I've been having trouble with my computer for three days. I've used all different kinds of anti-spyware programs (Ad-aware, Spybot, SpySubtract, and House Call) and some of the adware/apyware are still in my computer. I think I still have Aurora and not sure about others.
My computer keeps shutting down whenever I use the internet. I need to work in safe mode if I want to be online. I'm working in safe mode right now. Everytime I get internet connection, my computer restarts automatically after a 1 sec flash of a blue screen saying sth like I just improperly installed some sw. My computer seems to work fine (can restart and work in regular mode) if I disable internet connection. If I enable wireless connection, my computer will also automatically reboot when computer starts up completely (wireless detect excellent internet connection).
I hope you understand my explanation. Please excuse my English because it's not my native language and I don't know much about computers. Can someone have a look at my Hijackthis log and see what I need to do?
Logfile of HijackThis v1.99.1
Scan saved at 14:25:45, on 30/4/2548
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\IBM\My Documents\downloaded sw appl\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {B0443CC7-1F83-C4D0-4843-71648DA8010B} - C:\WINDOWS\System32\psfdhboq\ffnidjnq.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {E7B84325-39E9-29E8-BB02-66BBB0ED8775} - C:\WINDOWS\System32\repcjreh\epdxoxpm.dll (file missing)
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe
O4 - HKLM\..\Run: [dmzfzz] c:\windows\system32\dmzfzz.exe
O4 - HKLM\..\Run: [dnuvtwpg] C:\WINDOWS\System32\jqjmmipt\dnuvtwpg.exe
O4 - HKLM\..\Run: [pflx] C:\WINDOWS\System32\jroh\pflx.exe
O4 - HKLM\..\Run: [sjdkntqf] C:\WINDOWS\System32\ksicmknx\sjdkntqf.exe
O4 - HKLM\..\Run: [ddiyghug] C:\WINDOWS\System32\nlyhodtq\ddiyghug.exe
O4 - HKLM\..\Run: [ispgwhe] C:\WINDOWS\System32\uyvlr\ispgwhe.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [oFsO3nl] exdfmsp.exe
O4 - HKLM\..\Run: [rfqqcmr] C:\WINDOWS\System32\lydxhf\rfqqcmr.exe
O4 - HKLM\..\Run: [sslnodd] C:\WINDOWS\System32\wadqaci\sslnodd.exe
O4 - HKLM\..\Run: [kdwbtm] C:\WINDOWS\System32\axypqtkf\kdwbtm.exe
O4 - HKLM\..\Run: [mfnx] C:\WINDOWS\System32\mlmxrq\mfnx.exe
O4 - HKLM\..\Run: [djnopdn] C:\WINDOWS\System32\maocwphn\djnopdn.exe
O4 - HKLM\..\Run: [vpclylk] C:\WINDOWS\System32\qvonqh\vpclylk.exe
O4 - HKLM\..\Run: [whfafmu] C:\WINDOWS\System32\cbtlvm\whfafmu.exe
O4 - HKLM\..\Run: [hshnin] C:\DOCUME~1\IBM\LOCALS~1\Temp\jlyldd.exe
O4 - HKLM\..\Run: [peskspck] C:\WINDOWS\System32\poud\peskspck.exe
O4 - HKLM\..\Run: [dxixr] C:\WINDOWS\System32\pqivx\dxixr.exe
O4 - HKLM\..\Run: [yhki] C:\WINDOWS\System32\kbtabf\yhki.exe
O4 - HKLM\..\Run: [glxydk] C:\WINDOWS\System32\wohtsq\glxydk.exe
O4 - HKLM\..\Run: [qkppklxw] C:\WINDOWS\System32\ipeporif\qkppklxw.exe
O4 - HKLM\..\Run: [ylucyfsq] C:\WINDOWS\System32\shvj\ylucyfsq.exe
O4 - HKLM\..\Run: [bhdolm] C:\WINDOWS\System32\rgmq\bhdolm.exe
O4 - HKLM\..\Run: [nbfae] C:\WINDOWS\System32\aoxcf\nbfae.exe
O4 - HKLM\..\Run: [yhdsvlg] C:\WINDOWS\System32\ndsjjy\yhdsvlg.exe
O4 - HKLM\..\Run: [oscf] C:\WINDOWS\System32\bauywtxi\oscf.exe
O4 - HKLM\..\Run: [ovaefmlb] C:\WINDOWS\System32\bljpstj\ovaefmlb.exe
O4 - HKLM\..\Run: [jocs] C:\WINDOWS\System32\sojoailk\jocs.exe
O4 - HKLM\..\Run: [wjwoyyk] C:\WINDOWS\System32\xdjuo\wjwoyyk.exe
O4 - HKLM\..\Run: [klsa] C:\WINDOWS\system32\auxx\klsa.exe
O4 - HKLM\..\Run: [esshaid] C:\WINDOWS\system32\gntn\esshaid.exe
O4 - HKLM\..\Run: [hgxmu] C:\WINDOWS\system32\ydoxy\hgxmu.exe
O4 - HKLM\..\Run: [jrhfiytr] C:\WINDOWS\system32\arnlxldm\jrhfiytr.exe
O4 - HKLM\..\Run: [kblutrn] c:\windows\system32\goylohb.exe
O4 - HKLM\..\Run: [wuhy] C:\WINDOWS\system32\jgcarmw\wuhy.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Zo3ERhJFh] dxmcap.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1106846297197
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: djnopdnmaocwphn - Unknown owner - C:\WINDOWS\System32\maocwphn\djnopdn.exe (file missing)
O23 - Service: hgxmuydoxy - Unknown owner - C:\WINDOWS\system32\ydoxy\hgxmu.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: jrhfiytrarnlxldm - Unknown owner - C:\WINDOWS\system32\arnlxldm\jrhfiytr.exe
O23 - Service: kdwbtmaxypqtkf - Unknown owner - C:\WINDOWS\System32\axypqtkf\kdwbtm.exe (file missing)
O23 - Service: klsaauxx - Unknown owner - C:\WINDOWS\system32\auxx\klsa.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: oscfbauywtxi - Unknown owner - C:\WINDOWS\System32\bauywtxi\oscf.exe
O23 - Service: pflxjroh - Unknown owner - C:\WINDOWS\System32\jroh\pflx.exe (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: qkppklxwipeporif - Unknown owner - C:\WINDOWS\System32\ipeporif\qkppklxw.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: sjdkntqfksicmknx - Unknown owner - C:\WINDOWS\System32\ksicmknx\sjdkntqf.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: wjwoyykxdjuo - Unknown owner - C:\WINDOWS\System32\xdjuo\wjwoyyk.exe
O23 - Service: wuhyjgcarmw - Unknown owner - C:\WINDOWS\system32\jgcarmw\wuhy.exe
O23 - Service: yhdsvlgndsjjy - Unknown owner - C:\WINDOWS\System32\ndsjjy\yhdsvlg.exe (file missing)
O23 - Service: yhkikbtabf - Unknown owner - C:\WINDOWS\System32\kbtabf\yhki.exe (file missing)