Author Topic: Need some help here... (Read 1089 times)

BigMike12345 · « **on:** November 13, 2006, 06:34:16 PM »

Trying to fix my girlfriend's computer, its been having alot of problems with errors, and displaying much larger than normal Quick-Launch Icons (regardless of whether display for them is set to large or small), and frequent errors with svchost.exe, which seem to cause the system to stall and cause a restart. Any help would be much appreciated! HJT Log below...

Logfile of HijackThis v1.99.1
Scan saved at 5:24:16 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN\MSN Connection Center\MSNCC\msncc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN\MSN Connection Center\MSNCC\WA\MSNAccel.exe
C:\Program Files\Trillian\trillian.exe
C:\DOCUME~1\Ameerah\LOCALS~1\Temp\Rar$EX00.000\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Google Desktop] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSN Connection Center\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSN Connection Center\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSN Connection Center\MSNCC\WA\getoriginal.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28A63C39-B506-4584-8527-FE23578032CD}: NameServer = 209.244.0.3 209.244.0.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

guestolo · « **Reply #1 on:** November 13, 2006, 07:20:29 PM »

Hi BigMike
Having more than one AntiVirus running on the computer can cause system instabilities
Either disable one entirely from running on startup
OR, Uninstall one or the other completely

Reboot the computer afterwards

Back in Windows
Can you do the following
Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from combofix please

Also, you saved Hijackthis to a temp folder, which is not a good location
Download Hijackthis from my signature below
SAVE it to your desktop

Double click on hijackthis_sfx.exe on desktop
Click the UNZIP button>>OK the prompt
This will self extract to C:\Program Files\HijackThis
Delete hijackthis_sfx.exe from desktop

Go to START>>RUN
Copy>>paste the following to the open field, then hit OK
%systemdrive%\Program Files\HijackThis
This will open the Hijackthis folder
RIGHT CLICK on Hijackthis.exe and select SEND TO>>Desktop (create shortcut)
You can now run Hijackthis.exe from the new shortcut placed on your desktop

Double click to run Hijackthis.exe
Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here

BigMike12345 · « **Reply #2 on:** November 13, 2006, 08:40:44 PM »

ComboFix Log below:

Ameerah - 06-11-13 19:23:32.37 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Ameerah\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-13 to 2006-11-13 ))))))))))))))))))))))))))))))))))

2006-10-29 15:37 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-29 15:37 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-28 13:50 33,792 -ra------ C:\WINDOWS\NPSExec.exe
2006-10-17 16:00 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2006-10-17 16:00 188,960 --a------ C:\WINDOWS\system32\WINGDE.DLL

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-13 19:20 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-13 19:17 -------- d-------- C:\Program Files\Trillian
2006-11-13 19:09 -------- d-------- C:\Program Files\Common Files
2006-11-13 18:58 -------- d-------- C:\Program Files\~Program Installers~
2006-11-10 19:39 -------- d-------- C:\Program Files\Word Search Deluxe
2006-11-10 00:33 -------- d-------- C:\Program Files\PCFriendly
2006-11-08 15:33 -------- d-------- C:\Program Files\Delicious Deluxe
2006-11-08 07:34 -------- d-------- C:\Program Files\Google
2006-11-08 07:21 -------- d-------- C:\Program Files\Family Feud
2006-11-04 21:29 -------- d-------- C:\Program Files\Egg vs. Chicken
2006-11-04 21:27 -------- d-------- C:\Program Files\Book Bind
2006-11-04 20:57 -------- d-------- C:\Program Files\Garfield Goes to Pieces
2006-11-02 15:30 -------- d-------- C:\Program Files\Jigsaw365
2006-11-01 17:51 -------- d-------- C:\Program Files\Inspector Parker
2006-11-01 14:48 -------- d-------- C:\Program Files\Puppy Luv
2006-10-29 20:38 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-29 15:36 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\PC Tools
2006-10-29 15:34 -------- d-------- C:\Program Files\Knowledge Adventure
2006-10-29 00:10 -------- d-------- C:\Program Files\MsnMusic
2006-10-28 23:38 -------- d-------- C:\Program Files\Windows Media Player
2006-10-28 14:25 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-28 13:50 -------- d-------- C:\Program Files\Electronic Arts
2006-10-28 13:48 -------- d-------- C:\Program Files\Maxis
2006-10-25 16:36 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\Skype
2006-10-25 15:58 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\Google
2006-10-25 15:57 -------- d-------- C:\Program Files\Open Contacts
2006-10-25 15:53 -------- d-------- C:\Program Files\WinAmp Control
2006-10-25 15:52 -------- d-------- C:\Program Files\Google Desktop Open Contacts Plug-in
2006-10-22 18:16 -------- d-------- C:\Program Files\Roller Rush
2006-10-18 17:44 -------- d-------- C:\Program Files\Common Files\Sandlot Shared
2006-10-18 17:35 -------- d-------- C:\Program Files\Teddy Factory
2006-10-18 09:32 -------- d-------- C:\Program Files\Saints And Sinners Bingo
2006-10-17 22:30 -------- d-------- C:\Program Files\Drop Em Deluxe
2006-10-16 14:49 -------- d-------- C:\Program Files\Zoo Vet
2006-10-16 05:33 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\Boomzap
2006-10-16 02:01 -------- d-------- C:\Program Files\Jig Words
2006-10-16 00:22 -------- d-------- C:\Program Files\Fish Tycoon
2006-10-15 15:24 -------- d-------- C:\Program Files\Bistro Stars
2006-10-15 15:24 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\ThwartPoker Software
2006-10-15 14:36 -------- d-------- C:\Program Files\Flip or Flop
2006-10-12 20:19 -------- d-------- C:\Program Files\Professor Fizzwizzle
2006-10-12 19:50 -------- d-------- C:\Program Files\~Games~
2006-10-11 02:25 -------- d-------- C:\Program Files\Family Feud Hollywood
2006-10-11 02:11 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\Mind Control Software
2006-10-08 16:05 -------- d-------- C:\Program Files\directx
2006-10-08 16:04 -------- d-------- C:\Program Files\ValuSoft
2006-10-07 21:19 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\PlayFirst
2006-10-07 16:38 -------- d---s---- C:\Documents and Settings\Ameerah\Application Data\Microsoft
2006-10-07 14:14 -------- d-------- C:\Program Files\ThwartPoker
2006-10-07 14:13 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\MSNInstaller
2006-10-07 14:12 -------- d-------- C:\Program Files\Totem Treasure
2006-10-06 22:59 -------- d-------- C:\Program Files\Cookie Chef
2006-10-06 21:59 -------- d-------- C:\Program Files\City Magnate
2006-10-06 20:43 -------- d-------- C:\Program Files\Spellagories
2006-10-06 20:31 -------- d-------- C:\Program Files\Snowy Puzzle Islands
2006-10-06 20:30 -------- d-------- C:\Program Files\Word Whomp To Go
2006-10-06 20:28 -------- d-------- C:\Program Files\Shroomz
2006-10-06 20:24 -------- d-------- C:\Program Files\Dropheads
2006-10-06 20:18 -------- d-------- C:\Program Files\Hamster Blocks
2006-10-06 20:15 -------- d-------- C:\Program Files\Snowy The Bears Adventure
2006-10-06 20:12 -------- d-------- C:\Program Files\Fruit Lockers
2006-10-06 20:11 -------- d-------- C:\Program Files\Puzzle Word
2006-10-06 20:09 -------- d-------- C:\Program Files\Varmintz Deluxe
2006-10-06 17:37 -------- d-------- C:\Program Files\Hammer Heads Deluxe
2006-10-05 22:12 -------- d-------- C:\Program Files\Magic Lanterns
2006-10-05 22:10 -------- d-------- C:\Program Files\Digby's Donuts
2006-10-05 04:50 -------- d-------- C:\Program Files\Super Collapse
2006-10-05 04:09 -------- d-------- C:\Program Files\Virble
2006-10-05 04:06 -------- d-------- C:\Program Files\Telltale Texas Hold'Em
2006-10-05 04:06 -------- d-------- C:\Program Files\Hamsterball
2006-10-05 00:11 -------- d-------- C:\Program Files\Slingo Casino Pak
2006-10-04 23:03 -------- d-------- C:\Program Files\Pat Sajak's Lucky Letters
2006-10-04 23:01 -------- d-------- C:\Program Files\Super Spongebob Collapse
2006-10-04 22:58 -------- d-------- C:\Program Files\Trivia Machine
2006-10-04 22:57 -------- d-------- C:\Program Files\Lemonade Tycoon
2006-10-04 19:11 -------- d-------- C:\Program Files\Granny In Paradise
2006-10-04 17:07 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\EA
2006-10-04 17:05 -------- d-------- C:\Program Files\Casino Island To Go
2006-10-04 14:50 -------- d-------- C:\Program Files\HangStan
2006-10-04 05:32 -------- d-------- C:\Program Files\Funky Farm
2006-10-03 23:02 -------- d-------- C:\Program Files\Ballistik
2006-10-03 21:08 -------- d-------- C:\Program Files\Cake Mania
2006-10-03 21:07 -------- d-------- C:\Program Files\Betty's Beer Bar
2006-10-03 21:06 -------- d-------- C:\Program Files\Shopmania
2006-10-03 21:05 -------- d-------- C:\Program Files\Pizza Frenzy
2006-10-03 21:04 -------- d-------- C:\Program Files\Snowy Lunch Rush
2006-10-03 20:55 -------- d-------- C:\Program Files\Diner Dash
2006-10-03 20:32 -------- d-------- C:\Program Files\Diner Dash 2
2006-10-03 07:09 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\iWin
2006-10-03 06:11 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\Macromedia
2006-10-02 17:17 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-02 17:17 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\Help
2006-10-01 21:15 -------- d-------- C:\Program Files\BitComet
2006-10-01 19:07 -------- d-------- C:\Program Files\ReflexiveArcade
2006-09-30 23:18 -------- d-------- C:\Program Files\Sierra
2006-09-30 23:12 -------- d-------- C:\Program Files\Sierra On-Line
2006-09-30 22:55 -------- d-------- C:\Program Files\Power Mp3 Cutter(Mp3 Sound Cutter)
2006-09-30 22:48 -------- d-------- C:\Program Files\~ISO Files~
2006-09-30 22:46 -------- d-------- C:\Program Files\DVDFab Decrypter
2006-09-30 13:58 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\Hewlett-Packard
2006-09-30 13:53 82380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2006-09-30 13:53 -------- d-------- C:\Program Files\Hewlett-Packard
2006-09-30 13:52 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\Share-to-Web Upload Folder
2006-09-30 13:44 -------- d-------- C:\Program Files\Cosmopolitan
2006-09-30 13:41 -------- d-------- C:\Program Files\Intel
2006-09-29 22:21 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\Roxio
2006-09-27 06:28 -------- d-------- C:\Program Files\Winamp
2006-09-23 22:24 -------- d-------- C:\Program Files\FreeByte
2006-09-23 22:20 -------- d-------- C:\Program Files\FLVPlayer
2006-09-23 21:24 -------- d-------- C:\Program Files\NJStar Communicator
2006-09-23 19:25 -------- d-------- C:\Program Files\InterActual
2006-09-20 19:25 -------- d-------- C:\Program Files\MSN
2006-09-20 17:48 -------- d-------- C:\Program Files\Common Files\Roxio Shared
2006-09-20 17:46 -------- d-------- C:\Program Files\Common Files\System
2006-09-19 22:42 -------- d-------- C:\Program Files\Fashion Cents
2006-09-19 14:52 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-19 14:42 -------- d-------- C:\Program Files\Microsoft Office
2006-09-17 18:33 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-17 18:33 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-17 18:31 -------- d-------- C:\Program Files\Microsoft Works
2006-09-17 18:31 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-17 18:31 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-17 18:11 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\AdobeUM
2006-09-17 17:43 -------- d-------- C:\Documents and Settings\Ameerah\Application Data\Adobe
2006-09-13 19:03 -------- d-------- C:\Program Files\Skype
2006-09-07 13:27 0 -rahs---- C:\MSDOS.SYS
2006-09-07 13:27 0 -rahs---- C:\IO.SYS
2006-09-07 13:27 0 --a------ C:\CONFIG.SYS
2006-09-07 13:27 0 --a------ C:\AUTOEXEC.BAT
2006-09-07 06:59 62 --ahs---- C:\Documents and Settings\Ameerah\Application Data\desktop.ini

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Google Desktop"="C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"VTTrayp"=" VTtrayp.exe"
"VTTimer"="VTTimer.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"SoundMan"="SOUNDMAN.EXE"
"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~2\\AdvTools\\ADVCHK.EXE"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=" msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-13 19:25: 06.75
C:\ComboFix.txt ... 06-11-13 19:25

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:34:58 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\MSN\MSN Connection Center\MSNCC\msncc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN\MSN Connection Center\MSNCC\WA\MSNAccel.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http= 127.0.0.1:9022
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Google Desktop] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSN Connection Center\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSN Connection Center\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSN Connection Center\MSNCC\WA\getoriginal.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28A63C39-B506-4584-8527-FE23578032CD}: NameServer = 209.244.0.3 209.244.0.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

There ya go! hope it helps.

guestolo · « **Reply #3 on:** November 14, 2006, 12:09:39 AM »

Sorry for the delay
Are you still getting error messages?

Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

BigMike12345 · « **Reply #4 on:** November 14, 2006, 01:19:50 AM »

Still having errors...

Ad-Aware SE Personal
Adobe Reader 7.0.8
Adobe Shockwave Player
Ahead Nero Burning ROM
Ballistik
Betty's Beer Bar
Bistro Stars
BitComet 0.70
BitTorrent 3.4.2
Book Bind
Cake Mania
Casino Island To Go
CDisplay 1.8
City Magnate
Cookie Chef
Cosmopolitan Virtual Makeover 3
Cypress USB Mass Storage Driver Installation
Delicious Deluxe
Digby's Donuts
Diner Dash
Diner Dash 2
Drop Em Deluxe
Dropheads
DVD Shrink 3.2
DVDFab Decrypter 2.9.7.7
Egg vs. Chicken
Family Feud
Family Feud Hollywood
Fashion Cents 1.5.1
Fish Tycoon
Flip or Flop
FLV Player 1.3.3
Fruit Lockers
Funky Farm
Garfield Goes to Pieces
Google Desktop
Google Desktop Open Contacts Plug-in v1.2
Google Desktop Plugin - gdSkype
Google Desktop Plugin - GoogleCalendar
Google Desktop Plugin - Hatena Bookmark
Google Desktop Plugin - kCalendar
Google Desktop Plugin - MM_Memo
Google Desktop Todo Plugin
Google Earth
Granny In Paradise
Hammer Heads Deluxe
Hamster Blocks
Hamsterball
Hello Kitty Cutie World
HijackThis 1.99.1
HJ-Split 2.2
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Cameras
IndeoÂ® software
Inspector Parker
InterActual Player
Jig Words
Jigsaw365
JumpStart 1st Grade v1.5
JumpStart Around the World - Preschool
JumpStart Preschool 2001
K-Lite Mega Codec Pack 1.50
Lemonade Tycoon
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Magic Lanterns
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Mozilla Firefox (1.5.0.8 )
MSN
MSN Connection Center
MSN Music Assistant
Network Play System (Patching)
NJStar Communicator
NJStar Japanese Word Processor
Norton AntiVirus 2003 Professional Edition
Open Contacts v3.5.2
Pat Sajak's Lucky Letters
PCFriendly
PGA2000 (Demo)
Pizza Frenzy
Power Mp3 Cutter(Mp3 Sound Cutter) 1.40
PowerDVD
Professor Fizzwizzle
Puppy Luv
Puzzle Word
Realtek AC'97 Audio
Roller Rush
Roxio Easy Media Creator 7
Saints And Sinners Bingo
Sandlot Games Client Services
Sesame Street Elmo's Art Workshop
Shopmania
Shroomz
Skype 2.5
Slingo Casino Pak
Snowy Lunch Rush
Snowy Puzzle Islands
Snowy The Bears Adventure
Spellagories
Spin & Play
Spy Sweeper
Spybot - Search & Destroy 1.4
Spyware Doctor 4.0
Super Collapse
Super Spongebob Collapse
SureThing CD Labeler 4 SE
Teddy Factory
Telltale Texas Hold Em
The Sims House Party
ThwartPoker
Totem Treasure
Trillian
Trivia Machine
TuneUp Utilities 2006
USB Storage Adapter FX (SM1)
Varmintz Deluxe
VIA/S3G Display Driver
Virble
Winamp (remove only)
WinAmp Control for Google Desktop 1.3
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Word Search Deluxe
Word Whomp To Go
World of Warcraft
Zoo Vet

There's the uninstall List

guestolo · « **Reply #5 on:** November 14, 2006, 01:26:35 AM »

The next time you get an error message, can you Post back the Exact Error message please

Also, You have both SpywareDoctor and SpySweeper installed
Can you try and use just One of there realtime protections
You don't need to uninstall one or the other, just disable the protections

BigMike12345 · « **Reply #6 on:** November 14, 2006, 01:59:00 AM »

The exception unknown software exception (0xc0000409) occured in the application at location 0x5b86a3c0. Is the exact Message she's been getting for awhile now. Haven't been able to find anything on that anywhere =/

guestolo · « **Reply #7 on:** November 14, 2006, 02:13:02 AM »

That error could be a result of a few things
Can you try the following
Go to the following link
http://www.microsoft.com/technet/security/...n/MS06-040.mspx

Download the Update corresponding to your Operating System
Apply the update
Reboot if prompted
Any help?

TheTechGuide Forum

News:

Author Topic: Need some help here... (Read 1089 times)

BigMike12345

Need some help here...

guestolo

Need some help here...

BigMike12345

Need some help here...

guestolo

Need some help here...

BigMike12345

Need some help here...

guestolo

Need some help here...

BigMike12345

Need some help here...

guestolo

Need some help here...