Can't reboot-Plz analyze HJT Log

[Makhdoom]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:15 PM, on 12/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://secure2.ecfmg.org/emain.asp?app=csess
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-
C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs
\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad
\UTILIT~1\BatLogEx.DLL,StartBa ttLog
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC
Camera (ZC0301PLH)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities
\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY
\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP
\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP
\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java
\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices
\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX
\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QCWLICON] C:\PROGRA~1\ThinkPad
\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -
k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-
Virus 2009\avp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [4ca8227a] rundll32.exe "C:\WINDOWS
\system32\jruvdvrw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier
\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger
\msnmsgr.exe" /background
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program
Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files
\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all with Free Download Manager
- file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download
Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download
Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager -
file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files
\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files
\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics -
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab
\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} -
C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common
\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:
\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic
\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation
Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue
Applet Downloader) - https://secure.logmeinrescue.com/Cus...Downloader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://update.microsoft.com/windowsu...?1166811323570
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:
\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra
~1\kasper~1\kasper~1\mzvkbd3.dll qwwlyz.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files
\Common Files\Apple\Mobile Device Support\bin
\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL
Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:
\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files
\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files
\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files
\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program
Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour
\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:
\WINDOWS\RmF0aW1hIEFiYmFz\command.exe (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS
\SYSTEM32\crypserv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel
\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:
\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files
\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS
\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver
\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin
\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec
\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure
Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer
\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure
Networks, Inc. - C:\Program Files\Pure Networks\Network Magic
\nmsrvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
(file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner
- C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel
\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel
Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:
\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service
(default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices
\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM
Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS
\system32\TpKmpSVC.exe

--
End of file - 11231 bytes

[Kayman]

On Fri, 26 Dec 2008 19:04:30 -0800 (PST), Makhdoom wrote:

> Logfile of Trend Micro HijackThis v2.0.2

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://www.theeldergeek.com/forum/in...6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

Good luck

[David H. Lipman]

From: "Makhdoom" <Thaqalainnaqvi@gmail.com>

| Logfile of Trend Micro HijackThis v2.0.2

Please don't Multi-Post.
Please learn to Cross-Post to pertinent, On Topic, news Groups instead.

Please do NOT post HJT logs here. Please read the group's FAQ on this subject matter.

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/i...hp?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://gladiator-antivirus.com/forum...?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp