This morning I got up to the same red screen of death, so I followed the malware cleaning guide to do prior to posting a HijackThisLog. Once again the red screen of death is gone, but i would like for someone to look at my HJTlog and see IF there is anything that I may need to fix and also see IF the is anything that I may have missed.
Thanks for all the help.
bronc
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:30 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presari...t...c01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.100
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: The elfwgps - {27A4FA11-A0B1-4AB7-9A78-BD411FDEAA0D} - C:\WINDOWS\elfwgps.dll (file missing)
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {76CA9BF9-9868-4249-862D-6F454A48A9CE} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1195842223656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195844887640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: bqxomdo - {883C3755-1332-49E2-B94D-496CF04AD7B3} - C:\WINDOWS\bqxomdo.dll (file missing)
O21 - SSODL: aswmklt - {C46D63D0-9463-4FDC-834D-BDC314E156FB} - C:\WINDOWS\aswmklt.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 5485 bytes
Here is a SuperAntiSpyware log
SUPERAntiSpyware Scan Log
Generated 01/26/2008 at 03:19 PM
Application Version : 3.6.1000
Core Rules Database Version : 3389
Trace Rules Database Version: 1383
Scan type : Complete Scan
Total Scan Time : 01:37:36
Memory items scanned : 322
Memory threats detected : 0
Registry items scanned : 4461
Registry threats detected : 15
File items scanned : 67787
File threats detected : 36
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{8FC29A8D-F29D-477E-B428-0F942E23A960}
HKCR\CLSID\{8FC29A8D-F29D-477E-B428-0F942E23A960}
HKCR\CLSID\{8FC29A8D-F29D-477E-B428-0F942E23A960}
HKCR\CLSID\{8FC29A8D-F29D-477E-B428-0F942E23A960}\InprocServer32
HKCR\CLSID\{8FC29A8D-F29D-477E-B428-0F942E23A960}\InprocServer32#ThreadingModel
HKCR\CLSID\{8FC29A8D-F29D-477E-B428-0F942E23A960}\ProgID
HKCR\CLSID\{8FC29A8D-F29D-477E-B428-0F942E23A960}\Programmable
HKCR\CLSID\{8FC29A8D-F29D-477E-B428-0F942E23A960}\TypeLib
HKCR\CLSID\{8FC29A8D-F29D-477E-B428-0F942E23A960}\VersionIndependentProgID
C:\WINDOWS\DPVTPORFGP.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Zachary\Cookies\zachary@doubleclick[1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@adinterax[1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@adknowledge[1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\[email protected][1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\[email protected][1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@anycracks[1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@atwola[1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@azjmp[2].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@bizrate[2].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\[email protected][1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@cracks[1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\[email protected][1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@friendfinder[2].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\[email protected][2].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@mscracks[1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@nextag[2].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@offeroptimizer[2].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@partner2profit[1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@partypoker[1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@rightmedia[1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\[email protected][2].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\[email protected][2].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\[email protected][2].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\[email protected][1].txt
C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\[email protected][1].txt
Trojan.Net-MSV/VPS
HKCR\MSVPS.MSVPSApp
HKCR\MSVPS.MSVPSApp\CLSID
HKCR\MSVPS.MSVPSApp\CurVer
Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger
Trojan.Media-Codec/V4
HKCR\videoPl.chl
HKCR\videoPl.chl\CLSID
Rogue.XP AntiVirus
HKU\S-1-5-21-3826821714-1779672970-72185382-1006\Software\Microsoft\Windows\CurrentVersion\Run#XP Antivirus [ C:\Program Files\XP Antivirus\xpa2008pro.exe ]
C:\Program Files\XP Antivirus
Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\ZACHARY\DESKTOP\DN STUFF\FAVORITES AND COOKIES\FAVORITES\REG CLEAN.URL
Adware.SXGAdvisor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6CAC8781-D14A-4E3D-BB38-7856283498EC}\RP3\A0000012.DLL
here is the Activescan log
Incident Status Location
Adware:Adware/VideoPlugin Not disinfected C:\WINDOWS\aswmklt.dll
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Zachary\Application Data\Mozilla\Firefox\Profiles\fqp63vzc.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Zachary\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@cgi-bin[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\michael@com[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\[email protected][1].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Zachary\Desktop\DN stuff\favorites and cookies\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Zachary\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Zachary\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Zachary\Desktop\SmitfraudFix\restart.exe
Adware:Adware/VideoAddon Not disinfected C:\Documents and Settings\Zachary\My Documents\setup to youtube.exe[²ÜÇ\barf.dll]