hijackthis log
2. Post the text file from Avenger, located here>>C:Avenger.txt
3. Post the whole report from AVG-Antispyware

4. I just want to do a double check
This scan won't take too long
Download and save too desktop
F-Secure Blacklight(blbeta.exe) (http://\"https://europe.f-secure.com/exclude/blacklight/blbeta.exe\")

Double click to run blbeta.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".
Can you post the contents of this log too please

NOTE: It may take more than one reply to post the above logs, please do so if needed
Keep me informed how things are running

Title: Computer randomly shutsdown
Post by: beck.thomson on March 30, 2007, 02:17:37 PM

Ok, before we get started here, I just wanted to say THANK YOU for your help on this...this laptop was virtually useless, it shut down so often, and now it seems to be running ok.

I did have one problem--when I tried to remove the Norton software (it's expired anyway), the system shut down in the middle of the uninstallation process and now I get an error message when I go to remove it. Any way around this?

To begin the logs:

Logfile of HijackThis v1.99.1
Scan saved at 3:08:36 PM, on 3/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hello\Hello.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Deborah\Desktop\Computer resources\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

__________________________________

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sdssfcax

*******************

Script file located at: \??\C:\WINDOWS\jmfunigy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Program Files\Common Files\kmwf deleted successfully.

File C:\WINDOWS\system32\wuosiu.exe not found!
Deletion of file C:\WINDOWS\system32\wuosiu.exe failed!

Could not process line:
C:\WINDOWS\system32\wuosiu.exe
Status: 0xc0000034

File C:\WINDOWS\system32\wqbujei.exe not found!
Deletion of file C:\WINDOWS\system32\wqbujei.exe failed!

Could not process line:
C:\WINDOWS\system32\wqbujei.exe
Status: 0xc0000034

File C:\WINDOWS\system32\wigvy.exe not found!
Deletion of file C:\WINDOWS\system32\wigvy.exe failed!

Could not process line:
C:\WINDOWS\system32\wigvy.exe
Status: 0xc0000034

File C:\Documents and Settings\Deborah\LOCALS~1\Temp\311046.exe not found!
Deletion of file C:\Documents and Settings\Deborah\LOCALS~1\Temp\311046.exe failed!

Could not process line:
C:\Documents and Settings\Deborah\LOCALS~1\Temp\311046.exe
Status: 0xc0000034

File C:\WINDOWS\system32\weoip.exe not found!
Deletion of file C:\WINDOWS\system32\weoip.exe failed!

Could not process line:
C:\WINDOWS\system32\weoip.exe
Status: 0xc0000034

File C:\WINDOWS\system32\vmmanager.exe deleted successfully.
File C:\Documents and Settings\Deborah\UTRF.exe deleted successfully.
File C:\Documents and Settings\Deborah\TENF.exe deleted successfully.
File C:\Documents and Settings\Deborah\SQJT.exe deleted successfully.
File C:\Documents and Settings\Deborah\PHKR.exe deleted successfully.
File C:\Documents and Settings\Deborah\NFIK.exe deleted successfully.
File C:\Documents and Settings\Deborah\LPDS.exe deleted successfully.

File C:\WINDOWS\system32\fldmelds.exe not found!
Deletion of file C:\WINDOWS\system32\fldmelds.exe failed!

Could not process line:
C:\WINDOWS\system32\fldmelds.exe
Status: 0xc0000034

File C:\WINDOWS\system32\lcoinst.exe not found!
Deletion of file C:\WINDOWS\system32\lcoinst.exe failed!

Could not process line:
C:\WINDOWS\system32\lcoinst.exe
Status: 0xc0000034

File C:\Documents and Settings\Deborah\KOPU.exe not found!
Deletion of file C:\Documents and Settings\Deborah\KOPU.exe failed!

Could not process line:
C:\Documents and Settings\Deborah\KOPU.exe
Status: 0xc0000034

File C:\Documents and Settings\Deborah\KDSC.exe deleted successfully.

File C:\Documents and Settings\Deborah\JFPL.exe not found!
Deletion of file C:\Documents and Settings\Deborah\JFPL.exe failed!

Could not process line:
C:\Documents and Settings\Deborah\JFPL.exe
Status: 0xc0000034

File C:\Documents and Settings\Deborah\GLFC.exe deleted successfully.
File C:\Documents and Settings\Deborah\DUHJ.exe deleted successfully.

File C:\WINDOWS\system32\atllsimm.exe not found!
Deletion of file C:\WINDOWS\system32\atllsimm.exe failed!

Could not process line:
C:\WINDOWS\system32\atllsimm.exe
Status: 0xc0000034

File C:\Documents and Settings\Deborah\ACEJ.exe deleted successfully.

File C:\WINDOWS\system32\1.exe not found!
Deletion of file C:\WINDOWS\system32\1.exe failed!

Could not process line:
C:\WINDOWS\system32\1.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dispex.exe deleted successfully.

File C:\WINDOWS\system32\msencode.exe not found!
Deletion of file C:\WINDOWS\system32\msencode.exe failed!

Could not process line:
C:\WINDOWS\system32\msencode.exe
Status: 0xc0000034

File C:\WINDOWS\system32\msoeacct.exe not found!
Deletion of file C:\WINDOWS\system32\msoeacct.exe failed!

Could not process line:
C:\WINDOWS\system32\msoeacct.exe
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Title: Computer randomly shutsdown
Post by: beck.thomson on March 30, 2007, 02:19:57 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:55:11 PM 3/30/2007

+ Scan result:

:mozilla.273:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.274:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.10:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.31:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.32:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.33:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.34:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.36:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.37:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.38:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.39:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.400:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.40:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.41:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.42:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.43:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.594:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.637:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.694:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.6:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.700:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.710:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.762:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.766:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.7:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.8:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.9:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.479:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.480:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.258:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.611:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.612:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.248:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.249:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.250:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.251:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.252:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.13:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.56:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.597:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.634:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.635:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.636:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.100:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.101:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.102:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.103:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.104:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.105:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.106:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.107:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.97:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.98:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.99:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.350:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.421:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.495:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.669:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.670:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.671:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.672:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.38:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.45:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.388:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.389:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.477:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.478:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.543:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.544:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.545:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.546:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.547:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.548:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.549:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.550:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.551:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.552:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.553:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.554:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.555:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.556:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.557:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.563:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.564:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.565:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.566:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.567:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.677:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.678:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.679:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.680:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.681:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.682:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.683:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.684:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.233:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.234:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.235:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.243:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.244:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.245:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.246:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.247:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.210:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.211:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.212:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.214:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.374:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.341:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.301:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.302:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.303:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.304:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.71:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.72:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.419:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.420:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.767:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.537:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.538:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.539:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.540:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.221:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.222:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.422:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.423:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.496:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.497:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.55:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.56:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.57:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.688:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.689:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.690:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.691:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.351:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.352:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.353:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.354:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.355:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.356:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.115:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.117:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.118:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.119:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.120:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.424:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.425:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.426:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.427:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.529:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.530:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.531:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.532:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.291:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.294:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.295:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.296:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.50:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.51:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.52:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.446:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.225:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.523:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.524:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.525:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.526:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.527:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.68:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.19:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.20:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.21:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.87:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.88:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.89:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.91:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.92:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.93:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.94:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.95:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.463:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

::Report end

Finally, I could not run BlackLight... it said something about my not having the necessary privileges.

Title: Computer randomly shutsdown
Post by: guestolo on March 30, 2007, 09:37:55 PM

We'll worry about Symantec's in a bit
I assume you are sticking with Avast by the sounds of it, good choice

We have to restore the privileges that blacklight was nagging about

Can you try the following
Download and save too desktop
VX2Finder.exe (http://\"http://www.downloads.subratam.org/VX2Finder.exe\")

click the button that says "Click to find VX2 BetterInternet"
Let it do a quick scan
Click the button that says "Restore Policy"
OK the prompt
Restart the computer

Back in Windows
Can you let me know what version of Symantec's you had installed please
We must remove all of it so it won't interfere with Avast

Post back All the following please
1. Post a fresh hijackthis log
2. Try running blbeta.exe and post the log
3. Can you ensure hijackthis was closed, then reopen it, select "Open Misc tools section'
Click the "Open ADS spy", uncheck "Quick Scan"
Then click the SCAN button, let it run it's scan>>Save LOG!>>Post the whole log here please

Title: Computer randomly shutsdown
Post by: beck.thomson on April 02, 2007, 08:32:57 AM

Symantec: Norton Internet Security 2005 Version 8.0.2.5

Unfortunately, I didn't get to this until today (had a busy weekend) and the Blacklight trial expired yesterday, so I couldn't run it.

Logfile of HijackThis v1.99.1
Scan saved at 9:23:14 AM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Documents and Settings\Deborah\Desktop\Computer resources\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

_________________________
ASSPY

C:\WINDOWS\system32 : lzx32.sys (69550 bytes)
C:\WINDOWS\system32 : lzx32.sys (69550 bytes)

Title: Computer randomly shutsdown
Post by: guestolo on April 02, 2007, 07:19:07 PM

Can you delete blbeta.exe from desktop

Download and save too your desktop
[color=\"#FF0000\"]fsbl.exe[/color] (http://\"https://europe.f-secure.com/exclude/blacklight/fsbl.exe\")
(F-Secure Blacklight)
We'll try this version in a bit

Download [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Will need this in a bit, If you do have an older version of this fix, please delete your copy and download this updated one

Let's try and remove remnants of Symantec's
Go to the following link and download the appropriate removal tool for your version of Windows
[color=\"#FF0000\"]CLICK HERE[/color] (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=sg&docid=2004093015165236&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=Norton%20Internet%20Security&ver=2005&osv=&osv_lvl=&seg=\")
Follow the instructions as outlined in the link
You can ignore Step 3

Afterward rebooting and back in Windows
I see a couple entries still related too eTrust EZ Antivirus
Let's remove them too
Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In safe mode
Again, open Hijackthis.exe>> select "Open Misc tools section'
Click the "Open ADS spy", uncheck "Quick Scan"
Then click the SCAN button, let it run it's scan>>when complete
Put a tick next to these 2 entries
C:\WINDOWS\system32 : lzx32.sys
C:\WINDOWS\system32 : lzx32.sys
Then click the Remove Selected button, select YES to the prompt and exit hijackthis

Remain in safe mode
open the SmitfraudFix folder that was extracted to desktop and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process
The report can also be found at the root of the system drive, usually at C:\rapport.txt

[color=\"green\"]NOTE:running option #2 will remove your Desktop background, you will have to replace it in the Display options found in Control panel[/color].

Can you enter the Windows Control panel and ensure the the Windows Firewall is running please

Double click to run fsbl.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".

Can you do all the following please
1. Run Ads Spy from Hijackthis again and ensure those 2 entries are no longer found, if not empty, post it's log please
2. Run a fresh scan and save logfile with Hijackthis and post it's new log
3. Post the log from fsbl.exe
4. Post the report from Smitfraudfix>>C:\Rapport.txt

Do what you can from the above please
We should be left with just a bit more house cleaning if all goes well

/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: Computer randomly shutsdown
Post by: beck.thomson on April 03, 2007, 03:10:31 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:04:00 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Deborah\Desktop\Computer resources\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

_______________________________________________________
Blacklight

04/03/07 15:37:11 [Info]: BlackLight Engine 1.0.61 initialized
04/03/07 15:37:11 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/03/07 15:37:12 [Note]: 7019 4
04/03/07 15:37:12 [Note]: 7005 0
04/03/07 15:37:16 [Note]: 7006 0
04/03/07 15:37:16 [Note]: 7011 172
04/03/07 15:37:16 [Note]: 7026 0
04/03/07 15:37:16 [Note]: 7026 0
04/03/07 15:37:20 [Note]: FSRAW library version 1.7.1021
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:49:00 [Note]: 7007 0

__________________________________________________

SmitFraudFix v2.162

Scan done at 15:31:15.54, Tue 04/03/2007
Run from C:\Documents and Settings\Deborah\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Killing process

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» hosts

127.0.0.1 localhost

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Generic Renos Fix

GenericRenosFix by S!Ri

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Deleting infected files

C:\WINDOWS\system32\RegistryCleanerSetup.exe Deleted
C:\Program Files\RegistryCleaner\ Deleted

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E287B054-D536-4805-AA71-C680E86CCBB3}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E287B054-D536-4805-AA71-C680E86CCBB3}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E287B054-D536-4805-AA71-C680E86CCBB3}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Deleting Temp Files

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Registry Cleaning

Registry Cleaning done.

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» End

Title: Computer randomly shutsdown
Post by: guestolo on April 06, 2007, 06:29:10 PM

Sorry again for the delay Beck, as it's the long weekend
I started a 2 week vacation
Presently sitting outside my motel room connected wifi
So the only chance I will have to visit the forum is when we're not touring or I hit a wifi spot

How are things running on your end?
Do you think you can run combofix again and post one more log when you get a chance
Also, one last hijacthis log

The last logs looked good, just as a followup

Title: Computer randomly shutsdown
Post by: beck.thomson on April 10, 2007, 08:59:50 AM

hope you're having a good vacation... I could go for one myself--it's way too cold where I live right now.

Here're the logs, and thanks again.

"Deborah" - 07-04-10 9:44:52 Service Pack 2
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\Deborah\Desktop\Computer resources"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\Program Files\SSTEM3~1\SSTEM3~1

((((((((((((((((((((((((((((((( Files Created from 2007-03-10 to 2007-04-10 ))))))))))))))))))))))))))))))))))

2007-04-10 01:01   <DIR>   d--------   C:\DOCUME~1\Deborah\APPLIC~1\DivX
2007-04-10 00:53   2,560   ---------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-10 00:53   2,432   ---------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-10 00:53   129,784   ---------   C:\WINDOWS\system32\pxafs.dll
2007-04-04 09:27   <DIR>   d--------   C:\Program Files\iPod
2007-04-04 09:23   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-04-03 15:31   2,488   --a------   C:\WINDOWS\system32\tmp.reg
2007-03-29 17:11   3,968   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-29 17:10   <DIR>   d--------   C:\avenger
2007-03-29 16:56   6   --a------   C:\WINDOWS\system32\29-03-16.dat
2007-03-28 08:40   6   --a------   C:\WINDOWS\system32\28-03-08.dat
2007-03-27 03:55   524,288   --a------   C:\WINDOWS\system32\DivXsm.exe
2007-03-27 03:55   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 03:55   200,704   --a------   C:\WINDOWS\system32\ssldivx.dll
2007-03-27 03:55   1,044,480   --a------   C:\WINDOWS\system32\libdivx.dll
2007-03-27 03:49   73,728   --a------   C:\WINDOWS\system32\dpl100.dll
2007-03-27 03:49   593,920   --a------   C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 03:49   57,344   --a------   C:\WINDOWS\system32\dpv11.dll
2007-03-27 03:49   53,248   --a------   C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 03:49   344,064   --a------   C:\WINDOWS\system32\dpus11.dll
2007-03-27 03:49   294,912   --a------   C:\WINDOWS\system32\dpu11.dll
2007-03-27 03:49   294,912   --a------   C:\WINDOWS\system32\dpu10.dll
2007-03-27 03:49   196,608   --a------   C:\WINDOWS\system32\dtu100.dll
2007-03-27 03:48   823,296   --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 03:48   823,296   --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 03:48   802,816   --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 03:48   639,066   --a------   C:\WINDOWS\system32\DivX.dll
2007-03-23 10:08   6   --a------   C:\WINDOWS\system32\23-03-10.dat
2007-03-23 09:03   6   --a------   C:\WINDOWS\system32\23-03-09.dat
2007-03-23 08:59   6   --a------   C:\WINDOWS\system32\23-03-08.dat
2007-03-22 20:20   6   --a------   C:\WINDOWS\system32\22-03-20.dat
2007-03-22 15:00   6   --a------   C:\WINDOWS\system32\22-03-15.dat
2007-03-22 14:39   6   --a------   C:\WINDOWS\system32\22-03-14.dat
2007-03-22 14:28   <DIR>   d--------   C:\WINDOWS\pss
2007-03-22 12:46   6   --a------   C:\WINDOWS\system32\22-03-12.dat
2007-03-22 11:57   786,432   --ah-----   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-03-22 11:57   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-03-22 11:57   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-03-22 08:34   6   --a------   C:\WINDOWS\system32\22-03-08.dat
2007-03-21 10:07   6   --a------   C:\WINDOWS\system32\21-03-10.dat
2007-03-21 01:43   6   --a------   C:\WINDOWS\system32\21-03-01.dat
2007-03-20 22:27   6   --a------   C:\WINDOWS\system32\20-03-22.dat
2007-03-20 16:15   6   --a------   C:\WINDOWS\system32\20-03-16.dat
2007-03-20 14:37   6   --a------   C:\WINDOWS\system32\20-03-14.dat
2007-03-20 12:03   94,424   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-20 12:03   90,112   --a------   C:\WINDOWS\system32\AVASTSS.scr
2007-03-20 12:03   85,952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-20 12:03   689,280   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-03-20 12:03   43,176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-20 12:03   31,560   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-20 12:03   23,352   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-20 12:03   <DIR>   d--------   C:\Program Files\Alwil Software
2007-03-20 12:01   6   --a------   C:\WINDOWS\system32\20-03-12.dat
2007-03-20 11:55   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-20 11:00   6   --a------   C:\WINDOWS\system32\20-03-11.dat
2007-03-20 10:00   6   --a------   C:\WINDOWS\system32\20-03-10.dat
2007-03-20 09:44   6   --a------   C:\WINDOWS\system32\20-03-09.dat
2007-03-20 03:35   6   --a------   C:\WINDOWS\system32\20-03-03.dat
2007-03-19 20:27   6   --a------   C:\WINDOWS\system32\19-03-20.dat
2007-03-19 13:12   6   --a------   C:\WINDOWS\system32\19-03-13.dat
2007-03-18 12:40   6   --a------   C:\WINDOWS\system32\18-03-12.dat
2007-03-17 11:12   6   --a------   C:\WINDOWS\system32\17-03-11.dat
2007-03-16 14:18   6   --a------   C:\WINDOWS\system32\16-03-14.dat
2007-03-16 12:12   6   --a------   C:\WINDOWS\system32\16-03-12.dat
2007-03-14 14:49   6   --a------   C:\WINDOWS\system32\14-03-14.dat
2007-03-14 12:08   6   --a------   C:\WINDOWS\system32\14-03-12.dat
2007-03-14 11:03   6   --a------   C:\WINDOWS\system32\14-03-11.dat
2007-03-14 10:54   6   --a------   C:\WINDOWS\system32\14-03-10.dat
2007-03-14 09:26   6   --a------   C:\WINDOWS\system32\14-03-09.dat
2007-03-14 08:14   6   --a------   C:\WINDOWS\system32\14-03-08.dat

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-10 00:54   --------   d--------   C:\Program Files\google
2007-04-10 00:53   --------   d--------   C:\Program Files\divx
2007-04-09 20:57   --------   d--------   C:\Program Files\plaxo
2007-04-04 09:27   --------   d--------   C:\Program Files\itunes
2007-04-04 09:25   --------   d--------   C:\Program Files\quicktime
2007-04-03 15:09   --------   d--------   C:\Program Files\symantec
2007-03-29 17:01   --------   d--------   C:\Program Files\pedevice
2007-03-29 13:52   --------   d--------   C:\Program Files\microsoft money 2005
2007-03-27 03:55   36624   ---------   C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-03-27 03:55   118520   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 03:55   116472   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-03-19 14:51   3764   --a------   C:\WINDOWS\mozver.dat
2007-03-19 14:51   --------   d--------   C:\Program Files\java
2007-03-08 11:36   577536   --a------   C:\WINDOWS\system32\user32.dll
2007-03-08 11:36   40960   --a------   C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36   281600   --a------   C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47   1843584   --a------   C:\WINDOWS\system32\win32k.sys
2007-03-04 19:33   6   --a------   C:\WINDOWS\system324-03-18.dat
2007-03-04 13:55   6   --a------   C:\WINDOWS\system324-03-12.dat
2007-03-04 04:11   6   --a------   C:\WINDOWS\system324-03-03.dat
2007-03-04 03:15   6   --a------   C:\WINDOWS\system324-03-02.dat
2007-03-04 03:08   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-03-02 18:11   6   --a------   C:\WINDOWS\system322-03-17.dat
2007-02-26 13:47   6   --a------   C:\WINDOWS\system32\26-02-12.dat
2007-02-24 13:08   6   --a------   C:\WINDOWS\system32\24-02-12.dat
2007-02-22 00:21   --------   d--------   C:\DOCUME~1\Deborah\APPLIC~1\viewpoint
2007-02-16 21:09   6   --a------   C:\WINDOWS\system32\16-02-20.dat
2007-02-15 21:40   124472   --a------   C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-12 19:30   6   --a------   C:\WINDOWS\system32\12-02-18.dat
2007-02-06 14:17   6   --a------   C:\WINDOWS\system326-02-13.dat
2007-02-05 20:52   0   --a------   C:\ywcbxykm.exe
2007-02-05 20:51   6   --a------   C:\WINDOWS\system325-02-19.dat
2007-02-04 19:52   6   --a------   C:\WINDOWS\system324-02-18.dat
2007-02-04 14:31   6   --a------   C:\WINDOWS\system324-02-13.dat
2007-02-03 18:44   6   --a------   C:\WINDOWS\system323-02-17.dat
2007-02-01 13:24   0   --a------   C:\wdigv.exe
2007-02-01 13:24   0   --a------   C:\tqex.exe
2007-02-01 13:24   0   --a------   C:\rjayw.exe
2007-02-01 13:22   6   --a------   C:\WINDOWS\system321-02-12.dat
2007-02-01 12:13   6   --a------   C:\WINDOWS\system321-02-11.dat
2007-02-01 01:10   0   --a------   C:\qaliew.exe
2007-02-01 01:10   0   --a------   C:\avhbtqbc.exe
2007-02-01 01:09   6   --a------   C:\WINDOWS\system321-02-00.dat
2007-01-31 20:20   6   --a------   C:\WINDOWS\system32\31-01-19.dat
2007-01-31 13:20   6   --a------   C:\WINDOWS\system32\31-01-12.dat
2007-01-30 20:12   6   --a------   C:\WINDOWS\system32\30-01-19.dat
2007-01-21 14:03   6   --a------   C:\WINDOWS\system32\21-01-13.dat
2007-01-20 22:18   6   --a------   C:\WINDOWS\system32\20-01-21.dat
2007-01-20 00:06   0   --a------   C:\xsxqdxkh.exe
2007-01-20 00:06   0   --a------   C:\laqquruw.exe
2007-01-20 00:06   0   --a------   C:\igcqdm.exe
2007-01-20 00:06   0   --a------   C:\caign.exe
2007-01-20 00:05   6   --a------   C:\WINDOWS\system32\19-01-23.dat
2007-01-19 22:19   6   --a------   C:\WINDOWS\system32\19-01-21.dat
2007-01-18 18:49   6   --a------   C:\WINDOWS\system32\18-01-17.dat
2007-01-18 14:18   6   --a------   C:\WINDOWS\system32\18-01-13.dat
2007-01-17 21:23   6   --a------   C:\WINDOWS\system32\17-01-20.dat
2007-01-17 19:23   6   --a------   C:\WINDOWS\system32\17-01-18.dat
2007-01-16 02:00   6   --a------   C:\WINDOWS\system32\16-01-01.dat
2007-01-15 21:48   6   --a------   C:\WINDOWS\system32\15-01-20.dat
2007-01-15 15:52   6   --a------   C:\WINDOWS\system32\15-01-14.dat
2007-01-14 20:33   6   --a------   C:\WINDOWS\system32\14-01-19.dat
2007-01-14 02:02   6   --a------   C:\WINDOWS\system32\14-01-01.dat
2007-01-14 01:53   6   --a------   C:\WINDOWS\system32\14-01-00.dat
2007-01-14 00:16   6   --a------   C:\WINDOWS\system32\13-01-23.dat
2007-01-13 13:26   6   --a------   C:\WINDOWS\system32\13-01-12.dat
2007-01-12 11:39   6   --a------   C:\WINDOWS\system32\12-01-10.dat
2007-01-11 13:47   6   --a------   C:\WINDOWS\system32\11-01-12.dat
2007-01-10 10:17   6   --a------   C:\WINDOWS\system32\10-01-09.dat

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.12.1.1\\PlaxoHelper.exe -a"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"Logitech Utility"="Logi_MwX.Exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1135747143\\ee\\AOLSoftware.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ    HTTPFilter
LocalService   REG_MULTI_SZ    AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ    DnsCache
DcomLaunch   REG_MULTI_SZ    DcomLaunchTermService
rpcss   REG_MULTI_SZ    RpcSs
imgsvc   REG_MULTI_SZ    StiSvc
termsvcs   REG_MULTI_SZ    TermService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net (http://\"http://www.gmer.net\")

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?1?3?8??p???? ???B?????????????hLC? ??????

scanning hidden files ...

C:\SYSTEM.SAV\info.bom 16384 bytes
C:\SYSTEM.SAV\INFO.US 4096 bytes
C:\SYSTEM.SAV\Logs
C:\SYSTEM.SAV\Logs\Cia.ini 155648 bytes
C:\SYSTEM.SAV\Logs\Info.bom 16384 bytes
C:\SYSTEM.SAV\Logs\Install.log 368640 bytes
C:\SYSTEM.SAV\Logs\Preinchk.log 4096 bytes
C:\SYSTEM.SAV\Logs\Sysinfo.log 294912 bytes
C:\SYSTEM.SAV\Logs\UIADUMP.EUE 4096 bytes
C:\SYSTEM.SAV\Logs\UIADUMP.FPP 4096 bytes
C:\SYSTEM.SAV\mszone.log 16384 bytes
C:\SYSTEM.SAV\PREINCHK.log 4096 bytes
C:\SYSTEM.SAV\REBOOT.ME 48 bytes
C:\SYSTEM.SAV\REGFLUSH.LOG 4096 bytes
C:\SYSTEM.SAV\RmDev.log 20480 bytes
C:\SYSTEM.SAV\SYSINFO.LOG 294912 bytes
C:\SYSTEM.SAV\SysInfo.US 294912 bytes
C:\SYSTEM.SAV\UTIL
C:\SYSTEM.SAV\UTIL\BOOTSEC.NT4 512 bytes
C:\SYSTEM.SAV\UTIL\BrandIt.Log 20480 bytes
C:\SYSTEM.SAV\UTIL\CHKIMAGE.exe 126976 bytes
C:\SYSTEM.SAV\UTIL\CIA.CDC 69632 bytes
C:\SYSTEM.SAV\UTIL\CIA.INI 81920 bytes
C:\SYSTEM.SAV\UTIL\cpqci.dll 122880 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.exe 118784 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.tmp 168 bytes
C:\SYSTEM.SAV\UTIL\DelDir.exe 36864 bytes
C:\SYSTEM.SAV\UTIL\delmodem.ini 184 bytes
C:\SYSTEM.SAV\UTIL\DELMPLNK.bat 88 bytes
C:\SYSTEM.SAV\UTIL\DELMPLNK.js 480 bytes
C:\SYSTEM.SAV\UTIL\DETECTOS.INI 408 bytes
C:\SYSTEM.SAV\UTIL\DNSP1.LOG 16384 bytes
C:\SYSTEM.SAV\UTIL\EISDTICON.log 32 bytes
C:\SYSTEM.SAV\UTIL\EVENTDEL.VBS 208 bytes
C:\SYSTEM.SAV\UTIL\FB_EIS.log 32 bytes
C:\SYSTEM.SAV\UTIL\hpqnt.dll 77824 bytes
C:\SYSTEM.SAV\UTIL\INSTALL.LOG 368640 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\mscu.log 168 bytes
C:\SYSTEM.SAV\UTIL\PININST.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\PININST.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\PININST.LOG 4096 bytes
C:\SYSTEM.SAV\UTIL\POSTOOBE.LOG 24 bytes
C:\SYSTEM.SAV\UTIL\postproc.ini 536 bytes
C:\SYSTEM.SAV\UTIL\powerset.log 88 bytes
C:\SYSTEM.SAV\UTIL\PREINCHK.BAT 216 bytes
C:\SYSTEM.SAV\UTIL\PREINFO.INI 200 bytes
C:\SYSTEM.SAV\UTIL\PREINFO2.EXE 86016 bytes
C:\SYSTEM.SAV\UTIL\qlb.log 176 bytes
C:\SYSTEM.SAV\UTIL\random.ini 40 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.EXE 106496 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.INI 560 bytes
C:\SYSTEM.SAV\UTIL\sedinst.log 168 bytes
C:\SYSTEM.SAV\UTIL\STRTMENU.EXE 24576 bytes
C:\SYSTEM.SAV\UTIL\SWSET_B.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\ticrdbus.log 32 bytes
C:\SYSTEM.SAV\UTIL\touchpad.log 192 bytes
C:\SYSTEM.SAV\UTIL\WINdvd.log 168 bytes
C:\SYSTEM.SAV\UTIL\wlassistant.log 176 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 60

********************************************************************

Completion time: 07-04-10 9:50:44
C:\ComboFix2.txt ... 07-03-26 12:01

________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 9:52:32 AM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Deborah\Desktop\Computer resources\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Title: Computer randomly shutsdown
Post by: guestolo on April 19, 2007, 10:39:33 AM

Hi again Beck, I just seen you online and realized I forgot all about your log
I'm still trying to catch up on logs since my vacation

Can I have you do the following please
Navigate to this folder, C:\Avenger
Delete that folder please

Let's remove some more files with avenger, I just want to make sure we have backups of only them
LOG off any other users on the computer except for yourself

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
Make sure you include "Folders to delete:"
=============================================================
[color=\"#0000FF\"]
Folders to delete:
C:\Program Files\pedevice

files to delete:
C:\xsxqdxkh.exe
C:\laqquruw.exe
C:\igcqdm.exe
C:\caign.exe
C:\qaliew.exe
C:\avhbtqbc.exe
C:\wdigv.exe
C:\tqex.exe
C:\rjayw.exe
C:\ywcbxykm.exe
C:\WINDOWS\system32\29-03-16.dat
C:\WINDOWS\system32\28-03-08.dat
C:\WINDOWS\system32\23-03-10.dat
C:\WINDOWS\system32\23-03-09.dat
C:\WINDOWS\system32\23-03-08.dat
C:\WINDOWS\system32\22-03-20.dat
C:\WINDOWS\system32\22-03-15.dat
C:\WINDOWS\system32\22-03-14.dat
C:\WINDOWS\system32\22-03-12.dat
C:\WINDOWS\system32\22-03-08.dat
C:\WINDOWS\system32\21-03-10.dat
C:\WINDOWS\system32\21-03-01.dat
C:\WINDOWS\system32\20-03-22.dat
C:\WINDOWS\system32\20-03-16.dat
C:\WINDOWS\system32\20-03-14.dat
C:\WINDOWS\system32\20-03-12.dat
C:\WINDOWS\system32\20-03-11.dat
C:\WINDOWS\system32\20-03-10.dat
C:\WINDOWS\system32\20-03-09.dat
C:\WINDOWS\system32\20-03-03.dat
C:\WINDOWS\system32\19-03-20.dat
C:\WINDOWS\system32\19-03-13.dat
C:\WINDOWS\system32\18-03-12.dat
C:\WINDOWS\system32\17-03-11.dat
C:\WINDOWS\system32\16-03-14.dat
C:\WINDOWS\system32\16-03-12.dat
C:\WINDOWS\system32\14-03-14.dat
C:\WINDOWS\system32\14-03-12.dat
C:\WINDOWS\system32\14-03-11.dat
C:\WINDOWS\system32\14-03-10.dat
C:\WINDOWS\system32\14-03-09.dat
C:\WINDOWS\system32\14-03-08.dat
C:\WINDOWS\system324-03-18.dat
C:\WINDOWS\system324-03-12.dat
C:\WINDOWS\system324-03-03.dat
C:\WINDOWS\system324-03-02.dat
C:\WINDOWS\system322-03-17.dat
C:\WINDOWS\system32\26-02-12.dat
C:\WINDOWS\system32\24-02-12.dat
C:\WINDOWS\system32\16-02-20.dat
C:\WINDOWS\system32\12-02-18.dat
C:\WINDOWS\system326-02-13.dat
C:\WINDOWS\system325-02-19.dat
C:\WINDOWS\system324-02-18.dat
C:\WINDOWS\system324-02-13.dat
C:\WINDOWS\system323-02-17.dat
C:\WINDOWS\system321-02-12.dat
C:\WINDOWS\system321-02-11.dat
C:\WINDOWS\system321-02-00.dat
C:\WINDOWS\system32\31-01-19.dat
C:\WINDOWS\system32\31-01-12.dat
C:\WINDOWS\system32\30-01-19.dat
C:\WINDOWS\system32\21-01-13.dat
C:\WINDOWS\system32\20-01-21.dat
C:\WINDOWS\system32\19-01-23.dat
C:\WINDOWS\system32\19-01-21.dat
C:\WINDOWS\system32\18-01-17.dat
C:\WINDOWS\system32\18-01-13.dat
C:\WINDOWS\system32\17-01-20.dat
C:\WINDOWS\system32\17-01-18.dat
C:\WINDOWS\system32\16-01-01.dat
C:\WINDOWS\system32\15-01-20.dat
C:\WINDOWS\system32\15-01-14.dat
C:\WINDOWS\system32\14-01-19.dat
C:\WINDOWS\system32\14-01-01.dat
C:\WINDOWS\system32\14-01-00.dat
C:\WINDOWS\system32\13-01-23.dat
C:\WINDOWS\system32\13-01-12.dat
C:\WINDOWS\system32\12-01-10.dat
C:\WINDOWS\system32\11-01-12.dat
C:\WINDOWS\system32\10-01-09.dat

[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt

* Under "Script file to execute" choose"Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
* Answer "Yes" twice when prompted.

Avenger should now Reboot your computer

Back in Windows, can you post the new log from Avenger
C:\Avenger.txt and also a fresh hijackthis log

Could you also run combofix one last time and post it's fresh log

NOTE: leave the new Avenger folder be for now, it contains are backups of what we just removed
Let me know of any problems, if any

Title: Computer randomly shutsdown
Post by: guestolo on June 09, 2007, 04:36:28 PM

Problems appear resolved, I'll lock this topic