« previous next »
Pages: [1] 2

Author Topic: Need some help - my PC is shutting down  (Read 1515 times)

Offline Bokaj

  • Newbie
  • *
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Need some help - my PC is shutting down
« on: June 11, 2008, 06:07:30 AM »
Hi!

My PC is shutting down all the time. It says it has a critical error and will close
within 60 seconds. It happens a lot. And also my Windows Security Center is
sending all these messages. See my attached images.

After a crash the Windows Security Center asks me to use Ultimate Fixer, but when
I press install - nothing happens.

It all happened after I went into a site that required some sort of QT codec/ application
to view its content. So I installed it - and from that point my PC has been extremely
unstable. I don't think it's a virus, but more of a registry fault or something...
But then again, I'm no Tech Guru...

It would be really great if some of you guys could take a look at the enclosed images
and send me a tip or two on how to get my system back on track.

Thanks for your time,

Bokaj
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Need some help - my PC is shutting down
« Reply #1 on: June 11, 2008, 08:34:56 AM »
Hi Bokaj,

Can you do the following for me please
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Bokaj

  • Newbie
  • *
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Need some help - my PC is shutting down
« Reply #2 on: June 11, 2008, 02:47:11 PM »
Hi Guestolo!

Thank you for the help!

Here's my HJT log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:32, on 11.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\Norton AntiVirus\OPScan.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O20 - Winlogon Notify: kblcmchw - C:\WINDOWS\SYSTEM32\kblcmchw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8907 bytes

--------
That's it.

Best regard's
Bokaj.


[quote name=\'guestolo\' post=\'431138\' date=\'Jun 11 2008, 02:34 PM\']Hi Bokaj,

Can you do the following for me please
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important![/quote]
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Need some help - my PC is shutting down
« Reply #3 on: June 11, 2008, 04:17:48 PM »
Can you do the following
If you have previously downloaded ComboFix, I need you to delete your copy and download the latest

Download this file - Combofix.exe and save it ONLY to your desktop

Don't run it yet
Physically disconnect the internet cable connection to your computer
Temporarily disable your AntiVirus software

Double click on ComboFix.exe to run the program

Follow the prompts
normally this fix takes anywhere from 10 to 30 minutes
After reboot
 ComboFix will run again, then continue to create a log, this can take a few minutes
Let it run uninterrupted please
I'll need to see this log later

Note:
[color=\"#4169E1\"]Do not mouseclick combofix's window while it's running. That may cause it to stall[/color]

After ComboFix runs, and after it's log opens
Connect Internet cable, if you have no Internet connection
Simply reboot your computer
By default, the location of the combofix log is located at this location
C:\combofix.txt

Post back the log from ComboFix and a Fresh hijiackthis log please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Bokaj

  • Newbie
  • *
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Need some help - my PC is shutting down
« Reply #4 on: June 12, 2008, 06:30:37 AM »
Hi again Guestolo! Thank you for the help!

I've done the ComboFix scan, here's the log:

ComboFix 08-06-10.5 - Bruker 2008-06-12 13:23:48.2 - NTFSx86
Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Gjest\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\kblcmchw.dll

.
(((((((((((((((((((((((((   Files Created from 2008-05-12 to 2008-06-12  )))))))))))))))))))))))))))))))
.

2008-06-12 03:04 . 2008-06-12 03:04   127   --a------   C:\WINDOWS\system32\MRT.INI
2008-06-12 03:01 . 2008-06-12 03:02   1,374   --a------   C:\WINDOWS\imsins.BAK
2008-06-11 10:20 . 2008-04-14 17:54   272,256   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:20 . 2008-04-14 17:54   272,256   ---------   C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 12:20 . 2008-06-10 12:20   <DIR>   d--------   C:\Programfiler\OKI driver
2008-06-10 11:42 . 2008-06-10 11:42   1,090,560   --a------   C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-04 00:47 . 2008-06-12 13:20   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-04 00:47 . 2008-06-04 00:47   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-01 13:06 . 2008-06-12 12:35   <DIR>   dr-h-----   C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25 . 2008-06-01 13:04   <DIR>   d--------   C:\Programfiler\Free FLV Converter
2008-06-01 12:25 . 2007-06-19 01:22   364,544   --a------   C:\WINDOWS\system32\PropertyGrid.ocx
2008-06-01 12:25 . 2008-05-15 11:30   208,896   --a------   C:\WINDOWS\system32\TubeFinder.exe
2008-06-01 12:25 . 2005-10-13 15:42   208,500   --a------   C:\WINDOWS\system32\ReyXpBasics.tlb
2008-06-01 12:25 . 1998-07-13 01:00   141,312   --a------   C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-01 12:25 . 2000-10-01 21:00   119,568   --a------   C:\WINDOWS\system32\VB6FR.DLL
2008-06-01 12:25 . 2000-07-15 07:00   101,888   --a------   C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-01 12:25 . 2004-03-09 02:00   84,512   --a------   C:\WINDOWS\system32\PICCLP32.OCX
2008-06-01 12:25 . 1998-07-12 21:00   32,768   --a------   C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-01 12:25 . 2005-09-28 03:31   24,576   --a------   C:\WINDOWS\system32\ControlSubX.ocx
2008-06-01 12:25 . 1998-07-13 02:00   9,728   --a------   C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-01 12:24 . 2008-06-01 12:24   5,164,815   --a------   C:\Programfiler\Setup_FreeFlvConverterN.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 01:10   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 09:30   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 20:46   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 21:19   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-08 12:28   202,752   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28   202,752   ------w   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:16   1,290,752   ----a-w   C:\WINDOWS\system32\quartz.dll
2008-05-07 05:16   1,290,752   ------w   C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-02 14:16   ---------   d-----w   C:\Programfiler\Java
2008-04-17 10:52   18,432   ------w   C:\WINDOWS\system32\dllcache\iedw.exe
2008-04-03 21:34   691,545   ----a-w   C:\WINDOWS\unins000.exe
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   621,344   ------w   C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51   166,688   ------w   C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:11   1,845,248   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-20 08:11   1,845,248   ------w   C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-21 13:43   11,768,139   ----a-w   C:\Programfiler\blender-2.45-windows.zip
2007-05-07 16:35   12,934,148   ----a-w   C:\Programfiler\quicktimealt181.exe
2007-02-27 17:20   1,230,520   ----a-w   C:\Programfiler\Install_FastSend_Plug-in_3.exe
2006-12-05 12:58   382,431   ----a-w   C:\Programfiler\MPEG_Streamclip_1[1].0.zip
2006-11-03 13:49   643,144   ----a-w   C:\Programfiler\XviD-1.1.2-01112006.exe
2006-08-10 16:06   33,462,508   ----a-w   C:\Programfiler\klmcodec156.exe
2006-03-13 14:33   31,488   ----a-w   C:\Programfiler\unins000.dat
2006-03-13 14:32   689,497   ----a-w   C:\Programfiler\unins000.exe
2006-03-13 14:27   3,971,184   ----a-w   C:\Programfiler\rminstall.exe
2005-11-28 02:48   610,831   ----a-w   C:\Programfiler\stickies.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-06-12_13.10.39.53   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 11:02:13   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-12 11:19:22   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 88267 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10 335872]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15 98304]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15 536576]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58 483328]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46 100056]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [ ]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09 118784]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]
"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38 113664]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09 348160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kblcmchw]
kblcmchw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIMJ"= pvljpg20.dll
"VIDC.PVW2"= PVWV220.dll
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\Soulseek\\slsk.exe"=
"C:\\Programfiler\\StreamCast\\Morpheus\\MorphEXE.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Programfiler\\CoreFTP\\coreftp.exe"=
"C:\\Programfiler\\stickies\\stickies.exe"=
"C:\\Programfiler\\uTorrent\\utorrent.exe"=
"C:\\Programfiler\\eMule\\eMule0.47c\\eMule0.47c\\emule.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=

R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2004-03-18 03:20]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 05:46]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 18:34:22 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"
- C:\PROGRA~1\NORTON~1\Navw32.exec/task:
"2008-06-12 08:15:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 13:27:34
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

C:\WINDOWS\system32\.5796532d\5796532d.exe [2012] 0x862D0DA0

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????7?8?0?9??????? ???B???????????????B????????

scanning hidden files ...


C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp 249856 bytes executable
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp 249856 bytes executable
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp 249856 bytes executable
C:\WINDOWS\system32\.5796532d

scan completed successfully
hidden files: 4

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\5796532d]
"ImagePath"="C:\WINDOWS\system32\.5796532d\5796532d.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\.5796532d\5796532d.core.dll
.
Completion time: 2008-06-12 13:30:44
ComboFix-quarantined-files.txt  2008-06-12 11:30:30

Pre-Run: 3,709,607,936 byte ledig
Post-Run: 3,699,453,952 byte ledig

171   --- E O F ---   2008-06-12 01:04:59


AND HERE'S THE FRESH HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:23, on 12.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O20 - Winlogon Notify: kblcmchw - kblcmchw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8689 bytes


That's it.

Thanks,
Bokaj
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Need some help - my PC is shutting down
« Reply #5 on: June 12, 2008, 07:25:53 AM »
Please do the following, I want to check on a couple files

http://www.virustotal.com/flash/index_en.html
Copy and paste the following bold line to the space next to  'Upload a File'

C:\WINDOWS\system32\.5796532d\5796532d.exe
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please, or post the link to the results window

Do the same procedure for this file name
C:\WINDOWS\system32\.5796532d\5796532d.core.dll
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Bokaj

  • Newbie
  • *
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Need some help - my PC is shutting down
« Reply #6 on: June 12, 2008, 08:31:38 AM »
Thanks for your quick reply!

Here's the permalink for C:\WINDOWS\system32\.5796532d\5796532d.exe

http://www.virustotal.com/analisis/994acbf...22b28f2bcc250ce

And the rest of text:

MD5: 6b2b5518ce11ab321cd5be83d25d0ac7
First received: 04.28.2008 02:02:51 (CET)
Date: 04.28.2008 02:02:51 (CET) [>45D]
Results: 15/32
Permalink: analisis/994acbf286634da3e22b28f2bcc250ce

Here's the other one - C:\WINDOWS\system32\.5796532d\5796532d.core.dll

Permalink: http://www.virustotal.com/analisis/c82a57b...d5a49e60074793b

And rest of the text:

MD5: b7d3d542706d6dc18f48c065ea606d74
First received: 05.30.2008 11:25:11 (CET)
Date: 05.30.2008 11:25:13 (CET) [>13D]
Results: 8/32
Permalink: analisis/c82a57b06dffc1071d5a49e60074793b


Best wishes,
Bokaj
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Need some help - my PC is shutting down
« Reply #7 on: June 12, 2008, 08:46:20 AM »
Can you do the following please

Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
      Wait for the "Done Cleaning" prompt then click OK
Exit ATF-Cleaner from the Main menu

==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work


[color=\"#0000FF\"]Driver::
5796532d
File::
C:\WINDOWS\imsins.BAK
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp
Folder::
C:\WINDOWS\system32\.5796532d
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kblcmchw]
[/color]
Save this as txtfile on your desktop
name it:
CFScript

Again, ensure Norton's software is temporarily disabled

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the  name C:\ComboFix.txt..
Can you post that log again

Afterwards you post that log
Can I have you do the following
Download Dr.Web CureIt to the desktop from this link
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Again, I suggest that you disable your AntiVirus software while this scan is running
Double click to run Dr.Web-cureit.exe from desktop
  • Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer

Please post the log from Dr. Web in a seperate reply along with a fresh hijackthis log
Let me know how things are then running  please
« Last Edit: June 12, 2008, 08:46:45 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Bokaj

  • Newbie
  • *
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Need some help - my PC is shutting down
« Reply #8 on: June 12, 2008, 09:54:45 AM »
Hi again, and thanks for instructions and help!

Here's the fresh CF log:


ComboFix 08-06-10.5 - Bruker 2008-06-12 16:45:29.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.617 [GMT 2:00]
Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bruker\Skrivebord\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp
C:\WINDOWS\imsins.BAK
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\.5796532d . . . . failed to delete

.
(((((((((((((((((((((((((   Files Created from 2008-05-12 to 2008-06-12  )))))))))))))))))))))))))))))))
.

2008-06-12 03:04 . 2008-06-12 03:04   127   --a------   C:\WINDOWS\system32\MRT.INI
2008-06-11 10:20 . 2008-04-14 17:54   272,256   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:20 . 2008-04-14 17:54   272,256   ---------   C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 12:20 . 2008-06-10 12:20   <DIR>   d--------   C:\Programfiler\OKI driver
2008-06-10 11:42 . 2008-06-10 11:42   1,090,560   --a------   C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-04 00:47 . 2008-06-12 16:54   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-04 00:47 . 2008-06-04 00:47   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-01 13:06 . 2008-06-12 16:40   <DIR>   dr-h-----   C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25 . 2008-06-01 13:04   <DIR>   d--------   C:\Programfiler\Free FLV Converter
2008-06-01 12:25 . 2007-06-19 01:22   364,544   --a------   C:\WINDOWS\system32\PropertyGrid.ocx
2008-06-01 12:25 . 2008-05-15 11:30   208,896   --a------   C:\WINDOWS\system32\TubeFinder.exe
2008-06-01 12:25 . 2005-10-13 15:42   208,500   --a------   C:\WINDOWS\system32\ReyXpBasics.tlb
2008-06-01 12:25 . 1998-07-13 01:00   141,312   --a------   C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-01 12:25 . 2000-10-01 21:00   119,568   --a------   C:\WINDOWS\system32\VB6FR.DLL
2008-06-01 12:25 . 2000-07-15 07:00   101,888   --a------   C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-01 12:25 . 2004-03-09 02:00   84,512   --a------   C:\WINDOWS\system32\PICCLP32.OCX
2008-06-01 12:25 . 1998-07-12 21:00   32,768   --a------   C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-01 12:25 . 2005-09-28 03:31   24,576   --a------   C:\WINDOWS\system32\ControlSubX.ocx
2008-06-01 12:25 . 1998-07-13 02:00   9,728   --a------   C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-01 12:24 . 2008-06-01 12:24   5,164,815   --a------   C:\Programfiler\Setup_FreeFlvConverterN.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 12:45   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 09:30   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 20:46   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 21:19   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-08 12:28   202,752   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 14:16   ---------   d-----w   C:\Programfiler\Java
2008-04-03 21:34   691,545   ----a-w   C:\WINDOWS\unins000.exe
2008-02-21 13:43   11,768,139   ----a-w   C:\Programfiler\blender-2.45-windows.zip
2007-05-07 16:35   12,934,148   ----a-w   C:\Programfiler\quicktimealt181.exe
2007-02-27 17:20   1,230,520   ----a-w   C:\Programfiler\Install_FastSend_Plug-in_3.exe
2006-12-05 12:58   382,431   ----a-w   C:\Programfiler\MPEG_Streamclip_1[1].0.zip
2006-11-03 13:49   643,144   ----a-w   C:\Programfiler\XviD-1.1.2-01112006.exe
2006-08-10 16:06   33,462,508   ----a-w   C:\Programfiler\klmcodec156.exe
2006-03-13 14:33   31,488   ----a-w   C:\Programfiler\unins000.dat
2006-03-13 14:32   689,497   ----a-w   C:\Programfiler\unins000.exe
2006-03-13 14:27   3,971,184   ----a-w   C:\Programfiler\rminstall.exe
2005-11-28 02:48   610,831   ----a-w   C:\Programfiler\stickies.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-06-12_13.10.39.53   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 11:02:13   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-12 14:51:42   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 88267 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10 335872]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15 98304]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15 536576]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58 483328]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46 100056]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [ ]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09 118784]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]
"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38 113664]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09 348160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIMJ"= pvljpg20.dll
"VIDC.PVW2"= PVWV220.dll
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\Soulseek\\slsk.exe"=
"C:\\Programfiler\\StreamCast\\Morpheus\\MorphEXE.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Programfiler\\CoreFTP\\coreftp.exe"=
"C:\\Programfiler\\stickies\\stickies.exe"=
"C:\\Programfiler\\uTorrent\\utorrent.exe"=
"C:\\Programfiler\\eMule\\eMule0.47c\\eMule0.47c\\emule.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=

R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2004-03-18 03:20]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 05:46]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 18:34:22 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Need some help - my PC is shutting down
« Reply #9 on: June 12, 2008, 10:06:56 AM »
You cut off the bottom part of that combofix log
Can you post anything below the following lines
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 18:34:22 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"

Remember, the default location of the log is at C:\ComboFix.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Bokaj

  • Newbie
  • *
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Need some help - my PC is shutting down
« Reply #10 on: June 13, 2008, 07:26:15 AM »
[quote name=\'guestolo\' post=\'431404\' date=\'Jun 12 2008, 04:06 PM\']You cut off the bottom part of that combofix log
Can you post anything below the following lines
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 18:34:22 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"

Remember, the default location of the log is at C:\ComboFix.txt[/quote]


Hi again Guestolo, sorry for my late reply.

There is actually nothing below that line in the ComboFix document. It ends there...
I followed your instructions very carefully, but perhaps I did something wrong.?

Dr.Web actually took away the ComboFix software...

This is from Dr.Web log (also see attached image from Excel):

psexesvc.exe;c:\windows;Program.PsExec.170;Moved.;
5796532d.exe;c:\windows\system32\.5796532d;Trojan.Virtumod.based.14;Urensbar.Flyttet.;
psexec.cfexe;C:\ComboFix;Program.PsExec.171;Moved.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Bruker\Skrivebord;Archive contains infected objects;Moved.;
A0021991.dll;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP52;Trojan.Virtumod.based.14;Incurable.Moved.;
A0023063.EXE;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP53;Program.PsExec.170;Moved.;
A0023132.exe;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP54;Trojan.Virtumod.based.14;Incurable.Moved.;
A0023133.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP54\A0023133.exe;Program.PsExec.171;;
A0023133.exe;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP54;Archive contains infected objects;Moved.;
PSEXESVC.EXE;C:\WINDOWS;Program.PsExec.170;Invalid path to file ;

[attachment=4578:Dr.Web_log.JPG]


AND HERE'S THE FRESH HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22, on 2008-06-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8777 bytes

Things seems to be running a little smoother. The PC hasn't crashed since you started giving me
some first aid. But according to the Dr.Web my PC is infected with some Trojans.

But there's a problem with Norton Anti Virus 2004. The Live Update won't work. I just don't give me
the latest updates. When I push Live Update, it connects to the server, and the taskbar says everything
is good, but after I close Live Update - Norton says that my virus definitions are old and not updated.
I've tried to search on Symantec's pages, but haven't found any answers. Have you ever experienced
this problem?

Best wishes,
Bokaj
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Need some help - my PC is shutting down
« Reply #11 on: June 13, 2008, 10:05:09 AM »
Can you do the following please

I want to try Combofix again
I want to ensure you have the latest version anyways
So let's redownload it

Temporarily disable your AntiVirus
Download this file - Combofix.exe and save it ONLY to your desktop

Delete CFScript.txt from desktop, we are going to recreate it

==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]KILLALL::

Driver::
5796532d

File::
C:\WINDOWS\system32\.5796532d\5796532d.exe
C:\WINDOWS\system32\.5796532d\5796532d.core.dll
Folder::
C:\WINDOWS\system32\.5796532d
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\5796532d]
[/color]
Save this as txtfile on your desktop
name it:
CFScript


Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the  name C:\ComboFix.txt..
Can you post that log again

In addition, if you need a seperate reply to post these next logs, do so please
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Bokaj

  • Newbie
  • *
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Need some help - my PC is shutting down
« Reply #12 on: June 15, 2008, 05:17:18 PM »
Hi Guestolo!

Thanks for the new advice and guidance.
Here's the log from ComboFix, it's was found inside the C:/Combofix (folder)


ComboFix 08-06-15.2 - Bruker 2008-06-15 23:45:22.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.646 [GMT 2:00]
Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bruker\Skrivebord\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\system32\.5796532d\5796532d.core.dll
C:\WINDOWS\system32\.5796532d\5796532d.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\.5796532d
C:\WINDOWS\system32\.5796532d\5796532d.Aff.config
C:\WINDOWS\system32\.5796532d\5796532d.BR.config
C:\WINDOWS\system32\.5796532d\5796532d.core.dll
C:\WINDOWS\system32\.5796532d\5796532d.GR.config
C:\WINDOWS\system32\.5796532d\5796532d.Rdr.config
C:\WINDOWS\system32\.5796532d\5796532d.ServerPlugin.config
.
---- Previous Run -------
.
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\.5796532d . . . . failed to delete

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_5796532D


(((((((((((((((((((((((((   Files Created from 2008-05-15 to 2008-06-15  )))))))))))))))))))))))))))))))
.

2008-06-12 17:19 . 2008-06-12 17:21   <DIR>   d--------   C:\Documents and Settings\Bruker\DoctorWeb
2008-06-12 03:04 . 2008-06-12 03:04   127   --a------   C:\WINDOWS\system32\MRT.INI
2008-06-11 10:20 . 2008-04-14 17:54   272,256   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:20 . 2008-04-14 17:54   272,256   ---------   C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 12:20 . 2008-06-10 12:20   <DIR>   d--------   C:\Programfiler\OKI driver
2008-06-10 11:42 . 2008-06-10 11:42   1,090,560   --a------   C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-04 00:47 . 2008-06-15 23:51   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-04 00:47 . 2008-06-04 00:47   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-01 13:06 . 2008-06-15 23:42   <DIR>   dr-h-----   C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25 . 2008-06-01 13:04   <DIR>   d--------   C:\Programfiler\Free FLV Converter
2008-06-01 12:25 . 2007-06-19 01:22   364,544   --a------   C:\WINDOWS\system32\PropertyGrid.ocx
2008-06-01 12:25 . 2008-05-15 11:30   208,896   --a------   C:\WINDOWS\system32\TubeFinder.exe
2008-06-01 12:25 . 2005-10-13 15:42   208,500   --a------   C:\WINDOWS\system32\ReyXpBasics.tlb
2008-06-01 12:25 . 1998-07-13 01:00   141,312   --a------   C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-01 12:25 . 2000-10-01 21:00   119,568   --a------   C:\WINDOWS\system32\VB6FR.DLL
2008-06-01 12:25 . 2000-07-15 07:00   101,888   --a------   C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-01 12:25 . 2004-03-09 02:00   84,512   --a------   C:\WINDOWS\system32\PICCLP32.OCX
2008-06-01 12:25 . 1998-07-12 21:00   32,768   --a------   C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-01 12:25 . 2005-09-28 03:31   24,576   --a------   C:\WINDOWS\system32\ControlSubX.ocx
2008-06-01 12:25 . 1998-07-13 02:00   9,728   --a------   C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-01 12:24 . 2008-06-01 12:24   5,164,815   --a------   C:\Programfiler\Setup_FreeFlvConverterN.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 12:45   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 09:30   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 20:46   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 21:19   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-08 12:28   202,752   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 14:16   ---------   d-----w   C:\Programfiler\Java
2008-04-03 21:34   691,545   ----a-w   C:\WINDOWS\unins000.exe
2008-02-21 13:43   11,768,139   ----a-w   C:\Programfiler\blender-2.45-windows.zip
2007-05-07 16:35   12,934,148   ----a-w   C:\Programfiler\quicktimealt181.exe
2007-02-27 17:20   1,230,520   ----a-w   C:\Programfiler\Install_FastSend_Plug-in_3.exe
2006-12-05 12:58   382,431   ----a-w   C:\Programfiler\MPEG_Streamclip_1[1].0.zip
2006-11-03 13:49   643,144   ----a-w   C:\Programfiler\XviD-1.1.2-01112006.exe
2006-08-10 16:06   33,462,508   ----a-w   C:\Programfiler\klmcodec156.exe
2006-03-13 14:33   31,488   ----a-w   C:\Programfiler\unins000.dat
2006-03-13 14:32   689,497   ----a-w   C:\Programfiler\unins000.exe
2006-03-13 14:27   3,971,184   ----a-w   C:\Programfiler\rminstall.exe
2005-11-28 02:48   610,831   ----a-w   C:\Programfiler\stickies.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-06-12_13.10.39.53   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 11:02:13   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-15 21:51:02   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28   163,328   ----a-w   C:\WINDOWS\ERDNT\subs\ERDNT.EXE
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 88267 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10 335872]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15 98304]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15 536576]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58 483328]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46 100056]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [ ]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09 118784]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]
"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38 113664]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09 348160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIMJ"= pvljpg20.dll
"VIDC.PVW2"= PVWV220.dll
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5796532d]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\Soulseek\\slsk.exe"=
"C:\\Programfiler\\StreamCast\\Morpheus\\MorphEXE.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Programfiler\\CoreFTP\\coreftp.exe"=
"C:\\Programfiler\\uTorrent\\utorrent.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
"C:\\Programfiler\\Symantec\\LiveUpdate\\LUALL.EXE"=
"C:\\Programfiler\\eMule\\eMule0.47c\\eMule0.47c\\emule.exe"=
"C:\\Programfiler\\stickies\\stickies.exe"=

R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2004-03-18 03:20]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 05:46]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 18:04:53 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"


Best regard's
Bokaj
Logged

Offline Bokaj

  • Newbie
  • *
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Need some help - my PC is shutting down
« Reply #13 on: June 15, 2008, 05:19:18 PM »
And here's the DSS log.
I only got the main.txt log, nothing called extra.txt was minimized.

Deckard's System Scanner v20071014.68
Run by Bruker on 2008-06-16 00:04:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]System Drive C: has 4.49 GiB (less than 15%) free.[/color]


-- HijackThis (run as Bruker.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04, on 2008-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Documents and Settings\Bruker\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bruker.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8637 bytes

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-15 23:48:41     53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-12 17:19:30         0 d-------- C:\Documents and Settings\Bruker\DoctorWeb
2008-06-12 12:52:40     68096 --a------ C:\WINDOWS\zip.exe
2008-06-12 12:52:40     49152 --a------ C:\WINDOWS\VFind.exe
2008-06-12 12:52:40    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-12 12:52:40    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-12 12:52:40    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-12 12:52:40     98816 --a------ C:\WINDOWS\sed.exe
2008-06-12 12:52:40     80412 --a------ C:\WINDOWS\grep.exe
2008-06-12 12:52:40     89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-10 12:20:02         0 d-------- C:\Programfiler\OKI driver
2008-06-10 11:42:28   1090560 --a------ C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-01 13:06:31         0 dr-h----- C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25:52    208896 --a------ C:\WINDOWS\system32\TubeFinder.exe <Not Verified; Koyote Soft; Tube Finder>
2008-06-01 12:25:51    101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-01 12:25:50    119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-01 12:25:50      9728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip>
2008-06-01 12:25:50    141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-01 12:25:46     32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-01 12:25:45         0 d-------- C:\Programfiler\Free FLV Converter
2008-06-01 12:24:11   5164815 --a------ C:\Programfiler\Setup_FreeFlvConverterN.exe <Not Verified; Koyote Soft; >


-- Find3M Report ---------------------------------------------------------------

2008-06-15 23:51:26         0 d-------- C:\Programfiler\Fellesfiler
2008-06-12 14:45:35         0 d-------- C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 11:30:20         0 d-------- C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 22:46:45         0 d-------- C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 23:19:03         0 d-------- C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-02 16:16:14         0 d-------- C:\Programfiler\Java
2008-04-27 16:57:51         0 d-------- C:\Documents and Settings\Bruker\Programdata\Adobe
2008-04-06 10:27:35       664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-03 23:37:53      2553 --a------ C:\WINDOWS\unins000.dat
2008-04-03 23:34:45    691545 --a------ C:\WINDOWS\unins000.exe
2008-03-31 16:28:51    387980 --a------ C:\WINDOWS\system32\perfh014.dat
2008-03-31 16:28:51     61698 --a------ C:\WINDOWS\system32\perfc014.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" []
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5796532d]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-16 00:05:07 ------------

Hope this helps.?

Thank you,
Bokaj.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Need some help - my PC is shutting down
« Reply #14 on: June 15, 2008, 05:24:10 PM »
That's looking better
Quote
But there's a problem with Norton Anti Virus 2004. The Live Update won't work. I just don't give me
the latest updates. When I push Live Update, it connects to the server, and the taskbar says everything
is good, but after I close Live Update - Norton says that my virus definitions are old and not updated.
I've tried to search on Symantec's pages, but haven't found any answers. Have you ever experienced
this problem?

Nope, never experienced it, but I don't use Norton's anymore
2 options, your version of Norton's is outdated, we can replace it with a free version of another AV that will update
Or try the following link and let me know if it resolves your problems please

http://service4.symantec.com/SUPPORT/nav.n...000030608314206
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Need some help - my PC is shutting down
« Reply #15 on: June 15, 2008, 05:30:32 PM »
Forgot about your safeboot keys being modified
Can you do the following

Download from  [color=\"#FF0000\"]> HERE <[/color] SafeBootKeyRepair.exe and save it to desktop

1. Close all programs/windows so that you have nothing open and are at your Desktop.
2. Double-click the SafeBootKeyRepair.exe file.
When finished, it shall produce a log for you.
3. Post the entire contents of C:\SafeBoot_Repair.txt in your next reply

EDIT>>If you can't download safebootkeyrepair.exe, the link appears dead
Safebootrepair should be incorporated in Combofix, but I still see one bad key
Can you do the following before you run dss.exe please
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as export.bat
ensure to use the .bat extension

Save this file on the desktop

 
Code: [Select]
regedit /e export.txt "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot"
export.txt

Double click on export.bat a text file called export.txt should open
Can you copy>paste back here the Whole contents please

Hold off on the below in red if you can't download safebootkeyrepair.exe
[color=\"#FF0000\"]In addition, can you run dss.exe again and post the new log that opens please[/color]
« Last Edit: June 15, 2008, 06:27:30 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Bokaj

  • Newbie
  • *
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Need some help - my PC is shutting down
« Reply #16 on: June 16, 2008, 03:43:41 AM »
Thanks! You are one of a kind Guestolo!

That solved the issue with Norton.

[quote name=\'guestolo\' post=\'431853\' date=\'Jun 16 2008, 12:24 AM\']That's looking better


Nope, never experienced it, but I don't use Norton's anymore
2 options, your version of Norton's is outdated, we can replace it with a free version of another AV that will update
Or try the following link and let me know if it resolves your problems please

http://service4.symantec.com/SUPPORT/nav.n...000030608314206[/quote]
Logged

Offline Bokaj

  • Newbie
  • *
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Need some help - my PC is shutting down
« Reply #17 on: June 16, 2008, 03:54:56 AM »
The link is still dead, so I made the .bat file instead, and didn't run the DSS scan.

Heres the export.txt log:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\5796532d]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\5796532d]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SYMTDI]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"


Thank you - the Jedi night of malware fighting  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

Bokaj
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Need some help - my PC is shutting down
« Reply #18 on: June 16, 2008, 03:31:59 PM »
If you have an older version of OTMoveit.exe, can you delete it

Go to START>>RUN>>copy and paste the next command below in bold

ComboFix /u

This will uninstall combofix and it's components

Do the following please
Download [color=\"blue\"]OTMoveIt2.exe[/color] by OldTimer:
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the Blue entries below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

    ================================================

    [color=\"#0000FF\"]HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\5796532d
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\5796532d
    C:\Documents and Settings\Bruker\DoctorWeb[/color]


    ======================================================
  • Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window  and choose "Paste".
  • Click the red "[color=\"red\"]MoveIt![/color]" button.
  • Close OTMoveIt when it has completed.
[color=\"red\"]Note[/color]:  If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
I'll need to see it later

But first, can I have you verify if you can boot in Safe mode please
Use ONLY the instructions I supply
Temporarily disconnect the cable to your Internet connection
First do the following

Safe Mode
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

If you can enter safe mode
Can you next do the following
Safe Mode with Networking
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the option, to run Windows in Safe Mode with Networking, then press "Enter".
  • Choose your usual account.

Shut down computer once you have verified you can enter both
Connect Internet cable>>boot back to Normal Windows

Run dss.exe again and post the fresh log

Also, please post the log from OTMoveit2
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Bokaj

  • Newbie
  • *
  • Posts: 28
  • Karma: +0/-0
    • View Profile
Need some help - my PC is shutting down
« Reply #19 on: June 16, 2008, 04:30:02 PM »
Hi again!

I could boot into both safemode and safemode with Network without any problems.

Here's the DSS log:

Deckard's System Scanner v20071014.68
Run by Bruker on 2008-06-16 23:34:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]System Drive C: has 5.92 GiB (less than 15%) free.[/color]


-- HijackThis (run as Bruker.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:34, on 2008-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Documents and Settings\Bruker\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bruker.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8758 bytes

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-10 12:20:02         0 d-------- C:\Programfiler\OKI driver
2008-06-10 11:42:28   1090560 --a------ C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-01 13:06:31         0 dr-h----- C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25:52    208896 --a------ C:\WINDOWS\system32\TubeFinder.exe <Not Verified; Koyote Soft; Tube Finder>
2008-06-01 12:25:51    101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-01 12:25:50    119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-01 12:25:50      9728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip>
2008-06-01 12:25:50    141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-01 12:25:46     32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-01 12:25:45         0 d-------- C:\Programfiler\Free FLV Converter
2008-06-01 12:24:11   5164815 --a------ C:\Programfiler\Setup_FreeFlvConverterN.exe <Not Verified; Koyote Soft; >


-- Find3M Report ---------------------------------------------------------------

2008-06-16 23:29:55         0 d-------- C:\Programfiler\Fellesfiler
2008-06-16 13:00:27         0 d-------- C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 11:30:20         0 d-------- C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 22:46:45         0 d-------- C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 23:19:03         0 d-------- C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-02 16:16:14         0 d-------- C:\Programfiler\Java
2008-04-27 16:57:51         0 d-------- C:\Documents and Settings\Bruker\Programdata\Adobe
2008-04-06 10:27:35       664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-03 23:37:53      2553 --a------ C:\WINDOWS\unins000.dat
2008-04-03 23:34:45    691545 --a------ C:\WINDOWS\unins000.exe
2008-03-31 16:28:51    387980 --a------ C:\WINDOWS\system32\perfh014.dat
2008-03-31 16:28:51     61698 --a------ C:\WINDOWS\system32\perfc014.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" []
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)




-- End of Deckard's System Scanner: finished at 2008-06-16 23:34:58 ------------

And the log from OTMoveit2:

< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\5796532d >
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\5796532d\\ deleted successfully.
< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\5796532d >
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\5796532d\\ deleted successfully.
C:\Documents and Settings\Bruker\DoctorWeb\Quarantine moved successfully.
C:\Documents and Settings\Bruker\DoctorWeb moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06162008_231904


Thanks Guestolo!

Best wishes,
Bokaj.
Logged
Pages: [1] 2
« previous next »