Help! My comp keeps restarting after i got hit by the msn virus, but spybot resident only stopped some of the nasties. Now my computer just restarts by itself randomly

Logfile of HijackThis v1.99.1
Scan saved at 20:42:36, on 2006/10/23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\savedump.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\htpatch.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Prevx1\PXConsole.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Prevx1\PXAgent.exe
D:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\HijackThis.exe
D:\WINDOWS\system32\wuauclt.exe

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - D:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HTpatch] D:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PrevxOne] "D:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Configuration Utility.lnk = D:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.30\WlanCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://someonecheap.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153109326311
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153111154562
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - D:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

edit: sorry i can't access safe mode either

Welcome to the forum
Are you being assisted in another forum ?
How old is your norton program ?

Discribe what happens when you try getting into safe mode ?

Post a report from preferably both of these free online scans
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
We dont need to see item's listed as "Object is locked skipped" so edit those out.
We do not need to see items reported that are in an antivirus quorantine folder.

Are you being assisted in another forum ? no
How old is your norton program ? i got norton 2003
Discribe what happens when you try getting into safe mode ? scripts start running, then i goes into a blank screen with just the text cursor thing blinking. It doesn't load from there... even after waiting for a while.

Thanks for the help, ok here goes.

After i posted i figured out that msn messenger was the root of the restarting problem, so i reinstalled it. That stopped the computer from restarting unexpectedly.
I tried the scanning but at some stage during the scan, when it got to a file called passion.exe in the system32 registry and BOTH the scans froze.
I deleted the file with spybot's shredder and reran the scan, this time both worked.

Kaspersky scanner:

Scan Statistics:
Total number of scanned objects: 102047
Number of viruses found: 42
Number of infected objects: 260 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:01:15

Infected Object Name / Virus Name / Last Action
C:\Program Files\Toolbar\nzqlihv.wzg Infected: not-a-virus:AdWare.Win32.WebSearch.ar skip
D:\Colin-program\FlashGet 1.40\fgf140.exe/WISE0018.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Colin-program\FlashGet 1.40\fgf140.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Colin-program\FlashGet 1.40\fgf140.exe WiseSFX: infected - 2 skipped
D:\Firefox Downloads\bsplayer200.937_clip.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\Firefox Downloads\bsplayer200.937_clip.exe NSIS: infected - 1 skipped
D:\Firefox Downloads\sysreset253.exe/data.rar/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
D:\Firefox Downloads\sysreset253.exe/data.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
D:\Firefox Downloads\sysreset253.exe RarSFX: infected - 2 skipped
D:\Program Files\sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
D:\WINDOWS\system32\crunner\cupdater.exe Infected: Trojan-Downloader.MSIL.Agent.c skipped
D:\WINDOWS\Temp\ASHeuristic\hotfix_exe.vir Infected: not-a-virus:AdWare.Win32.WebSearch.ax skipped

the pandascan is a little long...
Adware:adware/dollarrevenue Not disinfected Windows Registry
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Windows XP\.jpi_cache\jar\1.0\ar3.jar-724f57b4-20f503cd.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Windows XP\.jpi_cache\jar\1.0\archive.jar-2e3c00c7-6d577c68.zip[Dummy.class]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Windows XP\Application Data\eamprthceee.lib

Possible Virus. Not disinfected C:\Documents and Settings\Windows XP\Local Settings\Temp\hotfix.exe
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Windows XP\Local Settings\Temporary Internet Files\Content.IE5\4X6NK12Z\WToolsD[1].cab
Adware:Adware/WinTools Not disinfected C:\Program Files\Common Files\WinTools\WToolsD.cfg
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Toolbar\nzqlihv.wzg

sorry i just realised its too long (1.6mbs) so is there anything i can cut out or upload it somewhere?

You can edit the panda report. I dont need to see cookies or items in
C:\System Volume Information

Post whats left after editing out all lines with cookies and C:\System Volume Information please


Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

Panda scan

Adware:adware/dollarrevenue Not disinfected Windows Registry
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Windows XP\.jpi_cache\jar\1.0\ar3.jar-724f57b4-20f503cd.zip[Gummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Windows XP\.jpi_cache\jar\1.0\archive.jar-2e3c00c7-6d577c68.zip[Dummy.class]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Windows XP\Application Data\eamprthceee.lib
Possible Virus. Not disinfected C:\Documents and Settings\Windows XP\Local Settings\Temp\hotfix.exe
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Windows XP\Local Settings\Temporary Internet Files\Content.IE5\4X6NK12Z\WToolsD[1].cab
Adware:Adware/WinTools Not disinfected C:\Program Files\Common Files\WinTools\WToolsD.cfg
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Toolbar\nzqlihv.wzg
Potentially unwanted tool:Application/ErrorGuard Not disinfected C:\RECYCLER\S-1-5-21-1292428093-2111687655-682003330-1003\Dc38\setuperrorguard.exe Not disinfected D:\RECYCLER\NPROTECT\00203169.MOZ[.phg.hitbox.com/]
Adware:Adware/DeluxeComunications Not disinfected D:\WINDOWS\system32\crunner\cupdater.exe

combofix

chi - 06-11-05 16:30:23.89 Service Pack 2
ComboFix 06.10.19 - Running from: "D:\Firefox Downloads"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


D:\Documents and Settings\chi\Application Data\Dxcknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\system32\wapisvsu.exe
D:\Program Files\Common Files\misc002
D:\WINDOWS\system32\crunner


((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))


2006-10-20 20:17 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2006-10-20 18:56 18,432 --a------ D:\WINDOWS\system32\Partizan.exe
2006-10-20 18:52 25,773 --a------ D:\WINDOWS\system32\drivers\regguard.sys
2006-10-20 18:48 9,728 --a------ D:\WINDOWS\system32\drivers\pxscinst.dll
2006-10-20 18:48 7,680 --a------ D:\WINDOWS\system32\drivers\pxinst.dll
2006-10-20 18:48 7,552 --a------ D:\WINDOWS\system32\drivers\pxcom.sys
2006-10-20 18:48 266,112 --a------ D:\WINDOWS\system32\drivers\pxfsf.sys
2006-10-20 18:48 18,432 --a------ D:\WINDOWS\system32\drivers\pxtdi.sys
2006-10-20 18:48 13,568 --a------ D:\WINDOWS\system32\drivers\pxrd.sys
2006-10-20 18:48 11,648 --a------ D:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-10-20 18:48 100,864 --a------ D:\WINDOWS\system32\drivers\PxEmu.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-05 16:31 -------- d-------- D:\Program Files\Common Files
2006-11-05 16:27 -------- d-------- D:\Program Files\Prevx1
2006-11-05 14:10 8192 --ahs---- D:\Program Files\Thumbs.db
2006-11-05 12:02 -------- d-------- D:\Program Files\Mozilla Firefox
2006-11-05 11:46 -------- d-------- D:\Program Files\sysreset
2006-11-05 11:35 -------- d-------- D:\Program Files\Common Files\Symantec Shared
2006-11-04 22:52 -------- d-------- D:\Documents and Settings\chi\Application Data\Azureus
2006-11-04 16:01 -------- d-------- D:\Documents and Settings\chi\Application Data\AdobeUM
2006-11-03 17:30 -------- d-------- D:\Program Files\Norton SystemWorks
2006-11-01 23:35 30992 --a------ D:\Documents and Settings\chi\Application Data\GDIPFONTCACHEV1.DAT
2006-10-29 19:52 -------- d-------- D:\Program Files\Winamp
2006-10-29 19:51 -------- d-------- D:\Program Files\Norton AntiVirus
2006-10-29 19:49 -------- d-------- D:\Program Files\Messenger
2006-10-29 19:49 -------- d-------- D:\Program Files\KVIrc
2006-10-29 19:48 -------- d-------- D:\Program Files\Internet Explorer
2006-10-29 19:09 -------- d-------- D:\Program Files\MSN Messenger
2006-10-29 19:09 -------- d-------- D:\Program Files\Messenger Plus! Live
2006-10-28 22:42 -------- d-------- D:\Program Files\GIMP-2.0
2006-10-28 22:39 -------- d-------- D:\Program Files\Common Files\GTK
2006-10-25 18:06 -------- d-------- D:\Program Files\Common Files\Microsoft Shared
2006-10-24 01:29 -------- d-------- D:\Program Files\reanimator
2006-10-23 21:42 7504 --a------ D:\Program Files\hijackthis.log
2006-10-23 21:18 -------- d-------- D:\Documents and Settings\chi\Application Data\Prevx
2006-10-20 20:12 -------- d-------- D:\Program Files\Common Files\F?nts
2006-10-20 19:22 -------- d-------- D:\Program Files\GiPo@Utilities
2006-10-20 19:22 -------- d-------- D:\Program Files\Common Files\Gibinsoft Shared
2006-10-20 01:04 -------- d-------- D:\Program Files\MessengerPlus! 3
2006-10-14 01:14 -------- d-------- D:\Program Files\Yahoo!
2006-10-13 19:54 -------- d-------- D:\Documents and Settings\chi\Application Data\Canon
2006-09-18 19:32 196616 --a------ D:\WINDOWS\system32\SARCheck.dll
2006-09-18 17:19 -------- d-------- D:\Program Files\CIRCUS
2006-09-16 00:53 -------- d-------- D:\Documents and Settings\chi\Application Data\Macromedia
2006-09-05 23:10 -------- d-------- D:\Documents and Settings\chi\Application Data\Symantec
2006-09-05 21:12 -------- d-------- D:\Program Files\GameSpy Arcade

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="D:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"msnmsgr"="\"D:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="D:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="D:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="D:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"HTpatch"="D:\\WINDOWS\\htpatch.exe"
"SoundMan"="SOUNDMAN.EXE"
"NeroFilterCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"ccApp"="D:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="D:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"Symantec NetDriver Monitor"="D:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SunJavaUpdateSched"="D:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"WinampAgent"="D:\\Program Files\\Winamp\\winampa.exe"
"NvCplDaemon"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"PrevxOne"="\"D:\\Program Files\\Prevx1\\PXConsole.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\0]
"Operation"=dword:00000001
"Target"="\\??\\D:\\DOCUME~1\\chi\\LOCALS~1\\Temp\\nsa4.tmp\\nsProcess.dll"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\1]
"Operation"=dword:00000001
"Target"="\\??\\D:\\DOCUME~1\\chi\\LOCALS~1\\Temp\\nsa4.tmp\\"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\10]
"Operation"=dword:00000001
"Target"="\\??\\D:\\WINDOWS\\pxsetup.rf"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\11]
"Operation"=dword:00000001
"Target"="\\??\\D:\\PROGRA~1\\DELUXE~1\\DXCBHO.DLL"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\12]
"Operation"=dword:00000001
"Target"="\\??\\D:\\PROGRA~1\\DELUXE~1\\DXC.EXE"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\13]
"Operation"=dword:00000001
"Target"="D:\\PROGRA~1\\DELUXE~1\\DXCBHO.DLL"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\2]
"Operation"=dword:00000001
"Target"="\\??\\D:\\DOCUME~1\\chi\\LOCALS~1\\Temp\\~nsu.tmp\\Au_.exe"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\3]
"Operation"=dword:00000001
"Target"="\\??\\D:\\DOCUME~1\\chi\\LOCALS~1\\Temp\\nsb16.tmp\\nsProcess.dll"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\4]
"Operation"=dword:00000001
"Target"="\\??\\D:\\DOCUME~1\\chi\\LOCALS~1\\Temp\\nsb16.tmp\\"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\5]
"Operation"=dword:00000001
"Target"="\\??\\D:\\DOCUME~1\\chi\\LOCALS~1\\Temp\\nsg53.tmp\\nsProcess.dll"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\6]
"Operation"=dword:00000001
"Target"="\\??\\D:\\DOCUME~1\\chi\\LOCALS~1\\Temp\\nsg53.tmp\\"
"Source"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\7]
"Operation"=dword:00000000
"Target"="\\??\\D:\\Documents and Settings\\All Users\\Application Data\\Prevx\\pxbho.dll"
"Source"="\\??\\D:\\DOCUME~1\\chi\\LOCALS~1\\Temp\\SFXA6.tmp\\img\\system\\pxbho.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\8]
"Operation"=dword:00000000
"Target"="\\??\\D:\\Documents and Settings\\All Users\\Application Data\\Prevx\\AntiVirusWMIProvider.dll"
"Source"="\\??\\D:\\DOCUME~1\\chi\\LOCALS~1\\Temp\\SFXA6.tmp\\img\\system\\AntiVirusWMIProvider.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\9]
"Operation"=dword:00000000
"Target"="\\??\\D:\\Documents and Settings\\All Users\\Application Data\\Prevx\\AntiVirusWMIProvider.mof"
"Source"="\\??\\D:\\DOCUME~1\\chi\\LOCALS~1\\Temp\\SFXA6.tmp\\img\\system\\AntiVirusWMIProvider.mof"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Cricinfo Desktop Alerts"="\"D:\\Program Files\\Cricinfo Desktop Alerts\\Cricinfo_Desktop_alerts.exe\""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
D:\WINDOWS\tasks\Norton AntiVirus - sys scan.job
D:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
D:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-05 16:32:45.65
D:\ComboFix.txt ... 06-11-05 16:32

C:\Program Files\Common Files\WinTools < delete
C:\Program Files\Toolbar < delete
D:\Program Files\Common Files\Fonts < delete if there are no contents, if there are tell us whats there ?

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.


Windows Registry Editor Version 5.00
;
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Cricinfo Desktop Alerts"=-
;

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

"How old is your norton program ? i got norton 2003"
why Norton supports such old programs with update's ive no idea.
I suggest you replace it with another antivirus program.

How is it going Cheapo

This topic is closed due to lack of a response. :scratch:

If you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.