Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
37 Posts
Discussion Starter · #1 ·
I seem to have a problem with my os. Something may have gotten in and I don't know where to look. I have errors shutting down. Like an application has not properly ended. I have a home built. 1 gig of ram Windows XP pro SP1, 2 physical hard drives. Running updated Zone alarm firewall and avg anit-virus. Checked Adaware and spybot s&d and both came up clean. Did a complete virus check and it came up clean. Yet it seems that I can not do a system restore. Even from safe mode, what's up with this????????
 

·
Registered
Joined
·
37 Posts
Discussion Starter · #2 ·
Here is a copy of my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 8:57:54 PM, on 1/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\Macromed\Flash\GetFlash.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - d:\Program Files\iMesh Light 5\iMeshBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [BCWipeTM Startup] "D:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

·
Registered
Joined
·
11,849 Posts
It is un-advisable to install Service Pack 2 until you are sure the computer is free of infections. I would let one of our HJT experts with the little gold shield work the log file and help repair the system.

Also I would give as much of the system specs for thsi computer as possible.
 

·
Registered
Joined
·
37 Posts
Discussion Starter · #5 ·
UPDATED computor specs. 1 gig of ram Windows XP pro SP1, P4 3.0 2 physical hard drives. 2 DVD writers, C: drive is the boot drive an is configured as NTFS this is a complete drive and not partioned. Drive D: is running FAT32 (becuase I have a few older games that balk when running out of a NTFS drive) this is also not pationtioned and then I have the DVD writers that are drives E: & F: Running updated Zone alarm firewall and Avg anit-virus. Checked Adaware and spybot s&d and both came up clean. Did a complete virus check and it came up clean. I also just ran a check using www.ewido.net and it found this:

ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\John\Cookies\[email protected][2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\John\Cookies\[email protected][1].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\John\Cookies\[email protected][1].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\John\Cookies\[email protected][1].txt
Risk: Medium

Name: Adware.Relevance
Path: C:\Program Files\SearchRelevant\SearchRelevant.dll
Risk: Medium

Name: Trojan.Kolweb.a
Path: C:\Quarentine\aaaaaa0446n.sys
Risk: High

Name: Trojan.Kolweb.a
Path: C:\System Volume Information\_restore{09F6BA25-97FC-48AB-A010-598BA4F2092B}\RP459\A0081026.sys
Risk: High

Name: Trojan.Kolweb.a
Path: C:\System Volume Information\_restore{09F6BA25-97FC-48AB-A010-598BA4F2092B}\RP460\A0081197.sys
Risk: High

Name: Trojan.Kolweb.a
Path: C:\WINDOWS\0446n.sys
Risk: High

Name: Trojan.Kolweb.a
Path: C:\WINDOWS\system32\0446n.sys
Risk: High

Name: Trojan.Kolweb.a
Path: C:\WINDOWS\system32\aaaaaaaaaaawt6uzxw.exe
Risk: High

Name: Trojan.Delf.cf
Path: C:\WINDOWS\system32\nkm84.dll
Risk: High
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top