PDA

View Full Version : Is my Computer Toast???



sweetonesissy
2008-03-03, 04:46
I have huge problems... First when I logon it pops a window that says:

A potential problem has been detected and windows has been shut down buggy aplicaton to prevent damage to your computer.
**** wxyz.sys-address f73120ae base at c00000, date stamp 36b072a3
kernal debugger using:com2 (port 0x28f, buad rate 192000)

Also it has a big red X on my c drive like it's disabled.

My spybot detects things and says it's removed them but they always are there when I run it again.

I have files that seem to be self replicating

I have 4 rar files that I can not delete.
My internet is a mess if I can even gt on it... It take me to oher sites... has a ton of pop-up and closes by itself!

ANY HELP WOULD BE GREAT!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:38 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\X2FF\xde30921.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\freescan\freescan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [8c274202a462] C:\WINDOWS\System32\basesrv6.exe
O4 - HKLM\..\Run: [Visual Element Fx] C:\Documents and Settings\All Users\Application Data\X2FF\xde30921.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [BM5fa484fb] Rundll32.exe "C:\WINDOWS\system32\noojtvta.dll",s
O4 - HKLM\..\Run: [5c97b767] rundll32.exe "C:\WINDOWS\system32\sgkviely.dll",b
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.5.48/aces/aces-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/applet-8.0.8.30/freebingo/freebingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-8.0.6.49/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-8.0.8.30/vbjack2/vbjack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-8.0.5.48/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-8.0.7.27/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.0.23/applet/canasta/canasta-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-8.0.8.30/chess2/chess2-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-8.0.8.30/cribbage/cribbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-8.0.8.30/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-8.0.9.33/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-8.0.8.30/superbingo/superbingo-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-8.0.7.27/harvest/harvest-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-8.0.5.48/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.6.49/fancy/fancy-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-8.0.7.27/jigsaw/jigsaw-en_US.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.6.49/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-8.0.6.49/mahjong2/mahjong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.5.48/shoes/shoes-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.com/applet-8.0.6.59/allin/allin-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.5.48/penguins/penguins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-8.0.9.33/waterwheel/waterwheel-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-8.0.6.59/pinochle/pinochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-8.0.5.48/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-8.0.7.27/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-8.0.8.30/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.5.48/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-8.0.8.30/squares/squares-en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-8.0.5.48/slots/scifi-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.8.30/puck/puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.8.30/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-8.0.6.49/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-8.0.7.27/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-8.0.5.48/sweeper/sweeper-en_US.cab
O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vto_x.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.8.30/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-8.0.9.41/tumbee2/tumbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.8.30/turbo22/turbo22-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.6.49/memories/memories-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.7.27/wordsearch/wordsearch-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-8.0.6.59/whackdown/whackdown-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.8.30/worldclass/worldclass-en_US.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093736745688
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133570109984
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab53083.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://games.pogo.com/online2/pogo/diner_dash/DinerDash.1.0.0.80.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirusKit SE\AVKSVC.exe (file missing)
O23 - Service: AVK Monitor (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirusKit SE\AVKWCTL.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 14092 bytes

Shaba
2008-03-04, 16:15
Hi sweetonesissy

Rename HijackThis.exe to sweetonesissy.exe and post back a fresh HijackThis log, please :)

sweetonesissy
2008-03-05, 04:12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:48 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\Sweetonesissy.exe

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {2CD6EA70-788B-4622-880C-CA94CD8536FE} - C:\Program Files\InstallShield Installation Information\viduluqu89104.dll
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - blank (file missing)
O2 - BHO: {071ffedc-241c-4f1a-cca4-0e62cd1dddf2} - {2fddd1dc-26e0-4acc-a1f4-c142cdeff170} - C:\WINDOWS\system32\qcqwtkbm.dll
O2 - BHO: (no name) - {327A1F49-024C-4035-B98A-77B8B232FB7D} - C:\WINDOWS\system32\jkkli.dll (file missing)
O2 - BHO: (no name) - {45C2A50F-8F4A-496E-AF02-D0207525BF5A} - C:\WINDOWS\system32\khfgefe.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6069EFC2-0503-0189-0217-5E00CECBDBCD} - C:\WINDOWS\system32\xudp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fsnswydk.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D652C869-2D1B-4177-A131-D9675E64CB40} - C:\WINDOWS\system32\mljgh.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [8c274202a462] C:\WINDOWS\System32\basesrv6.exe
O4 - HKLM\..\Run: [Visual Element Fx] C:\Documents and Settings\All Users\Application Data\X2FF\xde30921.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [BM5fa484fb] Rundll32.exe "C:\WINDOWS\system32\noojtvta.dll",s
O4 - HKLM\..\Run: [5c97b767] rundll32.exe "C:\WINDOWS\system32\sgkviely.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.5.48/aces/aces-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game1.pogo.com/applet-8.0.8.30/freebingo/freebingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-8.0.6.49/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-8.0.8.30/vbjack2/vbjack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-8.0.5.48/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-8.0.7.27/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.0.23/applet/canasta/canasta-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-8.0.8.30/chess2/chess2-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-8.0.8.30/cribbage/cribbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-8.0.8.30/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-8.0.9.33/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-8.0.8.30/superbingo/superbingo-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-8.0.7.27/harvest/harvest-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-8.0.5.48/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-8.0.6.49/fancy/fancy-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-8.0.7.27/jigsaw/jigsaw-en_US.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.6.49/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-8.0.6.49/mahjong2/mahjong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.5.48/shoes/shoes-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game1.pogo.com/applet-8.0.6.59/allin/allin-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-8.0.5.48/penguins/penguins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-8.0.9.33/waterwheel/waterwheel-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-8.0.6.59/pinochle/pinochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-8.0.5.48/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-8.0.7.27/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-8.0.8.30/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.5.48/hotstreak/hotstreak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-8.0.8.30/squares/squares-en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-8.0.5.48/slots/scifi-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-8.0.8.30/puck/puck-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.8.30/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-8.0.6.49/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-8.0.7.27/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-8.0.5.48/sweeper/sweeper-en_US.cab
O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vto_x.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-8.0.8.30/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-8.0.9.41/tumbee2/tumbee2-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.8.30/turbo22/turbo22-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.6.49/memories/memories-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.7.27/wordsearch/wordsearch-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-8.0.6.59/whackdown/whackdown-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.8.30/worldclass/worldclass-en_US.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093736745688
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133570109984
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab53083.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://games.pogo.com/online2/pogo/diner_dash/DinerDash.1.0.0.80.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: fsnswydk - C:\WINDOWS\SYSTEM32\fsnswydk.dll
O20 - Winlogon Notify: khfgefe - C:\WINDOWS\SYSTEM32\khfgefe.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirusKit SE\AVKSVC.exe (file missing)
O23 - Service: AVK Monitor (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirusKit SE\AVKWCTL.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsushita Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 15541 bytes

Thanks so much for taking the time to help me!

Shaba
2008-03-05, 12:10
Hi

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report

sweetonesissy
2008-03-06, 15:34
Shaba I downloaded the combofix as instructed and then when I tried to run it a window popped up saying it did not know what program to use to run it. I tried that several times and then finally I figured I must have done something wrong and so I tried to delete it. It would not delete so I did a system restore to the "last known good configuration" and now my computer will not get past the boot screen when I restart it. It says "NTLDR is missing" and to hit cntl+alt+del to restart but that's what happens everytime! Now I can't even use that computer to communicate with you until I get that cleared up. Any help would be great!

Thanks,
Sweetonesissy

Shaba
2008-03-06, 15:49
Hi

Well already according to this I thought that you have some great troubles:

"
A potential problem has been detected and windows has been shut down buggy aplicaton to prevent damage to your computer.
**** wxyz.sys-address f73120ae base at c00000, date stamp 36b072a3
kernal debugger using:com2 (port 0x28f, buad rate 192000)"

See here (http://www.computerhope.com/issues/ch000465.htm)

And try this first:

Corrupt NTLDR and/or NTDETECT.COM file, Windows XP users

Let me know if it helped.

sweetonesissy
2008-03-06, 17:39
Shaba-
Will doing this cause me to lose any of my data?

Shaba
2008-03-06, 17:44
Hi

No, that step shouldn't do that.

But it depends on what is actually wrong there; chances are that you may end up to reformatting (if the case is Seriously corrupted version of Windows 2000 or Windows XP, hopefully not).

sweetonesissy
2008-03-06, 22:02
OK- I'm praying that when I get home tonight and boot up w/ the CD that all goes well. Can you tell me what program I will use to run the combofix? Or if there is something else I should be doing first?

Thanks!
Sweetonesissy

Shaba
2008-03-07, 11:32
Hi

Don't run combofix if you able to get your computer working normally again; I'll give you then further instructions.

sweetonesissy
2008-03-10, 16:08
Next Problem...

I do not know my password for the recovery console. I tried my normal password for everything and it doesn't work. Next I tried every other password I thought it could be - still all were invalid. I do not even remember ever setting up a password for recovery. Is there anything I can do now?

Thanks,
Sweetonesissy

Shaba
2008-03-10, 17:19
Hi

Well I think then the best option would be to take it store for repair, unfortunately.

Shaba
2008-03-15, 12:17
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.