Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - beck.thomson

Pages: [1]
1
Tech Clinic / Computer slow even after virus/spyware scans
« on: August 16, 2007, 08:58:09 AM »
This computer has been a major headache for the last several months... runs slow, freezes frequently--pretty much useless, really.

To start, here's a hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 9:55:25 AM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Downloads\Computer Resources\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} (Vitalize Class) - http://www.clickteam.com/vitalize3/vitalize.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

2
Tech Clinic / Computer randomly shutsdown
« on: April 10, 2007, 08:59:50 AM »
hope you're having a good vacation... I could go for one myself--it's way too cold where I live right now.

Here're the logs, and thanks again.

"Deborah" - 07-04-10  9:44:52    Service Pack 2
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\Deborah\Desktop\Computer resources"

((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~    Purity    ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\Program Files\SSTEM3~1\SSTEM3~1


(((((((((((((((((((((((((((((((   Files Created from 2007-03-10 to 2007-04-10  ))))))))))))))))))))))))))))))))))


2007-04-10 01:01   <DIR>   d--------   C:\DOCUME~1\Deborah\APPLIC~1\DivX
2007-04-10 00:53   2,560   ---------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-10 00:53   2,432   ---------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-10 00:53   129,784   ---------   C:\WINDOWS\system32\pxafs.dll
2007-04-04 09:27   <DIR>   d--------   C:\Program Files\iPod
2007-04-04 09:23   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-04-03 15:31   2,488   --a------   C:\WINDOWS\system32\tmp.reg
2007-03-29 17:11   3,968   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-29 17:10   <DIR>   d--------   C:\avenger
2007-03-29 16:56   6   --a------   C:\WINDOWS\system32\29-03-16.dat
2007-03-28 08:40   6   --a------   C:\WINDOWS\system32\28-03-08.dat
2007-03-27 03:55   524,288   --a------   C:\WINDOWS\system32\DivXsm.exe
2007-03-27 03:55   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 03:55   200,704   --a------   C:\WINDOWS\system32\ssldivx.dll
2007-03-27 03:55   1,044,480   --a------   C:\WINDOWS\system32\libdivx.dll
2007-03-27 03:49   73,728   --a------   C:\WINDOWS\system32\dpl100.dll
2007-03-27 03:49   593,920   --a------   C:\WINDOWS\system32\dpuGUI11.dll
2007-03-27 03:49   57,344   --a------   C:\WINDOWS\system32\dpv11.dll
2007-03-27 03:49   53,248   --a------   C:\WINDOWS\system32\dpuGUI10.dll
2007-03-27 03:49   344,064   --a------   C:\WINDOWS\system32\dpus11.dll
2007-03-27 03:49   294,912   --a------   C:\WINDOWS\system32\dpu11.dll
2007-03-27 03:49   294,912   --a------   C:\WINDOWS\system32\dpu10.dll
2007-03-27 03:49   196,608   --a------   C:\WINDOWS\system32\dtu100.dll
2007-03-27 03:48   823,296   --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 03:48   823,296   --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 03:48   802,816   --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 03:48   639,066   --a------   C:\WINDOWS\system32\DivX.dll
2007-03-23 10:08   6   --a------   C:\WINDOWS\system32\23-03-10.dat
2007-03-23 09:03   6   --a------   C:\WINDOWS\system32\23-03-09.dat
2007-03-23 08:59   6   --a------   C:\WINDOWS\system32\23-03-08.dat
2007-03-22 20:20   6   --a------   C:\WINDOWS\system32\22-03-20.dat
2007-03-22 15:00   6   --a------   C:\WINDOWS\system32\22-03-15.dat
2007-03-22 14:39   6   --a------   C:\WINDOWS\system32\22-03-14.dat
2007-03-22 14:28   <DIR>   d--------   C:\WINDOWS\pss
2007-03-22 12:46   6   --a------   C:\WINDOWS\system32\22-03-12.dat
2007-03-22 11:57   786,432   --ah-----   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-03-22 11:57   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-03-22 11:57   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-03-22 08:34   6   --a------   C:\WINDOWS\system32\22-03-08.dat
2007-03-21 10:07   6   --a------   C:\WINDOWS\system32\21-03-10.dat
2007-03-21 01:43   6   --a------   C:\WINDOWS\system32\21-03-01.dat
2007-03-20 22:27   6   --a------   C:\WINDOWS\system32\20-03-22.dat
2007-03-20 16:15   6   --a------   C:\WINDOWS\system32\20-03-16.dat
2007-03-20 14:37   6   --a------   C:\WINDOWS\system32\20-03-14.dat
2007-03-20 12:03   94,424   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-20 12:03   90,112   --a------   C:\WINDOWS\system32\AVASTSS.scr
2007-03-20 12:03   85,952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-20 12:03   689,280   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-03-20 12:03   43,176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-20 12:03   31,560   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-20 12:03   23,352   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-20 12:03   <DIR>   d--------   C:\Program Files\Alwil Software
2007-03-20 12:01   6   --a------   C:\WINDOWS\system32\20-03-12.dat
2007-03-20 11:55   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-20 11:00   6   --a------   C:\WINDOWS\system32\20-03-11.dat
2007-03-20 10:00   6   --a------   C:\WINDOWS\system32\20-03-10.dat
2007-03-20 09:44   6   --a------   C:\WINDOWS\system32\20-03-09.dat
2007-03-20 03:35   6   --a------   C:\WINDOWS\system32\20-03-03.dat
2007-03-19 20:27   6   --a------   C:\WINDOWS\system32\19-03-20.dat
2007-03-19 13:12   6   --a------   C:\WINDOWS\system32\19-03-13.dat
2007-03-18 12:40   6   --a------   C:\WINDOWS\system32\18-03-12.dat
2007-03-17 11:12   6   --a------   C:\WINDOWS\system32\17-03-11.dat
2007-03-16 14:18   6   --a------   C:\WINDOWS\system32\16-03-14.dat
2007-03-16 12:12   6   --a------   C:\WINDOWS\system32\16-03-12.dat
2007-03-14 14:49   6   --a------   C:\WINDOWS\system32\14-03-14.dat
2007-03-14 12:08   6   --a------   C:\WINDOWS\system32\14-03-12.dat
2007-03-14 11:03   6   --a------   C:\WINDOWS\system32\14-03-11.dat
2007-03-14 10:54   6   --a------   C:\WINDOWS\system32\14-03-10.dat
2007-03-14 09:26   6   --a------   C:\WINDOWS\system32\14-03-09.dat
2007-03-14 08:14   6   --a------   C:\WINDOWS\system32\14-03-08.dat
 
 
((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-10 00:54   --------   d--------   C:\Program Files\google
2007-04-10 00:53   --------   d--------   C:\Program Files\divx
2007-04-09 20:57   --------   d--------   C:\Program Files\plaxo
2007-04-04 09:27   --------   d--------   C:\Program Files\itunes
2007-04-04 09:25   --------   d--------   C:\Program Files\quicktime
2007-04-03 15:09   --------   d--------   C:\Program Files\symantec
2007-03-29 17:01   --------   d--------   C:\Program Files\pedevice
2007-03-29 13:52   --------   d--------   C:\Program Files\microsoft money 2005
2007-03-27 03:55   36624   ---------   C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-03-27 03:55   118520   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-03-27 03:55   116472   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-03-19 14:51   3764   --a------   C:\WINDOWS\mozver.dat
2007-03-19 14:51   --------   d--------   C:\Program Files\java
2007-03-08 11:36   577536   --a------   C:\WINDOWS\system32\user32.dll
2007-03-08 11:36   40960   --a------   C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36   281600   --a------   C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47   1843584   --a------   C:\WINDOWS\system32\win32k.sys
2007-03-04 19:33   6   --a------   C:\WINDOWS\system324-03-18.dat
2007-03-04 13:55   6   --a------   C:\WINDOWS\system324-03-12.dat
2007-03-04 04:11   6   --a------   C:\WINDOWS\system324-03-03.dat
2007-03-04 03:15   6   --a------   C:\WINDOWS\system324-03-02.dat
2007-03-04 03:08   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-03-02 18:11   6   --a------   C:\WINDOWS\system322-03-17.dat
2007-02-26 13:47   6   --a------   C:\WINDOWS\system32\26-02-12.dat
2007-02-24 13:08   6   --a------   C:\WINDOWS\system32\24-02-12.dat
2007-02-22 00:21   --------   d--------   C:\DOCUME~1\Deborah\APPLIC~1\viewpoint
2007-02-16 21:09   6   --a------   C:\WINDOWS\system32\16-02-20.dat
2007-02-15 21:40   124472   --a------   C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-12 19:30   6   --a------   C:\WINDOWS\system32\12-02-18.dat
2007-02-06 14:17   6   --a------   C:\WINDOWS\system326-02-13.dat
2007-02-05 20:52   0   --a------   C:\ywcbxykm.exe
2007-02-05 20:51   6   --a------   C:\WINDOWS\system325-02-19.dat
2007-02-04 19:52   6   --a------   C:\WINDOWS\system324-02-18.dat
2007-02-04 14:31   6   --a------   C:\WINDOWS\system324-02-13.dat
2007-02-03 18:44   6   --a------   C:\WINDOWS\system323-02-17.dat
2007-02-01 13:24   0   --a------   C:\wdigv.exe
2007-02-01 13:24   0   --a------   C:\tqex.exe
2007-02-01 13:24   0   --a------   C:\rjayw.exe
2007-02-01 13:22   6   --a------   C:\WINDOWS\system321-02-12.dat
2007-02-01 12:13   6   --a------   C:\WINDOWS\system321-02-11.dat
2007-02-01 01:10   0   --a------   C:\qaliew.exe
2007-02-01 01:10   0   --a------   C:\avhbtqbc.exe
2007-02-01 01:09   6   --a------   C:\WINDOWS\system321-02-00.dat
2007-01-31 20:20   6   --a------   C:\WINDOWS\system32\31-01-19.dat
2007-01-31 13:20   6   --a------   C:\WINDOWS\system32\31-01-12.dat
2007-01-30 20:12   6   --a------   C:\WINDOWS\system32\30-01-19.dat
2007-01-21 14:03   6   --a------   C:\WINDOWS\system32\21-01-13.dat
2007-01-20 22:18   6   --a------   C:\WINDOWS\system32\20-01-21.dat
2007-01-20 00:06   0   --a------   C:\xsxqdxkh.exe
2007-01-20 00:06   0   --a------   C:\laqquruw.exe
2007-01-20 00:06   0   --a------   C:\igcqdm.exe
2007-01-20 00:06   0   --a------   C:\caign.exe
2007-01-20 00:05   6   --a------   C:\WINDOWS\system32\19-01-23.dat
2007-01-19 22:19   6   --a------   C:\WINDOWS\system32\19-01-21.dat
2007-01-18 18:49   6   --a------   C:\WINDOWS\system32\18-01-17.dat
2007-01-18 14:18   6   --a------   C:\WINDOWS\system32\18-01-13.dat
2007-01-17 21:23   6   --a------   C:\WINDOWS\system32\17-01-20.dat
2007-01-17 19:23   6   --a------   C:\WINDOWS\system32\17-01-18.dat
2007-01-16 02:00   6   --a------   C:\WINDOWS\system32\16-01-01.dat
2007-01-15 21:48   6   --a------   C:\WINDOWS\system32\15-01-20.dat
2007-01-15 15:52   6   --a------   C:\WINDOWS\system32\15-01-14.dat
2007-01-14 20:33   6   --a------   C:\WINDOWS\system32\14-01-19.dat
2007-01-14 02:02   6   --a------   C:\WINDOWS\system32\14-01-01.dat
2007-01-14 01:53   6   --a------   C:\WINDOWS\system32\14-01-00.dat
2007-01-14 00:16   6   --a------   C:\WINDOWS\system32\13-01-23.dat
2007-01-13 13:26   6   --a------   C:\WINDOWS\system32\13-01-12.dat
2007-01-12 11:39   6   --a------   C:\WINDOWS\system32\12-01-10.dat
2007-01-11 13:47   6   --a------   C:\WINDOWS\system32\11-01-12.dat
2007-01-10 10:17   6   --a------   C:\WINDOWS\system32\10-01-09.dat
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.12.1.1\\PlaxoHelper.exe -a"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"Logitech Utility"="Logi_MwX.Exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1135747143\\ee\\AOLSoftware.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ      HTTPFilter
LocalService   REG_MULTI_SZ      AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ      DnsCache
DcomLaunch   REG_MULTI_SZ      DcomLaunchTermService
rpcss   REG_MULTI_SZ      RpcSs
imgsvc   REG_MULTI_SZ      StiSvc
termsvcs   REG_MULTI_SZ      TermService



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?1?3?8??p???? ???B?????????????hLC? ??????

scanning hidden files ...

C:\SYSTEM.SAV\info.bom 16384 bytes
C:\SYSTEM.SAV\INFO.US 4096 bytes
C:\SYSTEM.SAV\Logs
C:\SYSTEM.SAV\Logs\Cia.ini 155648 bytes
C:\SYSTEM.SAV\Logs\Info.bom 16384 bytes
C:\SYSTEM.SAV\Logs\Install.log 368640 bytes
C:\SYSTEM.SAV\Logs\Preinchk.log 4096 bytes
C:\SYSTEM.SAV\Logs\Sysinfo.log 294912 bytes
C:\SYSTEM.SAV\Logs\UIADUMP.EUE 4096 bytes
C:\SYSTEM.SAV\Logs\UIADUMP.FPP 4096 bytes
C:\SYSTEM.SAV\mszone.log 16384 bytes
C:\SYSTEM.SAV\PREINCHK.log 4096 bytes
C:\SYSTEM.SAV\REBOOT.ME 48 bytes
C:\SYSTEM.SAV\REGFLUSH.LOG 4096 bytes
C:\SYSTEM.SAV\RmDev.log 20480 bytes
C:\SYSTEM.SAV\SYSINFO.LOG 294912 bytes
C:\SYSTEM.SAV\SysInfo.US 294912 bytes
C:\SYSTEM.SAV\UTIL
C:\SYSTEM.SAV\UTIL\BOOTSEC.NT4 512 bytes
C:\SYSTEM.SAV\UTIL\BrandIt.Log 20480 bytes
C:\SYSTEM.SAV\UTIL\CHKIMAGE.exe 126976 bytes
C:\SYSTEM.SAV\UTIL\CIA.CDC 69632 bytes
C:\SYSTEM.SAV\UTIL\CIA.INI 81920 bytes
C:\SYSTEM.SAV\UTIL\cpqci.dll 122880 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.exe 118784 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.tmp 168 bytes
C:\SYSTEM.SAV\UTIL\DelDir.exe 36864 bytes
C:\SYSTEM.SAV\UTIL\delmodem.ini 184 bytes
C:\SYSTEM.SAV\UTIL\DELMPLNK.bat 88 bytes
C:\SYSTEM.SAV\UTIL\DELMPLNK.js 480 bytes
C:\SYSTEM.SAV\UTIL\DETECTOS.INI 408 bytes
C:\SYSTEM.SAV\UTIL\DNSP1.LOG 16384 bytes
C:\SYSTEM.SAV\UTIL\EISDTICON.log 32 bytes
C:\SYSTEM.SAV\UTIL\EVENTDEL.VBS 208 bytes
C:\SYSTEM.SAV\UTIL\FB_EIS.log 32 bytes
C:\SYSTEM.SAV\UTIL\hpqnt.dll 77824 bytes
C:\SYSTEM.SAV\UTIL\INSTALL.LOG 368640 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\mscu.log 168 bytes
C:\SYSTEM.SAV\UTIL\PININST.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\PININST.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\PININST.LOG 4096 bytes
C:\SYSTEM.SAV\UTIL\POSTOOBE.LOG 24 bytes
C:\SYSTEM.SAV\UTIL\postproc.ini 536 bytes
C:\SYSTEM.SAV\UTIL\powerset.log 88 bytes
C:\SYSTEM.SAV\UTIL\PREINCHK.BAT 216 bytes
C:\SYSTEM.SAV\UTIL\PREINFO.INI 200 bytes
C:\SYSTEM.SAV\UTIL\PREINFO2.EXE 86016 bytes
C:\SYSTEM.SAV\UTIL\qlb.log 176 bytes
C:\SYSTEM.SAV\UTIL\random.ini 40 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.EXE 106496 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.INI 560 bytes
C:\SYSTEM.SAV\UTIL\sedinst.log 168 bytes
C:\SYSTEM.SAV\UTIL\STRTMENU.EXE 24576 bytes
C:\SYSTEM.SAV\UTIL\SWSET_B.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\ticrdbus.log 32 bytes
C:\SYSTEM.SAV\UTIL\touchpad.log 192 bytes
C:\SYSTEM.SAV\UTIL\WINdvd.log 168 bytes
C:\SYSTEM.SAV\UTIL\wlassistant.log 176 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 60

********************************************************************

Completion time: 07-04-10  9:50:44
C:\ComboFix2.txt ... 07-03-26 12:01

________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 9:52:32 AM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Deborah\Desktop\Computer resources\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

3
Tech Clinic / Computer randomly shutsdown
« on: April 03, 2007, 03:10:31 PM »
Logfile of HijackThis v1.99.1
Scan saved at 4:04:00 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Deborah\Desktop\Computer resources\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

_______________________________________________________
Blacklight


04/03/07 15:37:11 [Info]: BlackLight Engine 1.0.61 initialized
04/03/07 15:37:11 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/03/07 15:37:12 [Note]: 7019 4
04/03/07 15:37:12 [Note]: 7005 0
04/03/07 15:37:16 [Note]: 7006 0
04/03/07 15:37:16 [Note]: 7011 172
04/03/07 15:37:16 [Note]: 7026 0
04/03/07 15:37:16 [Note]: 7026 0
04/03/07 15:37:20 [Note]: FSRAW library version 1.7.1021
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:45:30 [Note]: 2000 1012
04/03/07 15:49:00 [Note]: 7007 0

__________________________________________________

SmitFraudFix v2.162

Scan done at 15:31:15.54, Tue 04/03/2007
Run from C:\Documents and Settings\Deborah\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\RegistryCleanerSetup.exe Deleted
C:\Program Files\RegistryCleaner\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E287B054-D536-4805-AA71-C680E86CCBB3}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E287B054-D536-4805-AA71-C680E86CCBB3}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E287B054-D536-4805-AA71-C680E86CCBB3}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

4
Tech Clinic / Computer randomly shutsdown
« on: April 02, 2007, 08:32:57 AM »
Symantec: Norton Internet Security 2005 Version 8.0.2.5

Unfortunately, I didn't get to this until today (had a busy weekend) and the Blacklight trial expired yesterday, so I couldn't run it.

Logfile of HijackThis v1.99.1
Scan saved at 9:23:14 AM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Documents and Settings\Deborah\Desktop\Computer resources\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


_________________________
ASSPY

C:\WINDOWS\system32 : lzx32.sys  (69550 bytes)
C:\WINDOWS\system32 : lzx32.sys  (69550 bytes)

5
Tech Clinic / Computer randomly shutsdown
« on: March 30, 2007, 02:19:57 PM »
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   2:55:11 PM 3/30/2007

 + Scan result:   



:mozilla.273:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.274:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.10:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.11:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.12:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.13:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.17:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.18:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.19:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.31:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.32:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.33:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.34:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.36:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.37:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.38:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.39:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.400:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.40:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.41:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.42:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.43:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.594:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.637:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.694:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.6:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.700:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.710:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.762:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.766:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.7:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.8:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.9:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.479:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.480:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.258:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.611:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.612:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.248:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.249:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.250:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.251:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.252:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.13:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.56:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.597:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.634:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.635:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.636:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.100:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.101:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.102:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.103:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.104:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.105:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.106:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.107:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.97:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.98:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.99:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.350:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.421:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.495:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.669:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.670:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.671:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.672:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.38:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.45:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.388:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.389:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.477:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.478:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.543:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.544:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.545:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.546:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.547:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.548:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.549:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.550:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.551:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.552:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.553:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.554:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.555:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.556:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.557:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.563:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.564:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.565:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.566:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.567:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.677:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.678:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.679:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.680:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.681:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.682:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.683:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.684:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.233:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.234:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.235:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.243:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.244:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.245:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.246:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.247:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.210:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.211:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.212:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.214:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.374:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.341:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.301:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.302:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.303:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.304:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.71:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.72:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.419:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.420:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.767:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.537:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.538:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.539:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.540:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.221:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.222:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.422:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.423:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.496:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.497:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.55:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.56:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.57:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.688:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.689:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.690:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.691:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.351:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.352:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.353:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.354:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.355:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.356:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.115:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.117:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.118:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.119:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.120:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.424:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.425:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.426:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.427:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.529:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.530:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.531:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.532:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.291:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.294:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.295:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.296:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.50:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.51:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.52:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.446:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.225:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.523:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.524:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.525:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.526:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.527:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.68:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.19:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.20:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.21:C:\Documents and Settings\Worka Hama Yo Yo\Application Data\Mozilla\Firefox\Profiles\hunpc8wi.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.87:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.88:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.89:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.91:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.92:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.93:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.94:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.95:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.463:C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\w9tviw4g.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end




Finally, I could not run BlackLight... it said something about my not having the necessary privileges.

6
Tech Clinic / Computer randomly shutsdown
« on: March 30, 2007, 02:17:37 PM »
Ok, before we get started here, I just wanted to say THANK YOU for your help on this...this laptop was virtually useless, it shut down so often, and now it seems to be running ok.

I did have one problem--when I tried to remove the Norton software (it's expired anyway), the system shut down in the middle of the uninstallation process and now I get an error message when I go to remove it.  Any way around this?

To begin the logs:

Logfile of HijackThis v1.99.1
Scan saved at 3:08:36 PM, on 3/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hello\Hello.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Deborah\Desktop\Computer resources\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

__________________________________

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sdssfcax

*******************

Script file located at: \??\C:\WINDOWS\jmfunigy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Program Files\Common Files\kmwf deleted successfully.


File C:\WINDOWS\system32\wuosiu.exe not found!
Deletion of file C:\WINDOWS\system32\wuosiu.exe failed!

Could not process line:
C:\WINDOWS\system32\wuosiu.exe
Status: 0xc0000034



File C:\WINDOWS\system32\wqbujei.exe not found!
Deletion of file C:\WINDOWS\system32\wqbujei.exe failed!

Could not process line:
C:\WINDOWS\system32\wqbujei.exe
Status: 0xc0000034



File C:\WINDOWS\system32\wigvy.exe not found!
Deletion of file C:\WINDOWS\system32\wigvy.exe failed!

Could not process line:
C:\WINDOWS\system32\wigvy.exe
Status: 0xc0000034



File C:\Documents and Settings\Deborah\LOCALS~1\Temp\311046.exe not found!
Deletion of file C:\Documents and Settings\Deborah\LOCALS~1\Temp\311046.exe failed!

Could not process line:
C:\Documents and Settings\Deborah\LOCALS~1\Temp\311046.exe
Status: 0xc0000034



File C:\WINDOWS\system32\weoip.exe not found!
Deletion of file C:\WINDOWS\system32\weoip.exe failed!

Could not process line:
C:\WINDOWS\system32\weoip.exe
Status: 0xc0000034

File C:\WINDOWS\system32\vmmanager.exe deleted successfully.
File C:\Documents and Settings\Deborah\UTRF.exe deleted successfully.
File C:\Documents and Settings\Deborah\TENF.exe deleted successfully.
File C:\Documents and Settings\Deborah\SQJT.exe deleted successfully.
File C:\Documents and Settings\Deborah\PHKR.exe deleted successfully.
File C:\Documents and Settings\Deborah\NFIK.exe deleted successfully.
File C:\Documents and Settings\Deborah\LPDS.exe deleted successfully.


File C:\WINDOWS\system32\fldmelds.exe not found!
Deletion of file C:\WINDOWS\system32\fldmelds.exe failed!

Could not process line:
C:\WINDOWS\system32\fldmelds.exe
Status: 0xc0000034



File C:\WINDOWS\system32\lcoinst.exe not found!
Deletion of file C:\WINDOWS\system32\lcoinst.exe failed!

Could not process line:
C:\WINDOWS\system32\lcoinst.exe
Status: 0xc0000034



File C:\Documents and Settings\Deborah\KOPU.exe not found!
Deletion of file C:\Documents and Settings\Deborah\KOPU.exe failed!

Could not process line:
C:\Documents and Settings\Deborah\KOPU.exe
Status: 0xc0000034

File C:\Documents and Settings\Deborah\KDSC.exe deleted successfully.


File C:\Documents and Settings\Deborah\JFPL.exe not found!
Deletion of file C:\Documents and Settings\Deborah\JFPL.exe failed!

Could not process line:
C:\Documents and Settings\Deborah\JFPL.exe
Status: 0xc0000034

File C:\Documents and Settings\Deborah\GLFC.exe deleted successfully.
File C:\Documents and Settings\Deborah\DUHJ.exe deleted successfully.


File C:\WINDOWS\system32\atllsimm.exe not found!
Deletion of file C:\WINDOWS\system32\atllsimm.exe failed!

Could not process line:
C:\WINDOWS\system32\atllsimm.exe
Status: 0xc0000034

File C:\Documents and Settings\Deborah\ACEJ.exe deleted successfully.


File C:\WINDOWS\system32\1.exe not found!
Deletion of file C:\WINDOWS\system32\1.exe failed!

Could not process line:
C:\WINDOWS\system32\1.exe
Status: 0xc0000034

File C:\WINDOWS\system32\dispex.exe deleted successfully.


File C:\WINDOWS\system32\msencode.exe not found!
Deletion of file C:\WINDOWS\system32\msencode.exe failed!

Could not process line:
C:\WINDOWS\system32\msencode.exe
Status: 0xc0000034



File C:\WINDOWS\system32\msoeacct.exe not found!
Deletion of file C:\WINDOWS\system32\msoeacct.exe failed!

Could not process line:
C:\WINDOWS\system32\msoeacct.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.

7
Tech Clinic / Computer randomly shutsdown
« on: March 28, 2007, 07:47:07 AM »
Logfile of HijackThis v1.99.1
Scan saved at 8:42:03 AM, on 3/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\dispex.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hello\Hello.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Documents and Settings\Deborah\Desktop\HijackThis.exe
C:\WINDOWS\system32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [{75A175BE-07C5-1033-0903-050503030001}] "C:\Program Files\Common Files\{75A175BE-07C5-1033-0903-050503030001}\Update.exe" mc-110-12-0000797
O4 - HKLM\..\Run: [{75A175BE-06FE-1033-0903-050503030001}] "C:\Program Files\Common Files\{75A175BE-06FE-1033-0903-050503030001}\Update.exe" mc-110-12-0000797
O4 - HKLM\..\Run: [{75A175BE-03E2-1033-0903-050503030001}] "C:\Program Files\Common Files\{75A175BE-03E2-1033-0903-050503030001}\Update.exe" mc-110-12-0000797
O4 - HKLM\..\Run: [{75A175BE-03E1-1033-0903-050503030001}] "C:\Program Files\Common Files\{75A175BE-03E1-1033-0903-050503030001}\Update.exe" mc-110-12-0000797
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [lmjvservc] cliwdcjk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135747143\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [wuosiu] "C:\WINDOWS\system32\wuosiu.exe"
O4 - HKCU\..\Run: [wqbujei] "C:\WINDOWS\system32\wqbujei.exe"
O4 - HKCU\..\Run: [WinInit] "C:\DOCUME~1\Deborah\LOCALS~1\Temp\311046.exe "
O4 - HKCU\..\Run: [wigvy] "C:\WINDOWS\system32\wigvy.exe"
O4 - HKCU\..\Run: [weoip] "C:\WINDOWS\system32\weoip.exe"
O4 - HKCU\..\Run: [vmmanager] C:\WINDOWS\system32\vmmanager.exe
O4 - HKCU\..\Run: [UTRF] "C:\Documents and Settings\Deborah\UTRF.exe"
O4 - HKCU\..\Run: [TENF] "C:\Documents and Settings\Deborah\TENF.exe"
O4 - HKCU\..\Run: [SQJT] "C:\Documents and Settings\Deborah\SQJT.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [PHKR] "C:\Documents and Settings\Deborah\PHKR.exe"
O4 - HKCU\..\Run: [NFIK] "C:\Documents and Settings\Deborah\NFIK.exe"
O4 - HKCU\..\Run: [LPDS] "C:\Documents and Settings\Deborah\LPDS.exe"
O4 - HKCU\..\Run: [llsymvb] C:\WINDOWS\system32\fldmelds.exe
O4 - HKCU\..\Run: [lcoinst] C:\WINDOWS\system32\lcoinst.exe
O4 - HKCU\..\Run: [KOPU] "C:\Documents and Settings\Deborah\KOPU.exe"
O4 - HKCU\..\Run: [kmwf] C:\PROGRA~1\COMMON~1\kmwf\kmwfm.exe
O4 - HKCU\..\Run: [KDSC] "C:\Documents and Settings\Deborah\KDSC.exe"
O4 - HKCU\..\Run: [JFPL] "C:\Documents and Settings\Deborah\JFPL.exe"
O4 - HKCU\..\Run: [GLFC] "C:\Documents and Settings\Deborah\GLFC.exe"
O4 - HKCU\..\Run: [Fiyf] C:\Program Files\Common Files\??crosoft\c?rss.exe
O4 - HKCU\..\Run: [DUHJ] "C:\Documents and Settings\Deborah\DUHJ.exe"
O4 - HKCU\..\Run: [cwingllib] C:\WINDOWS\system32\atllsimm.exe
O4 - HKCU\..\Run: [ACEJ] "C:\Documents and Settings\Deborah\ACEJ.exe"
O4 - HKCU\..\Run: [1] "C:\WINDOWS\system32\1.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dispex.exe - Unknown owner - C:\WINDOWS\system32\dispex.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ipsecsnp.exe - Unknown owner - C:\WINDOWS\system32\ipsecsnp.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: msencode.exe - Unknown owner - C:\WINDOWS\system32\msencode.exe (file missing)
O23 - Service: msoeacct.exe - Unknown owner - C:\WINDOWS\system32\msoeacct.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

8
Tech Clinic / Computer randomly shutsdown
« on: March 26, 2007, 11:17:42 AM »
finally...

"Deborah" - 07-03-26 11:46:45    Service Pack 2
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\Deborah\Desktop"

(((((((((((((((((((((((((((((((((((((((((((((   Look2Me's Log   ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\clsid\{cb6e53b4-3fc4-4557-adb4-9555b9351d3c}]
@=""

[HKEY_CLASSES_ROOT\clsid\{cb6e53b4-3fc4-4557-adb4-9555b9351d3c}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{cb6e53b4-3fc4-4557-adb4-9555b9351d3c}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{cb6e53b4-3fc4-4557-adb4-9555b9351d3c}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjaudite.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *




((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system325-11-14.exe
C:\WINDOWS\system327-11-16.exe
C:\WINDOWS\system32\1.exe~
C:\WINDOWS\system32\20-11-22.exe
C:\WINDOWS\system32\23-11-14.exe
C:\WINDOWS\system32\27-11-18.exe
C:\WINDOWS\system32\28-11-20.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe.config
C:\Program Files\Common Files\svchostsys\svchostupdate.exe.config
C:\Program Files\Common Files\svchostsys\sysid.exe
C:\Program Files\Common Files\svchostsys\Version.txt
C:\WINDOWS\system32\loadadv559.exe
C:\WINDOWS\system32\test.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\secure32.html
C:\Program Files\Common Files\{35A17~1
C:\Program Files\Common Files\{35A17~3
C:\Program Files\Common Files\{35A17~2
C:\Program Files\Common Files\{75A17~3
C:\Program Files\Common Files\{75A17~2
C:\Program Files\Common Files\{75A17~4
C:\Program Files\Common Files\{75A17~1
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
C:\WINDOWS\system32\lzx32.sys
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~    Purity    ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\Program Files\SSTEM3~1\SSTEM3~1


(((((((((((((((((((((((((((((((   Files Created from 2007-02-26 to 2007-03-26  ))))))))))))))))))))))))))))))))))


2007-03-23 10:08   6   --a------   C:\WINDOWS\system32\23-03-10.dat
2007-03-23 09:03   6   --a------   C:\WINDOWS\system32\23-03-09.dat
2007-03-23 08:59   6   --a------   C:\WINDOWS\system32\23-03-08.dat
2007-03-22 20:20   6   --a------   C:\WINDOWS\system32\22-03-20.dat
2007-03-22 15:00   6   --a------   C:\WINDOWS\system32\22-03-15.dat
2007-03-22 14:39   6   --a------   C:\WINDOWS\system32\22-03-14.dat
2007-03-22 14:28   <DIR>   d--------   C:\WINDOWS\pss
2007-03-22 12:46   6   --a------   C:\WINDOWS\system32\22-03-12.dat
2007-03-22 11:57   786,432   --ah-----   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-03-22 11:57   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-03-22 11:57   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-03-22 08:34   6   --a------   C:\WINDOWS\system32\22-03-08.dat
2007-03-21 10:07   6   --a------   C:\WINDOWS\system32\21-03-10.dat
2007-03-21 01:43   6   --a------   C:\WINDOWS\system32\21-03-01.dat
2007-03-20 22:27   6   --a------   C:\WINDOWS\system32\20-03-22.dat
2007-03-20 16:15   6   --a------   C:\WINDOWS\system32\20-03-16.dat
2007-03-20 14:37   6   --a------   C:\WINDOWS\system32\20-03-14.dat
2007-03-20 12:03   94,424   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-20 12:03   90,112   --a------   C:\WINDOWS\system32\AVASTSS.scr
2007-03-20 12:03   85,952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-20 12:03   689,280   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-03-20 12:03   43,176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-20 12:03   31,560   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-20 12:03   23,352   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-20 12:03   <DIR>   d--------   C:\Program Files\Alwil Software
2007-03-20 12:01   6   --a------   C:\WINDOWS\system32\20-03-12.dat
2007-03-20 11:55   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-20 11:00   6   --a------   C:\WINDOWS\system32\20-03-11.dat
2007-03-20 10:00   6   --a------   C:\WINDOWS\system32\20-03-10.dat
2007-03-20 09:44   6   --a------   C:\WINDOWS\system32\20-03-09.dat
2007-03-20 03:35   6   --a------   C:\WINDOWS\system32\20-03-03.dat
2007-03-19 20:27   6   --a------   C:\WINDOWS\system32\19-03-20.dat
2007-03-19 13:12   6   --a------   C:\WINDOWS\system32\19-03-13.dat
2007-03-18 12:40   6   --a------   C:\WINDOWS\system32\18-03-12.dat
2007-03-17 11:12   6   --a------   C:\WINDOWS\system32\17-03-11.dat
2007-03-16 14:18   6   --a------   C:\WINDOWS\system32\16-03-14.dat
2007-03-16 12:12   6   --a------   C:\WINDOWS\system32\16-03-12.dat
2007-03-14 14:49   6   --a------   C:\WINDOWS\system32\14-03-14.dat
2007-03-14 12:08   6   --a------   C:\WINDOWS\system32\14-03-12.dat
2007-03-14 11:03   6   --a------   C:\WINDOWS\system32\14-03-11.dat
2007-03-14 10:54   6   --a------   C:\WINDOWS\system32\14-03-10.dat
2007-03-14 09:26   6   --a------   C:\WINDOWS\system32\14-03-09.dat
2007-03-14 08:14   6   --a------   C:\WINDOWS\system32\14-03-08.dat
2007-03-04 19:33   6   --a------   C:\WINDOWS\system324-03-18.dat
2007-03-04 13:55   6   --a------   C:\WINDOWS\system324-03-12.dat
2007-03-04 04:11   6   --a------   C:\WINDOWS\system324-03-03.dat
2007-03-04 03:15   6   --a------   C:\WINDOWS\system324-03-02.dat
2007-03-02 18:11   6   --a------   C:\WINDOWS\system322-03-17.dat
2007-02-27 11:46   26,624   --a------   C:\DOCUME~1\Deborah\PJNA.exe
2007-02-27 11:10   26,624   --a------   C:\DOCUME~1\Deborah\SQJT.exe
2007-02-26 15:05   26,624   --a------   C:\DOCUME~1\Deborah\RSHS.exe
2007-02-26 15:00   26,624   --a------   C:\DOCUME~1\Deborah\DUHJ.exe
2007-02-26 14:55   26,624   --a------   C:\DOCUME~1\Deborah\RTHF.exe
2007-02-26 14:13   26,624   --a------   C:\DOCUME~1\Deborah\QULL.exe
2007-02-26 14:11   26,624   --a------   C:\DOCUME~1\Deborah\QQEJ.exe
2007-02-26 14:07   26,624   --a------   C:\DOCUME~1\Deborah\UPKN.exe
2007-02-26 14:07   26,624   --a------   C:\DOCUME~1\Deborah\JKMT.exe
2007-02-26 14:06   26,624   --a------   C:\DOCUME~1\Deborah\SGGJ.exe
2007-02-26 14:06   26,624   --a------   C:\DOCUME~1\Deborah\FTOB.exe
2007-02-26 14:05   26,624   --a------   C:\DOCUME~1\Deborah\RIBT.exe
2007-02-26 14:05   26,624   --a------   C:\DOCUME~1\Deborah\MJKB.exe
2007-02-26 14:04   26,624   --a------   C:\DOCUME~1\Deborah\SOBO.exe
2007-02-26 14:00   26,624   --a------   C:\DOCUME~1\Deborah\KDSC.exe
2007-02-26 13:59   171,008   --a------   C:\WINDOWS\system32\LXAESUI.DLL
2007-02-26 13:47   6   --a------   C:\WINDOWS\system32\26-02-12.dat
 
 
((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))

[color=\"red\"] Rootkit driver pe386 is present. ... attempting disinfection [/color]
[color=\"blue\"] pe386 ... driver unloaded successfully. Run ADS scan for remnant driver file [/color]

2007-03-23 10:39   --------   d--------   C:\Program Files\plaxo
2007-03-19 14:51   3764   --a------   C:\WINDOWS\mozver.dat
2007-03-19 14:51   --------   d--------   C:\Program Files\java
2007-03-19 14:42   --------   d--------   C:\Program Files\registrycleaner
2007-03-04 13:57   --------   d--------   C:\Program Files\pedevice
2007-03-04 03:08   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-02-24 13:08   6   --a------   C:\WINDOWS\system32\24-02-12.dat
2007-02-16 21:09   6   --a------   C:\WINDOWS\system32\16-02-20.dat
2007-02-13 21:10   --------   d--------   C:\Program Files\google
2007-02-12 19:30   6   --a------   C:\WINDOWS\system32\12-02-18.dat
2007-02-06 14:17   6   --a------   C:\WINDOWS\system326-02-13.dat
2007-02-05 20:52   0   --a------   C:\ywcbxykm.exe
2007-02-05 20:51   6   --a------   C:\WINDOWS\system325-02-19.dat
2007-02-04 21:23   622703   --a------   C:\WINDOWS\system32\registrycleanersetup.exe
2007-02-04 19:52   6   --a------   C:\WINDOWS\system324-02-18.dat
2007-02-04 14:31   6   --a------   C:\WINDOWS\system324-02-13.dat
2007-02-03 20:39   --------   d--------   C:\Program Files\limewire
2007-02-03 18:44   6   --a------   C:\WINDOWS\system323-02-17.dat
2007-02-01 13:24   0   --a------   C:\wdigv.exe
2007-02-01 13:24   0   --a------   C:\tqex.exe
2007-02-01 13:24   0   --a------   C:\rjayw.exe
2007-02-01 13:22   6   --a------   C:\WINDOWS\system321-02-12.dat
2007-02-01 12:13   6   --a------   C:\WINDOWS\system321-02-11.dat
2007-02-01 01:10   0   --a------   C:\qaliew.exe
2007-02-01 01:10   0   --a------   C:\avhbtqbc.exe
2007-02-01 01:09   6   --a------   C:\WINDOWS\system321-02-00.dat
2007-01-31 20:20   6   --a------   C:\WINDOWS\system32\31-01-19.dat
2007-01-31 13:20   6   --a------   C:\WINDOWS\system32\31-01-12.dat
2007-01-30 20:12   6   --a------   C:\WINDOWS\system32\30-01-19.dat
2007-01-21 14:03   6   --a------   C:\WINDOWS\system32\21-01-13.dat
2007-01-20 22:18   6   --a------   C:\WINDOWS\system32\20-01-21.dat
2007-01-20 00:06   0   --a------   C:\xsxqdxkh.exe
2007-01-20 00:06   0   --a------   C:\laqquruw.exe
2007-01-20 00:06   0   --a------   C:\igcqdm.exe
2007-01-20 00:06   0   --a------   C:\caign.exe
2007-01-20 00:05   6   --a------   C:\WINDOWS\system32\19-01-23.dat
2007-01-19 22:19   6   --a------   C:\WINDOWS\system32\19-01-21.dat
2007-01-18 18:49   6   --a------   C:\WINDOWS\system32\18-01-17.dat
2007-01-18 14:18   6   --a------   C:\WINDOWS\system32\18-01-13.dat
2007-01-17 21:23   6   --a------   C:\WINDOWS\system32\17-01-20.dat
2007-01-17 19:23   6   --a------   C:\WINDOWS\system32\17-01-18.dat
2007-01-16 02:00   6   --a------   C:\WINDOWS\system32\16-01-01.dat
2007-01-15 21:48   6   --a------   C:\WINDOWS\system32\15-01-20.dat
2007-01-15 15:52   6   --a------   C:\WINDOWS\system32\15-01-14.dat
2007-01-14 20:33   6   --a------   C:\WINDOWS\system32\14-01-19.dat
2007-01-14 02:02   6   --a------   C:\WINDOWS\system32\14-01-01.dat
2007-01-14 01:53   6   --a------   C:\WINDOWS\system32\14-01-00.dat
2007-01-14 00:16   6   --a------   C:\WINDOWS\system32\13-01-23.dat
2007-01-13 13:26   6   --a------   C:\WINDOWS\system32\13-01-12.dat
2007-01-12 11:39   6   --a------   C:\WINDOWS\system32\12-01-10.dat
2007-01-11 13:47   6   --a------   C:\WINDOWS\system32\11-01-12.dat
2007-01-10 10:17   6   --a------   C:\WINDOWS\system32\10-01-09.dat
2007-01-06 22:03   6   --a------   C:\WINDOWS\system326-01-21.dat
2007-01-01 03:38   0   --a------   C:\vmbbeqsy.exe
2007-01-01 03:38   0   --a------   C:\skfyhkya.exe
2007-01-01 03:38   0   --a------   C:\pjfjj.exe
2007-01-01 03:38   0   --a------   C:\pidp.exe
2007-01-01 03:38   0   --a------   C:\mtywy.exe
2007-01-01 03:38   0   --a------   C:\hrqri.exe
2007-01-01 03:38   0   --a------   C:\cvgk.exe
2007-01-01 03:38   0   --a------   C:\abeg.exe
2007-01-01 03:37   6   --a------   C:\WINDOWS\system321-01-02.dat
2007-01-01 02:11   6   --a------   C:\WINDOWS\system321-01-01.dat
2007-01-01 01:41   6   --a------   C:\WINDOWS\system321-01-00.dat
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="1"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\system32\\1.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACEJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ACEJ"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\ACEJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAVTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="caissdt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAVRID"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVRID.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cpqset"
"hkey"="HKLM"
"command"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cwingllib]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atllsimm"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\atllsimm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DUHJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DUHJ"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\DUHJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EabServr"
"hkey"="HKLM"
"command"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fiyf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="c?rss"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\??crosoft\\c?rss.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GLFC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GLFC"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\GLFC.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1135747143\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Wireless Assistant"
"hkey"="HKLM"
"command"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JFPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="JFPL"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\JFPL.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KDSC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KDSC"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\KDSC.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmwf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kmwfm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\kmwf\\kmwfm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KOPU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KOPU"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\KOPU.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lcoinst]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lcoinst"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\lcoinst.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llsymvb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fldmelds"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\fldmelds.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lmjvservc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cliwdcjk"
"hkey"="HKLM"
"command"="cliwdcjk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPDS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LPDS"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\LPDS.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lsburnwatcher"
"hkey"="HKLM"
"command"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NFIK]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NFIK"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\NFIK.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHKR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PHKR"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\PHKR.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hello"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hello\\Hello.exe\" -b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PlaxoHelper"
"hkey"="HKCU"
"command"="C:\\Program Files\\Plaxo\\2.11.1.5\\PlaxoHelper.exe -a"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SQJT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SQJT"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\SQJT.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPLpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TENF]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TENF"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\TENF.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UrlLstCk"
"hkey"="HKLM"
"command"="c:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UTRF]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UTRF"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Deborah\\UTRF.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmmanager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vmmanager"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\vmmanager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\weoip]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="weoip"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\system32\\weoip.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wigvy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wigvy"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\system32\\wigvy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinInit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="311046"
"hkey"="HKCU"
"command"="\"C:\\DOCUME~1\\Deborah\\LOCALS~1\\Temp\\311046.exe \" "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wqbujei]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wqbujei"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\system32\\wqbujei.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wuosiu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wuosiu"
"hkey"="HKCU"
"command"="\"C:\\WINDOWS\\system32\\wuosiu.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{75A175BE-03E1-1033-0903-050503030001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{75A175BE-03E1-1033-0903-050503030001}\\Update.exe\" mc-110-12-0000797"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{75A175BE-03E2-1033-0903-050503030001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{75A175BE-03E2-1033-0903-050503030001}\\Update.exe\" mc-110-12-0000797"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{75A175BE-06FE-1033-0903-050503030001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{75A175BE-06FE-1033-0903-050503030001}\\Update.exe\" mc-110-12-0000797"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{75A175BE-07C5-1033-0903-050503030001}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Update"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\{75A175BE-07C5-1033-0903-050503030001}\\Update.exe\" mc-110-12-0000797"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"dispex.exe"=dword:00000002
"msoeacct.exe"=dword:00000002
"msencode.exe"=dword:00000002
"ipsecsnp.exe"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"xmlprov"=dword:00000003
"WZCSVC"=dword:00000002
"wuauserv"=dword:00000002
"wscsvc"=dword:00000002
"WmiApSrv"=dword:00000003
"WmdmPmSN"=dword:00000003
"winmgmt"=dword:00000002
"WebClient"=dword:00000002
"W32Time"=dword:00000002
"VSS"=dword:00000003
"Viewpoint Manager Service"=dword:00000002
"VETMSGNT"=dword:00000002
"UPS"=dword:00000003
"upnphost"=dword:00000003
"UMWdf"=dword:00000002
"TrkWks"=dword:00000002
"Themes"=dword:00000002
"TermService"=dword:00000003
"TapiSrv"=dword:00000003
"SysmonLog"=dword:00000003
"SymWSC"=dword:00000002
"SwPrv"=dword:00000003
"stisvc"=dword:00000003
"SSDPSRV"=dword:00000003
"srservice"=dword:00000002
"Spooler"=dword:00000002
"SPBBCSvc"=dword:00000003
"SNDSrvc"=dword:00000003
"ShellHWDetection"=dword:00000002
"SharedAccess"=dword:00000002
"SENS"=dword:00000002
"seclogon"=dword:00000002
"Schedule"=dword:00000002
"SCardSvr"=dword:00000003
"SamSs"=dword:00000002
"RSVP"=dword:00000003
"RDSessMgr"=dword:00000003
"RasMan"=dword:00000003
"RasAuto"=dword:00000003
"ProtectedStorage"=dword:00000002
"PolicyAgent"=dword:00000002
"PlugPlay"=dword:00000002
"NtmsSvc"=dword:00000003
"NtLmSsp"=dword:00000003
"Nla"=dword:00000003
"Netman"=dword:00000003
"Netlogon"=dword:00000003
"MSIServer"=dword:00000003
"MSDTC"=dword:00000003
"mnmsrvc"=dword:00000003
"LmHosts"=dword:00000002
"LightScribeService"=dword:00000002
"lanmanworkstation"=dword:00000002
"lanmanserver"=dword:00000002
"ISSVC"=dword:00000002
"iPod Service"=dword:00000003
"ImapiService"=dword:00000003
"IDriverT"=dword:00000003
"HTTPFilter"=dword:00000003
"hpqwmi"=dword:00000003
"helpsvc"=dword:00000002
"gusvc"=dword:00000003
"FastUserSwitchingCompatibility"=dword:00000003
"EventSystem"=dword:00000003
"Eventlog"=dword:00000002
"ERSvc"=dword:00000002
"Dnscache"=dword:00000002
"dmserver"=dword:00000003
"dmadmin"=dword:00000003
"Dhcp"=dword:00000002
"CryptSvc"=dword:00000003
"COMSysApp"=dword:00000003
"CiSvc"=dword:00000003
"ccSetMgr"=dword:00000002
"ccPwdSvc"=dword:00000003
"ccProxy"=dword:00000002
"ccEvtMgr"=dword:00000002
"CAISafe"=dword:00000002
"Browser"=dword:00000002
"BITS"=dword:00000002
"avast! Web Scanner"=dword:00000003
"avast! Mail Scanner"=dword:00000003
"avast! Antivirus"=dword:00000002
"AudioSrv"=dword:00000002
"aswUpdSv"=dword:00000002
"aspnet_state"=dword:00000003
"AppMgmt"=dword:00000003
"ALG"=dword:00000003
"Alerter"=dword:00000002
"Adobe LM Service"=dword:00000003


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ      HTTPFilter
LocalService   REG_MULTI_SZ      AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ      DnsCache
DcomLaunch   REG_MULTI_SZ      DcomLaunchTermService
rpcss   REG_MULTI_SZ      RpcSs
imgsvc   REG_MULTI_SZ      StiSvc
termsvcs   REG_MULTI_SZ      TermService



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\SYSTEM.SAV\info.bom 16384 bytes
C:\SYSTEM.SAV\INFO.US 4096 bytes
C:\SYSTEM.SAV\Logs
C:\SYSTEM.SAV\Logs\Cia.ini 155648 bytes
C:\SYSTEM.SAV\Logs\Info.bom 16384 bytes
C:\SYSTEM.SAV\Logs\Install.log 368640 bytes
C:\SYSTEM.SAV\Logs\Preinchk.log 4096 bytes
C:\SYSTEM.SAV\Logs\Sysinfo.log 294912 bytes
C:\SYSTEM.SAV\Logs\UIADUMP.EUE 4096 bytes
C:\SYSTEM.SAV\Logs\UIADUMP.FPP 4096 bytes
C:\SYSTEM.SAV\mszone.log 16384 bytes
C:\SYSTEM.SAV\PREINCHK.log 4096 bytes
C:\SYSTEM.SAV\REBOOT.ME 48 bytes
C:\SYSTEM.SAV\REGFLUSH.LOG 4096 bytes
C:\SYSTEM.SAV\RmDev.log 20480 bytes
C:\SYSTEM.SAV\SYSINFO.LOG 294912 bytes
C:\SYSTEM.SAV\SysInfo.US 294912 bytes
C:\SYSTEM.SAV\UTIL
C:\SYSTEM.SAV\UTIL\BOOTSEC.NT4 512 bytes
C:\SYSTEM.SAV\UTIL\BrandIt.Log 20480 bytes
C:\SYSTEM.SAV\UTIL\CHKIMAGE.exe 126976 bytes
C:\SYSTEM.SAV\UTIL\CIA.CDC 69632 bytes
C:\SYSTEM.SAV\UTIL\CIA.INI 81920 bytes
C:\SYSTEM.SAV\UTIL\cpqci.dll 122880 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.exe 118784 bytes
C:\SYSTEM.SAV\UTIL\cvacompg.tmp 168 bytes
C:\SYSTEM.SAV\UTIL\DelDir.exe 36864 bytes
C:\SYSTEM.SAV\UTIL\delmodem.ini 184 bytes
C:\SYSTEM.SAV\UTIL\DELMPLNK.bat 88 bytes
C:\SYSTEM.SAV\UTIL\DELMPLNK.js 480 bytes
C:\SYSTEM.SAV\UTIL\DETECTOS.INI 408 bytes
C:\SYSTEM.SAV\UTIL\DNSP1.LOG 16384 bytes
C:\SYSTEM.SAV\UTIL\EISDTICON.log 32 bytes
C:\SYSTEM.SAV\UTIL\EVENTDEL.VBS 208 bytes
C:\SYSTEM.SAV\UTIL\FB_EIS.log 32 bytes
C:\SYSTEM.SAV\UTIL\hpqnt.dll 77824 bytes
C:\SYSTEM.SAV\UTIL\INSTALL.LOG 368640 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\ISLOGCHK.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\mscu.log 168 bytes
C:\SYSTEM.SAV\UTIL\PININST.EXE 110592 bytes
C:\SYSTEM.SAV\UTIL\PININST.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\PININST.LOG 4096 bytes
C:\SYSTEM.SAV\UTIL\POSTOOBE.LOG 24 bytes
C:\SYSTEM.SAV\UTIL\postproc.ini 536 bytes
C:\SYSTEM.SAV\UTIL\powerset.log 88 bytes
C:\SYSTEM.SAV\UTIL\PREINCHK.BAT 216 bytes
C:\SYSTEM.SAV\UTIL\PREINFO.INI 200 bytes
C:\SYSTEM.SAV\UTIL\PREINFO2.EXE 86016 bytes
C:\SYSTEM.SAV\UTIL\qlb.log 176 bytes
C:\SYSTEM.SAV\UTIL\random.ini 40 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.EXE 106496 bytes
C:\SYSTEM.SAV\UTIL\REGDEV.INI 560 bytes
C:\SYSTEM.SAV\UTIL\sedinst.log 168 bytes
C:\SYSTEM.SAV\UTIL\STRTMENU.EXE 24576 bytes
C:\SYSTEM.SAV\UTIL\SWSET_B.INI 4096 bytes
C:\SYSTEM.SAV\UTIL\ticrdbus.log 32 bytes
C:\SYSTEM.SAV\UTIL\touchpad.log 192 bytes
C:\SYSTEM.SAV\UTIL\WINdvd.log 168 bytes
C:\SYSTEM.SAV\UTIL\wlassistant.log 176 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 60

********************************************************************

Completion time: 07-03-26 12:01:54

9
Tech Clinic / Computer randomly shutsdown
« on: March 26, 2007, 10:32:18 AM »
I also haven't been able to get it to start in Safe Mode... when it starts to boot, I press F8, but it just goes into regular boot mode anyway.  Any thoughts?

10
Tech Clinic / Computer randomly shutsdown
« on: March 26, 2007, 09:43:21 AM »
[quote name=\'guestolo\' post=\'305378\' date=\'Mar 23 2007, 10:50 PM\']Please download [color=\"#0000ff\"]ComboFix.exe[/color] by
sUBs:
NOTE: [color=\"#ff0000\"]In the event you already have ComboFix, this is a new version that I need you to download.
[/color]
    * Save it to your desktop.
    * Double-click combofix.exe and follow the prompts.
    * When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


[color=\"#ff0000\"]NOTE:[/color] Do not mouse-click ComboFix's window while it is running. That may cause it to stall[/quote]

Well, as it turns out, I can't get the computer to stay on long enough to get ComboFix to run. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />  I keep getting a popup about Windows recovering from a serious error and then it shuts down not long after that.  Perhpas it's time to either take it to a shop or get a newer model?

11
Tech Clinic / Computer randomly shutsdown
« on: March 23, 2007, 10:33:24 AM »
Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 11:27:19 AM, on 3/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) -  - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\o648lghu1648.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

12
Tech Clinic / Computer randomly shutsdown
« on: March 23, 2007, 09:35:37 AM »
[quote name=\'guestolo\' post=\'305021\' date=\'Mar 22 2007, 06:32 PM\']Additionally, can you also
RIGHT Click on the "MyComputer" icon and select Properties
Select the "Advanced" tab
Select "Settings" under Startup and Recovery
UNCheck "Automatically Restart" under System Failure
OK out of there
Hopefully, the next time, you won't get a short blue screen and restart
The screen will stay blue, you can note the error message
Manually restart the computer and post the Whole error message back here[/quote]


 Alright, here's the error message:


[codebox]A problem has been detected and Windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.

Check with your harware vendor for any BIOS updates. Disable BIOS memory options shuch as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your compter, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical Information:

*** Stop: 0x0000008E (0xC0000005, 0xEDF5A4A2, 0xB8549A20, 0x00000000)

*** 1zx32.sys - Address EDF5A4A2 base at EDF58000, DateStamp 459f29a6

Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for furthur assistance.
[/codebox]

I'm working on getting the hijack this log together, but it might take a bit, as the computer keeps shutting down. :-p

13
Tech Clinic / Computer randomly shutsdown
« on: March 22, 2007, 02:37:10 PM »
I'm really at my wit's end with this problem...

My laptop randomly shuts down with no warning after flashing a brief blue screen at me.

I've installed and run Avast Antivirus as well as Spybot.

Avast returned about 40 infected files, which I cleaned off and followed with a boot scan which came back clean.

The system still shuts down... I don't know what the problem could possibly be, and am hesitant to start messing with anything that could totally trash the computer.

Any thoughts?

Pages: [1]