pc give warning beeps then shut down when encoding movies

  1. 03-09-2006  #1
    deli_screech
    deli_screech is offline Newbie

    Re: Dal Online Hardware Scan Help

    Sorry for any inconvienence caused but this is my first time on any forum. I am having a problem with encoding movies because my pc gives me warning beeps then shut down. I have read the thread where some one else had the problems and I have done the recomended scans and saved the logs but not sure how to post.

  3. 03-09-2006  #2
    deli_screech
    deli_screech is offline Newbie
    Sorry again folks but as I said before am a newbie. My pc keep shutting down when I'm encoding movies so these are the scan results the uninstall list -Zip 4.42
    Ad-aware 6 Professional
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 7.0.8
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    Athlon 64 Processor Driver
    CloneDVD2
    DVD Decrypter (Remove Only)
    DVD Identifier
    DVD Shrink 3.2
    DVDFab Decrypter 2.9.8.5 Beta4
    ewido anti-spyware 4.0
    Google Toolbar for Internet Explorer
    GTK+ 2.8.18-1 runtime environment
    High Definition Audio Driver Package - KB888111
    HijackThis 1.99.1
    ImgBurn (Remove Only)
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    KProbe 2.5.2
    LimeWire PRO 4.10.3
    LiveUpdate 2.0 (Symantec Corporation)
    Macromedia Flash Player 8
    MSN Music Assistant
    Nero 7 Premium
    NVIDIA Drivers
    PowerDVD
    PrimoDVD (English)
    Realtek High Definition Audio Driver
    Roxio Easy Media Creator 8 Content
    Roxio Easy Media Creator 8 Suite
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    SureThing CD Labeler 3.1 Primera Edition
    Symantec AntiVirus
    Ulead Data-Add 2.0
    Ulead DVD MovieFactory 3.5 Suite
    Ulead PhotoImpact 10 ESD
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Windows Installer 3.1 (KB893803)
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Encoder 9 Series
    Windows Media Encoder 9 Series
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Yahoo! Install Manager
    Yahoo! Messenger
    Yahoo! Toolbar for Internet Explorer

    next the ewido scan report
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 4:10:50 AM 9/3/2006

    + Scan result:



    C:\Documents and Settings\Charles\Desktop\zwco4000.exe -> Adware.Zango : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@cnetasiapacific.1 22.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Charles\Local Settings\Temp\Cookies\charles@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Charles\Local Settings\Temp\Cookies\charles@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@adtech[1].txt -> TrackingCookie.Adtech : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Charles\Local Settings\Temp\Cookies\charles@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@com[1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Charles\Local Settings\Temp\Cookies\charles@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@ehg-linksys.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@data2.perf.overtu re[1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\Charles\Local Settings\Temp\Cookies\charles@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\Charles\Local Settings\Temp\Cookies\charles@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Charles\Local Settings\Temp\Cookies\charles@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@trafic[1].txt -> TrackingCookie.Trafic : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@statse.webtrendsl ive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Charles\Cookies\charles@zedo[2].txt -> TrackingCookie.Zedo : No action taken.


    ::Report end

    and the hijack this log file ckThis v1.99.1
    Scan saved at 451 AM, on 9/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Documents and Settings\Charles\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=ZillaPopupKiller:8100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe Your help is highly appreciated
  4. 06-09-2006  #3
    Neal
    Neal is offline Dedicated Member
    Hi,

    If it was me I would uninstall Limewire.


    Let's do a couple scans but this may need attention from the XPHelp forum as it may not be a malware issue.



    To clean your temp folder, recycle bin, etc..please download this free tool:

    CCleaner

    Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
    It will put a shortcut on your Desktop.

    Before first use:
    Select Options then Advanced.
    UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

    Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.


    Then Reboot (Exit)




    Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

    When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

    And post a new HJT log also..
  5. 07-09-2006  #4
    deli_screech
    deli_screech is offline Newbie
    this is tBitDefender Online Scanner



    Scan report generated at: Thu, Sep 07, 2006 - 10:49:32





    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;







    Statistics

    Time
    0129

    Files
    780221

    Folders
    9106

    Boot Sectors
    10

    Archives
    18281

    Packed Files
    61601




    Results

    Identified Viruses
    0

    Infected Files
    0

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    0




    Engines Info

    Virus Definitions
    453067

    Engine build
    AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

    Scan plugins
    13

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1




    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions


    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes




    Scanned File
    Status

    No virus found.



    this is the hjt scan results



    Logfile of HijackThis v1.99.1
    Scan saved at 10:58:15 AM, on 9/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.ex e
    C:\Documents and Settings\Charles\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=ZillaPopupKiller:8100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe








    he Bitdefender online scan
  6. 07-09-2006  #5
    Neal
    Neal is offline Dedicated Member
    Hi,


    You need to delete this from Ewido scan:

    C:\Documents and Settings\Charles\Desktop\zwco4000.exe -> Adware.Zango : No action taken.

    Or run Ewido again and quarantine everything found per the instructions.


    Run hijackthis and click on scan button and put a check next to this:

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


    Nothing open but hijackthis and click on fix checked.


    Delete this file useing search function

    ALCMTR.EXE

    Reboot and let's do one more scan before you go to the XPHelp section of this forum.



    Download Silent runners.Vbs post the log it creates please
    http://www.silentrunners.org/sr_scriptuse.html click yes to the suplimentry searchs
    Wait until there is a All Done message !!, Then open and post the log next to it.
    Your antivirus script protection might interfear or alert, please allow it to run after a bit box will say done.
  7. 07-09-2006  #6
    deli_screech
    deli_screech is offline Newbie
    This is the silent runners scr"Silent Runners.vbs", revision 47, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
    "USIUDF_Eject_Monitor" = "C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe" ["Ulead Systems"]
    "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
    "High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" [file not found]
    "!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Windows Live Sign-in Helper"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Helper"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
    -> {HKLM...CLSID} = "Display Panning CPL Extension"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {HKLM...CLSID} = "DesktopContext Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {HKLM...CLSID} = "NVIDIA CPL Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {HKLM...CLSID} = "Desktop Explorer"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {HKLM...CLSID} = "nView Desktop Context Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {HKLM...CLSID} = "Portable Media Devices"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
    -> {HKLM...CLSID} = "Shell Search Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
    "{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"
    -> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll" ["Sonic Solutions"]
    "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}" = "RXDCExtShlExt extension"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Roxio\Easy Media Creator 8\Virtual Drive\DC_ShellExt.dll" [null data]
    "{DBD8E168-244D-448C-9922-25508950D1DC}" = "Ulead UDF Driver"
    -> {HKLM...CLSID} = "USIShellExt Class"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll" ["Ulead Systems, Inc."]
    "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
    -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
    -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
    "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
    -> {HKLM...CLSID} = "7-Zip Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
    -> {HKLM...CLSID} = "My Sharing Folders"
    \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
    INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

    HKLM\Software\Classes\PROTOCOLS\Filter\
    INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
    {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
    -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
    7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
    -> {HKLM...CLSID} = "7-Zip Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
    ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
    RXDCExtSvr\(Default) = "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Roxio\Easy Media Creator 8\Virtual Drive\DC_ShellExt.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
    7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
    -> {HKLM...CLSID} = "7-Zip Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
    ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
    RXDCExtSvr\(Default) = "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Roxio\Easy Media Creator 8\Virtual Drive\DC_ShellExt.dll" [null data]


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is enabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "E:\IMG_0004.JPG"


    Startup items in "Charles" & "All Users" startup folders:
    ---------------------------------------------------------

    C:\Documents and Settings\Charles\Start Menu\Programs\Startup
    "Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
    -> {HKLM...CLSID} = "Yahoo! Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
    -> {HKCU...CLSID} = "Java Plug-in"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

    {85D1F590-48F4-11D9-9669-0800200C9A66}\
    "MenuText" = "Uninstall BitDefender Online Scanner v8"
    "Exec" = "%windir%\bdoscandel.exe" [null data]

    {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
    "ButtonText" = "Yahoo! Messenger"
    "MenuText" = "Yahoo! Messenger"
    "Exec" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" ["Yahoo! Inc."]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


    Miscellaneous IE Hijack Points
    ------------------------------

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

    Missing lines (compared with English-language version):
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*b" (unwritable string)
    -> {HKLM...CLSID} = "Yahoo! Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
    HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
    Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
    Roxio Hard Drive Watcher, RoxWatch, ""C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe"" ["Sonic Solutions"]
    RoxMediaDB, RoxMediaDB, ""C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe"" ["Sonic Solutions"]
    Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
    use the -supp parameter or answer "No" at the first message box.
    ---------- (total run time: 31 seconds, including 18 seconds for message boxes)
    ipt
  8. 09-09-2006  #7
    Neal
    Neal is offline Dedicated Member
    HI.


    All scans are clean, suggest you go to the XPHelp forum on this site and see if they can help you out as it appears this is not a malware problem. Thanks.


    One more scan-



    Post a combofix log
    1. Download this file - combofix.exe
    http://download.bleepingcomputer.com/sUBs/combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
    If the log is large You might need to post half in one reply half in another.
    Last edited by Neal; 09-09-2006 at 09:15 PM.
  9. 10-09-2006  #8
    deli_screech
    deli_screech is offline Newbie
    THIS IS THECharles - 06-09-10 12:29:20.57
    ComboFix 06.09.07 - Running from: C:\Documents and Settings\Charles\Desktop

    Microsoft Windows XP [Version 5.1.2600]

    ((((((((((((((((((((((((((((((( Files Created from 2006-08-10 to 2006-09-10 ))))))))))))))))))))))))))))))))))


    2006-09-07 12:07 92,160 --a------ C:\WINDOWS\system32\evntwin.exe
    2006-09-07 12:07 8,704 --a------ C:\WINDOWS\system32\snmptrap.exe
    2006-09-07 12:07 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll
    2006-09-07 12:07 39,936 --a------ C:\WINDOWS\system32\hostmib.dll
    2006-09-07 12:07 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
    2006-09-07 12:07 32,768 --a------ C:\WINDOWS\system32\snmp.exe
    2006-09-07 12:07 24,064 --a------ C:\WINDOWS\system32\evntcmd.exe
    2006-09-07 12:07 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
    2006-09-07 12:07 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
    2006-09-07 12:07 101,888 --a------ C:\WINDOWS\system32\evntagnt.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


    2006-09-09 08:40 -------- d-------- C:\Program Files\GIMP-2.0
    2006-09-09 08:11 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
    2006-09-08 23:13 -------- d-------- C:\Documents and Settings\Charles\Application Data\Adobe
    2006-09-08 00:22 -------- d-------- C:\Documents and Settings\Charles\Application Data\RipIt4Me
    2006-09-07 09:08 -------- d-------- C:\Program Files\CCleaner
    2006-09-06 19:28 -------- d-------- C:\Program Files\WinRAR
    2006-09-06 07:37 85 ---hs---- C:\Documents and Settings\Charles\Application Data\.zreglib
    2006-09-03 13:40 -------- d-------- C:\Program Files\Symantec
    2006-09-03 13:40 -------- d-------- C:\Program Files\Common Files\Symantec Shared
    2006-09-03 11:47 -------- d-------- C:\Documents and Settings\Charles\Application Data\LimeWire
    2006-09-03 11:40 -------- d-------- C:\Program Files\Java
    2006-09-03 11:33 -------- d-------- C:\Program Files\Common Files\Java
    2006-09-03 11:33 -------- d-------- C:\Program Files\Common Files
    2006-09-03 04:16 -------- d-------- C:\Program Files\HijackThis
    2006-09-01 19:33 -------- d-------- C:\Program Files\QuickTime
    2006-08-27 11:04 -------- d-------- C:\Documents and Settings\Charles\Application Data\CyberLink
    2006-08-27 11:03 -------- d-------- C:\Program Files\CyberLink
    2006-08-27 11:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-08-27 11:01 -------- d-------- C:\Program Files\Common Files\InstallShield
    2006-08-26 18:41 -------- d-------- C:\Program Files\Adobe
    2006-08-26 18:40 -------- d-------- C:\Program Files\Common Files\Adobe
    2006-08-26 18:37 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2006-08-26 14:30 -------- d-------- C:\Program Files\PrimoDVD (English)
    2006-08-26 14:13 -------- d-------- C:\Program Files\Common Files\PrimoDVD
    2006-08-25 22:16 -------- d-------- C:\Program Files\Yahoo!
    2006-08-25 22:15 -------- d-------- C:\Program Files\Microsoft Office
    2006-08-25 22:15 -------- d-------- C:\Program Files\Common Files\System
    2006-08-25 22:15 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-08-18 23:13 -------- d-------- C:\Program Files\MSN Messenger
    2006-08-17 16:42 -------- d---s---- C:\Documents and Settings\Charles\Application Data\Microsoft
    2006-08-16 22:09 -------- d-------- C:\Documents and Settings\Charles\Application Data\Ulead Systems
    2006-08-16 22:06 -------- d-------- C:\Program Files\Common Files\Ulead Systems
    2006-08-16 17:27 -------- d-------- C:\Program Files\7-Zip
    2006-08-15 22:50 -------- d-------- C:\Program Files\DVDFab Decrypter
    2006-08-14 22:41 -------- d-------- C:\Program Files\Internet Explorer
    2006-08-12 19:24 -------- d-------- C:\Documents and Settings\Charles\Application Data\ri4mupdater
    2006-08-03 23:40 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2006-07-31 22:43 -------- d-------- C:\Documents and Settings\Charles\Application Data\Ahead
    2006-07-31 16:30 -------- d-------- C:\Documents and Settings\Charles\Application Data\AdobeUM
    2006-07-31 14:40 -------- d-------- C:\Documents and Settings\Charles\Application Data\Apple Computer
    2006-07-31 10:12 -------- d-------- C:\Program Files\iTunes
    2006-07-31 10:12 -------- d-------- C:\Program Files\iPod
    2006-07-31 08:44 -------- d-------- C:\Documents and Settings\Charles\Application Data\Opera
    2006-07-30 18:13 -------- d-------- C:\Program Files\Common Files\Ahead
    2006-07-30 18:11 -------- d-------- C:\Program Files\Nero
    2006-07-30 15:49 -------- d-------- C:\Documents and Settings\Charles\Application Data\Sun
    2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
    2006-07-27 11:05 -------- d-------- C:\Program Files\Common Files\GTK
    2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
    2006-07-20 01:21 -------- d-------- C:\Program Files\Hide Files
    2006-07-15 07:35 -------- d-------- C:\Program Files\ZWinCNO
    2006-07-13 23:54 -------- d-------- C:\Documents and Settings\Charles\Application Data\Help
    2006-07-13 23:53 -------- d-------- C:\Program Files\SureThing
    2006-07-13 23:53 -------- d-------- C:\Program Files\Common Files\SureThing Shared
    2006-06-25 00:33 720896 --a------ C:\WINDOWS\iun6002.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "USIUDF_Eject_Monitor"="C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\USISrv.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00 ,34,03,00,00,e2,02,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,4b,00,00,00,00 ,00,00,00,b5,04,00,00,e2,03,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,4b,00,00,00,00 ,00,00,00,b5,04,00,00,e2,03,\
    00,00,01,00,00,00

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"



    Completion time: Sun 09/10/2006 12:29:39.23
    ComboFix.txt
    COMBO FIX LOG
  10. 10-09-2006  #9
    deli_screech
    deli_screech is offline Newbie
    HEY. i WAS DOING A LITTLE FOOLING AROUND AND I WENT INSIDE THE PC AND FOUND OUT THAT THE FANS INSIDE PARTICULARLY THE CPU FAN WAS CLOGED WITH DUST. I CLEANED THEM OUT AND AM NOW IN THE PROCESS OF ENCODING A MOVIE AND SO FAR I HAVE NOT HEARD ANY WARNINGS, SO I AM OF THE FEELING THAT THE CPU WAS OVERHEATING. I WILL CONTINUE WITH THE ENCODING AND LET YOU KNOW OF THE RESULTS LATER. THANKS FOR THE ASSISTANCE SO FAR.
  11. 10-09-2006  #10
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    okey dokey
+ Reply to Thread
« computer shutting down | cant access internet using wifi »