TheTechGuide Forum
General Category => Tech Clinic => Topic started by: geb on March 24, 2007, 11:40:23 AM
-
My computer locks up frequently. Sometimes it occurs when running mp3 files or other audio or video files, but it can happen any time. I am running a current version of Mcafee antivirus software. Any suggestions. The control,alt,delete will not shut down the currently active program and I have to reboot the computer manually.
Thanks,
Bruce
-
Let's take a closer look
Download Hijackthis 1.99.1 from my signature below
SAVE it to your desktop
Double click on hijackthis_sfx.exe on desktop
Click the UNZIP button>>OK the prompt
This will self extract to C:\Program Files\HijackThis
Delete hijackthis_sfx.exe from desktop
Go to START>>RUN
Copy>>paste the following to the open field, then hit OK
%systemdrive%\Program Files\HijackThis
This will open the Hijackthis folder
RIGHT CLICK on Hijackthis.exe and select SEND TO>>Desktop (create shortcut)
You can now run Hijackthis.exe from the new shortcut placed on your desktop
Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here
-
[quote name=\'guestolo\' post=\'305517\' date=\'Mar 24 2007, 10:47 AM\']Let's take a closer look
Download Hijackthis 1.99.1 from my signature below
SAVE it to your desktop
Double click on hijackthis_sfx.exe on desktop
Click the UNZIP button>>OK the prompt
This will self extract to C:\Program Files\HijackThis
Delete hijackthis_sfx.exe from desktop
Go to START>>RUN
Copy>>paste the following to the open field, then hit OK
%systemdrive%\Program Files\HijackThis
This will open the Hijackthis folder
RIGHT CLICK on Hijackthis.exe and select SEND TO>>Desktop (create shortcut)
You can now run Hijackthis.exe from the new shortcut placed on your desktop
Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here
Logfile of HijackThis v1.99.1
Scan saved at 9:47:16 AM, on 3/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Belkin Bulldog\upsd.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\WINDOWS\System32\rundll32.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\BITWARE\NT\bwprnmon.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ntvdm.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\palmOne\Hotsync.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Documents and Settings\B Gollub\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - f:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Camera Detector] F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.LNK = F:\Program Files\palmOne\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = F:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - F:\Program Files\Belkin Bulldog\upsd.exe[/quote]
-
That's not showing me much, can I see a couple other logs please
Download [color=\"#2E8B57\"]ComboScan[/color] (http://\"http://www.techsupportforum.com/sectools/Deckard/comboscan.exe\") to your Desktop.- Close all applications and windows.
- Double-click on comboscan.exe to run it, and follow the prompts.
- The scan may take a couple of minutes. When the scan is complete, a text file will open - ComboScan.txt
Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)
Post the next logs in your following reply:
- Comboscan.txt
- Supplementary.txt[/b]
Note: By default, both logs are saved too F:\ComboScan folder
You may need more than one reply to post all the info, please do so if required
-
[quote name=\'guestolo\' post=\'305548\' date=\'Mar 24 2007, 11:38 AM\']That's not showing me much, can I see a couple other logs please
Download [color=\"#2E8B57\"]ComboScan[/color] (http://\"http://www.techsupportforum.com/sectools/Deckard/comboscan.exe\") to your Desktop.- Close all applications and windows.
- Double-click on comboscan.exe to run it, and follow the prompts.
- The scan may take a couple of minutes. When the scan is complete, a text file will open - ComboScan.txt
Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)
Post the next logs in your following reply:
- Comboscan.txt
- Supplementary.txt[/b]
Note: By default, both logs are saved too F:\ComboScan folder
You may need more than one reply to post all the info, please do so if required[/quote]
ComboScan v20070306.20 run by B Gollub on 2007-03-24 at 11:03:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created ComboScan Restore Point.
-- Last 5 Restore Point(s) --
66: 2007-03-24 18:03:24 UTC - RP223 - ComboScan Restore Point
65: 2007-03-23 19:05:45 UTC - RP222 - System Checkpoint
64: 2007-03-22 01:43:40 UTC - RP221 - System Checkpoint
63: 2007-03-21 01:24:39 UTC - RP220 - System Checkpoint
62: 2007-03-20 00:24:50 UTC - RP219 - System Checkpoint
-- First Restore Point --
1: 2006-12-27 17:44:34 UTC - RP158 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as B Gollub.exe) --------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:03:41 AM, on 3/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Belkin Bulldog\upsd.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\rundll32.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\BITWARE\NT\bwprnmon.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ntvdm.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\palmOne\Hotsync.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\wuauclt.exe
F:\PROGRA~1\mcafee\msc\mcuimgr.exe
F:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
F:\Documents and Settings\B Gollub\Desktop\comboscan.exe
F:\DOCUME~1\BGOLLU~1\Desktop\B Gollub.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - f:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Camera Detector] F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.LNK = F:\Program Files\palmOne\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = F:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - F:\Program Files\Belkin Bulldog\upsd.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "F:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3R AgereSoftModem (Agere Systems Soft Modem) - F:\WINDOWS\system32\drivers\AGRSM.sys
3R ALCXSENS (Service for WDM 3D Audio Driver) - F:\WINDOWS\system32\drivers\ALCXSENS.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - F:\WINDOWS\system32\drivers\ALCXWDM.SYS
2R Aspi32 - F:\WINDOWS\system32\drivers\ASPI32.SYS
1R eeCtrl (Symantec Eraser Control driver) - F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
1R ewido security suite driver - F:\Program Files\ewido\security suite\guard.sys
3R FETND5BV (VIA Rhine-Family Fast Ethernet Adapter Driver Service) - F:\WINDOWS\system32\drivers\fetnd5bv.sys
3S FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - F:\WINDOWS\system32\drivers\fetnd5.sys
3S FETNDISB (VIA Rhine Family Fast Ethernet Adapter Driver Service) - F:\WINDOWS\system32\drivers\fetnd5b.sys
3R GEARAspiWDM - F:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S GMSIPCI - D:\INSTALL\GMSIPCI.SYS (not found)
3R mfeavfk (McAfee Inc.) - F:\WINDOWS\system32\drivers\mfeavfk.sys
3R mfebopk (McAfee Inc.) - F:\WINDOWS\system32\drivers\mfebopk.sys
3R mfehidk (McAfee Inc.) - F:\WINDOWS\system32\drivers\mfehidk.sys
3S mferkdk (McAfee Inc.) - F:\WINDOWS\system32\drivers\mferkdk.sys
3R mfesmfk (McAfee Inc.) - F:\WINDOWS\system32\drivers\mfesmfk.sys
1R MPFP - F:\WINDOWS\system32\drivers\Mpfp.sys
3R nv - F:\WINDOWS\system32\drivers\nv4_mini.sys
3S PalmUSBD - F:\WINDOWS\system32\drivers\PalmUSBD.sys
3R pfc (Padus ASPI Shell) - F:\WINDOWS\system32\drivers\pfc.sys
3R rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - F:\WINDOWS\system32\drivers\RTL8139.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - F:\WINDOWS\system32\drivers\usbehci.sys
3R usbscan (USB Scanner Driver) - F:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - F:\WINDOWS\system32\drivers\USBSTOR.SYS
0R viaagp1 (VIA AGP Filter) - F:\WINDOWS\system32\drivers\VIAAGP1.SYS
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
3S Adobe LM Service - "F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3S aspnet_state (ASP.NET State Service) - F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R Automatic LiveUpdate Scheduler - "F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
3S Emproxy (McAfee E-mail Proxy) - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
2R ewido security suite control - F:\Program Files\ewido\security suite\ewidoctrl.exe
4S ewido security suite guard - F:\Program Files\ewido\security suite\ewidoguard.exe
3S gusvc (Google Updater Service) - "F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3S IDriverT (InstallDriver Table Manager) - "F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3R iPod Service - "F:\Program Files\iPod\bin\iPodService.exe"
3S LiveUpdate - "F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2R McAfee HackerWatch Service - "F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"
3S mcmispupdmgr (McAfee Update Manager) - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
2R mcmscsvc (McAfee Services) - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
2R McNASvc (McAfee Network Agent) - "f:\program files\common files\mcafee\mna\mcnasvc.exe"
2R McODS (McAfee Scanner) - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
2R mcpromgr (McAfee Protection Manager) - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
2R McRedirector (McAfee Redirector Service) - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
2R McShield (McAfee Real-time Scanner) - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
2R McSysmon (McAfee SystemGuards) - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
2R MpfService (McAfee Personal Firewall Service) - "F:\Program Files\McAfee\MPF\MPFSrv.exe"
2R NVSvc (NVIDIA Display Driver Service) - F:\WINDOWS\System32\nvsvc32.exe
3S SCardDrv (Smart Card Helper) - F:\WINDOWS\System32\SCardSvr.exe
2R UMWdf (Windows User Mode Driver Framework) - F:\WINDOWS\System32\wdfmgr.exe
2R uploadmgr (Upload Manager) - F:\WINDOWS\System32\svchost.exe -k netsvcs
2R UPSlim (UPS - UPSlim Service) - "F:\Program Files\Belkin Bulldog\upsd.exe"
4S Vormde - F:\WINDOWS\System32\drivers\serial.sys
-- Scheduled Tasks -------------------------------------------------------------
2007-03-01 01:00:30 362 --a------ F:\WINDOWS\Tasks\McQcTask.job
2007-02-15 02:02:56 270 --a------ F:\WINDOWS\Tasks\McDefragTask.job<MCDEFR~1.JOB>
-- Files created between 2007-02-24 and 2007-03-24 -----------------------------
2007-03-15 19:07:21 0 d-------- F:\Program Files\Citrix
-- Find3M Report ---------------------------------------------------------------
2007-03-24 11:01:53 0 d-------- F:\Documents and Settings\B Gollub\Application Data\SiteAdvisor<SITEAD~1>
2007-03-24 10:57:12 0 d-------- F:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-24 09:05:39 0 d-------- F:\Program Files\palmOne
2007-03-23 16:54:39 0 d-------- F:\Documents and Settings\B Gollub\Application Data\Adobe
2007-03-23 14:48:16 0 d-------- F:\Documents and Settings\B Gollub\Application Data\Lasersoft Imaging<LASERS~1>
2007-03-23 11:15:11 0 d-------- F:\Program Files\McAfee
2007-02-17 13:17:28 0 d---s---- F:\Documents and Settings\B Gollub\Application Data\Microsoft<MICROS~1>
2007-02-17 13:14:39 0 d-------- F:\Program Files\Common Files\AnswerWorks 4.0<ANSWER~1.0>
2007-02-17 09:38:28 0 d-------- F:\Program Files\ItsDeductible2006<ITSDED~3>
2007-02-17 09:37:13 0 d-------- F:\Program Files\Quicken
2007-02-17 09:33:36 0 d-------- F:\Documents and Settings\B Gollub\Application Data\InstallShield<INSTAL~1>
2007-02-16 06:44:07 0 d-------- F:\Program Files\Google
2007-02-15 07:08:46 0 d-------- F:\Program Files\TurboTax
2007-02-10 22:17:59 0 d-------- F:\Program Files\Common Files\Adobe
2007-02-10 14:03:45 0 d-------- F:\Documents and Settings\B Gollub\Application Data\AdobeUM
2007-02-09 19:53:28 0 d-------- F:\Program Files\SiteAdvisor<SITEAD~1>
2007-02-08 07:25:18 0 d-------- F:\Documents and Settings\B Gollub\Application Data\Google
2007-02-03 07:52:59 0 d-------- F:\Program Files\Common Files\McAfee
2007-02-03 07:52:26 0 d-------- F:\Program Files\McAfee.com
2007-02-03 07:22:38 0 d-------- F:\Program Files\Lavasoft
2007-02-03 06:56:15 0 d-------- F:\Documents and Settings\B Gollub\Application Data\Lavasoft
2007-02-02 23:27:34 0 d-------- F:\Program Files\Symantec
2007-02-02 23:27:34 0 d-------- F:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-01-29 08:20:42 0 d-------- F:\Program Files\SpywareBlaster<SPYWAR~1>
2007-01-27 15:18:27 0 d-------- F:\Program Files\QuickTime<QUICKT~1>
2007-01-27 15:17:06 0 d-------- F:\Program Files\Apple Software Update<APPLES~1>
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"F:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DW4"=""
"updateMgr"="F:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5"
"swg"="F:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE F:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE F:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"Adobe Photo Downloader"="\"F:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"LogonStudio"="\"F:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM"
"SunJavaUpdateSched"="F:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroFilterCheck"="F:\\WINDOWS\\system32\\NeroCheck.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"QuickTime Task"="\"F:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Camera Detector"="F:\\PROGRA~1\\ACDSYS~1\\DEVDET~1\\DEVDET~1.EXE -autorun"
"bwprnmon.exe"="C:\\BITWARE\\NT\\bwprnmon.exe"
"TkBellExe"="\"F:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"F:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTrayItemsDisplay"=hex:01,00,00,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
-- End of ComboScan: finished at 2007-03-24 at 11:04:01 ------------------------
-
Can I see the Supplementary.txt located in the Comboscan folder
Also, what products do you still have installed by Symantec's?
-
[quote name=\'guestolo\' post=\'305584\' date=\'Mar 24 2007, 01:29 PM\']Can I see the Supplementary.txt located in the Comboscan folder
Also, what products do you still have installed by Symantec's?[/quote]
ComboScan v20070306.20 run by B Gollub on 2007-03-24 at 11:03:13
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 511.48 MiB / 263.3 MiB
Pagefile Memory (total/avail): 1250.53 MiB / 1012.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 2006.49 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 12.11 GiB total, 4.55 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 74.55 GiB total, 57.24 GiB free.
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
Windows Internal Firewall is enabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\B Gollub\Application Data
BLASTER=A220 I7 D1 H7 P330 T6
CLASSPATH=.;F:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=BRUCE-KAYLG7MIJ
ComSpec=F:\WINDOWS\system32\cmd.exe
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\B Gollub
LOGONSERVER=\\BRUCE-KAYLG7MIJ
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\Program Files\Internet Explorer;;F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem;F:\Program Files\Sonic\MyDVD;;F:\Program Files\Sonic\MyDVD;F:\Program Files\QuickTime\QTSystem\;C:\BITWARE\;C:\PAGEMGR;c:\bitware
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=F:\Program Files
PROMPT=$P$G
QTJAVA=F:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SBPCI=C:\AUDIOPCI
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\BGOLLU~1\LOCALS~1\Temp
TMP=F:\DOCUME~1\BGOLLU~1\LOCALS~1\Temp
USERDOMAIN=BRUCE-KAYLG7MIJ
USERNAME=B Gollub
USERPROFILE=F:\Documents and Settings\B Gollub
windir=F:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Isis (admin)
B Gollub (admin)
-- Add/Remove Programs ---------------------------------------------------------
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F445476A-42DE-11D4-80D0-00C04F2750A6}\Setup.exe" -u -uninst -fUninst.isu -c"F:\Program Files\Epocrates\Suite\Win32\Win32_Dll\AupdUnInstall.dll"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
ACDSee for PENTAX --> MsiExec.exe /I{EED5156C-4BA8-4105-A506-DB9D00F8B68D}
Adobe Flash Player 9 ActiveX --> F:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe InDesign 2.0.2 --> F:\WINDOWS\ISUNINST.EXE -f"F:\Program Files\Adobe\InDesign 2.0\Uninst.isu" -c"F:\Program Files\Adobe\InDesign 2.0\Uninst.dll"
Adobe Photoshop CS --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop v4.0 --> F:\WINDOWS\uninst.exe -fC:\Adobe\Photoshop\DeIsL1.isu
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe SVG Viewer 3.0 --> F:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fF:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Agere Systems PCI Soft Modem --> agrsmdel
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Autodesk DWF Viewer --> F:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Belkin Bulldog --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{32256A06-DE8F-11D5-B829-004033AA2C09}\Setup.exe" -l0x9
BootSkin --> F:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE F:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
CCleaner (remove only) --> "F:\Program Files\CCleaner\uninst.exe"
CleanUp! --> F:\Program Files\CleanUp!\uninstall.exe
Desktop Weather by The Weather Channel --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Epocrates Essentials --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F445476A-42DE-11D4-80D0-00C04F2750A6}\Setup.exe" -u
EPSON Perf 4870 Reference Guide --> F:\Program Files\epson\guide\perf4870_e\uninstall.exe
EPSON Scan --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\Setup.exe" -l0x9 UNINSTALL
ewido security suite --> F:\Program Files\ewido\security suite\Uninstall.exe
FreeZip --> rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\freezip.inf,Uninstall
Google Earth --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "f:\program files\google\googletoolbar1.dll"
GoToMeeting/GoToWebinar 3.0.0.190 --> F:\Program Files\Citrix\GoToMeeting\190\G2MUninstall.exe /uninstall
HijackThis 1.99.1 --> F:\Documents and Settings\B Gollub\Desktop\HijackThis.exe /uninstall
ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LiveUpdate 3.0 (Symantec Corporation) --> "F:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LogonStudio --> F:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE F:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
McAfee SecurityCenter --> F:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.3) --> F:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.0.7) --> F:\WINDOWS\UninstallThunderbird.exe /ua "1.0.7 (en)"
MSI MSIDVD --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection F:\WINDOWS\INF\msninst.inf,Uninstall
MyDVD --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x9 -L0x9 /SMAINT
Nero OEM --> F:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> F:\WINDOWS\System32\nvudisp.exe UninstallGUI
Palm --> MsiExec.exe /X{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}
PowerDVD --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickBooks Pro 2005 --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2005" ADDREMOVE=1
Quicken 2005 -->
Quicken 2005 --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ShowBiz --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{07295ABF-1245-415A-BE06-863271753443}\setup.exe" -l0x9
SilverFast Epson --> "F:\Program Files\LaserSoft\SilverFast Epson\unins000.exe"
SilverFast SE CD Documentation 6.1.1 --> "F:\Program Files\LaserSoft\unins000.exe"
Spybot - Search & Destroy 1.4 --> "F:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.4 --> "F:\Program Files\SpywareBlaster\unins000.exe"
TurboTax Deluxe 2004 --> F:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "F:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
TurboTax Deluxe 2005 --> F:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "F:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> F:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "F:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Tweak UI --> "F:\WINDOWS\System32\mshta.exe" "res://F:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Weather Services --> F:\WINDOWS\System32\control.exe F:\WINDOWS\System32\wxfw.cpl,4
WebEx --> F:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
WebFldrs XP -->
WexTech AnswerWorks --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
WinZip --> "F:\Program Files\WinZip\WINZIP32.EXE" /uninstall
-- End of ComboScan: finished at 2007-03-24 at 11:04:01 ------------------------
I don't think I have any symantec programs anymore. I uninstalled norton.
Thanks,
Bruce
-
ComboScan v20070306.20 run by B Gollub on 2007-03-24 at 11:03:13
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 511.48 MiB / 263.3 MiB
Pagefile Memory (total/avail): 1250.53 MiB / 1012.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 2006.49 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 12.11 GiB total, 4.55 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 74.55 GiB total, 57.24 GiB free.
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
Windows Internal Firewall is enabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\B Gollub\Application Data
BLASTER=A220 I7 D1 H7 P330 T6
CLASSPATH=.;F:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=BRUCE-KAYLG7MIJ
ComSpec=F:\WINDOWS\system32\cmd.exe
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\B Gollub
LOGONSERVER=\\BRUCE-KAYLG7MIJ
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\Program Files\Internet Explorer;;F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem;F:\Program Files\Sonic\MyDVD;;F:\Program Files\Sonic\MyDVD;F:\Program Files\QuickTime\QTSystem\;C:\BITWARE\;C:\PAGEMGR;c:\bitware
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=F:\Program Files
PROMPT=$P$G
QTJAVA=F:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SBPCI=C:\AUDIOPCI
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\BGOLLU~1\LOCALS~1\Temp
TMP=F:\DOCUME~1\BGOLLU~1\LOCALS~1\Temp
USERDOMAIN=BRUCE-KAYLG7MIJ
USERNAME=B Gollub
USERPROFILE=F:\Documents and Settings\B Gollub
windir=F:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Isis (admin)
B Gollub (admin)
-- Add/Remove Programs ---------------------------------------------------------
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F445476A-42DE-11D4-80D0-00C04F2750A6}\Setup.exe" -u -uninst -fUninst.isu -c"F:\Program Files\Epocrates\Suite\Win32\Win32_Dll\AupdUnInstall.dll"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
ACDSee for PENTAX --> MsiExec.exe /I{EED5156C-4BA8-4105-A506-DB9D00F8B68D}
Adobe Flash Player 9 ActiveX --> F:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe InDesign 2.0.2 --> F:\WINDOWS\ISUNINST.EXE -f"F:\Program Files\Adobe\InDesign 2.0\Uninst.isu" -c"F:\Program Files\Adobe\InDesign 2.0\Uninst.dll"
Adobe Photoshop CS --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop v4.0 --> F:\WINDOWS\uninst.exe -fC:\Adobe\Photoshop\DeIsL1.isu
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe SVG Viewer 3.0 --> F:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fF:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Agere Systems PCI Soft Modem --> agrsmdel
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Autodesk DWF Viewer --> F:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Belkin Bulldog --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{32256A06-DE8F-11D5-B829-004033AA2C09}\Setup.exe" -l0x9
BootSkin --> F:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE F:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
CCleaner (remove only) --> "F:\Program Files\CCleaner\uninst.exe"
CleanUp! --> F:\Program Files\CleanUp!\uninstall.exe
Desktop Weather by The Weather Channel --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Epocrates Essentials --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F445476A-42DE-11D4-80D0-00C04F2750A6}\Setup.exe" -u
EPSON Perf 4870 Reference Guide --> F:\Program Files\epson\guide\perf4870_e\uninstall.exe
EPSON Scan --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\Setup.exe" -l0x9 UNINSTALL
ewido security suite --> F:\Program Files\ewido\security suite\Uninstall.exe
FreeZip --> rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\freezip.inf,Uninstall
Google Earth --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "f:\program files\google\googletoolbar1.dll"
GoToMeeting/GoToWebinar 3.0.0.190 --> F:\Program Files\Citrix\GoToMeeting\190\G2MUninstall.exe /uninstall
HijackThis 1.99.1 --> F:\Documents and Settings\B Gollub\Desktop\HijackThis.exe /uninstall
ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LiveUpdate 3.0 (Symantec Corporation) --> "F:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LogonStudio --> F:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE F:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
McAfee SecurityCenter --> F:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.3) --> F:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.0.7) --> F:\WINDOWS\UninstallThunderbird.exe /ua "1.0.7 (en)"
MSI MSIDVD --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection F:\WINDOWS\INF\msninst.inf,Uninstall
MyDVD --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x9 -L0x9 /SMAINT
Nero OEM --> F:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> F:\WINDOWS\System32\nvudisp.exe UninstallGUI
Palm --> MsiExec.exe /X{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}
PowerDVD --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickBooks Pro 2005 --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2005" ADDREMOVE=1
Quicken 2005 -->
Quicken 2005 --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ShowBiz --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{07295ABF-1245-415A-BE06-863271753443}\setup.exe" -l0x9
SilverFast Epson --> "F:\Program Files\LaserSoft\SilverFast Epson\unins000.exe"
SilverFast SE CD Documentation 6.1.1 --> "F:\Program Files\LaserSoft\unins000.exe"
Spybot - Search & Destroy 1.4 --> "F:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.4 --> "F:\Program Files\SpywareBlaster\unins000.exe"
TurboTax Deluxe 2004 --> F:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "F:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
TurboTax Deluxe 2005 --> F:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "F:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> F:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "F:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Tweak UI --> "F:\WINDOWS\System32\mshta.exe" "res://F:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Weather Services --> F:\WINDOWS\System32\control.exe F:\WINDOWS\System32\wxfw.cpl,4
WebEx --> F:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
WebFldrs XP -->
WexTech AnswerWorks --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
WinZip --> "F:\Program Files\WinZip\WINZIP32.EXE" /uninstall
-- End of ComboScan: finished at 2007-03-24 at 11:04:01 ------------------------
I think this is a more complete file of the combo scan than the first one I submitted
ComboScan v20070306.20 run by B Gollub on 2007-03-24 at 11:03:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created ComboScan Restore Point.
-- Last 5 Restore Point(s) --
66: 2007-03-24 18:03:24 UTC - RP223 - ComboScan Restore Point
65: 2007-03-23 19:05:45 UTC - RP222 - System Checkpoint
64: 2007-03-22 01:43:40 UTC - RP221 - System Checkpoint
63: 2007-03-21 01:24:39 UTC - RP220 - System Checkpoint
62: 2007-03-20 00:24:50 UTC - RP219 - System Checkpoint
-- First Restore Point --
1: 2006-12-27 17:44:34 UTC - RP158 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as B Gollub.exe) --------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:03:41 AM, on 3/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Belkin Bulldog\upsd.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\rundll32.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\BITWARE\NT\bwprnmon.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ntvdm.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\palmOne\Hotsync.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\wuauclt.exe
F:\PROGRA~1\mcafee\msc\mcuimgr.exe
F:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
F:\Documents and Settings\B Gollub\Desktop\comboscan.exe
F:\DOCUME~1\BGOLLU~1\Desktop\B Gollub.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - f:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Camera Detector] F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.LNK = F:\Program Files\palmOne\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = F:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - F:\Program Files\Belkin Bulldog\upsd.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "F:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3R AgereSoftModem (Agere Systems Soft Modem) - F:\WINDOWS\system32\drivers\AGRSM.sys
3R ALCXSENS (Service for WDM 3D Audio Driver) - F:\WINDOWS\system32\drivers\ALCXSENS.SYS
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - F:\WINDOWS\system32\drivers\ALCXWDM.SYS
2R Aspi32 - F:\WINDOWS\system32\drivers\ASPI32.SYS
1R eeCtrl (Symantec Eraser Control driver) - F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
1R ewido security suite driver - F:\Program Files\ewido\security suite\guard.sys
3R FETND5BV (VIA Rhine-Family Fast Ethernet Adapter Driver Service) - F:\WINDOWS\system32\drivers\fetnd5bv.sys
3S FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - F:\WINDOWS\system32\drivers\fetnd5.sys
3S FETNDISB (VIA Rhine Family Fast Ethernet Adapter Driver Service) - F:\WINDOWS\system32\drivers\fetnd5b.sys
3R GEARAspiWDM - F:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3S GMSIPCI - D:\INSTALL\GMSIPCI.SYS (not found)
3R mfeavfk (McAfee Inc.) - F:\WINDOWS\system32\drivers\mfeavfk.sys
3R mfebopk (McAfee Inc.) - F:\WINDOWS\system32\drivers\mfebopk.sys
3R mfehidk (McAfee Inc.) - F:\WINDOWS\system32\drivers\mfehidk.sys
3S mferkdk (McAfee Inc.) - F:\WINDOWS\system32\drivers\mferkdk.sys
3R mfesmfk (McAfee Inc.) - F:\WINDOWS\system32\drivers\mfesmfk.sys
1R MPFP - F:\WINDOWS\system32\drivers\Mpfp.sys
3R nv - F:\WINDOWS\system32\drivers\nv4_mini.sys
3S PalmUSBD - F:\WINDOWS\system32\drivers\PalmUSBD.sys
3R pfc (Padus ASPI Shell) - F:\WINDOWS\system32\drivers\pfc.sys
3R rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - F:\WINDOWS\system32\drivers\RTL8139.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - F:\WINDOWS\system32\drivers\usbehci.sys
3R usbscan (USB Scanner Driver) - F:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - F:\WINDOWS\system32\drivers\USBSTOR.SYS
0R viaagp1 (VIA AGP Filter) - F:\WINDOWS\system32\drivers\VIAAGP1.SYS
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
3S Adobe LM Service - "F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3S aspnet_state (ASP.NET State Service) - F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R Automatic LiveUpdate Scheduler - "F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
3S Emproxy (McAfee E-mail Proxy) - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
2R ewido security suite control - F:\Program Files\ewido\security suite\ewidoctrl.exe
4S ewido security suite guard - F:\Program Files\ewido\security suite\ewidoguard.exe
3S gusvc (Google Updater Service) - "F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3S IDriverT (InstallDriver Table Manager) - "F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3R iPod Service - "F:\Program Files\iPod\bin\iPodService.exe"
3S LiveUpdate - "F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2R McAfee HackerWatch Service - "F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"
3S mcmispupdmgr (McAfee Update Manager) - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
2R mcmscsvc (McAfee Services) - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
2R McNASvc (McAfee Network Agent) - "f:\program files\common files\mcafee\mna\mcnasvc.exe"
2R McODS (McAfee Scanner) - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
2R mcpromgr (McAfee Protection Manager) - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
2R McRedirector (McAfee Redirector Service) - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
2R McShield (McAfee Real-time Scanner) - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
2R McSysmon (McAfee SystemGuards) - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
2R MpfService (McAfee Personal Firewall Service) - "F:\Program Files\McAfee\MPF\MPFSrv.exe"
2R NVSvc (NVIDIA Display Driver Service) - F:\WINDOWS\System32\nvsvc32.exe
3S SCardDrv (Smart Card Helper) - F:\WINDOWS\System32\SCardSvr.exe
2R UMWdf (Windows User Mode Driver Framework) - F:\WINDOWS\System32\wdfmgr.exe
2R uploadmgr (Upload Manager) - F:\WINDOWS\System32\svchost.exe -k netsvcs
2R UPSlim (UPS - UPSlim Service) - "F:\Program Files\Belkin Bulldog\upsd.exe"
4S Vormde - F:\WINDOWS\System32\drivers\serial.sys
-- Scheduled Tasks -------------------------------------------------------------
2007-03-01 01:00:30 362 --a------ F:\WINDOWS\Tasks\McQcTask.job
2007-02-15 02:02:56 270 --a------ F:\WINDOWS\Tasks\McDefragTask.job<MCDEFR~1.JOB>
-- Files created between 2007-02-24 and 2007-03-24 -----------------------------
2007-03-15 19:07:21 0 d-------- F:\Program Files\Citrix
-- Find3M Report ---------------------------------------------------------------
2007-03-24 11:01:53 0 d-------- F:\Documents and Settings\B Gollub\Application Data\SiteAdvisor<SITEAD~1>
2007-03-24 10:57:12 0 d-------- F:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-24 09:05:39 0 d-------- F:\Program Files\palmOne
2007-03-23 16:54:39 0 d-------- F:\Documents and Settings\B Gollub\Application Data\Adobe
2007-03-23 14:48:16 0 d-------- F:\Documents and Settings\B Gollub\Application Data\Lasersoft Imaging<LASERS~1>
2007-03-23 11:15:11 0 d-------- F:\Program Files\McAfee
2007-02-17 13:17:28 0 d---s---- F:\Documents and Settings\B Gollub\Application Data\Microsoft<MICROS~1>
2007-02-17 13:14:39 0 d-------- F:\Program Files\Common Files\AnswerWorks 4.0<ANSWER~1.0>
2007-02-17 09:38:28 0 d-------- F:\Program Files\ItsDeductible2006<ITSDED~3>
2007-02-17 09:37:13 0 d-------- F:\Program Files\Quicken
2007-02-17 09:33:36 0 d-------- F:\Documents and Settings\B Gollub\Application Data\InstallShield<INSTAL~1>
2007-02-16 06:44:07 0 d-------- F:\Program Files\Google
2007-02-15 07:08:46 0 d-------- F:\Program Files\TurboTax
2007-02-10 22:17:59 0 d-------- F:\Program Files\Common Files\Adobe
2007-02-10 14:03:45 0 d-------- F:\Documents and Settings\B Gollub\Application Data\AdobeUM
2007-02-09 19:53:28 0 d-------- F:\Program Files\SiteAdvisor<SITEAD~1>
2007-02-08 07:25:18 0 d-------- F:\Documents and Settings\B Gollub\Application Data\Google
2007-02-03 07:52:59 0 d-------- F:\Program Files\Common Files\McAfee
2007-02-03 07:52:26 0 d-------- F:\Program Files\McAfee.com
2007-02-03 07:22:38 0 d-------- F:\Program Files\Lavasoft
2007-02-03 06:56:15 0 d-------- F:\Documents and Settings\B Gollub\Application Data\Lavasoft
2007-02-02 23:27:34 0 d-------- F:\Program Files\Symantec
2007-02-02 23:27:34 0 d-------- F:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-01-29 08:20:42 0 d-------- F:\Program Files\SpywareBlaster<SPYWAR~1>
2007-01-27 15:18:27 0 d-------- F:\Program Files\QuickTime<QUICKT~1>
2007-01-27 15:17:06 0 d-------- F:\Program Files\Apple Software Update<APPLES~1>
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"F:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DW4"=""
"updateMgr"="F:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5"
"swg"="F:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE F:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE F:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"Adobe Photo Downloader"="\"F:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"LogonStudio"="\"F:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM"
"SunJavaUpdateSched"="F:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroFilterCheck"="F:\\WINDOWS\\system32\\NeroCheck.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"QuickTime Task"="\"F:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Camera Detector"="F:\\PROGRA~1\\ACDSYS~1\\DEVDET~1\\DEVDET~1.EXE -autorun"
"bwprnmon.exe"="C:\\BITWARE\\NT\\bwprnmon.exe"
"TkBellExe"="\"F:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"F:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTrayItemsDisplay"=hex:01,00,00,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
-- End of ComboScan: finished at 2007-03-24 at 11:04:01 ------------------------
I don't think I have any symantec programs anymore. I uninstalled norton.
Thanks,
Bruce
-
Access your add/remove programs and remove LiveUpdate
If you have no other Symantec programs installed
Also, remove J2SE Runtime Environment 5.0 Update 6
<- we'll update this in a bit for security reasons, close down ALL open browser windows before you remove it please
Finally, remove ewido security suite
We'll update this also to the latest version
Reboot your computer
Back in Windows
Let's do some cleaning
==Download [color=\"#FF0000\"]AVG Anti-Spyware 7.5[/color] (http://\"http://www.ewido.net/en/download/\")- Save the installer to desktop
- Double click the installer, select your language, and then select "OK"
- Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
- AVG will now install and afterwards click FINISH
- AVG Anti-Spyware 7.5 should now Load
- Click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Click on the Scanner tab at the top
- Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
"Only if Threats are found" IS NOT selected
CLOSE AVG-Antispyware for now, as we will need it later
An AVG icon will be placed in your system tray next to your clock, can you right on it and uncheck
"Resident Shield" , "Automatic updates" and "Start with Windows"
Reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
============================================
You have both CCleaner and CleanUp! installed, run them both please, cleaning temp files, etc.....
Load AVG Anti-Spyware 7.5- Click on the Scanner tab at the top
- Cick on Complete System Scan.
This scan can take a while to run, let it run uninterrupted
- When the scan is complete it will list any infections found on the left hand side.
- Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file (like on the Desktop).
I will need to see this log later
Restart the computer back to Normal windows
[color=\"blue\"]Updating Java:[/color]- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Enviroinment (JRE) 6, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement[/i]".
- The page will refresh.
- Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (12.6 MB).
Install the latest version of Java from the installer on desktop
Post back the following
1. Post a fresh hijackthis log
2. Post the Whole report from AVG-Antispyware
-
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:07:45 PM 3/28/2007
+ Scan result:
C:\System Volume Information\_restore{098508FA-C014-4CB2-B5E3-55F2752196B3}\RP218\A0055720.EXE -> Adware.BrilliantDigital : Cleaned.
C:\System Volume Information\_restore{098508FA-C014-4CB2-B5E3-55F2752196B3}\RP218\A0055721.exe -> Adware.BrilliantDigital : Cleaned.
:mozilla.100:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bruce\Application Data\Mozilla\Firefox\Profiles\e3u3zna4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bruce\Application Data\Mozilla\Firefox\Profiles\e3u3zna4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.102:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bruce\Application Data\Mozilla\Firefox\Profiles\e3u3zna4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.103:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bruce\Application Data\Mozilla\Firefox\Profiles\e3u3zna4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bruce\Application Data\Mozilla\Firefox\Profiles\e3u3zna4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.268:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bgollub\Application Data\Mozilla\Firefox\Profiles\migtc6nv.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.28:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bruce\Application Data\Mozilla\Firefox\Profiles\e3u3zna4.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.48:C:\WINDOWS\Application Data\Mozilla\Profiles\bgollub\jhaehmkd.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\WINDOWS.001\Cookies\bruce gollup@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.180:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bgollub\Application Data\Mozilla\Firefox\Profiles\migtc6nv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.181:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bgollub\Application Data\Mozilla\Firefox\Profiles\migtc6nv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.182:F:\Documents and Settings\All Users\Documents\Backup\Docs\Bgollub\Application Data\Mozilla\Firefox\Profiles\migtc6nv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
F:\Program Files\eMedia Codec -> Trojan.Small : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 7:15:57 PM, on 3/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Belkin Bulldog\upsd.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\WINDOWS\System32\rundll32.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\BITWARE\NT\bwprnmon.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ntvdm.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\Program Files\palmOne\Hotsync.exe
F:\PROGRA~1\mcafee\msc\mcuimgr.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
F:\WINDOWS\System32\msiexec.exe
F:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
F:\Documents and Settings\B Gollub\Desktop\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - f:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Camera Detector] F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.LNK = F:\Program Files\palmOne\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = F:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - F:\Program Files\Belkin Bulldog\upsd.exe
sometimes the computer just shuts down randomly, sometimes it locks up when trying to shut it down. I also get the message onlookup failed 55 1 when using mozilla.
Thanks,
Bruce
-
Can you do the following
Download [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Please reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
In your case it may be F:\rapport.txt
[color=\"green\"]NOTE:running option #2 will remove your Desktop background, you will have to replace it in the Display options found in Control panel[/color].
Post a fresh hijackthis log and the log from Smitfraudfix
Also, Can you right click on MyComputer icon and select Properties>>Advanced tab
Select Settings under Startup and Recovery
Uncheck "Automatically Restart" under System Failure if it is checked
Ok out of there
There is a chance then that may the computer will blue screen and you can note the results on the screen
Then manually restart the computer
Post the results, if any
I also get the message onlookup failed 55 1 when using mozilla.
This may be caused by and extension you have installed, if the problem persists
Can you do the following
Go to START>>RUN
Copy>paste to the open field
firefox -safe-mode
DON'T hit OK yet
Close all open Firefox windows then hit OK
This will open firefox in a safe mode state
See if the problem persists
-
[quote name=\'guestolo\' post=\'307128\' date=\'Mar 29 2007, 10:37 AM\']Can you do the following
Download [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
Please reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
In your case it may be F:\rapport.txt
[color=\"green\"]NOTE:running option #2 will remove your Desktop background, you will have to replace it in the Display options found in Control panel[/color].
Post a fresh hijackthis log and the log from Smitfraudfix
Also, Can you right click on MyComputer icon and select Properties>>Advanced tab
Select Settings under Startup and Recovery
Uncheck "Automatically Restart" under System Failure if it is checked
Ok out of there
There is a chance then that may the computer will blue screen and you can note the results on the screen
Then manually restart the computer
Post the results, if any
This may be caused by and extension you have installed, if the problem persists
Can you do the following
Go to START>>RUN
Copy>paste to the open field
firefox -safe-mode
DON'T hit OK yet
Close all open Firefox windows then hit OK
This will open firefox in a safe mode state
See if the problem persists[/quote]
Logfile of HijackThis v1.99.1
Scan saved at 6:24:51 PM, on 3/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Belkin Bulldog\upsd.exe
F:\WINDOWS\System32\rundll32.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\BITWARE\NT\bwprnmon.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ntvdm.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\palmOne\Hotsync.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\WINDOWS\System32\wuauclt.exe
F:\PROGRA~1\mcafee\msc\mcuimgr.exe
F:\Documents and Settings\B Gollub\Desktop\hijackthis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - f:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Camera Detector] F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.LNK = F:\Program Files\palmOne\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = F:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - F:\Program Files\Belkin Bulldog\upsd.exe
SmitFraudFix v2.161
Scan done at 18:14:49.48, Sat 03/31/2007
Run from F:\Documents and Settings\B Gollub\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
F:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BB8AEAC6-11FB-4265-8740-9F54DEBABCA7}: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BB8AEAC6-11FB-4265-8740-9F54DEBABCA7}: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BB8AEAC6-11FB-4265-8740-9F54DEBABCA7}: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=66.82.4.8
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
-
[quote name=\'geb\' post=\'308004\' date=\'Mar 31 2007, 07:32 PM\']Logfile of HijackThis v1.99.1
Scan saved at 6:24:51 PM, on 3/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Belkin Bulldog\upsd.exe
F:\WINDOWS\System32\rundll32.exe
F:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\AGRSMMSG.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\BITWARE\NT\bwprnmon.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ntvdm.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\Program Files\palmOne\Hotsync.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\WINDOWS\System32\wuauclt.exe
F:\PROGRA~1\mcafee\msc\mcuimgr.exe
F:\Documents and Settings\B Gollub\Desktop\hijackthis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - f:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Camera Detector] F:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.LNK = F:\Program Files\palmOne\Hotsync.exe
O4 - Startup: palmOne Registration.lnk = F:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - F:\Program Files\Belkin Bulldog\upsd.exe
SmitFraudFix v2.161
Scan done at 18:14:49.48, Sat 03/31/2007
Run from F:\Documents and Settings\B Gollub\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
F:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BB8AEAC6-11FB-4265-8740-9F54DEBABCA7}: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BB8AEAC6-11FB-4265-8740-9F54DEBABCA7}: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BB8AEAC6-11FB-4265-8740-9F54DEBABCA7}: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.82.4.8
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=66.82.4.8
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End[/quote]
Safe mode of firefox does not cause the problem. It runs smoothly.
-
Safe mode of firefox does not cause the problem. It runs smoothly.
That somewhat narrows it down
What addons (extensions) and/or themes do you have installed
Are they all updated
In Firefox>>go to HELP>>Check for updates
Also, in Firefox, go to Tools>Addons>Check for updates
By trial and error, uninstall one at a time and see which is causing the problem
My guess. If you have the McAfee SiteAdvisor addon installed, remove it first
Restart the browser then go from there
-
[quote name=\'guestolo\' post=\'308051\' date=\'Mar 31 2007, 08:33 PM\']That somewhat narrows it down
What addons (extensions) and/or themes do you have installed
Are they all updated
In Firefox>>go to HELP>>Check for updates
Also, in Firefox, go to Tools>Addons>Check for updates
By trial and error, uninstall one at a time and see which is causing the problem
My guess. If you have the McAfee SiteAdvisor addon installed, remove it first
Restart the browser then go from there[/quote]
-
After disabling the site advisor the problem stopped. Does that mean the site advisor is not compatable with Firefox?
The computer seems to be working better. Was the problem the trojan virus or something else? Is there anyway I can reduce the # of programs that start up and run in the backround when the computer boots up? It takes a long time for this to happen. How do I know which of the processes running in task manager are essential?
-
[quote name=\'geb\' post=\'309787\' date=\'Apr 4 2007, 07:38 AM\']After disabling the site advisor the problem stopped. Does that mean the site advisor is not compatable with Firefox?
The computer seems to be working better. Was the problem the trojan virus or something else? Is there anyway I can reduce the # of programs that start up and run in the backround when the computer boots up? It takes a long time for this to happen. How do I know which of the processes running in task manager are essential?[/quote]
After my last note the computer has been repeatedly shutting down unexpectedly. The last time I got a blue screen with the following note;
IRQL_NOT_LESS_OR_EQUAL
STOP OXOOOOOOOA (OX8A3049EC,0X00000002, OXOOOOOOO1, 0X804E350B
any ideas?
-
Can you do the following, instead of the computer restarting, it may hold the blue screen and you may notice a file name related too the above error message you have
1. Right click "My Computer" and select "Properties"
2. Select the "Advanced" tab
3. Under "Startup and Recovery" click the "Settings" button (the third of the three "Settings" buttons) --> A new window pops up
4. In the window that has just popped up, uncheck (turn off) "Automatically restart" under "System Failure"
5. Click "Ok" to close the window and then click "Ok" again to close the Properties panel for My Computer.
-
[quote name=\'guestolo\' post=\'310739\' date=\'Apr 6 2007, 08:34 PM\']Can you do the following, instead of the computer restarting, it may hold the blue screen and you may notice a file name related too the above error message you have
1. Right click "My Computer" and select "Properties"
2. Select the "Advanced" tab
3. Under "Startup and Recovery" click the "Settings" button (the third of the three "Settings" buttons) --> A new window pops up
4. In the window that has just popped up, uncheck (turn off) "Automatically restart" under "System Failure"
5. Click "Ok" to close the window and then click "Ok" again to close the Properties panel for My Computer.[/quote]
The computer was already set this way. You had me do this from a previous post. The computer seems to run very slowly. It has crashed several times when just doing a search for files. I get the feeling that it is worse when running several applications, as if the memory is overloaded. I defragmented the hard drive.
-
So is that the whole exact error message you are getting???
Anything you may be missing?
Like a file relation?
I'll try to post back when I can, but I'm on a couple week holiday and only have Internet access when I have wifi access
-
[quote name=\'guestolo\' post=\'310786\' date=\'Apr 6 2007, 11:18 PM\']So is that the whole exact error message you are getting???
Anything you may be missing?
Like a file relation?
I'll try to post back when I can, but I'm on a couple week holiday and only have Internet access when I have wifi access[/quote]
Stop ox00000083 (oxc0000005, oxbf80808c, oxb886b8nc, ox00000000)
win32k.sys-address bf80808c base at bf800000, datestamp 4341dcff
That is the entire message
-
[quote name=\'guestolo\' post=\'310786\' date=\'Apr 6 2007, 11:18 PM\']So is that the whole exact error message you are getting???
Anything you may be missing?
Like a file relation?
I'll try to post back when I can, but I'm on a couple week holiday and only have Internet access when I have wifi access[/quote]
stop ox0000008e (oxc0000005, oxbf80808c, oxb886b81nc, ox00000000
win32k.sys- address bf80808c base at bf800000, date stamp 4341dcff
That's the whole message, thanks.
-
Have you checked manufacturers website for all updated drivers for your computer
This includes video drivers
I would also check your Ram on your computer with memtest86
Here's the instructions
Go to the following link
http://www.memtest.org/ (http://\"http://www.memtest.org/\")
Select the Download - Pre-Compiled Bootable ISO (.zip)
Unzip the file and burn the ISO image file to CD
Reboot with the CD in the computer
Set bios to boot from CD first
Run the tests......
-
[quote name=\'guestolo\' post=\'311639\' date=\'Apr 8 2007, 10:59 PM\']Have you checked manufacturers website for all updated drivers for your computer
This includes video drivers
I would also check your Ram on your computer with memtest86
Here's the instructions
Go to the following link
http://www.memtest.org/ (http://\"http://www.memtest.org/\")
Select the Download - Pre-Compiled Bootable ISO (.zip)
Unzip the file and burn the ISO image file to CD
Reboot with the CD in the computer
Set bios to boot from CD first
Run the tests......[/quote]
I'm having trouble getting the computer to boot from the cd. I burned the iso file to a cd. I checked the bios setting and it is set to boot from the cd rw first, but it still just goes through the normal process of loading windows. My computer was custom built but it has an AMD Athlon processor, is that the site I need to go to to get the drivers/
Thanks
-
Did you unzip the file?
Did you burn it as an image file?
I suggest that you use a CDRW disk, if you have one, so you can just erase it if something goes wrong
ensure that you finalize it
-
[quote name=\'guestolo\' post=\'316065\' date=\'Apr 18 2007, 11:59 AM\']Did you unzip the file?
Did you burn it as an image file?
I suggest that you use a CDRW disk, if you have one, so you can just erase it if something goes wrong
ensure that you finalize it[/quote]
I have been away for the last week. Thanks for your patience.
I did unzip the file, but don't know how to burn it as an image file. I just copied it to a cdrw cd using the windows utility.
Thanks
-
Can you download and install
[color=\"#0000FF\"]burnatonce[/color] (http://\"http://dl3.afterdawn.com/bao0995.exe\")
Start Burnatonce, put a blank CD into the drive
In burnatonce, select Setting>>Device Settings, this will show you the options
Ensure the speed of write is correct, you can lower it a bit to ensure a good burn
Afterwards, click on FILE>>New Image
Navigate to Memtest86+-1.70.iso
and double click on it to Select it
Then click on the WRITE button again
Let it complete the burn process
Try starting the computer with the CD in
Let in run the complete 9 passes
Do you get any red errors?
-
[quote name=\'guestolo\' post=\'321070\' date=\'Apr 30 2007, 06:14 PM\']Can you download and install
[color=\"#0000FF\"]burnatonce[/color] (http://\"http://dl3.afterdawn.com/bao0995.exe\")
Start Burnatonce, put a blank CD into the drive
In burnatonce, select Setting>>Device Settings, this will show you the options
Ensure the speed of write is correct, you can lower it a bit to ensure a good burn
Afterwards, click on FILE>>New Image
Navigate to Memtest86+-1.70.iso
and double click on it to Select it
Then click on the WRITE button again
Let it complete the burn process
Try starting the computer with the CD in
Let in run the complete 9 passes
Do you get any red errors?[/quote]
I tried it 3 times. Each time the computer crashed....beeping sound from the computer, no fan running anymore from the cpu, no screen input. It seemed to crash on the 7th pass at least 2 of the times.
Thanks
-
So when the test hits Pass 7 you run into troubles?
It sounds like Memory problems, how many sticks of RAM do you have installed in this computer?
Can you trouble shoot it yourself?
I would opt to remove a stick, if you can, run the memtest again
Determine if one stick is the problem, again, I don't know your specs????
-
[quote name=\'guestolo\' post=\'321376\' date=\'May 1 2007, 10:04 PM\']So when the test hits Pass 7 you run into troubles?
It sounds like Memory problems, how many sticks of RAM do you have installed in this computer?
Can you trouble shoot it yourself?
I would opt to remove a stick, if you can, run the memtest again
Determine if one stick is the problem, again, I don't know your specs????[/quote]
AMD sempiron 2600 cpu
msi kt4av motherboard
256 MB pc3200 memory
upgrade to 512 MB memory
80- gb hd
geoforce 4mx4000 64 mb video card
windows xp pro
It seems to do ok until pass 7
do the memory sticks just plug into the motherboard?
-
So i take it that you have 2 sticks of 256 mb Ram in your computer
It is a fairly easy job removing Ram from computer, but you still have to be careful not to do damaga
Here's some guidelines
http://www.worldstart.com/tips/tips.php/1224 (http://\"http://www.worldstart.com/tips/tips.php/1224\")
Take note: before getting your hand into the box, I like to touch the chassis first
The bare metal of the box
-
Problems appear resolved, I'll lock this topic