problems with pc, specifically, totally unexpected shut downs.

Hi, I'm Forsaken Knight, but everyone can call me F.K. for short.

Anyways, I have been having this problem for about two to three weeks at this point/day. The problem is this, my home pc unexpectidely crashes from time to time, (quite often really, since this started). I know this is a problem, cause I have left my pc on for days/months at a time, and no issues arisen from this. It does not matter how long i'm on, or what I'm doing, for my home pc to unexpectidely crash. It has even crashed at times when I am typing in my password in order to get into my home pc.

After a few of these events happening, I've decided to uncheck the option that allows your pc to automatically restart when you unexpectidely crash. I did this so I can see the blue screen of death, since it has info displayed on it when this event happens. At first, when this first started, no text was present on that blue screen, even though it was brief, I could tell this. After doing so, and reading the text that started to display, I wondered about it, cause none of it made sense.

One time, one suggestion on that blue screen was for me to disable my firewall, (which I didn't and never will). I have written down on paper what was displayed on that blue screen, but not everything. I've only written down the main things that don't show up on each occurance of this.

Sometimes, when I'm looking through my home pc for newly modified files, the crash happens. It also has happened when I play online games, (this is when it first occured). I only play one type of online game, and no, its not wow, I have niether the money, nor the time and patience needed for that game. I play mostly first person shooter games online. Now, when I attempt to play an online game, the game crashes after a short while. Sometimes, it just crashes the game, and others times, it crashes the whole pc like I've started earlier.

I have even had an internet window have an error, which it needed to shut down unexpectedly. I don't search the web to much, so I mostly go to sites which I have been to before. So I don't go to sites that are shady and could cause such problems. My home pc also has suddenly logged me off, even when I left my pc idle over night. I know this cause I was logged in when I left it, and when I checked it in the morning, it was back to the log in screen.

I have run adaware, and spybot S&D. Both searches have found the same cookies, but when I delete them, they appear soon after, like I didn't even touch them. In the spybot S&D search it has found several registry keys and registry files. I don't know how to check, and fix those registry type file, without harming my pc.

I have written down somethings that have been displayed on that blue screen as well. If anyone here wants me to post what I have comprised, please post asking just that.

Lastly, if any one can help me, thank you. This is just a major annoyance to my pc experience. There are only two people whom use this home pc, and neither me nor the other person, has done anthing major online to have caused this. So please, help me.

 

As you asked, here is what I've comprised.

Hello everyone, as requested, this is a post of what was asked of me. In addition, I will post ".exe" files that I have viewed in the task manager, with which I personally think are concerning. If you all (or any of), you could look over them and tell me which ones to look out for. Alternatively, perhaps, possibly delete, that will be quite helpful. There are still some that appear, which disappear quickly. When I write those down quick enough, I will post them here. I will also post those registry files that show up when I run spybot S&D. Those files along with the cookies that spybot find, appear to be together. I say this because once I delete the cookies only, whether using ad-aware, or spybot, they reappear. I have not deleted the registry’s which show up in the spybot search, but if any look like I should, please tell me. Thank you, and now, here is what I have compiled.

Unique parts of the text that appears on the blue screen:

Note: I have not written every word down which was on the blue screens appearance, only the main difference between all of them. If you would like me to gather that information as well, please ask for that. I will take the necessary steps, (turning off auto restart and all, and getting a paper and pencil ready), to get that information. This is a list of the main things displayed on the blue screen’s text, which my pc identifies as the problem.

1. IRQL_NOT_FOUND_OR_EQUAL
2. PAGE_FAULT_IN_NONPAGED_AREA
3. WORKER_THREAD_RETURNED_AT_BAD_IRQL

If other types of unique info appear, I will post it here.

List of ".exe" with which seem suspicious:

Note: These appear at the start of logging into my pc. If you wish for a list of ".exe" files that appear after logging on, and ones that stay on, (there are over fifty of them), please request it.

1. Fxssvc.exe
2. smss.exe
3. hpsysdrv.exe
4. LuCallBackProxy.exe
5. unit.exe "“ (note: this one has something in the front, but I was unfortunate to get it in time).
6. wmiprvse.exe
7. wuauclt.exe
8. rundll32.exe
9. reader_sl.exe
10. CFD.exe
11. hkcmd.exe
12. alg.exe
13. CCPROXY.EXE
14. NMIndexStoreSvr.exe
15. LowLight.exe
16. imapi.exe
17. TeaTimer.exe
18. YPager.exe

Note: I have seen that more that appear suspicious to me, but I have not written them down yet.

List of things that appear in the spybot search of my pc:
42 problems found (32:19)

1. Adware.Webext: kind; one entry (Registry key). Details: [SBI$EECE15D2] Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Netstat

2. BurstMedia: kind; one entry (Cookie). Details: (SBI $4CDCC3D5) tracking cookie (Internet Explorer: Orion) Internet Explorer (Orion): Cookie: orion@burstnet.com/()

3. CasaleMedia: kind; one entry (Cookie). Details: (SBI$4CDCC3D5) Tracking cookie (Internet Explorer: Orion) Internet Explorer (Orion): Cookie: orion@casalemedia.com/()

4. DoubleClick: kind; one entry (Cookie). Details: (SBI$4CDCC3D5) Tracking cookie (Internet Explorer: Orion) Internet Explorer (Orion): Cookie: orion@doubleclick.net/()

5. FastClick: kind; one entry (Cookie). Details: (SBI$4CDCC3D5) Tracking cookie (Internet Explorer: Orion) Internet explorer (Orion: Cookie: orion@fastclick.net/()

6. MediaPlex: kind; one entry (Cookie). Details: (SBI$4CDCC3D5) Tracking cookie (Internet Explorer: Orion) Internet Explorer (Orion). Cookie: orion@apmebf.com/()

7. Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: kind; one entry (Registry Change). Details: (SBI $5509538C) Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify

8. Microsoft.WindowsSecurityCenter.AntiVirusOverride: kind one entry (Registry Change). Details: (SBI$3604910C) Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

9. Microsoft.WindowsSecurityCenter.FirewellDisableNotify: kind; one entry (Registry Change). Details: (SBI $8CFC8C85) Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify

10. Worldsecurityonline.FakeAlert: four entries (first two are registry values, and the other two are registry keys). Details:
1. (SBI$F01653D0) Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\(8d8c2387-7180-4022-9be6-… (the rest cannot be seen)
2. (SBI$29DE6D9E) Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\carbinyl
3. (SBI$9177AA62 Class ID HKEY_CLASSES_ROOT\CLSID\(8d8c2387-7180-4022-9be6-43630a969558)
4. (SBI $5F3B3515)Uninstall settings HKEY_LOCAL)MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup

There is also one called "WildTangent," which appears in spybots’ search. That entry has 29 different types. If you would like me to post that as well, please request it specifically.

There, that is all that I have gathered thus far. I would like to also ask something of any of you. How do you check what is being run in the systems idle processes, (which you can find in the task manager)?

 

Hi, F.K. Welcome to Windows BBS!

Can you recall any software or hardware installations/changes you may have made immediately before you started getting crashes?

This is a stab in the dark. If it was, by chance, "cooling unit.exe ", then you may have malware in your computer.
(http://spywarefiles.prevx.com/RRHJJG042017812/COOLING+UNIT.EXE.html)

LowLight.exe appears to be associated with Logitech webcams. No immediate cause for concern. I didn't notice anything obviously bad about the other .exe files you listed either.

I have seen WildTangent files installed into my computer when I installed Logitech mouse software in the past. If I recall correctly, I removed all WildTangent stuff (via "Add/Remove Programs" in Windows XP's' Control Panel) without negatively affecting the performance of my Logitech software/mouse. I suggest removing the WildTangent stuff via Add/Remove Programs and then restarting the computer before proceeding with my suggestions below.

I would be inclined run Spybot Search & Destroy again and have Spybot fix the problems it finds EXCEPT the ones I quoted above and then restart the computer. If I'm not mistaken, some legitimate 3rd party anti-virus and firewall programs make those "...DisableNotify" and "AntiVirusOverride" registry key settings to keep Windows from alerting you that aspects of native Windows applications have been disabled by the 3rd party applications.

I have used HijackThis to see what processes are currently running in my computer. HijackThis is also handy for finding evidence of many types of malware.

If you choose to download and run HijackThis...

Click here and scroll down to locate and download "HJTsetup.exe ".

1. Save HJTsetup.exe to your desktop.
2. Double-click on the HJTsetup.exe icon on your desktop.
   (By default it will install to C:\Program Files\Hijackthis)
3. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
4. Put a check by Create a desktop icon and then click Next again.
5. Continue to follow the rest of the prompts from there.
6. At the final dialogue box click Finish and it will launch HijackThis.
7. Click on the Do a system scan and save a log file button.
   (It will scan and the log should open in Notepad.)
8. Click on "Edit" > "Select All" to higlight the entire Notepad contents.
9. Then click on "Edit" > "Copy ".
10. Come back here to this thread and Paste the log in your next reply.
    (Right-click in the message body field and select "Paste ".)

CAUTION: DO NOT have HijackThis "fix" anything without carefully following expert guidance. Otherwise, you might render your computer unstable or even unbootable. Most of what HijackThis finds will be harmless or even required.

 

Did you copy/paste that from your Spybot log or did you type it?

I notice it says "Microsoft.WindowsSecurityCenter.FirewellDisableNotify..." which seems odd to me.

 

Hi FK,
I don't want to distract from any software problems, but in case I stop following this thread, I would just add my thoughts about the possibility of it being a hardware problem.

Has the dust been cleaned out of the case fairly recently? A lot of dust can get trapped under the fan for the CPU.

If you can "make it happen" by running games (or programs that seem to be graphics intensive), check if the graphics chip/s may be overheating. A lot of graphics have fans on the add-in card that can stop running or loose their lubrication and slow down.

Check for dust and that all the fans are spinning freely. If it seems a lot less noisy than it did originally, that is not necessarily a good sign

Varying error messages might relate to RAM. There are memory diagnostics in my signature.

Matt

 

According to CastleCops (a reputable source), it appears you may have a Smitfraud malware infection which may require expert guidance for complete removal.

I suggest you post a fresh HijackThis log into a new Removing Spyware & Viruses forum thread and include a link to this thread http://www.windowsbbs.com/showthread.php?t=69307 so the malware analysts can easily retrieve background information about your issue.

Please include details about any actions you have already performed (such as having already used Spybot to fix the problems above if you have already done so).

Please keep in mind the malware analysts are very busy so it may take some time before they can respond to your issue.

 

Quickly done, pc being very bad.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:51 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\AOL\1124821099\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124821099\ee\AOLServiceHost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t "KYE\USB Storage RW "
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124821099\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll ",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak06.pictures.aol.com/ygp/aol/plugin/upf/YGPUPF.en-US.9.2.4.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: bw+0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)
O22 - SharedTaskScheduler: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 26197 bytes

 

Hi FK

There is indeed some evidence of a zlob (smitfraud) infection. Lets do some cleanup and see if it helps. Download SmitfraudFix by S!Ri, saving it to the desktop.

• Restart the computer in Safe Mode by tapping the F8 key upon startup and selecting Safe Mode from the Advanced Startup Menu. Logon to your account.
• Double-click SmitfraudFix.exe to start the tool and press 2, then hit Enter.
• You will be prompted 'Do you want to clean the registry?' answer Y (yes) and hit Enter.
• If prompted to replace the infected wininet.dll file (if found), answer Y (yes) and hit Enter to restore a clean file.
• Reboot to normal mode when the tool completes.

Now download Deckard's System Scanner (dss.exe) and save it to your desktop.

• Close all applications and windows.
• Double click on dss.exe to run it and follow the prompts.
• When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt and the SmitfraudFix log located at C:\rapport.txt

 

a new event.

Just so everyone knows, my home pc has a new problem. I got a request from norton that is on my home pc to fix two things. One of them was to run a full system scan, and the other was to check for updates. I did not do the scan, but I did checked for updates. There was one update, and after downloading it, my pc froze. Then, every time I turn it on and log in, norton runs "LuCallBack.exe" in the background. Actually, several of them, about six. After a bit, the pc is so messed up, that it freezes and I have to shut it down. How do I disable norton, so I can fix this? In addition, one time, and this has been going on for two days now, a message appeared that stated that norton antivirus has a currupted or damaged file, how do I find this file? Of course, I will unplug and disable my modem while doing this fix, but I need to know how to turn it off in the first place.

I also got a message after the incident above happened, but not right after it happened, on the blue screen of death. It was as follows, "win32k.sys-address BF9S8CD5 BASE AT BF8000000, DATESTAMP 45F013F6 ".

Oh, and if anyone whom is keeping an eye on this thread is wondering, I'm typing this message from my school. They are loose there when it comes to this kind of stuff.

I'll check back tomarrow at sometime during the day to see if any of you members have responded.

Thanks for all your help up to this point, and I hope all of you will continue to help me in this matter.

 

Help with Norton

Hi Forsaken Knight,

This is Mike from the Norton Authorized Support team responding to your post. I'm sorry that you are experiencing a problem with the LiveUpdate feature of Norton and I want to help you resolve this issue.

Please respond back and let me know the Norton product and Version you are using.

While I am waiting for your response, it appears from your posting that your installation of Norton may have become corrupt.

Please follow the steps below to resolve this issue by completely uninstalling Norton and performing a re installation.

1. First, download and run the Norton Removal Tool, by clicking on the following link and following the instructions in the document carefully. NOTE: This tool will completely remove all Norton products from your system.

Norton Removal Tool Download and Instructions

2. After you have removed Norton, please restart your system.
3. Make sure that your internet connection is working properly, and then reinstall Norton from the original media while connected to the Internet.

I look forward to your response,

Thank you,

Mike

 

The problem just gets worse.

This is something new to these course of events with my home pc. The pc last week just stopped loading up on the intials start up. No action is shown other than the fact that you can hear the pc active. The drive's on the pc open and close when the buttons are pressed, and the light under my mouse turn on as well. The num pad, caps lock, and scroll lock lights flash once. Other than that, no response from the pc it self. All other components of my home pc appear to be working fine. If you have any idea on what I should do in order to fix this, so I can completely repair my pc, please post so. After I am able to log in again to my home pc, I will do as you all have said about the instructions I should follow towards fixing my pc for good. Oh, and to the last poster before me, I will post that info once I am able to log into my pc. That way, I can give you direct, correct, information regarding what you asked of me.

P.S.: If there is a step that I have not done so and not posted, could someone point that out.

In addition, if someone could summarize all of the steps thus far with this problem of mine, so others who will fall victom to it will know what to do when the problem arrizes, that would be helpful. Both, for me, and those that need to know what to do quickly in order not to get to the stage that I am at; and hopefully, know what to do if they are too into this problem before they get to this web site's page.

Thank you all again for your patience with my dilemma

 

Hey, its me again.

Hey, its me again. I take it not to many people are keeping track of this thread. But either way, I hope someone will help me with my problematic pc. I'm at school now, so, I check back before I leace to see if anyone has responded yet to this thread. I hope some one does though, either way.

 

I disagree. I'm just not sure what to suggest.

Have you tried booting with "Last Known Good Configuration" or booting into Safe Mode?

Instructions:

• ComputerHope.com: Getting into Windows Safe Mode.

 

Hey, its me, from my home pc.

Good news on this matter, I can log into my pc again after this week of going cold turkey on pc use. I took my pc to my school today, (I'm studying technical stuff, so I go to a technical school), and I had a friend I made there take a look at it. He replaced the power supply I had cause it had a rediculous amount of dust in it. after plugging it in, and testing it out with the basic components, the pc logged in and loaded properly. Its great to have good people as your friends. Now, I'm posting this at home.

Yay.

Anyways, so, what should I do?

With that said, I would like to ask the norton guy something. Will I be able to reinstall norton using your steps, or do I need to reinstall it from the original disk. I ask this, because if I have to do it from the original disk, I'm not sure if I can get it again. You see, I originally got it from my uncle, and he kept the CD. With that said, it may be difficult for me to get it again. So, to summarize, I'll do as you say IF I can reinstall it using that tool you specified.

I'll go and download that smitfraudfix file, and that dss.exe as well, but what else should I do? If anyone has a thought on that, or something that someone posted that I overlooked, please post it, here, thx.

 

If you have not already uninstalled Norton, and it's not giving you errors, don't uninstall it or run the cleanup tool. Just proceed with the SmitfraudFix and dss scans.

 

One worked, the other didn't.

Hey, I ran smitfraudfix, and it worked, but dss.exe kept getting the blue screen of death thing happening to it. I also ran the error checking option that you get to by getting to it through right clicking on a drive on the my computer window, and clicking on tools. I did that scan on the main drive, and back up drive I have connected, (the game drive is disconnected for me to fix the power source problem). For the main drive, I had to restart to pc. It unexpedidely did some automatic restart a few times, (like 2 to 3 times), but it finally completed all five steps. After all five were done, it quickly showed some technical stuff before restarting. I thought it was going to redo the scan another time, but windows properly loaded. Now, I'm not sure if it was done correctly, so what other steps should I do now?

Oh, and here is the reports.

report one:

SmitFraudFix v2.268

Scan done at 1:18:26.78, Sat 12/15/2007
Run from C:\Documents and Settings\Orion\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558} "= "carbinyl "

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@= "C:\WINDOWS\system32\gwquvw.dll "

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@= "C:\WINDOWS\system32\gwquvw.dll "


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7C59C934-079A-4B97-AD33-F4061DC6D889}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7C59C934-079A-4B97-AD33-F4061DC6D889}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7C59C934-079A-4B97-AD33-F4061DC6D889}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System "=" "


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

rapport of search:

SmitFraudFix v2.268

Scan done at 1:21:23.82, Sat 12/15/2007
Run from C:\Documents and Settings\Orion\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\WINDOWS\explorer.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Orion


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Orion\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Orion\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs "=" "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System "=" "


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7C59C934-079A-4B97-AD33-F4061DC6D889}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7C59C934-079A-4B97-AD33-F4061DC6D889}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7C59C934-079A-4B97-AD33-F4061DC6D889}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Can you run dss now, after running disk check? If not, create a new HijackThis log and post it here.

When your friend replaced the power supply, did he also blow the dust out of the processor heatsink, fans, etc?

 

in response to the person whom posted last.

I'm not sure if he did, but either way, I bought a can of air spray at radio shack. So hopefully, I can make sometime for it tomorrow, and clean the living (you know what), out of my pc.

As far as the dss scan, I'll try, but I'm not sure. Either way, is there a way to manually look for potential viruses? Like say a list of common, and not so common files that are strictly virus types. In addition, is there a list out there of files that are suppose to be legit files, but can become curropted by web serfing actions? I'm asking this just so I can know what to look for.

Oh, and are all virus, malware, worm, etc. files show as modified/created when you look at the contents of a drive by those arrangement settings? If that is the case, then I can have an easier time looking for them.

Oh, the last thought above sparked another question. How comes some files, folders, etc. do not always show the amount of size, or show up in a scan? I've noticed a lot of this happens. I've checked out the name of the files by looking them up using google, but it seems that they are fine with what I have installed.

Well, either way, I'll respond to the next poster, as well as post the results of dss, (if it works that is).

Also, could someone tell me any steps that people have posted that I neglected/forgot to post here? I'm still wondering if I should uninstall norton, I just un-enabled auto update, but the same file that wants to access the internet using that, still seems to be active. It does not allways ask every time I log in, but sometimes, yes. I want my pc working like it did before this problem started.

Wow, sorry, I just started typing and it came to this in no time, sorry if it is to much, but please answer as much as possible, thanks.