coltm4carbine

Hi, Try and see if this helps: http://support.microsoft.com/kb/324767 Instructions are near the bottom of the page

Try scanning with AVG antispyware (formerly ewido) here: http://free.grisoft.com/doc/20/lng/us/tpl/v5 It's a 30 day free trial, after that you won't get autoupdate (you'll have to update it manually). Download it, Update it. Reboot your computer into safemode (F8 while booting up) and scan in safemode. Also how many antivirus/es do you have running at once...(multiple AVs are bad for your pc...) AVGAS should delete that.

Looks like it's a few orphaned registry entries. woops didn't read your post properly. Do an online antivirus scan using trendmicro housecall. THat should work.

There is no limit as to how many times you use the disk. But you can only use the key once (usually). If you've reformatted then it doesn't count as a 2nd computer - so you can still use it.

As usual im gonna blame norton. :P ccSvcHst is related to symantec.

Have you tried running the scans in safemode? F8 while your computer is booting up then selecting safemode from the menu. Then run the virus scan. Reboot and post here to tell us how things went.

Yeh, both vundo. Can you move HJT out of the temp and onto it's own folder on the desktop? Then rename HJT to scan. Had a quick look and I can't see any vundo related entries. I'll take a better look tomorrow or during the weekends. I have also noticed that your using Microsoft Antispyware. It's now windows defender...

Well, what's the point of an antivirus that won't update?? Unless you've paid for it, and are getting updates...there's no point. The AVGAS I've told you to download is a trial anyway. It'll pick up the rest of the crap. For a free antivirus check out the stickies then choose what you want. It's up to you. (EG IMO Norton sucks but to some people it's good)

Uninstall norton and get AVG free edition. See if it picks the rest up. HJT is not a standalone tool and will not show everything. Download AVG Anti-Spyware from ]HERE and save that file to your desktop. This is a 30 day trial of the program [*:3d6tag5k]Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program. [*:3d6tag5k]Once the setup is complete you will need run AVG Anti-Spyware and update the definition files. [*:3d6tag5k]On the main screen select the icon "Update" then select the "Update now" link. [*:3d6tag5k]Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. [*:3d6tag5k]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. [*:3d6tag5k]Once in the Settings screen click on "Recommended actions" and then select "Quarantine". [*:3d6tag5k]Under "Reports" [*:3d6tag5k]Select "Automatically generate report after every scan" [*:3d6tag5k]Un-Select "Only if threats were found" Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly. [*:3d6tag5k]Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: [*:3d6tag5k]Lauch AVG Anti-Spyware by double-clicking the icon on your desktop. [*:3d6tag5k]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". [*:3d6tag5k]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: [*:3d6tag5k]If you have any infections you will prompted, then select "Apply all actions" [*:3d6tag5k]Next select the "Reports" icon at the top. [*:3d6tag5k]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). [*:3d6tag5k]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan. Then see if the online scans work.

That's wierd...never heard of anyone complain about it before. From your latest log...pretty obvious norton does not do a good job. When did you last update your norton? Did you pay for it? I'll give you the fix bit by bit. Disable teatimer first. Open HJT and fix these: O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [winhost] C:\WINDOWS\winhost[Caution] O4 - HKLM\..\Run: [D_V_T] C:\\dvt[Caution] /S \C:\\d_v_t.reg\ Reboot your computer into safemode. Show hidden files/folders: Under the Hidden files and folders heading select "Show hidden files and folders". Uncheck the "Hide protected operating system files (recommended)" option. Uncheck the "Hide file extensions for known file types" option. Click Yes to confirm. Click OK. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files/folders (if present): C:\WINDOWS\winhost[Caution] C:\\dvt Reboot and try the online scans again.

Ok post a new HJT log afterwards please, I wanna check that the file's gone. Let this be a lesson to you not to use cracks...It's bad for your computer. Forgot from my last post. if you can get me the housecall log. :oops:

Are your settings the default settings? Try housecall. TrendMicroÃÆââââ¬Ã¾Ãââ HouseCall Java Scan [*:1kb6gkri]Please go HERE to run the Trend MicroÃÆââââ¬Ã¾Ãââ HouseCall Scan. [*:1kb6gkri]Click Scan now. It's free! [*:1kb6gkri]Read and put a Check next to Yes I accept the terms of use. [*:1kb6gkri]Click the Launching HouseCall>> button. [*:1kb6gkri]Under Using Java-based HouseCall kernel click the Starting HouseCall>> button. [*:1kb6gkri]You may receive a Security Warning about the TrendMicro Java applet, click YES. [*:1kb6gkri]Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button. [*:1kb6gkri]Please be patient while it installs, updates, and scans your system. [*:1kb6gkri]Once the scan is complete, it will take you to the summary page. [*:1kb6gkri]Under Cleanup options, choose clean all detected infections automatically. [*:1kb6gkri]Click the Clean now>> button. [*:1kb6gkri]If anything was found you may be prompted to run the scan again, you can just close the browser window.

Um not exactly. Which AV/AS are you using? AV= Antivirus AS= antispyware. As for reinstalling the antivirus software...what's the point in that?

Laptop I use Kaspersky Internet Security. It's brilliant. If you are thinking of buying an antivirus get Kaspersky. Desktop I'm gonna install KAV (when i have the time)...ATM it's using AVG.

Let's get rid of some viruses first. Disable spybot teatimer. Please go HERE to run Panda's ActiveScan [*:39uk0my4]Once you are on the Panda site click the Scan your PC button [*:39uk0my4]A new window will open...click the Check Now button [*:39uk0my4]Enter your Country [*:39uk0my4]Enter your State/Province [*:39uk0my4]Enter your e-mail address and click send [*:39uk0my4]Select either Home User or Company [*:39uk0my4]Click the big Scan Now button [*:39uk0my4]If it wants to install an ActiveX component allow it [*:39uk0my4]It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) [*:39uk0my4]When download is complete, click on My Computer to start the scan [*:39uk0my4]When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

I'm not sure about the sites policy on helping people using cracked software but I don't usually help them. (can someone clear this up for me?) Can you move HJT into it's own folder on the desktop for a start? Also you have 2 antiviruses. That's not good. Uninstall one of them.

Before I even take a proper look at your log. answer me this. Are you using a cracked version of Nod32 (your using nod32 without paying)? Compromised means taken over.

smells like a rootkit. I was just dealing with one before I checked here xD (coincidence?) do you have the thread to your HJT log? can you also post your HJT log on here please? I think I know what those temp files are related to. If you do online banking or anything like that then I strongly suggest you to change all the passwords on a clean computer. If this is a rootkit then your computer can be completely compromised.

You can still get AVG free. You just have to get 7.5. AVG link: http://free.grisoft.com/doc/avg-anti-virus-free/lng/us/tpl/v5

Read this link it should help. http://forums.mozillazine.org/viewtopic.php?t=206213 Follow the guide and do what it sais. Works for me.

Yeh so I was thinking if it doesn't display the BSoD then it would narrow it down. :oops: That's what I usually do anyway...(personal preference perhaps?)

Nope, Not meant to be more than 5 minutes... Try and uninstall and reinstall firefox.

A quick example from my VM: Logfile of HijackThis v1.99.1 Scan saved at 1:56:50 PM, on 12/24/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\Program Files\WinAntiSpyware 2006 Free\was6[Caution: ExecutableFile] C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasdc[Caution: ExecutableFile] C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasers[Caution: ExecutableFile] C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw[Caution: ExecutableFile] C:\WINDOWS\System32\rundll32[Caution: ExecutableFile] C:\windows\system32\rlvknlg[Caution: ExecutableFile] C:\WINDOWS\System32\MSIEXEC[Caution: ExecutableFile] C:\WINDOWS\System32\taskmgr[Caution: ExecutableFile] C:\WINDOWS\System32\msiexec[Caution: ExecutableFile] C:\WINDOWS\System32\MsiExec[Caution: ExecutableFile] C:\WINDOWS\System32\MsiExec[Caution: ExecutableFile] C:\Program Files\VMware\VMware Tools\VMwareService[Caution: ExecutableFile] C:\WINDOWS\explorer[Caution: ExecutableFile] C:\Program Files\VMware\VMware Tools\VMwareTray[Caution: ExecutableFile] C:\WINDOWS\System32\MsiExec[Caution: ExecutableFile] C:\Program Files\VMware\VMware Tools\VMwareUser[Caution: ExecutableFile] C:\Documents and Settings\Malware testing\Desktop\HijackThis[Caution: ExecutableFile] O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WinAntiSpyware 2006 Free] "C:\Program Files\WinAntiSpyware 2006 Free\was6[Caution: ExecutableFile]" /min O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasdc[Caution: ExecutableFile]" O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasers[Caution: ExecutableFile]" O4 - HKLM\..\Run: [uwas6cw] "C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw[Caution: ExecutableFile]" -c O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg[Caution: ExecutableFile] -boot O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer[Caution: ExecutableFile] O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray[Caution: ExecutableFile] O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser[Caution: ExecutableFile] O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService[Caution: ExecutableFile] from hijackthis.de the following were unknown (I've only listed a few): C:\Program Files\WinAntiSpyware 2006 Free\was6[Caution: ExecutableFile] C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasdc[Caution: ExecutableFile] C:\Program Files\Common Files\WinAntiSpyware 2006 Free\uwasers[Caution: ExecutableFile] C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw[Caution: ExecutableFile] C:\windows\system32\rlvknlg[Caution: ExecutableFile] Other notes: O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer[Caution: ExecutableFile] "Must be fixed!Variant of the RapidBlaster parasite (in an "explorer" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid Windows Explorer which has the same executable name" Nope...BFK "Perfect keylogger" So you see, it can be quite inaccurate....

Do this: right click my computer -> properties -> advanced -> startup and recovery -> uncheck the automatically reboot option. Then the next time something goes wrong it'll disaplay a BSoD. copy everything on the blue screen and post back.

Merry Christmas and a Happy new year! And of course, as most people have said already, be safe :wink: