Start Dreck Log need help! HJT log posted

Greetings I read a post somewhere .

They suggested using Start Dreck.
does it look ok.

Also here are some of the other things I did this week.
I ran Scandisk yesterday.
And some of these other programs within the last few days
Norton Disc doctor. Norm
Norton Win Doctor. Norm
Spybot norm
Ad_Aware norm
norton Virus Scan Norm
AVG Norm
Tweak Now Reg Cleaner Norm
Clean up Cleaned
CWShredder Cleaned
EZ_trust Virus Scan Norm
Panda Scan Norm
Hijack this the newer version. every thing was norm except for myposi can't remember the rest *I removed that entry*
everything else seemed fine.
Oh and I also installed a nice program called
IEspyad
http://www.bleepingcomputer.com/forums/index.php?showtutorial=53#intro



Here is the Start Dreck log


StartDreck (build 2.1.7 public stable) - 2004-09-20 @ 22:39:55 (GMT -05:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Owner at HP

»Registry
»Run Keys
»Current User
»Run
*IncrediMail=C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe
*MSMSGS= "C:\Program Files\Messenger\msmsgs.exe" /background
»RunOnce
»Default User
»Run
»RunOnce
*SRUUninstall= "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
»Local Machine
»Run
*hpsysdrv=c:\windows\system\hpsysdrv.exe
*KBD=C:\HP\KBD\KBD.EXE
*Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
*IgfxTray=C:\WINDOWS\System32\igfxtray.exe
*HotKeysCmds=C:\WINDOWS\System32\hkcmd.exe
*PrinTray=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
*Lexmark X84-X85 Button Manager=C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
*Lexmark X84-X85 Button Monitor=C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
*AVG_CC=C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
*AcctMgr=C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
*ccApp= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
*URLLSTCK.exe=C:\Program Files\Norton Internet Security\UrlLstCk.exe
*DownloadAccelerator=C:\PROGRA~1\DAP\DAP.EXE /STARTUP
*PS2=C:\WINDOWS\system32\ps2.exe
*nwiz=nwiz.exe /install
*NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
*VetTray=C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
*KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
*Bart Station=C:\Program Files\ISP50\hta\station.sbrt
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile= "%1" %*
+.com
*comfile= "%1" %*
+.disabled
*SpybotSD.DisabledFile= "C:\Program Files\Spybot - Search & Destroy\blindman.exe" %1
+.exe
*exefile= "%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*htmlfile= "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile= "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile= "%1" %*
+.reg
*regfile=regedit.exe "%1 "
+.scr
*scrfile= "%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*PeoplePC.FixedBandBHO.1/{3DE88907-3E38-11D4-BEB2-CBE76C0598DD}
`InprocServer32=C:\Program Files\ISP50\bin\BandObject.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
*Nisbho.CNisExtBho.1/{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
`InprocServer32=C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
*PeoplePC.Toolbar.1/{A8FB8EB3-183B-4598-924D-86F0E5E37085}
`InprocServer32=C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar2.dll
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
*C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
*C:\WINDOWS\system32\drivers\etc\hosts
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+572=\SystemRoot\System32\smss.exe
+628=<unkown>
+708=\??\C:\WINDOWS\system32\winlogon.exe
+752=C:\WINDOWS\system32\services.exe
+764=C:\WINDOWS\system32\lsass.exe
+908=C:\WINDOWS\system32\svchost.exe
+1008=<unkown>
+1064=C:\WINDOWS\System32\svchost.exe
+1204=<unkown>
+1236=<unkown>
+1396=C:\WINDOWS\system32\spoolsv.exe
+1632=C:\WINDOWS\Explorer.EXE
+1792=C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
+1820=C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
+1840=C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
+1872=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
+1912=C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
+1968=C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
+156=C:\windows\system\hpsysdrv.exe
+200=C:\HP\KBD\KBD.EXE
+188=C:\WINDOWS\System32\nvsvc32.exe
+248=C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
+420=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
+444=C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
+476=C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
+544=C:\Program Files\Grisoft\AVG6\avgcc32.exe
+552=C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
+728=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
+964=C:\PROGRA~1\DAP\DAP.EXE
+1156=C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
+1200=C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
+1312=C:\Program Files\ISP50\bin\bartshel.exe
+1492=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
+1552=C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
+1756=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
+1520=C:\PROGRA~1\ISP50\bin\ppshared.exe
+2084=C:\WINDOWS\system32\fxssvc.exe
+2296=C:\WINDOWS\webshots.scr
+2328=C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
+3368=<unkown>
+4088=C:\Program Files\Norton SystemWorks\Norton Utilities\ndd32.exe
+1600=D:\Start.exe
+2292=D:\Start.exe
+1356=D:\Start.exe
+3964=D:\Start.exe
+1976=C:\DOCUME~1\Owner\LOCALS~1\Temp\~e5d141.tmp
+3420=D:\Start.exe
+3924=C:\PROGRA~1\INCRED~1\bin\IMApp.exe
+1332=C:\PROGRA~1\INCRED~1\bin\IncMail.exe
+3952=C:\Program Files\Internet Explorer\iexplore.exe
+1372=C:\Program Files\Internet Explorer\iexplore.exe
+604=C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
+3080=C:\Program Files\Messenger\msmsgs.exe
+2972=C:\Program Files\start Dreck\StartDreck.exe
»NT Services
*IPv6 Helper Service 6to4 running auto
*Alerter Alerter - disabled
*Application Layer Gateway Service ALG running on demand
*Application Management AppMgmt - on demand
*Windows Audio AudioSrv running auto
*AVG6 Service AvgServ running auto
*Background Intelligent Transfer Service BITS - on demand
*Computer Browser Browser running auto
*CA ISafe CAISafe running auto
*Symantec Event Manager ccEvtMgr running auto
*Symantec Network Proxy ccProxy running auto
*Symantec Password Validation ccPwdSvc - on demand
*Symantec Settings Manager ccSetMgr running auto
*Indexing Service cisvc - on demand
*ClipBook ClipSrv - disabled
*COM+ System Application COMSysApp - on demand
*Cryptographic Services CryptSvc running auto
*DCOM Server Process Launcher DcomLaunch running auto
*DHCP Client Dhcp running auto
*Logical Disk Manager Administrative Service dmadmin - on demand
*Logical Disk Manager dmserver - on demand
*DNS Client Dnscache running auto
*Error Reporting Service ERSvc running auto
*Event Log Eventlog running auto
*COM+ Event System EventSystem running on demand
*Fast User Switching Compatibility FastUserSwitchingCom - on demand
*Fax Fax stopping... auto
*Help and Support helpsvc running auto
*Human Interface Device Access HidServ - disabled
*HTTP SSL HTTPFilter - on demand
*IMAPI CD-Burning COM Service ImapiService - on demand
*Server lanmanserver running auto
*Workstation lanmanworkstation running auto
*TCP/IP NetBIOS Helper LmHosts running auto
*Messenger Messenger - disabled
*NetMeeting Remote Desktop Sharing mnmsrvc - on demand
*Distributed Transaction Coordinator MSDTC - on demand
*Windows Installer MSIServer - on demand
*Norton AntiVirus Auto Protect Service navapsvc running auto
*Network DDE NetDDE - disabled
*Network DDE DSDM NetDDEdsdm - disabled
*Net Logon Netlogon - on demand
*Network Connections Netman running on demand
*Network Location Awareness (NLA) Nla running on demand
*Norton Unerase Protection NProtectService running auto
*NT LM Security Support Provider NtLmSsp - on demand
*Removable Storage NtmsSvc - on demand
*NVIDIA Display Driver Service NVSvc running auto
*SAP Agent NwSapAgent running auto
*Plug and Play PlugPlay running auto
*IPSEC Services PolicyAgent running auto
*Protected Storage ProtectedStorage running auto
*Remote Access Auto Connection Manager RasAuto - disabled
*Remote Access Connection Manager RasMan running on demand
*Remote Desktop Help Session Manager RDSessMgr - on demand
*Routing and Remote Access RemoteAccess - disabled
*Remote Procedure Call (RPC) Locator RpcLocator - on demand
*Remote Procedure Call (RPC) RpcSs running auto
*QoS RSVP RSVP - on demand
*Security Accounts Manager SamSs running auto
*SAVScan SAVScan running auto
*ScriptBlocking Service SBService - auto
*Smart Card SCardSvr - on demand
*Task Scheduler Schedule running auto
*Secondary Logon seclogon running auto
*System Event Notification SENS running auto
*Windows Firewall/Internet Connection Sharing (I SharedAccess running auto
`CS)
*Shell Hardware Detection ShellHWDetection running auto
*Symantec Network Drivers Service SNDSrvc running auto
*Speed Disk service Speed Disk service running auto
*Print Spooler Spooler running auto
*System Restore Service srservice running auto
*SSDP Discovery Service SSDPSRV running on demand
*Windows Image Acquisition (WIA) stisvc - on demand
*MS Software Shadow Copy Provider SwPrv - on demand
*Symantec Core LC Symantec Core LC running auto
*SymWMI Service SymWSC running auto
*Performance Logs and Alerts SysmonLog - on demand
*Telephony TapiSrv running on demand
*Terminal Services TermService running on demand
*Themes Themes running auto
*Distributed Link Tracking Client TrkWks running auto
*Universal Plug and Play Device Host upnphost - on demand
*Uninterruptible Power Supply UPS - on demand
*VET Message Service VETMSGNT running auto
*Volume Shadow Copy VSS - on demand
*Windows Time W32Time running auto
*WebClient WebClient running auto
*Windows Management Instrumentation winmgmt running auto
*Portable Media Serial Number Service WmdmPmSN - on demand
*WMI Performance Adapter WmiApSrv - on demand
*Security Center wscsvc running auto
*Automatic Updates wuauserv running auto
*Wireless Zero Configuration WZCSVC running auto
*Network Provisioning Service xmlprov - on demand
»Application specific




Thanks Vera

 

Really nothing was happening.
Just been hit by java byte over and over and not sure where it is coming from.

Nothing started happening until after I posted the above message I was just trying to cover all basis.

I also have this file in temp folder I think is infected nav3843.tmp I can't delete it nor can norton or EZ AV not even spybot or Ad_aware.
I've even tried safe mode didn't work.


*Something started last night every once in a while the computer restarts it's self .
We do not have to be doing the same thing for this to occur.

Just to be safe I ran Hijackthis log is below.
Nothing really looks wrong but *But maybe I am missing something*

Logfile of HijackThis v1.98.2
Scan saved at 3:42:05 PM, on 9/22/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Vera assorted\programs\hack this **** fool\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: ccApp.lnk = C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED493F74-F85B-4B19-890D-4C23D6E86DD5}: NameServer = 216.176.128.20 216.176.128.12



Thanks so much

Vera

 

Ok while scanning my post above the first one.
I saw this?

my system has been rebooting.
So it does appear to be infected ?

Going to look at the rest of it.

»RunOnce
*SRUUninstall= "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

I do not want to delete it unless I know for sure it's the culprit.
I'm sure it is but am scared to make changes not knowing what I am doing.
That's why I cam here.
Hope someone has help
Thanks again
Vera

 

You should not have 2 antivirus programs running at the same time. That alone can cause conflicts, and render either/both useless sometimes. I recommend disabling one of them and just keep it updated as a backup scanner. Scan again with HijackThis, close all other windows and fix the following entries.

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe

Reboot and search the drive for and delete all instances of the following files and folder.

powerreg scheduler.exe
powerreg schedulerv2.exe
powerregschedulerv3.exe
powerreg<<<<<Program Files folder

Install Move-on-Boot (<<<direct download). Once installed, you will have a new right click menu item on files (not folders), to delete on the next boot. Use it to mark the stubborn temp file for deletion and reboot.

I also recommend you scan your PC with RAV. Check the box to autoclean. If any files are infected and uncleanable, click the report button then copy and paste it here.

 

So far I did everything except for
deleting
powerreg scheduler.exe
powerreg schedulerv2.exe
powerregschedulerv3.exe
powerreg
and running rav


When I did a search I did not find those files.
But did find
backup-20040922-181011-306-PowerReg Scheduler V3
PowerRegister Folder
PowerReg dat file C:\Documents and Settings\Owner\Application Data\Leadertech\PowerRegister
PowerReg dat file
C:\WINDOWS

POWERREG SCHEDULER V3.EXE-1C669182.pf
C:\WINDOWS\Prefetch
"I think this looks like a double extension? "


Going to finish downloading Rav (Thank you both you've been great)

 

Rav is no longer avilable for full system scans.

They only offer online single file scans.

Does anyone know if it's ok for someone to share a old copy with me?

Thanks

Vera

 

RAV is an online scanner, and will scan the entire drive. Click where it says to continue without subscribing and wait for the reference files to load, then click scan my PC. Delete the files named PowerReg and PowerReg Scheduler, and EVERYTHING in the prefetch folder.

 

Thanks I did try to scan.
but it only allows you now to scan a file at a time.
Not the whole system.

When I click c drive it ask me to open it
I have to actually click on an individual file to scan it.

I'm going to check out housecall.
I also found Rav download online somewhere.
not sure if it works but worth a try.
think it's a trial but better a trial then nothing at all.


Here is the scan link. I even tried just clicking scan but it won't allow it.
you must find one file and one file only to scan.
Ah bugger LOL!
http://www.ravantivirus.com/scan/indexn.php

You can no longer even buy/download the program
http://www.ravantivirus.com/pages/regform.php?id=10

Vera

 

Try the link I provided for RAV. You will see the following on that page.

Use the link to continue without subscribing.

You could also try Panda Scan.

 

http://www.ravantivirus.com/scan/
In case you can't find the link again.

Johanna

 

Hi Proudmoms...

1) Click on the RAV link you already mentioned => http://www.ravantivirus.com/scan/indexn.php
2) Once the page loads and the ActiveX control installs check the "Status" window. When it says "Ready" you must click on the "Scan My PC" button at the top to start the actual full computer scan.

I just tested it and it does work.

 

maybe the settings in my IE are off.

I turned on all the active X things but nothing would popup.


I clicked the scan without subscribing.
get sent to a page that says browse and to the right is another button that says scan now. I don't see a scan computer.


Anyway I did get the program found it somewhere else online and did a scan on my system once after I upated it and once again after I ran a second update.
*IT shows my system is clean*
I am also not noticing the computer rebooting all the time.
thanks to your tip above.
It's still acting weird by programs crashing on and off all the time.
for instance say IE crashes or anyother program I click the box to report the error that works.
But when I go to click the link for possible issues.
I have to restart the computer because that box stops responding.
Clicking alt control delete does not even help because the report box isn't showing up in the current task.

I've defraged, ran clean disk and ran norton utilities nothing really appears to be wrong.
And we have more then 50% of the hard drive left.

 

Hi Proudmoms...

You are going to => http://www.ravantivirus.com/scan/indexn.php. Try going to => http://www.ravantivirus.com/scan/indexie.php. Notice the difference in URLS...indexn.php and indexie.php

The page you will see when going to the "indexie.php" page will look like...