TheTechGuide Forum

General Category => Tech Clinic => Topic started by: mickapoo on January 31, 2008, 03:13:18 PM

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on January 31, 2008, 03:13:18 PM

First of all my computer is entirely messed up. I keep hearing clicks in the backround and my IE keeps shutting down. I also have a zillion pop ups. After IE closed, I got this msg
Encountered a problem with an add on and need to close
Ad on: PPCtoolbar.dll

I then wen online to see how to take care of this. It said to delete scamgrd.dll but when I tried I got the msg that "access is denied".


Here is my hijackThis log:
I Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:17 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\RGFuaWVsIFdpbGtlcnNvbg\command.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\444942494C4646.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\limewire\limewire.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Security Task Manager\taskman.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis2.0.2\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search (http://\"http://home.peoplepc.com/search\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search (http://\"http://home.peoplepc.com/search\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [A6ABA4ABAEA8A8AB] 444942494C4646.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [RemoveInstallPath] cmd.exe C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q "C:\PROGRA~1\Insider" > nul
O4 - HKLM\..\RunOnce: [PPCInst6.330] C:\WINDOWS\system32\unPPC6000.EXE ppcremovefiles
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (http://\"http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (http://\"https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab\")
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (http://\"http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab\")
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab (http://\"http://photos.walmart.com/WalmartActivia.cab\")
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab\")
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab (http://\"https://webdl.symantec.com/activex/symdlmgr.cab\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab (http://\"http://offers.e-centives.com/cif/download/bin/actxcab.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab (http://\"http://chat.msn.com/controls/msnchat45.cab\")
O21 - SSODL: Basobcon - {6443B4D6-1730-4356-8A69-C2B1A24A0FCC} - C:\WINDOWS\system32\logapzip.dll
O23 - Service: Acronis Remote Agent (AcronisAgent) - Unknown owner - C:\Program Files\Common Files\Acronis\Agent\agent.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\apache2054\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFuaWVsIFdpbGtlcnNvbg\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\diwuowuani.html

--
End of file - 13667 bytes


Thank you for any help.

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on January 31, 2008, 04:55:33 PM

Ok, since the previous post I got two more "IE has encountered a problem with an add-on" error messages. One said:
Add on Name: vicypu455101.dll
Description: (same)

and then another one:
Add on name: VICYPU83122.dll

Both times it tells me IE needs to close and just shuts down.

I ran Combofix and this is the log:
ComboFix 08-02.01.1 - Evelyn Wilkerson 2008-01-31 16:17:01.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.681 [GMT -5:00]
Running from: C:\Documents and Settings\Evelyn Wilkerson\Desktop\ComboFix.exe
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\tuvtrpq.dll
C:\Documents and Settings\Evelyn Wilkerson\g2mdlhlpx.exe
C:\Program Files\Insider
C:\Program Files\Internet Explorer\diwuowuani.html
C:\Program Files\Internet Explorer\zynijety.dll
C:\Program Files\Internet Explorer\zynijety666.dll
C:\Program Files\Internet Explorer\zynijety919.dll
C:\Program Files\microsoft frontpage\vicypu4444.dll
C:\Program Files\microsoft frontpage\vicypu455101.dll
C:\Program Files\microsoft frontpage\vicypu83122.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b104.exe
C:\WINDOWS\b116.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\icroso~1.net
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\RGFuaWVsIFdpbGtlcnNvbg\
C:\WINDOWS\RGFuaWVsIFdpbGtlcnNvbg\\asappsrv.dll
C:\WINDOWS\RGFuaWVsIFdpbGtlcnNvbg\\command.exe
C:\WINDOWS\RGFuaWVsIFdpbGtlcnNvbg\\l3IRuqpPKIxDv3Q5wBhSv0.vbs
C:\WINDOWS\RGFuaWVsIFdpbGtlcnNvbg\command.exe
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\cssrss.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\tuvtrpq.dll
C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\vvvwa.ini2
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\wbun.exe
C:\WINDOWS\Fonts\'

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService


(((((((((((((((((((((((((   Files Created from 2008-01-01 to 2008-02-01  )))))))))))))))))))))))))))))))
.

2008-01-31 15:45 . 2008-01-31 15:45   27,648   --a------   C:\Documents and Settings\Evelyn Wilkerson\~.exe
2008-01-31 15:45 . 2008-01-31 15:43   14,336   --a------   C:\Documents and Settings\Evelyn Wilkerson\Application Data\hrkip.exe
2008-01-31 15:45 . 2008-01-31 15:45   4,928   --a------   C:\WINDOWS\system32\4qZTmI.syz
2008-01-31 15:43 . 2008-01-31 15:43   14,336   --a------   C:\EfVI.exe
2008-01-31 15:09 . 2008-01-31 15:10   <DIR>   d--------   C:\Program Files\HijackThis2.0.2
2008-01-31 14:56 . 2008-01-31 15:21   <DIR>   d--------   C:\Program Files\Security Task Manager
2008-01-31 14:56 . 2008-01-31 15:04   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-31 14:26 . 2008-01-31 14:26   <DIR>   d--------   C:\Documents and Settings\NetworkService\Application Data\ScamGuard
2008-01-31 13:31 . 2008-01-31 13:31   4,286   --a------   C:\WINDOWS\system32\everybodybets.32x32.4.ico
2008-01-31 13:23 . 2008-01-31 13:23   <DIR>   d--------   C:\WINDOWS\system32\3C413A41443E3E
2008-01-31 13:23 . 2007-12-14 07:40   120,832   --a------   C:\WINDOWS\system32\444942494C4646.exe
2008-01-31 13:15 . 2008-01-31 13:16   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\ScamGuard
2008-01-31 13:12 . 2008-01-31 13:12   147,456   --a------   C:\WINDOWS\system32\vbzip10.dll
2008-01-31 13:09 . 2008-01-31 13:09   <DIR>   d--------   C:\WINDOWS\system32\tip4
2008-01-31 13:09 . 2008-01-31 13:37   <DIR>   d--------   C:\WINDOWS\system32\rom1
2008-01-31 13:09 . 2008-01-31 13:09   <DIR>   d--------   C:\WINDOWS\system32\nGpxx18
2008-01-31 13:09 . 2008-01-31 13:09   <DIR>   d--------   C:\WINDOWS\system32\lis6
2008-01-31 13:09 . 2008-01-31 13:09   <DIR>   d--------   C:\WINDOWS\system32\kps5
2008-01-31 13:09 . 2008-01-31 13:09   <DIR>   d--------   C:\Temp\gTiis19
2008-01-31 13:09 . 2008-01-31 13:09   <DIR>   d--------   C:\Temp\cXzz9
2008-01-31 13:07 . 2008-01-31 13:54   <DIR>   d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-31 12:54 . 2008-01-31 12:55   <DIR>   d--------   C:\Program Files\Macromedia
2008-01-31 12:54 . 2008-01-31 12:57   <DIR>   d--------   C:\Program Files\Common Files\Macromedia
2008-01-09 03:01 . 2008-01-09 03:01   1,355   --a------   C:\WINDOWS\imsins.BAK
2008-01-03 08:15 . 2008-01-03 08:15   <DIR>   d--------   C:\Program Files\Lexmark_6200 Series
2008-01-03 08:14 . 2008-01-03 08:15   <DIR>   d--------   C:\Program Files\Lexmark 6200 Series
2008-01-03 08:14 . 2008-01-03 08:14   <DIR>   d--------   C:\lxk6200
2008-01-01 08:53 . 2008-01-01 08:53   268   --ah-----   C:\sqmdata19.sqm
2008-01-01 08:53 . 2008-01-01 08:53   244   --ah-----   C:\sqmnoopt19.sqm

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 21:53   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-01-31 20:45   27,648   ----a-w   C:\Documents and Settings\Evelyn Wilkerson\~.exe
2008-01-31 20:01   ---------   d-----w   C:\Program Files\PeoplePC
2008-01-31 19:00   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-31 19:00   ---------   d-----w   C:\Program Files\Canon
2008-01-31 18:59   ---------   d-----w   C:\Documents and Settings\Evelyn Wilkerson\Application Data\LimeWire
2008-01-31 18:54   ---------   d-----w   C:\Documents and Settings\Evelyn Wilkerson\Application Data\AdobeUM
2008-01-31 18:19   10   ----a-w   C:\Program Files\.autoreg
2008-01-08 16:11   ---------   d-----w   C:\Documents and Settings\Evelyn Wilkerson\Application Data\CoreFTP
2008-01-03 20:19   ---------   d-----w   C:\Program Files\Lx_cats
2008-01-01 13:59   ---------   d-----w   C:\Program Files\HP
2007-12-22 00:42   ---------   d-----w   C:\Program Files\Java
2007-12-21 21:21   ---------   d-----w   C:\Program Files\7-Zip
2007-12-19 12:45   ---------   d-----w   C:\Program Files\SendBlaster
2007-12-19 12:41   ---------   d-----w   C:\Program Files\Easy Internet signup
2007-12-19 12:39   ---------   d-----w   C:\Program Files\Cabinet Planner
2007-12-19 12:38   ---------   d-----w   C:\Program Files\Common Files\AVSMedia
2007-12-17 01:06   ---------   d-----w   C:\Program Files\SurfOffline
2007-12-17 00:49   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-08 02:55   ---------   d-----w   C:\Documents and Settings\Evelyn Wilkerson\Application Data\U3
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 22:02 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 17:16 4670968]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"A6ABA4ABAEA8A8AB"="444942494C4646.exe" [2007-12-14 07:40 120832 C:\WINDOWS\system32\444942494C4646.exe]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01 110592]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 16:48 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 11:27 860160]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-25 10:09 98304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-04 15:38 286720]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 04:03 155648]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 12:36 790528]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 03:59 126976]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 13:11 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 19:28 213054]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 06:20 88363 C:\WINDOWS\AGRSMMSG.exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 00:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 00:13 774168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 09:35 196608]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 12:24 61440]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 15:03 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 22:02 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-05-09 23:44 441120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-02-16 18:51:28 25214]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-15 07:00:10 113664]
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe [2006-05-29 18:08:54 98304]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Basobcon"= {6443B4D6-1730-4356-8A69-C2B1A24A0FCC} - C:\WINDOWS\system32\logapzip.dll [2006-07-05 05:55 827392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido anti-spyware 4.0 guard"=2 (0x2)

R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 07:40]
S2 AcronisAgent;Acronis Remote Agent;"C:\Program Files\Common Files\Acronis\Agent\agent.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1ad91db-4d23-11dc-8842-000ae4d008ea}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-02-01 16:53:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????? ????|?`???? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\logapzip.dll
-> C:\WINDOWS\system32\engegpat.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\444942494C4646.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-02-01 16:57:20 - machine was rebooted
ComboFix-quarantined-files.txt  2008-02-01 21:57:15
ComboFix2.txt  2006-10-29 13:30:06
ComboFix3.txt  2006-10-29 13:27:24
.
2008-01-09 08:02:54   --- E O F ---  


Thanks again.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on January 31, 2008, 08:01:00 PM

That's cleaned some files
But I suggest that you still do the following

Download Dr.Web CureIt to the desktop from this link
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")

Double click to run Dr.Web-cureit.exe from desktop

• Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, Click Options > Change settings
  
• Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
• Back at the main window, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
  
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found: (http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif)
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  (http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif)
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
• Reboot your computer

Afterwards, Post back all the following

1. Post a fresh hijackthis log
2. Post the report from Dr.Web Cureit

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 03, 2008, 08:19:02 AM

Thanks for the help. A good majority of the problems seem to be cleared up, except when the computer is idle for a while, I get a bunch of pop ups for "market update network". Also, I'm hearing a lot of "clicks" going on in the background. Anyway, here are my logs after running Web Cureit and rebooting:

HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:26 AM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\444942494C4646.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\HijackThis2.0.2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [A6ABA4ABAEA8A8AB] 444942494C4646.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (http://\"http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (http://\"https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab\")
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (http://\"http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab\")
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab (http://\"http://photos.walmart.com/WalmartActivia.cab\")
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab\")
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab (http://\"https://webdl.symantec.com/activex/symdlmgr.cab\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab (http://\"http://offers.e-centives.com/cif/download/bin/actxcab.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab (http://\"http://chat.msn.com/controls/msnchat45.cab\")
O21 - SSODL: Basobcon - {6443B4D6-1730-4356-8A69-C2B1A24A0FCC} - C:\WINDOWS\system32\logapzip.dll
O23 - Service: Acronis Remote Agent (AcronisAgent) - Unknown owner - C:\Program Files\Common Files\Acronis\Agent\agent.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\apache2054\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 13219 bytes


Dr. Web Cureit

103E510A.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.35328;Deleted.;
19E46187.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.DownLoader.3132;Deleted.;
5AD30D69.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.Valhala.2048;Cured.;
66B13C12.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.FakeSetup;Deleted.;
6FC25816.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.FakeSetup;Deleted.;
71B04F6A.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.FakeSetup;Deleted.;
73105274.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Trojan.FakeSetup;Deleted.;
zynijety.dll.vir;C:\QooBox\Quarantine\C\Program Files\Internet Explorer;Trojan.StartPage.19992;Deleted.;
zynijety666.dll.vir;C:\QooBox\Quarantine\C\Program Files\Internet Explorer;Trojan.StartPage.19992;Deleted.;
zynijety919.dll.vir;C:\QooBox\Quarantine\C\Program Files\Internet Explorer;Trojan.StartPage.19992;Deleted.;
vicypu4444.dll.vir;C:\QooBox\Quarantine\C\Program Files\microsoft frontpage;Adware.Ttc;Moved.;
vicypu455101.dll.vir;C:\QooBox\Quarantine\C\Program Files\microsoft frontpage;Adware.Ttc;Moved.;
vicypu83122.dll.vir;C:\QooBox\Quarantine\C\Program Files\microsoft frontpage;Adware.Ttc;Moved.;
b116.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.MulDrop.9222;Deleted.;
mrofinu1000106.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.DownLoader.45546;Deleted.;
mrofinu1188.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.DownLoader.45546;Deleted.;
tk58.exe.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.StartPage.19993;Deleted.;
A0170715.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP875;Adware.Ttc;Moved.;
MFEX-1.DAT;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP875\snapshot;Adware.Ttc;Moved.;
A0171563.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP877;Trojan.Insider;Deleted.;
A0171566.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP877;Trojan.Rond.origin;Incurable.Moved.;
A0171568.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP877;Adware.MediaTicket.origin;Moved.;
A0171569.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP877;Adware.ClickSpring.origin;Moved.;
A0171572.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP877;Adware.ClickSpring - read error;;
A0171576.exe\data002;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP877\A0171576.exe;Adware.MediaTicket.origin;;
A0171576.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP877;Archive contains infected objects;Moved.;
A0171603.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP877;Trojan.StartPage.19993;Deleted.;
MFEX-1.DAT;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP878\snapshot;Adware.Ttc;Moved.;
MFEX-1.DAT;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP879\snapshot;Adware.Ttc;Moved.;
MFEX-1.DAT;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP880\snapshot;Adware.Ttc;Moved.;
A0171693.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Trojan.DownLoader.45546;Deleted.;
A0171694.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Trojan.DownLoader.45546;Deleted.;
A0171696.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Trojan.MulDrop.9222;Deleted.;
A0171700.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Trojan.StartPage.19992;Deleted.;
A0171701.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Trojan.StartPage.19992;Deleted.;
A0171702.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Trojan.StartPage.19992;Deleted.;
A0171703.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Adware.Ttc;Moved.;
A0171704.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Adware.Ttc;Moved.;
A0171705.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Adware.Ttc;Moved.;
A0171712.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Trojan.StartPage.19993;Deleted.;
A0171718.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Trojan.Virtumod.268;Deleted.;
A0171719.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Trojan.Virtumod.240;Deleted.;
A0171731.dll;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881;Adware.Ttc;Moved.;
MFEX-1.DAT;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP881\snapshot;Adware.Ttc;Moved.;
A0171833.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP884;Trojan.DownLoader.5013;Deleted.;
A0171848.scr;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP884;Win32.HLLM.Netsky.35328;Deleted.;
A0171849.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP884;Trojan.DownLoader.3132;Deleted.;
A0171850.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP884;Win32.Valhala.2048;Cured.;
A0171851.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP884;Trojan.FakeSetup;Deleted.;
A0171852.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP884;Trojan.FakeSetup;Deleted.;
A0171853.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP884;Trojan.FakeSetup;Deleted.;
A0171854.exe;C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP884;Trojan.FakeSetup;Deleted.;
Process.exe;C:\techGuide\SmitfraudFix\SmitfraudFix;Tool.Prockill;Moved.;
restart.exe;C:\techGuide\SmitfraudFix\SmitfraudFix;Tool.ShutDown.11;Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Moved.;
nGpxx182328.exe;C:\WINDOWS\system32\nGpxx18;Trojan.DownLoader.24715;Deleted.;

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 03, 2008, 02:46:43 PM

We still have some cleaning to do
Can you do the following for me and scan a few files

go to this link

http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Copy and paste a few of those files, one at a time to the Upload a File
As eg.. copy>>paste this
C:\WINDOWS\system32\logapzip.dll

Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please

Do the same for the next ones please
C:\WINDOWS\system32\engegpat.dll
Then this next one
C:\Documents and Settings\Evelyn Wilkerson\~.exe

Also can you let me know if ACRONIS is working properly
Have you made a backup lately?
If not you should create a new backup to an external device
Did you create the boot disk with Acronis?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 04, 2008, 12:27:46 PM

[quote name=\'guestolo\' post=\'420806\' date=\'Feb 3 2008, 02:46 PM\']go to this link

http://www.virustotal.com/flash/index_en.html (http://\"http://\")
Copy and paste a few of those files, one at a time to the Upload a File
As eg.. copy>>paste this
C:\WINDOWS\system32\logapzip.dll

Could you post back the results this scan back here please[/quote]

Here are the results of that file:: 0 bytes size received / Se ha recibido un archivo vacio


Do the same for the next ones please
C:\WINDOWS\system32\engegpat.dll
Same results: 0 bytes size received

Then this next one
C:\Documents and Settings\Evelyn Wilkerson\~.exe produced these results:
File _.exe received on 02.04.2008 18:17:07 (CET)Antivirus Version Last Update Result
AhnLab-V3 2008.2.4.10 2008.02.04 -
AntiVir 7.6.0.62 2008.02.04     TR/Dropper.Gen
Authentium 4.93.8 2008.02.04 -
Avast 4.7.1098.0 2008.02.03 -
AVG 7.5.0.516 2008.02.04 -
BitDefender 7.2 2008.02.04 -
CAT-QuickHeal 9.00 2008.02.04 -
ClamAV 0.92 2008.02.04 -
DrWeb 4.44.0.09170 2008.02.04 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5509 2008.02.04 -
Ewido 4.0 2008.02.04 -
FileAdvisor 1 2008.02.04 -
Fortinet 3.14.0.0 2008.02.04 -
F-Prot 4.4.2.54 2008.02.03 -
F-Secure 6.70.13260.0 2008.02.04 -
Ikarus T3.1.1.20 2008.02.04 -
Kaspersky 7.0.0.125 2008.02.04 -
McAfee 5221 2008.02.01     BackDoor-DML
Microsoft 1.3204 2008.02.04    Backdoor:Win32/Knockex.C
NOD32v2 2847 2008.02.04 -
Norman 5.80.02 2008.02.01 -
Panda 9.0.0.4 2008.02.04 -
Prevx1 V2 2008.02.04 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.04     Mal/Behav-165
Sunbelt 2.2.907.0 2008.02.02 -
Symantec 10 2008.02.04 -
TheHacker 6.2.9.208 2008.02.04 -
VBA32 3.12.6.0 2008.02.03 -
VirusBuster 4.3.26:9 2008.02.04 -
Webwasher-Gateway 6.6.2 2008.02.04 Trojan.Dropper.Gen

Quote

Also can you let me know if ACRONIS is working properly
Have you made a backup lately?
If not you should create a new backup to an external device
Did you create the boot disk with Acronis?

I only had Acronis as a 30-day trial, and I checked my add/remove programs and it is not listed. Nor is it listed on my programs menu under the start menu.
I have not made any back ups lately. I don't want to make a ghost image of my hard drive if it is filled with viruses/adware, etc... If I create a backup, won't that restore my laptop to the same messed up condition that it is already in? I have never created a boot disk with Acronis. Should I? Are you saying I should create a ghost image of my entire laptop or just back up certain files?

Thank you for your time!

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 04, 2008, 07:52:41 PM

Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Acronis Remote Agent

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Apply and OK it

Do the same for the next service name
Acronis Scheduler2 Service
Remember to apply and ok it then exit out of there

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [A6ABA4ABAEA8A8AB] 444942494C4646.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab (http://\"http://offers.e-centives.com/cif/download/bin/actxcab.cab\")
O21 - SSODL: Basobcon - {6443B4D6-1730-4356-8A69-C2B1A24A0FCC} - C:\WINDOWS\system32\logapzip.dll


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Next:
download the [color=\"red\"]OTMoveIt2 by OldTimer[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\")[/url].

• Save it to your desktop.
  
• Double-click OTMoveIt2.exe to run it.
  
• Copy the file paths below to the clipboard in blue below by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  ==============================================================================
  [color=\"#0000FF\"]C:\WINDOWS\system32\444942494C4646.exe
  C:\WINDOWS\system32\logapzip.dll
  C:\Documents and Settings\Evelyn Wilkerson\~.exe
  C:\Documents and Settings\Evelyn Wilkerson\Application Data\hrkip.exe
  C:\WINDOWS\system32\4qZTmI.syz
  C:\EfVI.exe
  C:\WINDOWS\system32\everybodybets.32x32.4.ico
  C:\WINDOWS\system32\engegpat.dll
  C:\WINDOWS\system32\3C413A41443E3E
  C:\WINDOWS\system32\vbzip10.dll
  C:\WINDOWS\system32\tip4
  C:\WINDOWS\system32\rom1
  C:\WINDOWS\system32\nGpxx18
  C:\WINDOWS\system32\lis6
  C:\WINDOWS\system32\kps5
  C:\Temp[/color]
  
  ==============================================================================
  
• Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window  and choose "Paste".
  
• Click the red "[color=\"red\"]MoveIt![/color]" button.
  
• Close OTMoveIt when it has completed.
  

[color=\"red\"]Note[/color]:  If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:_OTMoveItMovedFilesmmddyyyy_hhmmss.log

Post that log please along with a fresh hijackthis log
Let me know how things are running

In addition, can you let me also know if you had Norton's AntiVirus installed and recently uninstallled it

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 04, 2008, 09:30:14 PM

O4 - HKLM\..\Run: [A6ABA4ABAEA8A8AB] 444942494C4646.exe
COULD NOT FIND THIS ENTRY

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
COULD NOT FIND THIS ENTRY EITHER

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab (http://\"http://offers.e-centives.com/cif/download/bin/actxcab.cab\")
O21 - SSODL: Basobcon - {6443B4D6-1730-4356-8A69-C2B1A24A0FCC} - C:\WINDOWS\system32\logapzip.dll

THESE TWO I FOUND AND TICKED THEM AND CLICKED FIX CHECKED


OTMoveIt would of created a log at this location
C:_OTMoveItMovedFilesmmddyyyy_hhmmss.log

Post the OTMoveIt log:
< C:\Documents and Settings\Evelyn Wilkerson\~.exe >
C:\Documents and Settings\Evelyn Wilkerson\~.exe moved successfully.
< C:\Documents and Settings\Evelyn Wilkerson\Application Data\hrkip.exe >
C:\Documents and Settings\Evelyn Wilkerson\Application Data\hrkip.exe moved successfully.
< C:\WINDOWS\system32\4qZTmI.syz >
C:\WINDOWS\system32\4qZTmI.syz moved successfully.
< C:\EfVI.exe >
C:\EfVI.exe moved successfully.
< C:\WINDOWS\system32\everybodybets.32x32.4.ico >
C:\WINDOWS\system32\everybodybets.32x32.4.ico moved successfully.
< C:\WINDOWS\system32\engegpat.dll >
File/Folder C:\WINDOWS\system32\engegpat.dll not found.
< C:\WINDOWS\system32\3C413A41443E3E >
C:\WINDOWS\system32\3C413A41443E3E moved successfully.
< C:\WINDOWS\system32\vbzip10.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vbzip10.dll NOT unregistered.
C:\WINDOWS\system32\vbzip10.dll moved successfully.
< C:\WINDOWS\system32\tip4 >
C:\WINDOWS\system32\tip4 moved successfully.
< C:\WINDOWS\system32\rom1 >
C:\WINDOWS\system32\rom1 moved successfully.
< C:\WINDOWS\system32\nGpxx18 >
C:\WINDOWS\system32\nGpxx18 moved successfully.
< C:\WINDOWS\system32\lis6 >
C:\WINDOWS\system32\lis6 moved successfully.
< C:\WINDOWS\system32\kps5 >
C:\WINDOWS\system32\kps5 moved successfully.
< C:\Temp >
C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15} moved successfully.
C:\Temp\gTiis19 moved successfully.
C:\Temp\cXzz9 moved successfully.
C:\Temp moved successfully.
 
OTMoveIt2 v1.0.17 log created on 02042008_212330

Quote

In addition, can you let me also know if you had Norton's AntiVirus installed and recently uninstallled it

It was a while ago but yes, some other program came with it that was conflicting with our firewall so we uninstalled the whole thing

HijackThis log:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (http://\"http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (http://\"https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab\")
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (http://\"http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab\")
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab (http://\"http://photos.walmart.com/WalmartActivia.cab\")
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab\")
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab (http://\"https://webdl.symantec.com/activex/symdlmgr.cab\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab (http://\"http://chat.msn.com/controls/msnchat45.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\apache2054\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10797 bytes


Thank you. The only problem I continue to have is with these pop-ups from "market update network".

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 04, 2008, 10:08:47 PM

You didn't post the whole log from Hijackthis, also it looks as if you cut off the top part of Otmoveit log also

Run a fresh scan/save logfile with Hijackthis
When the log opens select EDIT>>SELECT ALL>>EDIT>>COPY

Then paste the whole log back here
Also, go back and find the Otmoveit log and do the same with it

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 05, 2008, 10:24:14 AM

[quote name=\'guestolo\' post=\'420878\' date=\'Feb 4 2008, 10:08 PM\']You didn't post the whole log from Hijackthis, also it looks as if you cut off the top part of Otmoveit log also

Run a fresh scan/save logfile with Hijackthis
When the log opens select EDIT>>SELECT ALL>>EDIT>>COPY

Then paste the whole log back here
Also, go back and find the Otmoveit log and do the same with it[/quote]

Here is the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:05 AM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis2.0.2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (http://\"http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (http://\"https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab\")
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (http://\"http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab\")
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab (http://\"http://photos.walmart.com/WalmartActivia.cab\")
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab\")
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab (http://\"https://webdl.symantec.com/activex/symdlmgr.cab\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab (http://\"http://chat.msn.com/controls/msnchat45.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\apache2054\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 12264 bytes

And here is the OTmove it log:
File/Folder C:\WINDOWS\system32\444942494C4646.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\logapzip.dll
C:\WINDOWS\system32\logapzip.dll NOT unregistered.
C:\WINDOWS\system32\logapzip.dll moved successfully.
File/Folder C:\Documents and Settings\Evelyn Wilkerson\~.exe not found.
File/Folder C:\Documents and Settings\Evelyn Wilkerson\Application Data\hrkip.exe not found.
File/Folder C:\WINDOWS\system32\4qZTmI.syz not found.
File/Folder C:\EfVI.exe not found.
File/Folder C:\WINDOWS\system32\everybodybets.32x32.4.ico not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\engegpat.dll
C:\WINDOWS\system32\engegpat.dll NOT unregistered.
C:\WINDOWS\system32\engegpat.dll moved successfully.
C:\WINDOWS\system32\3C413A41443E3E moved successfully.
File/Folder C:\WINDOWS\system32\vbzip10.dll not found.
File/Folder C:\WINDOWS\system32\tip4 not found.
File/Folder C:\WINDOWS\system32\rom1 not found.
File/Folder C:\WINDOWS\system32\nGpxx18 not found.
File/Folder C:\WINDOWS\system32\lis6 not found.
File/Folder C:\WINDOWS\system32\kps5 not found.
File/Folder C:\Temp not found.
 
OTMoveIt2 v1.0.17 log created on 02052008_102614

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 05, 2008, 07:55:51 PM

I just noticed that you don't have your own active virus scanner running
Can you do the following
Install one of these free AV's
ONLY install one, more than one will cause conflicts
AVG 7 by Grisoft (http://\"http://free.grisoft.com/doc/2/lng/us/tpl/v5\")
OR
Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")
OR
Avira AntiVir Personal Edition Classic (http://\"http://www.free-av.com/antivirus/allinonen.html\")

Ensure that it is totally updated, whichever one you decide on
run a complete system scan, letting it clean whatever it finds

Reboot the computer afterwards and then post a fresh hijackthis log and let me know of any problems

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 13, 2008, 04:15:52 PM

Now I'm having some real problems... I turned off my computer and the next morning when I turned it on it said "active desktop recovery" on the desktop. My desktop is white, and it said "Microsoft Windows has experienced an unexpected error. As a precaution, your Active Desktop has been turned off. to restore the Active Desktop use the following troubleshooting tips:

None of them applied, so I clicked "restore my active desktop" button, and it said at the top,

"Internet Explorer Script error" then below that, "an error has occurred in the script on this page. Line 65, Char: 1, Error: object doesn't support this action. Code: 0. file:///C:/Documents%20and%20Settings/Evelyn%20Wilkerson/Application%20Data/Microsoft/Internet%20Explorer/Desktop.htt.

Then it says, "do you want to continue running scripts on this page".

Please help! Thank you!

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 13, 2008, 08:32:00 PM

Can you right click an empty spot on your desktop
Select Properties
Click Desktop tab>>Customise desktop>>Web tab

Under Web pages uncheck everything there if checked
OK out of there
Under the Settings tab, try changing Screen resolution to another size
Apply it then go back and reset to original size
No lower than 800x600
Apply it again

Does that help?

It's been 8 days since my last reply to you, did you install the AntiVirus software?
Can you post a fresh hijackthis log?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 24, 2008, 04:26:35 PM

[quote name=\'guestolo\' post=\'421570\' date=\'Feb 13 2008, 08:32 PM\']It's been 8 days since my last reply to you, did you install the AntiVirus software?
Can you post a fresh hijackthis log?[/quote]

Sorry for the delay in responding. My computer seems to just be fried. I am now on someone else's PC just to write this to you. I have do have Norton's Antivirus installed. Before I went to post a fresh Hijackthis log, my computer just went to this blue screen with a bunch of errors, and said I needed to restart. So I did, and now there is a black screen, like a DOS screen, and it says,
"Intel UNDI PXE 2.0 (Build 082)
For Realtez RTL8139(X)/8130/810X
PCI Fast Ethernet Controller v2.13
Client Mac Addr: 00 0A E4 00 08 EA
GUID: 9D9A3280-9770-1109...
DHCP... (and then there is a line spinning in a circle)

Then after a few minutes of the line spinning in a circle, the screen changes to:
"No boot filename  received.
Exiting PXE ROM."

Then it loops back to the error message above. It just keeps looping over and over again. I have no idea what to do. Please help me! My business is run completely 100% from my laptop so I am really in trouble here! I also have questions about backing everything up- should I ask that in a different forum board?

Thanks again
Mickapoo

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 24, 2008, 06:39:43 PM

Quote

No boot filename received.
Exiting PXE ROM

Did  you make some changes in your bios

If you enter the bios, do you see the harddrive listed?
I noticed this earlier

Quote

Also, I'm hearing a lot of "clicks" going on in the background

That sound wasn't coming from the harddrive was it?

Can you enter your bios and check your boot order
Put CD first, then Harddrive, disable Network if allowed

Let me know how it goes

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 24, 2008, 07:37:53 PM

[quote name=\'guestolo\' post=\'422526\' date=\'Feb 24 2008, 06:39 PM\']Did  you make some changes in your bios

If you enter the bios, do you see the harddrive listed?
I noticed this earlier

That sound wasn't coming from the harddrive was it?

Can you enter your bios and check your boot order
Put CD first, then Harddrive, disable Network if allowed

Let me know how it goes[/quote]

After about 20 tries, I finally got my computer to boot up. After all the messages above, one time I got it to boot up it went into safe mode. But
I could not get on the internet, nor could I use my cd to burn my files (because it's not recognizing my cd/dvd drive), and I also couldn't use my external hard drive to back anything up. I rebooted again and it finally is back. What I need to know is: Why did that happen (it's happened before), what can I do to prevent it, and what do I do the next time it occurs?

To answer your questions above, I didn't make any changes to the bios. No, the clicking I heard was not coming from the harddrive, it sounds like actual mouse clicks.  

Re your asking me to enter my bios- how do I do this? Sorry, I know nothing about it. Thank you for your help! Would I also post in the tech support forum if I have questions re backing up my computer or would that go in a different forum? Thank you again.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 24, 2008, 09:22:26 PM

Can you post a fresh hijackthis log, it's been some time since you posted one

Now that your in Normal windows, can you backup any files, documents you may need in case you need to reinstall?

To enter the bios, it's a bit different on every computer
You should see the option to enter Setup when the computer is first booting
Typically you tap the DEL or F2 key as the computer firsts boots up, again, yours may be different

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 25, 2008, 02:21:44 PM

[quote name=\'guestolo\' post=\'422541\' date=\'Feb 24 2008, 09:22 PM\']Can you post a fresh hijackthis log, it's been some time since you posted one

Now that your in Normal windows, can you backup any files, documents you may need in case you need to reinstall?

To enter the bios, it's a bit different on every computer
You should see the option to enter Setup when the computer is first booting
Typically you tap the DEL or F2 key as the computer firsts boots up, again, yours may be different[/quote]

I'm afraid to shut down the computer because before it took me days to get it back up again. I kept getting the error msg above.
I can back up files, but should I take an image of the entire hard drive, so that my programs will still be intact when I restore, or will I be restoring the old data/corrupted files? I don't have any of my programs *such as MS Office* on a disk, so I'll lose all of them. Is there a way to back up programs or only files can be backed up?

Here is the fresh hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:42 PM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HijackThis2.0.2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (http://\"http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (http://\"https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab\")
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (http://\"http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab\")
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab (http://\"http://photos.walmart.com/WalmartActivia.cab\")
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab\")
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab (http://\"https://webdl.symantec.com/activex/symdlmgr.cab\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab (http://\"http://chat.msn.com/controls/msnchat45.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\apache2054\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 12946 bytes

Again, thank you.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 25, 2008, 10:51:59 PM

I still don't see no AntiVirus software installed on the system
Please refer to post #11

Install ONLY one AV, update and run a full system scan

Post back a fresh hijackthis log afterwards

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 26, 2008, 12:59:14 PM

I installed the first AV software you mentioned in post #11. I did a full system scan, and then ran hijackthis. Here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:03 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\HijackThis2.0.2\HijackThis.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (http://\"http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (http://\"https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab\")
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (http://\"http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab\")
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab (http://\"http://photos.walmart.com/WalmartActivia.cab\")
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab\")
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab (http://\"https://webdl.symantec.com/activex/symdlmgr.cab\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab (http://\"http://chat.msn.com/controls/msnchat45.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\apache2054\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 13519 bytes

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 26, 2008, 01:11:40 PM

How are things running now?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 26, 2008, 02:20:28 PM

[quote name=\'guestolo\' post=\'422655\' date=\'Feb 26 2008, 01:11 PM\']How are things running now?[/quote]


Everything seems to be running fine, but won't know for sure until I reboot. I'm afraid to do this because I may not get it up again, and I don't have everything backed up yet.  

However, my computer is still not finding/recognizing my cd/dvd drive. How to fix this?

Thank you much,
Mickapoo

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 26, 2008, 02:24:42 PM

Is the CD/DVD showing in MyComputer?

Is it showing in Device manager?

What's the make/model of computer?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 26, 2008, 03:53:25 PM

[quote name=\'guestolo\' post=\'422666\' date=\'Feb 26 2008, 02:24 PM\']Is the CD/DVD showing in MyComputer?

Is it showing in Device manager?

What's the make/model of computer?[/quote]

No, it's not showing up in MyComputer or Device Mgr. It used to, and then all of the sudden when I went to burn a DVD it couldn't find the drive. ???

My computer is an HP Pavilion dv4000.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 26, 2008, 04:08:30 PM

It could be just a corrupt registry key
Have you figured out how to enter bios yet?
I'll try and find a manual for your computer

In the meantime, can you do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and extra.txt

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 26, 2008, 04:28:43 PM

In addition to my above reply
I suggest you download the manual to your laptop
http://h10025.www1.hp.com/ewfrf/wc/manualC...mp;lang=en& (http://\"http://h10025.www1.hp.com/ewfrf/wc/manualCategory?lc=en&cc=us&product=468789&dlc=en&lang=en&\")

At that link, click on     
 HP Pavilion dv4000 Series Notebook - Hardware and Software Guide
Save that to desktop
It gives you info on entering the Setup utility before windows loads

You may have to check the bios to ensure that the CD/DVD drive is detected
and/or restore defaults if you can't boot in the future

But first, with the logs from dss.exe
Is your CD Rom detected in disk management?
In the Windows Control Panel select "Administrative tools">>Computer Management>>Disk Management

Do you see the CD ROM?
Is it assigned a Drive letter if found?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 27, 2008, 01:01:46 PM

No, I do not see my CD/DVD drive listed under Disk Management.


Here is the first log:

-- First Restore Point --
1: 2008-01-31 18:14:17 UTC - RP794 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Evelyn Wilkerson.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:02 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\EVELYN~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\EVELYN~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Documents and Settings\Evelyn Wilkerson\Local Settings\Temporary Internet Files\Content.IE5\CTHE06SZ\dss[1].exe
C:\PROGRA~1\HIJACK~1.2\Evelyn Wilkerson.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (http://\"http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (http://\"https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab\")
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (http://\"http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab\")
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab (http://\"http://photos.walmart.com/WalmartActivia.cab\")
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab\")
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab (http://\"https://webdl.symantec.com/activex/symdlmgr.cab\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab (http://\"http://chat.msn.com/controls/msnchat45.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\apache2054\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 13803 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1.2\backups\) ------------------

backup-20080204-211945-237 O21 - SSODL: Basobcon - {6443B4D6-1730-4356-8A69-C2B1A24A0FCC} - C:\WINDOWS\system32\logapzip.dll
backup-20080204-211945-978 O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab (http://\"http://offers.e-centives.com/cif/download/bin/actxcab.cab\")
backup-20080205-102300-125 O4 - HKLM\..\Run: [A6ABA4ABAEA8A8AB] 444942494C4646.exe
backup-20080205-102301-688 O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 portD (CMS PortIO Service) - c:\windows\system32\drivers\portd2k.sys <Not Verified; CMS Peripherals, Inc.; BounceBack>

S3 TnIDriver - c:\docume~1\evelyn~1\locals~1\temp\tni18e.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apache2 - "c:\apache2054\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S4 AcronisAgent (Acronis Remote Agent) - "c:\program files\common files\acronis\agent\agent.exe" (file missing)
S4 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-01-27 and 2008-02-27 -----------------------------

2008-02-26 10:45:21         0 dr-h----- C:\$VAULT$.AVG
2008-02-26 09:11:56         0 d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\AVG7
2008-02-26 09:11:49         0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-26 09:11:23         0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-26 09:11:23         0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-13 15:41:59         0 d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\Image Zone Express
2008-02-08 09:56:09         0 d-------- C:\Program Files\Common Files\supportsoft
2008-02-07 13:54:47         0 d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\com.researchware
2008-02-07 13:54:33         0 d-------- C:\Program Files\HyperTRANSCRIBE
2008-02-01 07:29:29         0 d-------- C:\Documents and Settings\Evelyn Wilkerson\DoctorWeb
2008-01-31 17:34:20         0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-31 17:34:20         0 d-------- C:\Program Files\Common Files\Napster Shared
2008-01-31 17:32:59         0 d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\InstallShield
2008-01-31 15:09:48         0 d-------- C:\Program Files\HijackThis2.0.2
2008-01-31 14:56:49         0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-31 14:56:43         0 d-------- C:\Program Files\Security Task Manager
2008-01-31 14:41:31         0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-01-31 14:26:40         0 d-------- C:\Documents and Settings\NetworkService\Application Data\ScamGuard
2008-01-31 14:26:38         0 d-------- C:\Documents and Settings\NetworkService\Application Data\Google
2008-01-31 14:26:37         0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-01-31 13:15:57         0 d-------- C:\Documents and Settings\LocalService\Application Data\ScamGuard
2008-01-31 13:15:57         0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-01-31 13:07:32         0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-31 12:55:40         0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-01-31 12:54:50         0 d-------- C:\Program Files\Macromedia
2008-01-31 12:54:50         0 d-------- C:\Program Files\Common Files\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-02-24 19:42:27         0 d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\AdobeUM
2008-02-13 18:13:28         0 d-------- C:\Program Files\Lx_cats
2008-02-12 17:14:56         0 d-------- C:\Program Files\Common Files\Adobe
2008-02-11 17:14:53         0 d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\CoreFTP
2008-02-08 09:56:09         0 d-------- C:\Program Files\Common Files
2008-02-07 13:49:53         0 d-------- C:\Program Files\Java
2008-02-01 16:53:30         0 d-------- C:\Program Files\microsoft frontpage
2008-01-31 17:35:08         0 d-------- C:\Program Files\Napster
2008-01-31 15:01:53         0 d-------- C:\Program Files\PeoplePC
2008-01-31 14:00:14         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-31 14:00:09         0 d-------- C:\Program Files\Canon
2008-01-31 13:59:41         0 d-------- C:\Documents and Settings\Evelyn Wilkerson\Application Data\LimeWire
2008-01-31 13:19:14        10 --a------ C:\Program Files\.autoreg
2008-01-03 08:15:33         0 d-------- C:\Program Files\Lexmark 6200 Series
2008-01-03 08:15:07         0 d-------- C:\Program Files\Lexmark_6200 Series
2008-01-01 08:59:30         0 d-------- C:\Program Files\HP


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 04:01 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [07/27/2004 04:48 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [08/06/2004 11:27 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/25/2005 10:09 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/04/2004 03:38 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 04:03 AM]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [12/08/2004 12:36 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 03:59 AM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [11/01/2004 01:11 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [09/07/2004 07:28 PM]
"AGRSMMSG"="AGRSMMSG.exe" [08/24/2004 06:20 AM C:\WINDOWS\AGRSMMSG.exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 02:12 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 10:12 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [02/08/2007 12:12 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [02/08/2007 12:13 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [01/18/2005 09:35 AM]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [09/17/2004 12:24 PM]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [11/02/2004 03:03 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/26/2008 09:12 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/17/2007 10:02 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/11/2007 05:16 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [11/22/2004 08:18 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2/16/2006 6:51:28 PM]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/15/2005 7:00:10 AM]
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe [5/29/2006 6:08:54 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 10:23:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido anti-spyware 4.0 guard"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1ad91db-4d23-11dc-8842-000ae4d008ea}]
AutoRun\command- E:\LaunchU3.exe

*Newly Created Service* - AVG7ALRT
*Newly Created Service* - AVG7CORE
*Newly Created Service* - AVG7RSW
*Newly Created Service* - AVG7RSXP
*Newly Created Service* - AVG7UPDSVC
*Newly Created Service* - AVGCLEAN



-- End of Deckard's System Scanner: finished at 2008-02-27 12:38:44 ------------


And here is the other log:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1014.42 MiB / 483.89 MiB
Pagefile Memory (total/avail): 2441.56 MiB / 2025.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.91 MiB

C: is Fixed (NTFS) - 92.96 GiB total, 53.12 GiB free.

\\.\PHYSICALDRIVE0 - FUJITSU MHU2100AT - 93.16 GiB - 2 partitions
  \PARTITION0 (bootable) - Installable File System - 92.96 GiB - C:
  \PARTITION1 - Unknown - 203.95 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Evelyn Wilkerson\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DANMOBILE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Evelyn Wilkerson
LOGONSERVER=\\DANMOBILE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32\wbem ;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\EVELYN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\EVELYN~1\LOCALS~1\Temp
USERDOMAIN=DANMOBILE
USERNAME=Evelyn Wilkerson
USERPROFILE=C:\Documents and Settings\Evelyn Wilkerson
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Daniel Wilkerson (admin)
Evelyn Wilkerson (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
 --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Illustrator 8.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Illustrator 8.0\Uninst.dll"
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 5.5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.5\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 5.5\Uninst.dll"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Agere Systems AC'97 Modem --> agrsmdel
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apache HTTP Server 2.0.54 --> MsiExec.exe /I{3A862C7D-0504-48BC-AEF8-7F7479C7C158}
Audio CD Maker v6.0 --> "C:\Program Files\Audio CD Maker\unins000.exe"
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BounceBack Express --> C:\WINDOWS\BBUninstall.exe
Canon RemoteCapture Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon Utilities File Viewer Utility 1.3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Click'N Design 3D --> C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
Core FTP LE 1.3c --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
CuteFTP 5.0 XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18DF995F-2ACC-47E4-A33B-A703F4D39E92}\IS6.exe" -l0x9 /l0009 UNINSTALL
DVD to VCD AVI DivX Converter v3.2 (build 069) --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Dynamic Email Validator --> C:\PROGRA~1\EMAILV~1\UNWISE.EXE C:\PROGRA~1\EMAILV~1\INSTALL.LOG
Email Address Extractor 3.0 --> "C:\Program Files\Email Address Extractor\unins000.exe"
FaxRedist --> MsiExec.exe /I{2C8CC208-965C-48A1-90A8-DFB484358F1C}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Program Files\HijackThis2.0.2\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Pavillion dv4000 User Guides --> C:\WINDOWS\pchealth\helpctr\SYSTEM~1\USERGU~1\UNWISE.EXE C:\WINDOWS\pchealth\helpctr\SYSTEM~1\USERGU~1\INSTALL.LOG
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Wireless Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9
HyperTRANSCRIBE --> C:\PROGRA~1\HYPERT~1\UNWISE.EXE C:\PROGRA~1\HYPERT~1\INSTALL.LOG
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Ipswitch WS_FTP Home 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11DE2361-9F73-47B3-B638-2F267927E307}\setup.exe" -l0x9
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{00FC6799-866E-44A1-A60C-DCF394CF56FD}
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lexmark 6200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbuUNST.EXE -NOLICENSE
Live2Support --> RunDll32 syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINDOWS\INF\SETUP_~1.INF
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Napster --> C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NBX Audio Converter v2 --> "C:\Program Files\NBX Audio Converter\unins000.exe"
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Quick Launch Buttons 5.00 D5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9  -uninst
Quicken 2003 Deluxe --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{62336B70-B0C1-4D61-9EA7-8C27F97CC688} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealData® Real Estate Calculator, 3.0.01 --> C:\RealData\Calculator\unins000.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REIA Lite v 11.0 --> C:\WINDOWS\iun6002.exe "C:\RealData\REIALite\irunin.ini"
Rhapsody Player Engine --> MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Smart Audio Converter --> "C:\Program Files\SmartAudioConverter\unins000.exe"
Smart Email Verifier 3.36 --> "C:\Program Files\Smart Email Verifier\unins000.exe"
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D71AC256-FA83-45EA-9F14-1B20BB5105C9} /l1033
TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
TWC User Controls --> MsiExec.exe /I{DCC72248-D3D2-4846-8499-A400053A430E}
uninstall --> "C:\Program Files\Dynamic\Mail Communicator 2.0\unins000.exe"
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
UserGuides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0x9
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type12622 / Error
Event Submitted/Written: 02/24/2008 03:13:20 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type12443 / Error
Event Submitted/Written: 02/19/2008 11:55:39 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TextPad.exe, version 4.0.7.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type12432 / Success
Event Submitted/Written: 02/19/2008 08:08:37 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12425 / Error
Event Submitted/Written: 02/13/2008 07:20:45 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 9.0.0.2416, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type12421 / Error
Event Submitted/Written: 02/13/2008 06:15:58 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshp.exe, version 5.0.128.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type82561 / Warning
Event Submitted/Written: 02/26/2008 01:39:37 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type82551 / Warning
Event Submitted/Written: 02/25/2008 11:52:37 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0012F000CF98.  The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type82519 / Error
Event Submitted/Written: 02/24/2008 07:39:14 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type82518 / Error
Event Submitted/Written: 02/24/2008 07:37:15 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type82517 / Error
Event Submitted/Written: 02/24/2008 07:37:03 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}



-- End of Deckard's System Scanner: finished at 2008-02-27 12:38:44 ------------

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 27, 2008, 09:01:28 PM

Can you check out a couple things
===Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as export.bat

Save this file on the desktop

 

Code: [Select]

regedit /e export.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}"
export.txt

Double click on export.bat, notepad will open with information
And a text file by the name export.txt will produce on desktop
Copy>>Paste back the whole contents please

In addition, can you go into DEVICE MANAGER
Do you have any error messages that appear there?
Any yellow exclamation marks beside IDE controllers or others?

I see one problem in dss.exe that we should take care of , but please supply the above info before we go further

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 27, 2008, 09:07:43 PM

No, I'm not seeing any error msgs in the Device Mgr.

Here is the log from export.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"Class"="CDROM"
@="DVD/CD-ROM drives"
"EnumPropPages32"="MmSys.Cpl,MediaPropPageProvider"
"Installer32"="storprop.dll,DvdClassInstaller"
"SilentInstall"="1"
"NoInstallClass"="1"
"TroubleShooter-0"="hcp://help/tshoot/tsdrive.htm"
"Icon"="-51"
"LowerFilters"=hex(7):50,00,78,00,48,00,65,00,6c,00,70,00,32,00,30,00,00,00,00,\
  00
"UpperFilters"=hex(7):47,00,45,00,41,00,52,00,41,00,73,00,70,00,69,00,57,00,44,\
  00,4d,00,00,00,00,00
"UpperFilters.Bak"=hex(7):47,00,45,00,41,00,52,00,41,00,73,00,70,00,69,00,57,\
  00,44,00,4d,00,00,00,00,00
"LowerFilters.Bak"=hex(7):50,00,78,00,48,00,65,00,6c,00,70,00,32,00,30,00,00,\
  00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000]
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2535.0"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000\DigitalAudio]
"RegistryVersion"=dword:00000001
"NumberOfBuffers"=dword:00000008
"SectorsPerRead"=dword:00000010
"SectorsPerReadMask"=dword:ffffffff
"CDDASupported"=dword:00000001
"CDDAAccurate"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001]
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2535.0"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001\DigitalAudio]
"RegistryVersion"=dword:00000001
"NumberOfBuffers"=dword:00000008
"SectorsPerRead"=dword:00000010
"SectorsPerReadMask"=dword:ffffffff
"CDDASupported"=dword:00000001
"CDDAAccurate"=dword:00000001

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 27, 2008, 10:14:57 PM

Delete your version of combofix

After you delete it
REDOWNLOAD Combofix from here
Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop

We'll need it in a bit

Go to START>>RUN>>Copy and paste the next command below to the open field

sc delete AcronisAgent
Then click OK

Do the same for the next command in START>>RUN

sc delete AcrSch2Svc

==Open notepad
Don't use anything else than notepad or the script will not work
Copy ALL the text below in blue to notepad


[color=\"#4169E1\"]Driver::
TnIDriver

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"LowerFilters"=-
"UpperFilters"=-
"UpperFilters.Bak"=-

DirLook::
C:\Documents and Settings\Evelyn Wilkerson\Application Data\com.researchware
[/color]
Save this as txtfile on your desktop
CFScript
(http://i184.photobucket.com/albums/x99/guestolo/CFScript.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Don't mouse click on it, let it complete

When finished, it shall produce a log for you again, with the same name C:\ComboFix.txt..
I'll need to see that again later

Post back all the following
1. Post the log  from Combofix
2. Post a fresh hijackthis log

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 29, 2008, 08:21:57 AM

I tried the steps above, and Combofix told me it would have to restart my computer. After everything came back up, the Combofix window popped back open and said something about creating a log, or whatever it says when it first starts, and it just froze up (for hours). I had to reboot my computer. I will try it again in a few minutes.

I do have a question re the AVG software I installed. I has done 2 scans since the first one, and both times it tells me it finds 16 threats. Looks like they are all trojans. Why does it keep finding the same ones? Isn't it deleting them? If my computer has 16 threats, how do I purge them from my pc?

Thank you.

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on February 29, 2008, 08:23:59 AM

I tried the steps above, and Combofix told me it would have to restart my computer. After everything came back up, the Combofix window popped back open and said something about creating a log, or whatever it says when it first starts, and it just froze up (for hours). I had to reboot my computer. I will try it again in a few minutes.

I do have a question re the AVG software I installed. I has done 2 scans since the first one, and both times it tells me it finds 16 threats. Looks like they are all trojans. Why does it keep finding the same ones? Isn't it deleting them? If my computer has 16 threats, how do I purge them from my pc?

Thank you.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on February 29, 2008, 09:35:58 AM

Do you know what location AVG is finding the trojans?
Is it the System Volume Information folder?

Can you also manually navigate to the following
C:\Combofix.txt and post the contents of the log

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 01, 2008, 06:35:08 PM

The trojans are in Local Settings>My name>DrWeb>Quarantine

I haven't been able to get combofix to work. Each time it tries to generate the log it gets hung up and I have to reboot my computer. I'm still trying though.

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 01, 2008, 08:52:18 PM

I ran AVG again. It said that the trojans were in a few places:

They were in different places, such as:
 Doc & Settings/My Name/Shared/AdobeDWCS3
 DrWeb/quarantine
 C:/QooBox
 C:/_OTMoveIt

It said the Virus Vault contained 30 files and it has a button to "empty vault". Does this delete the files, and should I do it?

Here is the Combofix log:
ComboFix 08-02-25.3 - Evelyn Wilkerson 2008-03-01 20:48:10.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.517 [GMT -5:00]
Running from: C:\Documents and Settings\Evelyn Wilkerson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Evelyn Wilkerson\Desktop\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((   Files Created from 2008-02-02 to 2008-03-02  )))))))))))))))))))))))))))))))
.

2008-02-27 12:35 . 2008-02-27 12:35   <DIR>   d--------   C:\Deckard
2008-02-26 09:11 . 2008-02-26 09:11   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-26 09:11 . 2008-03-01 18:47   <DIR>   d--------   C:\Documents and Settings\Evelyn Wilkerson\Application Data\AVG7
2008-02-26 09:11 . 2008-02-26 09:11   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-26 09:11 . 2008-02-26 09:13   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg7
2008-02-13 15:41 . 2008-02-13 16:58   <DIR>   d--------   C:\Documents and Settings\Evelyn Wilkerson\Application Data\Image Zone Express
2008-02-08 09:56 . 2008-02-08 09:56   <DIR>   d--------   C:\Program Files\Common Files\supportsoft
2008-02-07 13:54 . 2008-02-07 13:54   <DIR>   d--------   C:\Program Files\HyperTRANSCRIBE
2008-02-07 13:54 . 2008-02-07 13:54   <DIR>   d--------   C:\Documents and Settings\Evelyn Wilkerson\Application Data\com.researchware
2008-02-04 21:23 . 2008-02-04 21:23   <DIR>   d--------   C:\_OTMoveIt

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 20:39   ---------   d-----w   C:\Documents and Settings\Evelyn Wilkerson\Application Data\CoreFTP
2008-02-28 15:33   ---------   d-----w   C:\Documents and Settings\Evelyn Wilkerson\Application Data\AdobeUM
2008-02-27 17:38   ---------   d-----w   C:\Program Files\HijackThis2.0.2
2008-02-13 23:13   ---------   d-----w   C:\Program Files\Lx_cats
2008-02-12 22:14   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-02-07 18:49   ---------   d-----w   C:\Program Files\Java
2008-02-01 21:53   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-01-31 22:35   ---------   d-----w   C:\Program Files\Napster
2008-01-31 22:34   ---------   d-----w   C:\Program Files\Common Files\Roxio Shared
2008-01-31 22:34   ---------   d-----w   C:\Program Files\Common Files\Napster Shared
2008-01-31 22:32   ---------   d-----w   C:\Documents and Settings\Evelyn Wilkerson\Application Data\InstallShield
2008-01-31 20:21   ---------   d-----w   C:\Program Files\Security Task Manager
2008-01-31 20:04   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-31 20:01   ---------   d-----w   C:\Program Files\PeoplePC
2008-01-31 19:26   ---------   d-----w   C:\Documents and Settings\NetworkService\Application Data\ScamGuard
2008-01-31 19:00   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-31 19:00   ---------   d-----w   C:\Program Files\Canon
2008-01-31 18:59   ---------   d-----w   C:\Documents and Settings\Evelyn Wilkerson\Application Data\LimeWire
2008-01-31 18:54   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-31 18:19   10   ----a-w   C:\Program Files\.autoreg
2008-01-31 18:16   ---------   d-----w   C:\Documents and Settings\LocalService\Application Data\ScamGuard
2008-01-31 17:57   ---------   d-----w   C:\Program Files\Common Files\Macromedia
2008-01-31 17:55   ---------   d-----w   C:\Program Files\Macromedia
2008-01-11 05:53   44,544   ----a-w   C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-03 13:15   ---------   d-----w   C:\Program Files\Lexmark_6200 Series
2008-01-03 13:15   ---------   d-----w   C:\Program Files\Lexmark 6200 Series
2007-12-19 23:01   347,136   ----a-w   C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51   179,584   ----a-w   C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21   3,592,192   ----a-w   C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01   625,664   ----a-w   C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00   70,656   ----a-w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00   13,824   ----a-w   C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59   161,792   ----a-w   C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38   550,912   ----a-w   C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38   550,912   ----a-w   C:\WINDOWS\system32\dllcache\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Evelyn Wilkerson\Application Data\com.researchware ----

2008-02-07 13:54   475   --a------   C:\Documents and Settings\Evelyn Wilkerson\Application Data\com.researchware\HyperTRANSCRIBE\HyperTRANSCRIBE Prefs.pref


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 22:02 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 17:16 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01 110592]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 16:48 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 11:27 860160]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-25 10:09 98304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-04 15:38 286720]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 04:03 155648]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 12:36 790528]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 03:59 126976]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 13:11 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-09-07 19:28 213054]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 06:20 88363 C:\WINDOWS\AGRSMMSG.exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 00:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 00:13 774168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 09:35 196608]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 12:24 61440]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 15:03 69632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-26 09:12 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 22:02 68856]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-26 09:11 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-05-09 23:44 441120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-02-16 18:51:28 25214]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-15 07:00:10 113664]
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe [2006-05-29 18:08:54 98304]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido anti-spyware 4.0 guard"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 07:40]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist;C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2007-12-11 04:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1ad91db-4d23-11dc-8842-000ae4d008ea}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-03-01 20:52:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????6?6?5?2??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-01 20:53:23
ComboFix-quarantined-files.txt  2008-03-02 01:53:05
ComboFix2.txt  2008-02-28 14:21:34
ComboFix3.txt  2008-02-01 21:57:20
ComboFix4.txt  2006-10-29 13:30:06
ComboFix5.txt  2006-10-29 13:27:24
.
2008-02-14 12:29:02   --- E O F ---  



________________________________________________________________________________
_________________________-

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:56 PM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\apache2054\Apache2\bin\Apache.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis2.0.2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.0.0.1213 (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (http://\"http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (http://\"https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab\")
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab\")
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (http://\"http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab\")
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab (http://\"http://photos.walmart.com/WalmartActivia.cab\")
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab\")
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (http://\"http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab (http://\"https://webdl.symantec.com/activex/symdlmgr.cab\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (http://\"http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab\")
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (http://\"https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab (http://\"http://chat.msn.com/controls/msnchat45.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\apache2054\Apache2\bin\Apache.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 13302 bytes

Title: Compter full of pop ups, ie closing,
Post by: Takashi62 on March 01, 2008, 09:30:02 PM

Try using CCleaner? =)

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 01, 2008, 11:59:06 PM

Can you find and post the contents of the next file also

C:\ComboFix2.txt

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 02, 2008, 11:43:13 AM

[quote name=\'guestolo\' post=\'422930\' date=\'Mar 1 2008, 11:59 PM\']Can you find and post the contents of the next file also

C:\ComboFix2.txt[/quote]

I checked and there is no ComboFix2.txt. Or at least I cannot find it. I see ComboFix.txt, but not ComboFix2.txt.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 02, 2008, 12:35:23 PM

Can you try the following
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as files.bat

Save this file on the desktop

 

Code: [Select]

dir C:\ /a h > files.txt notepad files.txt

Double click on files.bat
A text file called files.txt will appear on desktop
Copy>>paste back here the contents of that file please

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 02, 2008, 07:53:09 PM

I'm not sure why, but I keep getting a "page not found" error when I try to enter the contents from the files.txt file. It says http error 501 not implemented/http 505 not supported.

I've tried copying and pasting in other things, then submit, it works fine. But for some reason when I paste in the files.txt info, I get an error.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 02, 2008, 10:16:11 PM

Can you just upload files.txt in a reply
Use the browse button and navigate to files.txt
Right click on it and choose Select, then click UPLOAD

Add it to your reply when uploaded under manage current attachments

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 03, 2008, 08:17:39 AM

[attachment=4393:files.txt]

Here is the files.txt file

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 03, 2008, 09:20:39 PM

Go ahead and delete this folder
C:\bintheredunthat < -this folder
and this file
C:\StubInstaller.exe <-this file

Let me know how things are running
Also, can you double click on export.bat again, post the new contents of export.txt

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 04, 2008, 08:10:13 AM

It still isn't finding my cd/dvd drive.

Here is the new export.txt file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"Class"="CDROM"
@="DVD/CD-ROM drives"
"EnumPropPages32"="MmSys.Cpl,MediaPropPageProvider"
"Installer32"="storprop.dll,DvdClassInstaller"
"SilentInstall"="1"
"NoInstallClass"="1"
"TroubleShooter-0"="hcp://help/tshoot/tsdrive.htm"
"Icon"="-51"
"LowerFilters.Bak"=hex(7):50,00,78,00,48,00,65,00,6c,00,70,00,32,00,30,00,00,\
  00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000]
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2535.0"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000\DigitalAudio]
"RegistryVersion"=dword:00000001
"NumberOfBuffers"=dword:00000008
"SectorsPerRead"=dword:00000010
"SectorsPerReadMask"=dword:ffffffff
"CDDASupported"=dword:00000001
"CDDAAccurate"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001]
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2535.0"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001\DigitalAudio]
"RegistryVersion"=dword:00000001
"NumberOfBuffers"=dword:00000008
"SectorsPerRead"=dword:00000010
"SectorsPerReadMask"=dword:ffffffff
"CDDASupported"=dword:00000001
"CDDAAccurate"=dword:00000001

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 04, 2008, 09:27:23 AM

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

 

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"LowerFilters.Bak"=-

Double click on fix.reg and allow to add/merge to the registry at the prompt

Reboot the computer

Does the CD/DVD drive now show?

If not, can you post back, have you installed any burning software lately?
Or any media conversion software?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 07, 2008, 04:53:02 PM

The computer actually recognized the drive for a day or so. Yeay! I thought it was fixed. Today I rebooted and again, it is not recognized. I have not installed any burning software within the last year even, nor any media conversion software. Do you think with all the problems I'm having I should just back up my files (instead of doing a ghost image or whatever they call it), reinstall windows, and then just put my files and programs back on? I have most of the cds for my programs. The important ones at least.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 08, 2008, 11:01:48 AM

Can you double click on export.bat again and post the text file please
I want to double check on something

I've seen this problem with Napster Burn Engine installed
Did the problems start after installing it?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 08, 2008, 03:46:33 PM

[quote name=\'guestolo\' post=\'423500\' date=\'Mar 8 2008, 11:01 AM\']Can you double click on export.bat again and post the text file please
I want to double check on something

I've seen this problem with Napster Burn Engine installed
Did the problems start after installing it?[/quote]


I'm really not sure. I've had Napster installed for quite a while now.  Here is the log you asked for:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"Class"="CDROM"
@="DVD/CD-ROM drives"
"EnumPropPages32"="MmSys.Cpl,MediaPropPageProvider"
"Installer32"="storprop.dll,DvdClassInstaller"
"SilentInstall"="1"
"NoInstallClass"="1"
"TroubleShooter-0"="hcp://help/tshoot/tsdrive.htm"
"Icon"="-51"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000]
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2535.0"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000\DigitalAudio]
"RegistryVersion"=dword:00000001
"NumberOfBuffers"=dword:00000008
"SectorsPerRead"=dword:00000010
"SectorsPerReadMask"=dword:ffffffff
"CDDASupported"=dword:00000001
"CDDAAccurate"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001]
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2535.0"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001\DigitalAudio]
"RegistryVersion"=dword:00000001
"NumberOfBuffers"=dword:00000008
"SectorsPerRead"=dword:00000010
"SectorsPerReadMask"=dword:ffffffff
"CDDASupported"=dword:00000001
"CDDAAccurate"=dword:00000001

THANK YOU, again, for all your help.

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 08, 2008, 04:15:42 PM

Can I ask you another question (log in previous post)... if my computer crashes for good and I need to reformat the hard drive, is there any way to restore the programs that are on there, or just the files? Everyone has told me you have to have the cd for the program, but some of the cds have been lost so I just wonder if there is another way... I don't want to take an actual image of the hard drive, because I'm trying to start over instead of restoring the mess that is there now. If I should post this in another forum, let me know. I'm not so in tune with these things. Thank you!

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 09, 2008, 12:04:26 AM

Sounds as if your set on doing a clean install of your system
Is this correct?
I find the best thing to do is go to the manufacturers site and download latest drivers, etc and put them on usb flash drive or cd
Also, backup any and all important files to thumbdrive

In addition, back up your bookmarks for IE and address book for Outlook or Outlook Express
Also, backup email messages if required

Afterwards, do a clean install of the system
Do you have recovery disks or full install CD for your system?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 09, 2008, 11:09:28 AM

I'm not really set on it, I just want to be prepared in the event that it crashes for good. Is there any way to backup programs or only files? Some programs I have installed I can't find the cd for. I wasn't sure if there was a way to do that.

Did you see anything in the file I posted that would show why the cd/dvd drive went back to being unrecognized?

Thank you!

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 09, 2008, 11:13:32 AM

Can you look again in Device manager and ensure that your CD/DVD is not recognized
Do you see DVD/CD rom drives?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 09, 2008, 11:15:37 AM

I just looked again to be sure- it is not there.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 09, 2008, 11:24:42 AM

Can you try uninstalling both Napster>>Napster Burn Engine  and Sonic RecordNow
Reboot the computer

See if the drive is detected then

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 09, 2008, 04:45:01 PM

I tried uninstalling Napster but I kept getting a "Windows has encountered an error and must shut down now". I then tried backing everything up onto my external hard drive just in case, and I used the software that came with it (BounceBack Launcher). It scanned for the source data (or so it said) and then when it was done before the back up started it did the same thing- "Windows has encountered an error and needs to shut down".  Are there any freeware back up programs you can recommend?

Thank you!

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 09, 2008, 05:16:49 PM

You can just manually backup your files
Not much chance of backing up programs, just their installers
But try the following first, we may be onto something

Try downloading and installing the Windows Installer Cleanup Utility (http://\"http://download.microsoft.com/download/e/9/d/e9d80355-7ab4-45b8-80e8-983a48d5e1bd/msicuu2.exe\")
(msicuu2.exe)

Once installed go to START>>All Programs and run the cleanup utility
Do you see Napster Burn Engine in the list?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 09, 2008, 07:01:45 PM

I did run the program and Napster Burn Engine was listed. I removed it.

Before that though, my computer is acting completely crazy. Almost all programs are getting hung up, my Outlook isn't working at all- gives me an error msg that the Outlook.pst file can't be found, then it says it's receiving 1 of 4 messages for about an hour now, thought maybe someone was trying to send me a large file but I logged on through webmail and there are only 4 small text messages there. Everything is just a mess. I had to reboot a few times. Everything just keeps locking up. I'm going to wait to hear back from you now that I removed Napster Burn Engine.

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 09, 2008, 07:23:11 PM

I removed Napster Burn Engine and rebooted. The cd/dvd drive is still not showing in the device mgr. My computer is running very, very slow...

Thank you again for your continued help.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 09, 2008, 08:14:56 PM

Can you do the following
Download FindAWF.exe from here (http://\"http://noahdfear.net/downloads/FindAWF.exe\") or here (http://\"http://noahdfear.geekstogo.com/FindAWF.exe\"), and save it to your desktop.

    * Double-click on the FindAWF.exe file to run it.
    * It will open a command prompt and ask you to "Press any key to continue".
    * You will be presented with a Menu.

          1. Press 1 then Enter to scan for bak folders
          2. Press 2 then Enter to restore files from bak folders
          3. Press 3 then Enter to remove bak folders
          4. Press 4 then Enter to reset domain zones
          5. Press E then Enter to EXIT

    * Press 1, then press Enter
    * It may take a few minutes to complete so be patient.
    * When it is complete, it will open a text file in notepad called AWF.txt.
    * Please copy and paste the contents of the AWF.txt file in your next reply.

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 10, 2008, 07:24:34 AM

Before I do that, I am running into some SERIOUS problems! All of this really bad stuff seemed to happen a couple of days ago when I used my Seagate External hard drive and started using Bounceback Launcher (their software). I've had it for at least 2 years now but didn't have it connected. I did use it when we first got it but not since then.

This morning my computer had shut down and when it came back up, the message said "The system has recovered from a serious error." Then when it says technical error, it read:
C:\DOCUME~1\EVELYN~1\LOCALS~1\temp\WERe8r5.dir00\Mini031008-01.dmp
C:\DOCUME~1\EVELYN~1\LOCALS~1\temp\WERe8r5.dir00\sysdata.xml

Do the messages above say anything about it being the external hard drive that may be causing the problem? It also had a link, and when I clicked it, it went to the MS website and the page said, "A device driver installed on your computer caused the operating system to stop unexpectedly".


So, I have one question before I do your suggestion in your previous post:
I need to back everything up- and quickly. Should I get a new external hard drive altogether? I can back things up onto this, but I'm wondering if I try to reinstall Windows and then use this Seagate external hard drive to restore the data, is it going to put it back in the state that it is now in?

Thank you!!!

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 10, 2008, 09:37:48 AM

The post above where I wrote I was having problems with Outlook- I am still having. Outlook will open (sometimes, sometimes not) and it just freezes and says "receiving message 1 of 9" (or whatever). It has been like this for days. Haven't been able to receive or send mail. So I wanted to be very sure that in my attempts to backup my computer, that I back up my outlook.pst file. When I try to copy that to the external hard drive, I get an error that said, "cyclic redundancy check error" and it will not back up that file. So, with the fact that Outlook is not working properly, and the fact that it cannot copy this pst file, does that mean something in Outlook is corrupt? I really need to back up that file. Other files back up to my external hard drive, just not that one.

Here is the report you asked for:

Find AWF report by noahdfear ©2006
               Version 1.40

The current date is: Mon 03/10/2008
The current time is: 10:43:19.54


  bak folders found
  ~~~~~~~~~~~



  Duplicate files of bak directory contents
  ~~~~~~~~~~~~~~~~~~~~~~~



  end of report


Thank you! And please, if you could, let me know how to work around that cyclic redundancy error and backup that pst file! Thank you so much! Your efforts will not go unappreciated!

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 10, 2008, 01:21:09 PM

Sorry for posting so many times in one day, just wanted to keep you posted as to what I've been doing to try and resolve the problem of not being able to back up my outlook.pst file. I googled "cyclic redundancy check" error- and found that it said it could be the hard drive or the outlook.pst file corrupted. It told me to do a dskchk, I think it was, and it rebooted and ran, and according to the MS website, that meant the hard drive is ok, go on to number 2, which is to check the actual outlook.pst file. So, I ran the "inbox repair tool" as it suggested, and that gave me an error and said to run a scandisk or something. So that is where it stands now. Outlook is definitely not working, and I can't even make a copy of my outlook.pst fle, nevermind back it up on my external hard drive.

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 10, 2008, 05:22:04 PM

Sorry again- forgot those last few posts. I was trying to back up my Outlook.pst file but after being on the phone with Microsoft for a couple of hours, I found out I just need to reinstall Outlook. Well in order to do that, I'm back with that darn cd/dvd drive. I have the cd to reinstall Outlook, but my cd drive isn't working! Can you get back again to helping me get my cd drive recognized? Thank you so much for your help. As as soon as I get my drive back up and running I can reinstall Office and back up my pst file. Thank you!!!!

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 10, 2008, 06:25:02 PM

http://support.microsoft.com/kb/319128 (http://\"http://support.microsoft.com/kb/319128\")
Is that the article you tried?

Did you follow All steps exactly as outlined?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 10, 2008, 06:34:03 PM

Yes, that is it. I tried it step by step, and the second step that says to make a copy of the outlook.pst file, well, when i tried to do that, it would not let me make a copy of it. It said there was a cyclic redundancy check error. Then I called Microsoft, paid $50 to have them tell me the same steps, then when that did not work they tried a sort of "pc anywhere" type thing where they could run my computer remotely, said that I would need to reinstall MS Office because outlook was hosed. I said I at least need to backup up the outlook.pst file. He said, sure, no problem... went to back that up by draggging it to my hard drive, and again, the error message. He said to reinstall Office, and I told him my cd/dvd drive is not working, he said that is a different issue altogether and I have to get my cd drive working first. AAAARRGGHH!!!!!!

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 10, 2008, 06:38:43 PM

When you tried to manually backup your .pst files
Did you ensure that Outlook wasn't open, make sure it was closed completely?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 10, 2008, 06:40:21 PM

Yes, it was closed completely.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 10, 2008, 06:48:01 PM

Which version of Outlook are you running?

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 10, 2008, 06:55:30 PM

[quote name=\'guestolo\' post=\'423797\' date=\'Mar 10 2008, 07:48 PM\']Which version of Outlook are you running?[/quote]

2000.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 10, 2008, 07:01:00 PM

Try an alternative repair or recovery software
Try this demo version, if you can't use it without purchasing, don't buy it
I installed on my test box, I don't have Outlook on it however, but it didn't prompt to purchase
Don't purchase if prompted

Repair PST 1.0
http://www.repairpst.net/download-pst-repair-tool (http://\"http://www.repairpst.net/download-pst-repair-tool\")

P.S. Sounds as if your harddisk may be failing

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 10, 2008, 07:04:13 PM

I tried one earlier, but I'm not sure if it was that one. It didn't find anything.

As far as my harddisk failing- does that mean I would need an entirely new computer (or new harddrive) or if I reformat my harddrive will that take care of everything?

Thank you.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 10, 2008, 07:06:25 PM

I'm not sure what you mean that it didn't find anything??

Try that utility, look at the instructions to recover .pst files
http://www.repairpst.net/blog/outlook-email-recovery (http://\"http://www.repairpst.net/blog/outlook-email-recovery\")

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 11, 2008, 03:32:05 AM

That is the one I did try yesterday. It allowed you to run a scan with the trial version, but once repaired, it would not allow you to save the new "repaired" version. Is this worth purchasing?

I tried running the Inbox repair tool (courtesy of MS) but that did not work. It said it encountered an error.

Tech support at MS are saying that it is the file size that is the problem. The pst file is approx 2 gig. They said once it gets that large, it is no longer compatible with Outlook (I have 2003 now) and the file itself starts to become problematic. It seems right now I may just lose the entire thing. It locks up
when I try to use it (Outlook, that is) so it's not like I can go into the deleted or sent items and delete everything to reduce the file size. Is there any other way to reduce the file size? I'd rather lose some of the data than all of it.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 11, 2008, 05:40:20 AM

Have you seen this link?

http://www.microsoft.com/learning/books/tr...utions/292.mspx (http://\"http://www.microsoft.com/learning/books/troubleshooting/solutions/292.mspx\")

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 11, 2008, 07:25:57 AM

That would great and all, as long as I could open and use Outlook. However, when it opens, it's just frozen. The program is unresponsive and just shuts down. Then last night I found something on their website that was a tool to reduce the file size of an outlook.pst file you cannot access. It removes however many megs you need to get it below 2 gig. You have no control over what data is lost, however, at least you get the majority of your data back. I tried that, which did not work either. It got part way through and said it has encountered an error.

I think I will look for freeware or shareware to allow me to fix the corrupt pst file, otherwise purchase the one you had mentioned above. It SAID it repaired the file, but until I buy it, save it, and then try to import that pst into my newly installed Office, I won't even know if it works.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 11, 2008, 09:02:24 PM

Did you actually do the following?
It's important you did so
The problems you are experiencing are indicating bad sectors on your hard disk where your .pst files are stored

The first step, which you should of done already should be the following

Go to START>>RUN>>type in EXACTLY the following

chkdsk /r <<Notice the space between k and /
then hit OK

At the prompt to run on restart select Y and hit Enter
Reboot the computer
Let chkdisk run

Try running the INbox repair tool>>From START>>Programs>>Accessories>>System Tools
If not found, do a search for SCANPST.EXE
and run it
You may also want to try chkdsk /f

After each of the above commands try the Inbox repair tool first!
You may be out of luck and lost the info, but I'll keep searching

Also, if you haven't tried the following
You can try this from a command prompt
Go to Start > Run, type cmd and press OK

Change Directory to where your .pst file is located. for example
cd \Documents and Settings\{user name}\Application Data\Microsoft\Outlook\
Notice single space between cd and \

When you have changed to the directory where your .pst file is located, type the following command:
 copy Outlook.pst NUL.

Notice the space between copy and Outlook.pst, also space between pst and NUL
This reads the entire file by copying it to NULL, or "nowhere". If this succeeds the problem is not actually with the file itself, but the location you were trying to copy it to.

If this copy fails, we've confirmed that a bad sector on your hard disk is actually being used by some portion of your .pst file.
Which would not be a good thing

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 14, 2008, 10:44:26 AM

I have taken care of the problem with the Outlook file, but now I'm having the same problem as before. My computer won't even boot up (I think it was post #14 but not certain). When I boot up, I jusst get this blue screen with white
writing:

"Intel UNDI PXE 2.0 (Build 082)
For Realtez RTL8139(X)/8130/810X
PCI Fast Ethernet Controller v2.13
Client Mac Addr: 00 0A E4 00 08 EA
GUID: 9D9A3280-9770-1109...
DHCP... (and then there is a line spinning in a circle)

Then after a few minutes of the line spinning in a circle, the screen changes to:
"No boot filename received.
Exiting PXE ROM."

Then it loops back to the error message above. It just keeps looping over and over again.

I am ready to reformat my harddrive. I have everything backed up and am just fed up. However, when I managed to get to the set up screen, any key I hit took me back to the error message above! Then I tried booting with the MS Windows XP boot cd in the cd drive, but still the same error message.

How can I get around all of this and reformat the hard drive- start clean- ? PS Does this sound like a software problem that will be solved by me reinstalling the OS, or does it sound like a hardware problem?

THank you!

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 14, 2008, 11:24:11 AM

In addition to the post above, I have had other error msgs that will say:
KERNAL_DATA_INPAGE_ERROR

and then I had another one that said:
Process or thread crucial to your system operation has unexpectedly exited or terminated.


Does any of this tell you if it's a hardware or software problem?

I did find the following info. I can press escape to chg the boot order, F10 to enter set up. The set up utility screen shows these tabs at the top: Main, Security, Advanced, Tools, Exit. I'm not familiar with any of this stuff so if you provide me with directions please be specific. I tried a few things but when I would hit "enter" it just took me back to the main error screen (that I posted above).

Thank you again.

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 14, 2008, 12:30:34 PM

Ok, I finally got into the set up mode and changed the boot order and it let me get into my desktop.

Was doing some research on reformatting my harddrive, but then realized I'd have to turn off my pc, load the Windows XP cd, and turn it back on. Well, my cd drive isn't always recognized. So, I'm not sure what to do. If I erase the entire harddrive, I may not be able to reinstall the OS.

Do you think from the errors I mentioned above that this is more of a software or hardware problem?

Thank you.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 15, 2008, 03:48:32 PM

Quote

I have taken care of the problem with the Outlook file

how did you manage it, what steps did you take?

Also, in Setup under advanced did you find the boot order of your computer
Did you set to CD first than harddrive afterwards?

EDIT>>Remember, after making changes in the bios, you will have to hit a key such as F10 and select yes to save changes

Title: Compter full of pop ups, ie closing,
Post by: mickapoo on March 20, 2008, 04:29:29 PM

[quote name=\'guestolo\' post=\'424174\' date=\'Mar 15 2008, 04:48 PM\']how did you manage it, what steps did you take?

Also, in Setup under advanced did you find the boot order of your computer
Did you set to CD first than harddrive afterwards?

EDIT>>Remember, after making changes in the bios, you will have to hit a key such as F10 and select yes to save changes[/quote]

I actually used RepairPST and although I had to purchase it, it was definitely worth it. I had tried all other options and nothing else had worked. Now at least I have my pst file back and running.

I did set the cd first in the order, and saved the changes. It still came back with the same error message. I ended up taking it in for a diagnostic, and they said the hard disk was fried (as you mentioned earlier back) and so was the optical drive. Luckily, I have the extended warranty and it was worth every penny!

Thanks a lot for all your help. Hopefully after starting over new I won't be visiting this forum any time soon. Best wishes to you for all your graciousness & patience.

Title: Compter full of pop ups, ie closing,
Post by: guestolo on March 21, 2008, 12:15:14 PM

Glad you got it all figured out, I'll lock this topic as your problems appear resolved
Take care  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />