System Reboots

[Landrius]

Hello everyone

I'm having a problem with the other computer,I have them connected via router. The problem is whenever I try to Install any Firewall/Anti virus program the computer continues to reboot it's self. I see the windows boot screen then as it hits desktop it reboots,and continues to do so.

I have tried everything I know,The computer will run in safe mode,but I have to uninstall to get it to run in regular mode. I have also ran scans to see if it malware or a virus I can't pick up anything.

I have ran the following: Microsoft Antispyware,AVG,CCleaner,Spybot

Is there are any others I coulde try? Or is it another problem?



Any help you can give me is Much Appreciated

 

[Buzz1927]

Post a Hijackthis log.
http://www.computerforum.com/showthread.php?t=24672

 

[Landrius]

Ok Just ran The Hijack this,and this is what I came up with:

Logfile of HijackThis v1.99.1
Scan saved at 11:35:54 AM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://web.ask.com/web?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://web.ask.com/web?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {A8C13777-AE7F-467D-B69F-48ECE5D20843} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://nsw-chat.bigpond.com/java/cr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37460.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

[Buzz1927]

Don't see anything there to be causing it (although there is a few minor problems we'll deal with later).
Download Mwav.
ftp://ftp.microworldsystems.com/download/tools/mwav.exe

Run a scan, when it's finished, highlight the text in the lower pane, press ctrl + c, and paste it into Notepad.
Then copy any entries beginning with "File" and post them here.

 

[Landrius]

Ok,here are th results of the scan you told me about:

Object "mybar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mybar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "unknown toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.smartsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\imloader.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\hashlib.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kon". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000703}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B6F867E8-F092-4C5E-7D72-AC7057DBEF45}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{BBBCAE4B-B416-4182-A6F2-438180894A81}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{27CE2AD9-887E-4825-84EC-5B79CA5F3BD2}" refers to invalid object ""C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{350FAA62-1388-4BC6-A20C-31AF59D7526E}" refers to invalid object "C:\WINDOWS\system32\hashlib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{462A0D7E-0A86-4FCD-93D0-BCBA75F16DBD}" refers to invalid object "C:\Program Files\Napster\napsterregreader.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{367567AB-10AA-4D94-8C53-F91DBDB21E9E}" refers to invalid object "C:\WINDOWS\system32\hashlib.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A09D00A9-90C2-4825-92E7-B09B09E9C012}" refers to invalid object "C:\Program Files\Napster\napsterregreader.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A4CA8810-6E46-36FF-A048-B7FD564742F8}" refers to invalid object "Path". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D726B22D-CA11-437D-890D-8F8B61A127F8}" refers to invalid object "C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\GSDA.GSDACtl" refers to invalid object "{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}". Action Taken: No Action Taken.
Entry "HKCR\GSDA.GSDACtl.1" refers to invalid object "{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}". Action Taken: No Action Taken.
Entry "HKCR\MoneySide.BrowserHelperObject" refers to invalid object "{FDD3B846-8D59-4FFB-8758-209B6AD74ACC}". Action Taken: No Action Taken.
Entry "HKCR\MoneySide.BrowserHelperObject.10" refers to invalid object "{FDD3B846-8D59-4FFB-8758-209B6AD74ACC}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\VroomSap.1\shell\open\command" refers to invalid object ""\VroomSap.exe" "". Action Taken: No Action Taken.
Entry "HKCR\ZAMailSafe\shell\open\command" refers to invalid object ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" -warning "%1"". Action Taken: No Action Taken.



Thank you so much for your time in this matter

 

[Buzz1927]

It's been cut off for being too big, that's why I asked for just the entries beginning in "File". Sorry if you need to run it it again, it takes ages

 

[Landrius]

Ok,I see where you said that,Sorry I figured I might do something like that so I saved the results I got in Notepad.

Ok this is all I found with file in it:

Object "mybar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mybar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "unknown toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.smartsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Hope thats the right stuff. Agian thanks for your time

 

[Buzz1927]

Download Blacklight and run a scan.
http://www.f-secure.com/blacklight/try.shtml

Post the results here.

 

[Landrius]

Ok,I did that scan it didn't find anything ,I have the problems with AVG,and Zone Alarms,if that helps any. I haven't tried other apps yet.

 

[Buzz1927]

Ok, let's fix the problems in your log.

Run Hijackthis and select "Do a system scan only", place a check by the following entries.


R3 - Default URLSearchHook is missing
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: (no name) - SOFTWARE - (no file)
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab

Close all open windows and browsers, and hit "Fix Checked".

Run the online scan here and post the results.
http://www.pandasoftware.com/products/activescan.htm

 

[Landrius]

Ok,Did the step on Hijack this. Then Ran the Panda scan,and it found 2 items a adware item and a spyware item:

http://www.pandasoftware.com/virus_info/encyclopedia/ficha.aspx?iddeteccion=96188 In C:\PrgramFiles\Quick Search

http://www.pandasoftware.com/virus_info/encyclopedia/ficha.aspx?iddeteccion=101893 In windows Registry

 

[Buzz1927]

One of those looks like CWS.

Download CWShredder.
http://www.trendmicro.com/ftp/produ.../cwshredder.exe

Run it and select "Fix".

Then reboot and post a new Hijackthis log.

 

[Landrius]

Ok I ran the cw Shredder and it didn't find anything Here's the new Hijack this log:


Logfile of HijackThis v1.99.1=0D
Scan saved at 7:37:32 AM, on 12/11/2005=0D
Platform: Windows XP SP2 (WinNT 5.01.2600)=0D
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)=0D
=0D
Running processes:=0D
C:\WINDOWS\System32\smss.exe=0D
C:\WINDOWS\SYSTEM32\winlogon.exe=0D
C:\WINDOWS\system32\services.exe=0D
C:\WINDOWS\system32\lsass.exe=0D
C:\WINDOWS\system32\svchost.exe=0D
C:\WINDOWS\System32\svchost.exe=0D
C:\WINDOWS\system32\spoolsv.exe=0D
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe=0D
C:\WINDOWS\system32\nvsvc32.exe=0D
C:\WINDOWS\System32\tcpsvcs.exe=0D
C:\WINDOWS\System32\snmp.exe=0D
C:\WINDOWS\System32\svchost.exe=0D
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe=0D
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe=0D
C:\WINDOWS\SM1BG.EXE=0D
C:\WINDOWS\system32\S3apphk.exe=0D
C:\WINDOWS\system32\ps2.exe=0D
C:\Program Files\Logitech\MouseWare\system\em_exec.exe=0D
C:\windows\system\hpsysdrv.exe=0D
C:\WINDOWS\system32\dla\tfswctrl.exe=0D
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe=0D
C:\WINDOWS\system32\ctfmon.exe=0D
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe=0D
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe=0D
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe=0D
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe=0D
C:\Program Files\Grisoft\AVG Free\avgcc.exe=0D
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe=0D
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe=0D
C:\WINDOWS\explorer.exe=0D
C:\WINDOWS\system32\macromed\flash\GetFlash.exe=0D
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe=0D
C:\Documents and Settings\Owner\My Documents\My
Downloads\hijackthis\HijackThis.exe=0D
=0D
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =3D
http://web.ask.com/web?q=3D%s=0D
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =3D
http://web.ask.com/web?q=3D%s=0D
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyOverride =3D localhost=0D
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} =
-
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll=0D
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll=0D
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll=0D
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!\Common\yiesrvc.dll=0D
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} -
C:\Program Files\Yahoo!\Common\YIeTagBm.dll=0D
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll=0D
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE=0D
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe=0D
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE=0D
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe=0D
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe=0D
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe=0D
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe=0D
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe=0D
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe=0D
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe=0D
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe=0D
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft
Money\System\Activation.exe"=0D
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE=0D
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dl=
l
NvStartup=0D
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install=0D
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTr=
ay
dll,NvTaskbarInit=0D
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"=0D
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /START=
UP=0D
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe=
"
-atboottime=0D
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe=0D
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.=
exe
/c=0D
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program
Files\Microsoft Works\WkDetect.exe=0D
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm=0D
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm=0D
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm=0D
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycmap.htm=0D
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program
Files\Yahoo!\Common/ycsms.htm=0D
O16 - DPF: ConferenceRoom Java Client - http://nsw-chat.bigpond.com/java/=
cr
cab=0D
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advant=
age
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=3D39204=0D
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
C:\Program Files\Yahoo!\Common\yinsthelper.dll=0D
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera
net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe=0D
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner374=
60
cab=0D
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) - http://messenger.msn
com/download/MsnMessengerSetupDownloader.cab=0D
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredima=
il
com/contents/setup/downloader/imloader.cab=0D
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll=0D
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe=0D
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe=0D
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe=0D
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe=0D
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation=
- C:\WINDOWS\system32\nvsvc32.exe

P.S after our last step I decided to try to load some security software agian,and was sucessful I was able to get AVG on,and the Kerio Firewall on with no problems as of yet. I still had the problem with Zone Alrams however.